8 Steps done Hjt needs review

Status
Not open for further replies.

treetops

Posts: 3,064   +784
My brothers computer ran for years with no protection I put avg super anti spyware spyweare doctor spybot search and destroy on it about a year ago but I notice eventually every anti virus seemed to become corrupt. Avg stopped updating and most recently avast complete scan took over 48 hours, so I would stop it. I recently got your recomended avira wich is currently running great. I followed your steps. But I have a feeling there are most likely still nastiesdue to all those years of neglect so I would like a hjt review.

Currently I have super anti spyware and avira running
 

Attachments

  • hijackthis.log
    11 KB · Views: 7
Hi Tree

So go here and download to Desktop: http://www.adrive.com/public/97c4357781f45c7e443061094b8cfaff3836f57446eb242ab2ee0b6cd68a0107.html

Double click it to run it.

Then click OK to self extract.

Once extracted dbl click to enter Fixer folder.

To run it 1st double click Daft, then click scan and check any found items and click fix and then exit.

Then just dbl click Fixit.cmd to run it.

But boot to Safe mode and run it! When finished reboot.

then

Download ComboFix

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.
=========================================

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.

Finally update and run MBAM Quick Scan and post log.

Lastly a new HJT log.

Mike
 
Before I installed avira malware bytes wouldnt even update. Thanks for your help here is the rest of the logs.

Heres the last hjt log almost forgot it.
 
OK we still have issues.

Uninstall ComboFix
Start-Run
type combofix /u
click ok

Then redownload a new combofix to the desktop. