Post Your HijackThis logs here - Page 9

oddjob · Share | #**161** (**permalink**) 11-01-2006, 12:52 AM

Quote:

Originally Posted by NinjaNoodles

Computer is about six years old, so forgive me if I'm full of problems:

No HJT log attached, I'm afraid. Please try again.

OJ

NinjaNoodles · #**162** (**permalink**) 11-01-2006, 02:11 AM

Strange, I'll try again.

oddjob · #**163** (**permalink**) 11-01-2006, 04:57 AM

Quote:

Originally Posted by NinjaNoodles

Strange, I'll try again.

Hi again

Please print this out to help as you will be offline for part of the procedure.

The log isn't that bad. Plenty of stuff I wouldn't have on my machine, personally, but not much actually "bad".

#First ...

Download AVG Anti Spyware [formerly Ewido] from here .....

http://www.ewido.net/en/

[This is a fully working tiral version of the program]

Update it to the latest definitions .... reboot to safe mode ..... scan with the program and let it fix what it wants BUT REMEMBER TO SAVE THE SCAN REPORT.

#Second ...

Do you use Sony VAIO's support agent? It is categorised as spyware and if you don't use it, I recommend that you uninstall it as described below. If you do use it you may leave it. The O4 entry and folder deletions mentioned below are all related to the support agent so ignore them if you want to keep the program.

Go you your Add/Remove programs and delete the following program ....

support.com

#Third ...

Open HJT ... click on "do a system scan" .... put tick/check marks next to these entries IF any are still present ....

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net

R3 - Default URLSearchHook is missing

O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp5608.tmp (file missing)

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://aolweb01.pogo.com/game/deluxe...ploader_v6.cab

Remember to close ALL open browser windows - including this one - before clicking on "Fix Checked" at the foot of the HJT window.

# Fourth ...

Once again scan with HJT.

In your next post here please include ...

> the AVG/Ewido scan report

> the fresh HJT log

> MOST IMPORTANTLY ... an update on how your comuputer is behaving now. Please describe any problems you are having.

OJ

oddjob · #**164** (**permalink**) 11-01-2006, 06:16 AM

NinjaNoodles ... one more thing ... please delete these IF they are still present ....

C:\WINDOWS\system32\hp5608.tmp --> file only

O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com --> whole folder

OJ

NinjaNoodles · #**165** (**permalink**) 11-01-2006, 12:57 PM

AVG would conflict with McAfee, and I recently ran AntiVir and came up clean anyway. However, I'll just disable McAfee for a bit and run this once. I also keep current with Spybot S&D, and Adaware. About the support - I've been meaning to remove that. Anyway, I'll try those steps now. Thanks.

NinjaNoodles · #**166** (**permalink**) 11-01-2006, 01:02 PM

By the way, pre-scan (for the last few weeks/months), I've had a resource leak in IE (I think). I tried reinstalling and doing a Windows File Protection scan, but neither did much. IE 7 makes things work fine, but I don't like it or FF.

The problem is that when IE is open many times menus start to not display and windows start to not open. Pretty soon tons of stuff stops and I have to close all instances of IE.

Just now, for instance, notepad couldn't open the Save Dialogue box, and gave me an error telling me that. I closed an IE window and it worked fine.

oddjob · #**167** (**permalink**) 11-01-2006, 01:24 PM

Quote:

Originally Posted by NinjaNoodles

AVG would conflict with McAfee

No, no, no.

I am NOT recommneding that you install another antivirus. AVG AntiSpyware [formerly Ewido] is NOT an antivirus. It's a completely different product.

It's a malware removal program. I never recommend programs that will clash.

Please do what I advise IN FULL.

We'll take it from there.

All I will say about FF is that it's much more secure than IE but, if you don't want to use it .... your call. I respect that.

Post back with the log reports etc. when you can.

Cheers.

