Post Your HijackThis logs here

[Zap]

@Henny:

You can remove...

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

(The line above is not dangerous, but unnecessary, unless you need Quicktime to load fast because of frequent usage)

The following line alters your DNS servers...
O17 - HKLM\System\CCS\Services\Tcpip\..\{51508C5E-72F4-4DC7-AAFD-3375D32F1249}: NameServer = 68.238.1.12,68.238.112.12

(If you know why, then that's fine. In and of itself, it's not a problem, but could indicate a problem - Again, if you know why your nameservers might have been altered by something you installed, then that's fine. Your system looks clean, so I wouldn't worry about this one anomoly)

[Henny]

Wow! Thanks ZAP!

[Zap]

Quote:

Originally Posted by Henny

Wow! Thanks ZAP!

NP. Didn't really help you much. You're clean.

[Henny]

Yeah, but peice of mind is worth a thank-you , isn't it?

[Zap]

Well, you're welcome. You have no worries. Your hijackthis! log is one of the cleaner ones I've seen.

[cashcannon]

I got a log to, pc at home is running at constant 100% cpu and I have no idea why

ran avast and gave me a list of warnings of files it couldnt open
mostly mtuser.dat files

hope you see something fishy

thnx

[NeO]

Is this the log from the pc that's running @100% ?

I didn't see anything other than all of the music software that your using that would indicate a hijack of any type...

Zap you see anything that is potentially hazardous?

NeO

[Zap]

@Cashcannon:

You can remove...

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\RunServices: [Sasser Patch v1 ] msconf.exe
O4 - HKCU\..\Run: [Sasser Patch v1 ] msconf.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)


The 2 references to the Sasser patch stand out at me. It is possible that you have a virus because you also complain of 100% CPU usage. I found one virus write up that might fit the bill for you.

Read This and download the removal tool zipfile attached to this post. Remove the tool from the zipfile and run it. Let it remove anything it finds.

Then update your antivirus software definitions and do a full scan of your computer.

Then scan your computer again with hijackthis! and post a new hijackthis! log here.

[cashcannon]

thanks for your time Zap, much appreciated, I'll post the hijack log in the evening

[kiraz]

Quote:

Originally Posted by Zap

@Kiraz:

You can get rid of... *Removed but kindly put in a text file for you :-)*


When you are done removing those items, update your antivirus software and do a complete scan of your computer. Remove anything it finds and then rescan with hijackthis! and post the new log here. There is a lot on your system and I want to make sure you're not infected at that time.

thanks so much. my computer is throwing a fit, and now it wont turn on, so i dont even know where to starrt with thaty problem. it was fine when i left, i came home and it was off, and now it wont turn on. no wire are moved or detached, as far as i can tell everthing is fine. if anyone has had this proglem before, i would love some advice.

ill post my log once i get my computer working again.

[Zap]

@Kiraz: Did you even get a chance to delete the offending items?

[kiraz]

ZAP: No, I just now got on a differant computer, and found your post. Its been down for a few days, It was probably all that crap that corrupted it.
$1500 custom build by me...

I just have no knowledge what so ever on how to fi these kind of situations.

[Zap]

Quote:

Originally Posted by kiraz

ZAP: No, I just now got on a differant computer, and found your post. Its been down for a few days, It was probably all that crap that corrupted it.
$1500 custom build by me...

I just have no knowledge what so ever on how to fi these kind of situations.

I don't think it's hardware related.

It could have happened to anybody. Don't be so hard on yourself.

[cashcannon]

hey zap, I ran the gaobot, but it didnt turn up any results,

when running avast it found some files it couldnt open


C:\WINDOWS\system32\config\DEFAULT
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!

any advice on this ?

thanks

[G10]

Guys, if you're going to put your files up here, please save them in a text file

[cashcannon]

sorry bout that

[Zap]

@Cashcannon: Those files are nothing to worry about. It's perfectly normal for them to be open (and, therefore, uncopyable/undeleteable). They are part of your user profile and are needed by Windows.

What concerns me is the 100% CPU usage in combination with the 2 Sasser patch referenced in your hijackthis! log....

O4 - HKLM\..\RunServices: [Sasser Patch v1 ] msconf.exe
O4 - HKCU\..\Run: [Sasser Patch v1 ] msconf.exe


These files are not normal and should not be there. The file may have been a legitimate Windows file that was infected. But, it is autoloaded twice? by Windows at startup. It's unnecessary and the whole thing looks fishy to me. If it's not Gaobot, then try the sysclean utility attached. Then reboot and rescan your computer with hijackthis! and post the fresh log here.

[Zap]

@Cashcannon: You'll also need to download the lpt413.zip file from the following link and place it in the same directory as the sysclean utility.

lpt413.zip

[cashcannon]

I removed what you said, and cpu seems to be normal now, also did a scan with spyhunter and adaware, seems to be acting normal now.

let you know in a jif what the sysclean does