Jump to content

Hijackthis log problems?


Sweetpotato
 Share

Recommended Posts

No you didn't have any virus in your computer. It was more of system configuration issues. You can use CCleaner to clean junk files as you wish, but try not to touch any registry cleaners because even if you have orphan keys in it, meaning keys that are no longer needed, it will not have any major impact on your system overall performance. It is best to leave it as it is.

 

Let's do some check up to make sure there are no remnants.

 

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
===================================================

 

Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware here and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:

    C:Documents and SettingsUsernameApplication DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt

  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

 

===================================================

 

On your next reply please post :

ESET log

MBAM log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Edited by Conspire
Link to comment
Share on other sites

<p>I came hoe started my computer and after five minutes it still had a black screen so I used the power button to shut it off. Turned it back on and it came up in about two minutes fully functioning.<br />

Here is the eset scan<br />

<br />

C:ProgramDataTarma Installer{2E1037EA-038A-425F-86B9-6CD19B8497E9}_Setupx.dll a variant of Win32/Adware.Yontoo.B application<br />

C:UsersAll UsersTarma Installer{2E1037EA-038A-425F-86B9-6CD19B8497E9}_Setupx.dll a variant of Win32/Adware.Yontoo.B application<br />

C:UsersThe DJAppDataRoamingFrostWire.AppSpecialSharefrostwire-4.21.5.windows.exe Win32/OpenCandy application<br />

I'll do the other and also post. Thanks</p>

<p>Here is the other scan.</p>

<p> </p>

<div>Malwarebytes Anti-Malware 1.65.1.1000</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.11.09.07</div>

<div> </div>

<div>Windows 7 Service Pack 1 x64 NTFS</div>

<div>Internet Explorer 9.0.8112.16421</div>

<div>The DJ :: THEDJ-PC [administrator]</div>

<div> </div>

<div>11/9/2012 12:52:34 PM</div>

<div>mbam-log-2012-11-09 (12-52-34).txt</div>

<div> </div>

<div>Scan type: Quick scan</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 200732</div>

<div>Time elapsed: 1 minute(s), 49 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>(end)</div>

<div> </div>

Edited by Sweetpotato
Link to comment
Share on other sites

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:AdwCleaner[s1].txt as well.
===================================================

 

Please remove any usb or external drives from the computer before you run this scan!

 

Please download and run RogueKiller to your desktop.

 

Quit all running programs.

 

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

 

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

 

Post back the report which should be located on your desktop.

 

===================================================

 

On your next reply please post :

AdwCleaner[s1] log

RogueKiller log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to comment
Share on other sites

Here is the first log :-)

 

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 08:44:35

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : The DJ - THEDJ-PC

# Boot Mode : Normal

# Running from : C:UsersThe DJDesktopadwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:Program Files (x86)Conduit

Folder Deleted : C:ProgramDataTarma Installer

Folder Deleted : C:UsersThe DJAppDataLocalConduit

Folder Deleted : C:UsersThe DJAppDataLocalIlivid Player

Folder Deleted : C:UsersThe DJAppDataLocalLowConduit

 

***** [Registry] *****

 

Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLMSoftwareConduit

Key Deleted : HKLMSoftwareFreeze.com

Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLMSOFTWAREWow6432NodeClassesCLSID{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Value Deleted : HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]

 

***** [internet Browsers] *****

 

- Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

- Google Chrome v23.0.1271.64

 

File : C:UsersThe DJAppDataLocalGoogleChromeUser DataDefaultPreferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [1430 octets] - [10/11/2012 08:44:35]

 

########## EOF - C:AdwCleaner[s1].txt - [1490 octets] ##########

 

 

And the second

 

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : The DJ [Admin rights]

Mode : Scan -- Date : 11/10/2012 08:50:07

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:Windowssystem32driversetchosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MK6465GSX +++++

--- User ---

[MBR] 94a1f2fcb0e7a23143324993db7393e0

[bSP] a9b1714404199d41704bdda4d3a2a332 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1]_S_11102012_02d0850.txt >>

RKreport[1]_S_11102012_02d0850.txt

Link to comment
Share on other sites

That's ok. I do the same thing everyday too. In that case, maybe you might want to send to service center and have a check.

 

Now back to addressing the old issue. Avast. Have it uninstall and then reinstall and see what happens. If you haven't done that already.

Edited by Conspire
Link to comment
Share on other sites

We will leave it as it is. :-)

 

Now time for some house keeping.

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

 

===================================================

 

Now to remove most of the tools that we have used in fixing your machine:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to comment
Share on other sites

Just wanted to ask a question. I did all of the above steps then my computer did a reboot and there are programs still on there.Is it ok for me to remove them or shoud they have been gone on the reboot from OTC? The programs are Malwarebytes,adwcleaner,and tweaking.com windows.Thanks

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...