OJ

NinjaNoodles · #**168** (**permalink**) 11-01-2006, 02:20 PM

Yeah, I realized that it wasn't antivirus after I posted, sorry about that. Anyway, I have some client deadlines to meat, so I'll do all that when I get some free time later tonight. Thanks for the help.

-Peter

DrVenkman · #**169** (**permalink**) 12-04-2006, 08:25 AM

Trying to clean up my lady's pc, so here's her log. Very interested in the diagnosis. Thanks.

oddjob · #**170** (**permalink**) 12-04-2006, 09:37 AM

DrVenkman ... you don't say what problems are being experienced with this computer but I can see there are some issues.

Please print this out to help you follow the instructions.

#First ... the HJT folder is not on the C: Drive. Please move it there to keep backups safe.

#Second ... Spybot's TeaTimer application is running. Please stop this for the time being as it will interfere with repairs to the system.

#Third ... You have Yahoo and Avast antivirus porgrams running simultaneously. This is dangerous. Only ever have one AV program running at any one time. Choose one and disable the other immediately.

#Fourth ... you have the Viewpoint program installed in this computer. It's a monitoring program that sends information back to the originator. I would advise you go to Add/Remove Programs and uninstall it.

#Fifth ... open HJT again ... click on scan ... put tick/check marks next to these entries IF they are still present ...

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O15 - Trusted Zone: *.stumbleupon.com

[note >> I have inclused that 015 entry because it's in the Trusted Zone. This, too, is dangerous. I would NEVER have anything in that zone no matter what it is. It's like leaving the front door to your home open and letting anyone come in and do what they like with your possessions. However, it's your call. If you want that in the Trusted Zone then remove it from the list of entries to be fixed with HJT].

Remember to close ALL windows - including this one - before clicking on "Fix Checked" at the foot of the HJT window.

#Sixth ... Go to this location and check the Viewpoint folder is gone. If not then delete it now ...

C:\Program Files\Viewpoint

#Seventh ... Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10 here…

http://java.sun.com/javase/downloads/index.jsp
Scroll down to the 4th download where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.

#Eighth ... Download Ewido/AVG Anti Spyware from here ….

http://www.ewido.net/en/

It has a fully working 30 day trial period.

Install it and update it to the latest definitions.

Do NOT use it yet.

Now boot to safe mode. Here’s a “how to” if you’re not sure ..

http://service1.symantec.com/SUPPORT...01052409420406

When in safe mode run a full system scan with AVGAS and let it fix what it wants to.

REMEMBER TO SAVE THE SCAN REPORT and also remember where you saved it.

[FOOTNOTE > this is a good program to use as an “on demand” scanner even after the trial period is over. Keep it updated and use it to scan your computer from time to time].

After all this ... reboot to normal mode ... use the computer as you would usually.

Please post back a fresh HJT log and an upddate on how the computer is working now.

OJ

DrVenkman · #**171** (**permalink**) 12-04-2006, 02:22 PM

oddjob thanks for the fast input. I followed your instructions and everything seems to be ok thus far. You said the Yahoo and Avast AV would conflict, but would having AVG and Avast be ok? Here's my updated log, thanks.

oddjob · #**172** (**permalink**) 12-05-2006, 12:09 PM

Quote:

Originally Posted by DrVenkman

oddjob thanks for the fast input. I followed your instructions and everything seems to be ok thus far. You said the Yahoo and Avast AV would conflict, but would having AVG and Avast be ok? Here's my updated log, thanks.

The log is clean. If you are having no more trouble you are clear to go.

As I said above ...NEVER have more than one AV in operation at any one time. EVER.

You might find this helpful ... from one of the top computer security experts on the planet ...

http://www.castlecops.com/t7736-So_h...rst_place.html

Safe surfing.

OJ

RNK1.com · #**173** (**permalink**) 05-30-2007, 07:53 AM

what is HJT scan can somebody explain it again

chicgeek · #**174** (**permalink**) 05-30-2007, 12:04 PM

http://en.wikipedia.org/wiki/HijackThis

oddjob · #**175** (**permalink**) 05-31-2007, 03:51 AM

..... and quoting from that article chicgeek posted ...

