Webmaster Forum


Go Back   Webmaster Forum > The Webmaster Forums > Tech Talk

Tech Talk Discuss computer issues, tech gadgets and hardware, operating systems, browsers, broadband and wireless, virus, trojan, and spyware help.


Reply
 
LinkBack Thread Tools Display Modes
Share |
  #221 (permalink)  
Old 01-10-2009, 05:41 AM
oddjob's Avatar
Contributing Member
Latest Blog:
None

 
Join Date: 10-25-06
Location: London, U.K.
Posts: 127
iTrader: 0 / 0%
This entry In your log caught my eye ......

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

The presence of Antiwpa indicates someone (perhaps the previous owner) has used a crack key to unlock/pirate Windows programs etc.

Look at this search for more details ......

http://www.google.com/search?rls=GGG...earch&aq=f&oq=


Check to ensure all your programs are genuine then update them all (including a visit to Windows Updates to update the operating system).


Uninstall/remove Antiwpa and kill off the HJT entry thus .....

> open HJT again,
> click "scan",
> put a tick/check mark in the box to the left of that 020 entry,
> close ALL open broswer windows - including this one,
> click on Fix Checked* at the foot of the HJT window.


Once you have done that download/install & scan your computer with MBAM. Follow the instructions I gave to sarabear in post #217 above.


You are using an out of date version of HJT. Download Trend Micro HijackThis 2.0.2 here ……

http://www.trendsecure.com/portal/en...HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your next post.

DO NOT use the ”AnalyseThis” button. Its findings are dangerous if misinterpreted.

DO NOT have Hijackthis fix anything else yet. Most of what HJT lists will be harmless or even required by your Operating System. Someone will guide you on what to do next.


Post a fresh HJT log with an update on how the computer is operating after that.
__________________
“A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequilla” Mitch Ratcliffe

Last edited by oddjob; 01-10-2009 at 05:44 AM.
 
Reply With Quote
  #222 (permalink)  
Old 01-10-2009, 03:17 PM
Contributing Member
Latest Blog:
None

 
Join Date: 01-08-09
Posts: 51
iTrader: 1 / 100%
Quote:
Originally Posted by oddjob View Post
This entry In your log caught my eye ......

O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll

The presence of Antiwpa indicates someone (perhaps the previous owner) has used a crack key to unlock/pirate Windows programs etc.

Look at this search for more details ......

http://www.google.com/search?rls=GGG...earch&aq=f&oq=


Check to ensure all your programs are genuine then update them all (including a visit to Windows Updates to update the operating system).


Uninstall/remove Antiwpa and kill off the HJT entry thus .....

> open HJT again,
> click "scan",
> put a tick/check mark in the box to the left of that 020 entry,
> close ALL open broswer windows - including this one,
> click on Fix Checked* at the foot of the HJT window.


Once you have done that download/install & scan your computer with MBAM. Follow the instructions I gave to sarabear in post #217 above.


You are using an out of date version of HJT. Download Trend Micro HijackThis 2.0.2 here ……

http://www.trendsecure.com/portal/en...HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" and Paste the entire contents of the log (no attachments) into your next post.

DO NOT use the ”AnalyseThis” button. Its findings are dangerous if misinterpreted.

DO NOT have Hijackthis fix anything else yet. Most of what HJT lists will be harmless or even required by your Operating System. Someone will guide you on what to do next.


Post a fresh HJT log with an update on how the computer is operating after that.
Thanks Oddjob!

I'll do as you said and come back with a fresh log file. Thanks again for your help.

slfocus
 
Reply With Quote
  #223 (permalink)  
Old 01-16-2009, 02:52 PM
antirem's Avatar
Contributing Member
Latest Blog:
None

 
Join Date: 12-12-07
Posts: 226
iTrader: 0 / 0%
I remember when hijackthis first came out.. it was a god send.
__________________
Sell Gold Jewelry
X-ray Equipment
 
Reply With Quote
  #224 (permalink)  
Old 02-12-2009, 10:13 AM
Contributing Member
Latest Blog:
None

 
Join Date: 01-08-09
Posts: 51
iTrader: 1 / 100%
hijack log file attached

Hi,

Can someone please help me with my laptop.
It opens browser windows without even a prompt. log file attached.

thanks a lot
Attached Files
File Type: txt hijackthis.txt (11.6 KB, 90 views)
 
Reply With Quote
  #225 (permalink)  
Old 02-12-2009, 01:59 PM
oddjob's Avatar
Contributing Member
Latest Blog:
None

 
Join Date: 10-25-06
Location: London, U.K.
Posts: 127
iTrader: 0 / 0%
Hi slfocus

Your log shows you have out of date java and at least one potentially serious infection.

To try and kill off the infection download, install MBAM [free] and scan your computer with it. Let it fix anything bad that it finds.

Get it here ......

http://www.malwarebytes.org/mbam.php


After this you must update your java. Go here to download & install the latest version ......

http://java.sun.com/javase/downloads/index.jsp


Don't forget you must delete old version(s) of java that may still be on your system. Use the Add/Remove Programs facility to do that.


