FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Ill deal with your HijackThis logs for you.





m0u53m4t
Following these steps are important to being able to help you solve your problems correctly. I also suggest that you print out these instructions to make it easier to follow. It is also a good idea to check out some of the other threads, in this section, to see what info is needed and how they were posted. Submitted logs that clearly identify they have taken all the steps below and have enclosed a description of the problem will be addressed before logs that do not identify the problem or appear not to have been run by the steps written below. Be descriptive in explaining the problem and all steps you have tried to correct it. Do not link to other threads. It wastes time if you ask the experts to follow other links. Put all the information at the top so they can quickly get an idea of what the problem is. The more info you give them, the better they can help you We realize that it is asking you to do alot of things at a time when you are very concerned about your computer. The steps are necessary to being able to help you successfully. It will also mean that you have a much better chance of getting your log read in a timely manner.

If you get thru the steps and still need to submit a Hijack Log. . .Only submit the Hijack Log.
Not the other logs you ran during the prep. The experts will ask if they need additional logs!


PREPARING YOUR COMPUTER FOR HIJACK


Make sure your system is up to date with all patches and service packs from Windows Update. Windows update

Make sure you can see all hidden files. How to see hidden files

Here are the instructions for booting into safe mode. Booting to safe mode

STEP ONE


Go here and run online scans (all), allow them to delete whatever they find. Note any thing that can't be fixed.
Trend Housecall


STEP TWO


Scanning with Ad-Aware Se

Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan.

Close ALL windows except Ad-Aware SE.

Click on the"world" icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

Once the update is finished click on the "Gear" icon (second from the left at the top of the window) to access the preferences/settings window.

In the "General" window make sure the following are selected in "GREEN":

- Automatically save log-file

- Automatically quarantine objects prior to removal

- Safe Mode (always request confirmation)


Under Definitions:

- Prompt to udate outdated definitions - set the number of days


Click on the "Scanning" button on the left and select in "GREEN":

Under Driver, Folders & Files:

- Scan Within Archives


Under Select drives & folders to scan:

- choose all hard drives


Under Memory & Registry: "GREEN"

- Scan Active Processes

- Scan Registry

- Deep Scan Registry

- Scan my IE favorites for banned URL?s

- Scan my Hosts file


Click on the "Advanced" button on the left and select in "GREEN":

Under Shell Integration:

- Move deleted files to recycle bin


Under Logfile Detail Level: all green

- include addtional object information

- DESELECT - include negligible objects information

- include environment information


Under Alternate Data Streams:

- Don't log streams smaller than 0 bytes

- Don't log ADS with the following names: CA_INOCULATEIT


Click the "Tweak" button and select in "GREEN":

Under the "Scanning Engine":

- Unload recognized processes during scanning

- Scan registry for all users instead of current user only


Under the "Cleaning Engine":

- Let Windows remove files in use at next reboot


Under the Log Files:

- Include basic Ad-aware SE settings in logfile
- Include additional Ad-aware SE settings in logfile
- Please do not check or make green: Include Module list in logfile

Click on "Proceed" to save the settings.


Click "Start?"

- Choose: 'Perform Full System Scan'

- DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

Click "Next" and Ad-Aware SE will scan your hard drive with the options you have selected and clean automatically.

If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

Save the log file when it asks and then click "finish"

REBOOT to complete the removal of what Ad-Aware SE found

STEP THREE


Scanning in Spybot Search and Destroy:

1. Downloaded and Install Spybot S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to "Search for Updates" then download and install the Updates.

5. Next click the button "Check for Problems"

6. When Spybot is complete, it will be showing "RED" entries bold 'Black' entries and "GREEN" entries in the window

7. Make certain there is a check mark beside all of the "RED" entries ONLY.

8. Choose "Fix Selected Problems" and allow Spybot to fix the "RED" entries.

9. REBOOT to complete the scan and clear memory.

STEP FOUR


Download and install the latest version of Hijack This. Current version is v1.99.1. The program can be found here. . .
http://www.tomcoyote.org/hjt/
Be sure to read the instructions at the sight for downloading and installing.

Be sure to install the program to a permanent folder C:\HJT.
It is important that you do not install and run Hijack from a temp folder or from your desktop.

Examples of what we don't want:
C:\Documents and Settings\Desktop\HijackThis.exe
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\C74P2J85\HijackThis[1].exe
C:\DOCUME~1\LOCALS~1\Temp\Hijack This.exe

Do not attempt to fix anything before submitting a log.

Be sure to include a description of your problem and anything you have tried to fix it! Also include that you have done all the steps above so that the specialists know you have prepped the system.

PLEASE NOTE:

Reading each log can take anywhere from 30-60 minutes. That does not include the time it takes to respond with all the fixes that will be required to help you. There are very few Specialists available with the expertise required to help you safely solve your problem. Our specialists have put in alot of time training to help you and do so on a volunteer basis. We are very lucky to have some of the best in the world. Please be patient as there are often more logs than specialists to go around. If your log has not been read within 7-10 days, feel free to contact one of the admins so that they can assist you.

EXAMPLE OF WHAT YOUR LOG SHOULD LOOK LIKE WHEN SUBMITTED.


Be descriptive in explaining the problem and all steps you have tried to correct it. Do not link to other threads. It wastes time if you ask the experts to follow other links. Put all the information at the top so they can quickly get an idea of what the problem is. The more info you give them, the better they can help you Be sure to let the experts know that you followed the steps for prepping the system!

--------------

I have read and completed all the steps required in the sticky. I can't get rid of constant popups. I found no viruses during the scan and am at lose of how to stop the popups. There are more everyday! Please help.

Quote:
Logfile of HijackThis v1.99.1
Scan saved at 22:12:00, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Useful Programs\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Useful Programs\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\programs\Tiny Utilities\Vitrite\Vitrite.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RUNESC~2\RUNESC~1.EXE
C:\Documents and Settings\Owen\Desktop\RSSsup\New Folder (3)\Runescape Supreme.exe
C:\Documents and Settings\Owen\Desktop\RSSsup\New Folder (3)\Runescape Supreme.exe
C:\Documents and Settings\Owen\Desktop\RSSsup\New Folder (3)\Runescape Supreme.exe
C:\Documents and Settings\Owen\Desktop\RSSsup\New Folder (3)\Runescape Supreme.exe
C:\Documents and Settings\Owen\Desktop\RSSsup\New Folder (3)\Runescape Supreme.exe
C:\Program Files\Useful Programs\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\Owen\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Owen\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\Useful Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Vitrite.lnk = C:\Program Files\programs\Tiny Utilities\Vitrite\Vitrite.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Useful Programs\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\USEFUL~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\USEFUL~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137933177983
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37590.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe


If you follow all that, post your log and Ill tell you how to fix your pc. Even if you think your pc has no bugs, its still worth doing. I did it and got rid of some hidden programs slowing down my pc Very Happy
Helios
Everything that you don't write by yourself, you quote. GOT IT? Thank you.

I've quoted the log FOR YOU this time and this time only. Next time it'll be a warning and maybe a ban.

Thank you and good night.
m0u53m4t
Even if its mine? Sorry, I didn't realise. That rule is slightly different in the forums where I mod. Sorry!
gh0stface
m0u53m4t wrote:
Even if its mine? Sorry, I didn't realise. That rule is slightly different in the forums where I mod. Sorry!

He said to quote the things that you DIDN'T write. Anything else you write is fine. Smile

Such as the logfile, I don't think you wrote that Wink
m0u53m4t
Ok. Sorry. I know all of you have downloaded random programs before, and do you actually know what they left behind? Try running hijack this and see what comes up!
Related topics
funny pictures for sale
Ill make signatures for FRIH$
Salman khan case whole report
Children's Rights
Blogs
Photoshop Attempts
Anti spyware
Free Ipods!?!?
Ne one want to have some fun with Jack Thompson?
Virus and Spyware?
Still Using Internet Explorer?? Why? It's just... stupid
Windows freezes with 100% CPU usage.
The "guess the Image" game (Win a .com domain)
Windows logs off on logon
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.