"HijackThis can generate a plain text logfile detailing all entries it finds, and most entries can be removed or disabled by HijackThis. Caution should be exercised" [the bold is mine].

NEVER fix anything with HJT unless you are under advice from a trained analyst. It's just too dangerous. Removing something incorrectly with HJT could result in a trashed computer with a reformat as the only option. Nasty.

If your computer is behaving oddly, or you would just like us to give your computer a "health check", then post a HJT log and we'll take a look to see if anything's wrong.

OJ

romseeker123 · #**176** (**permalink**) 09-27-2007, 11:15 AM

I have a lot of popups and explorer.exe keeps ending whenever I go to a google search. also when i do a google search, once i click on a link, i redirects me to adware advertisement.

oddjob · #**177** (**permalink**) 10-02-2007, 02:21 AM

romseeker123 .... your HJT log shows you have NO Service Pack protection.

Also which firewall and antivirus are you using?

You must do the following things beofre this can be taken any further.

Go here to get Service Pack 1a ...

http://www.microsoft.com/windowsxp/d...1/default.mspx

Choose the 'Network Installation' link to download the standalone version. Save it to your desktop and then double click the file to begin the installation.

NOTE > DO NOT install Service Pack 2 at this stage ... NEVER install SP2 on an infected machine …..

*************

Once this is done make sure your have a good third party firewall (NOT the Windoze built-in firewall) and a good antivirus. If in doubt here are a few to choose from ....

AV ….

AVG > http://free.grisoft.com/doc/1

Avast > http://www.avast.com/eng/avast_4_home.html

Antivir > http://www.free-av.com/antivirus/allinonen.html

**Comodo > http://www.antivirus.comodo.com/ [AV in beta only as at 20.8.07]

AntidoteLite >
http://www.vintage-solutions.com/Eng...per/index.html

Clamwin > http://www.clamwin.com/

F/W …..

Zone Alarm > http://www.zonelabs.com/store/conten...=en&lid=nav_za

Sygate > http://www.simtel.net/product.downlo...s.php?id=53687

Sunbelt Firewall (formerly Kerio) > http://www.sunbelt-software.com/Home...onal-Firewall/

**Comodo > http://www.comodo.com/products/free_products.html

Jetico > http://www.jetico.com/index.htm#/jpfirewall.htm

*************

Now run some first line removal programs. These ...

Superantispyware > http://www.superantispyware.com/

Download it, update it to the latest definitions, and have it run full scans on your entire systems on its default settings.

Let it fix whatever it finds.

ComboFix >
http://download.bleepingcomputer.com...a/ComboFix.exe

Double click combofix.exe & follow the prompts.
Note >> Do not mouseclick combofix's window while it's running. That may cause it to stall.

When finished, it will produce a log for you. The report is called ComboFix.txt.

Post that log in your next reply along with a fresh HJT log AND an update on how the computer is operating now.

OJ

k594 · #**178** (**permalink**) 11-12-2007, 08:28 PM

please take a look at my log guys see if u can help

k594 · #**179** (**permalink**) 11-12-2007, 11:34 PM

here is a current one after some house cleaning

oddjob · #**180** (**permalink**) 11-13-2007, 03:01 AM

Quote:

Originally Posted by k594

here is a current one after some house cleaning

You have some Trojans there.

Which firewall are you using? If it's the Windoze firewall ... don't. It's not robust enough. You need a good independent (free) firewall). Let us know. We can advise on which alternatives to choose.

Download, install & run these three programs on their default settings. Let them fix what they find.

Superantispyware > http://www.superantispyware.com/

TrojanHunter > http://www.misec.net/

Ccleaner > get it here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) …

http://www.ccleaner.com/

When done post a fresh HJT log with an update on any remaining problems/troubles/issues you have.

OJ