Reboot & use the computer again as normal then report back. If you still have trouble post a fresh HJT log with an update on what problems you still experience.


OJ
__________________
“A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequilla” Mitch Ratcliffe
 
Reply With Quote
  #226 (permalink)  
Old 02-12-2009, 02:35 PM
Contributing Member
Latest Blog:
None

 
Join Date: 01-08-09
Posts: 51
iTrader: 1 / 100%
Thannks OJ

I will try it and come back to you.

Regards
 
Reply With Quote
  #227 (permalink)  
Old 03-15-2009, 05:39 PM
Junior Member
 
Join Date: 01-31-08
Posts: 4
iTrader: 0 / 0%
Help been hijacked

ok, need help here. the stupid antivirusxp pro hijack got me. running zone alarm and usually catches stuff. not sure how it happened but need it back. i ran hijcackthis in safe mode, not sure what to delete. I do not have access to regedit or taskmanager, other than what is in hijackthis.

here are the files. please send answers to dlbott@hughes.net and dlbott@hotmail.com, email is a mess for me. i am waiting so please help.

don

i added the startup and the logfile. also gonna leave this open for messages here.
Attached Files
File Type: txt startuplist.txt (38.4 KB, 78 views)
File Type: txt hijackthislog2.txt (13.4 KB, 80 views)

Last edited by dlbott; 03-15-2009 at 05:40 PM. Reason: addiing
 
Reply With Quote
  #228 (permalink)  
Old 03-15-2009, 09:16 PM
Junior Member
 
Join Date: 01-31-08
Posts: 4
iTrader: 0 / 0%
help

wow, well guess no help. was hoping to get someanswers tonight.

any other insomniacs out there i could really use my computer back lol.

thanks

don
 
Reply With Quote
  #229 (permalink)  
Old 03-16-2009, 12:26 AM
oddjob's Avatar
Contributing Member
Latest Blog:
None

 
Join Date: 10-25-06
Location: London, U.K.
Posts: 127
iTrader: 0 / 0%
Hi dlbot

Sorry to hear of your troubles.

Assuming you can get online OK, to try and kill off the infection, you should download, install MBAM [free] and scan your computer with it. Let it fix anything bad that it finds.

Get it here ......

http://www.malwarebytes.org/mbam.php

Post back and let us know what happens.


(By the way it's not good for you to post your email addresses in open forum. Many spammers and other troublemakers have bots that crawl the web looking to harvest information like this. If you insist on revealing email addresses make sure you show them in a form unrecognisable to bots such as "dlbottAThughesDOTnet" and tell readers to replace the AT & DOT with the usual symbols. people will know what you mean).
__________________
“A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequilla” Mitch Ratcliffe
 
Reply With Quote
  #230 (permalink)  
Old 03-17-2009, 11:12 AM
Junior Member
 
Join Date: 01-31-08
Posts: 4
iTrader: 0 / 0%
hey thanks for answering. malware seems to work but then every time it is run again it finds two more, also, i can't seem to edit that post as you suggested for the emails. thanks for that by the way, good advice.

here is what malware found last time ran.

Malwarebytes' Anti-Malware 1.34
Database version: 1853
Windows 5.1.2600 Service Pack 3

3/17/2009 12:56:42 PM
mbam-log-2009-03-17 (12-56-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 221775
Time elapsed: 1 hour(s), 21 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


the same two come up every time. are they real or false positive????

thanks

don
 
Reply With Quote
  #231 (permalink)  
Old 03-17-2009, 11:41 AM
oddjob's Avatar
Contributing Member
Latest Blog:
None

 
Join Date: 10-25-06
Location: London, U.K.
Posts: 127
iTrader: 0 / 0%
Sounds like you have an infected file there.

Download ComboFix from the location below and save it to your Desktop >>

http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe and follow the prompts. Never rename Combofix unless instructed.

When finished it shall produce a log for you. Post that log and a HijackThis log in your next reply.

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall.


Carefully examine the log from Combofix. Under the heading "Other Deletions" you will most likely find this statement >>

"Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe"

IF you see that then go to Start -> Run and type in combofix /u (note the space) & press OK. This will remove Combofix.


Finally update Malwarebytes, run another full scan and post the log here.
__________________
“A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequilla” Mitch Ratcliffe
 
Reply With Quote
  #232 (permalink)  
Old 03-18-2009, 10:25 PM
CyberWorldJobs's Avatar
Contributing Member
 
Join Date: 12-20-08
Posts: 798
iTrader: 0 / 0%
Hmm,
can Anyone View Myn,
Not Much Problem But I get a Error Message At Startup Some Regser.exe Not Found Or Something Hope someone can Help,
(note I have Edited The Ip There Where Its Written Lemme Know If Its Required Or Could Be Problem)
Attached Files
File Type: txt hijackthis.txt (6.7 KB, 78 views)
__________________
SEO India
Find Jobs
 
Reply With Quote
  #233 (permalink)  
Old 06-21-2009, 10:35 AM
Junior Member
 
Join Date: 06-21-09
Posts: 1
iTrader: 0 / 0%
Unhappy HELP!!!

Ok, I need help BAD! I have my hjt log attached and I have a LOT of problems with this computer. Including explorer.exe crashes randomly, logonuiX.exe and logonui.exe errors (P.S. logonuiX.exe is a file for logon screen that is on cnet and made by wincustomize, BUT i uninstalled it and I get an error EVERYTIME I start up my PC and I get it 10 times then it takes me this gay looking OLD login screen where I have to replace Compaq_Owner with my login name and then type in my pass) PLEASE Tell me what I need to do! THANKS!
Attached Files
File Type: txt hijackthis.txt (6.9 KB, 53 views)
 
Reply With Quote
  #234 (permalink)  
Old 06-22-2009, 07:59 PM
neoscud's Avatar
Contributing Member
 
Join Date: 08-28-08
Location: where no man is an island
Posts: 418
iTrader: 0 / 0%
here's mine...

I just bought my PC and started installing some programs but suddenly my PC has started to act a little bit slow during its startup. Can someone check it please?

Thanks!
Attached Files
File Type: txt hijackthis.txt (4.8 KB, 53 views)
 
Reply With Quote
  #235 (permalink)  
Old 09-24-2009, 06:35 PM
abajan's Avatar
v7n Mentor
Latest Blog:
None

 
Join Date: 08-08-09
Location: Barbados
Posts: 270
iTrader: 0 / 0%
My First HJT Log

When I first tried to run HijackThis (version 1.99.1), I got the warning seen in the 1st attachment. So I shut the browser (Firefox) and ran HJT again. This time I didn’t get the warning.

The results are contained in the 2nd attachment. Is my system running okay or are there files that need deleting?

Thanks.
Attached Thumbnails
Post Your HijackThis logs here-hjtwarn.png  
Attached Files
File Type: txt firstabajan.txt (6.6 KB, 62 views)
__________________
If my posts offend thee, I’m just blowing my own horn!
 
Reply With Quote
  #236 (permalink)  
Old 12-06-2009, 07:01 PM
Junior Member
 
Join Date: 12-06-09
Posts: 9
iTrader: 0 / 0%
this hijack are full version and what version?
 
Reply With Quote
  #237 (permalink)  
Old 04-23-2010, 04:23 AM
Junior Member
 
Join Date: 04-23-10
Posts: 1
iTrader: 0 / 0%
ok, need help here. the stupid antivirusxp pro hijack got me. running zone alarm and usually catches stuff. not sure how it happened but need it back. i ran hijcackthis in safe mode, not sure what to delete. I do not have access to regedit or taskmanager, other than what is in hijackthis.

Last edited by snakeair; 04-23-2010 at 07:31 AM. Reason: self promo link removed
 
Reply With Quote
  #238 (permalink)  
Old 06-26-2010, 10:58 PM
Junior Member
 
Join Date: 06-26-10
Posts: 2
iTrader: 0 / 0%
I used Malware-bytes anti malware to get rid of that worked like a charm
 
Reply With Quote
  #239 (permalink)  
Old 06-27-2010, 12:05 AM
No Longer Active
Latest Blog:
None

 
Join Date: 12-31-09
Posts: 471
iTrader: 0 / 0%
Quote:
Originally Posted by gennicajera View Post
ok, need help here. the stupid antivirusxp pro hijack got me. running zone alarm and usually catches stuff. not sure how it happened but need it back. i ran hijcackthis in safe mode, not sure what to delete. I do not have access to regedit or taskmanager, other than what is in hijackthis.

start/run/ type regedit into the box and click OK ..

(be sure you've backed up your registry beforehand and that you've got solid restore points (system restore enabled) before you edit your registry files/configs)
 
Reply With Quote
  #240 (permalink)  
Old 07-04-2010, 12:02 PM
Member
Latest Blog:
None

 
Join Date: 06-28-10
Posts: 32
iTrader: 0 / 0%
HJT

Runs little slow , slightly due to System bus is at slow frequency.

Pls have a look if someone has any suggestions, thanks.
Attached Files
File Type: txt hijackthis.txt (5.8 KB, 32 views)
__________________
77 FREE SEO Tools, Directory Submission

Last edited by alexcar; 07-04-2010 at 12:05 PM.
 
Reply With Quote
Go Back   Webmaster Forum > The Webmaster Forums > Tech Talk

Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hide identity/ip from logs? River Internet Legal Issues 1 07-13-2007 11:53 PM
Logs PaulHarris Marketing Forum 2 06-06-2004 12:09 PM


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 02:29 AM.
Powered by vBulletin
Copyright © 2000-2013 Jelsoft Enterprises Limited.
Copyright © 2003 - 2013 Escalate Media LP




Search Engine Optimization by vBSEO 3.6.0 RC 2 ©2011, Crawlability, Inc.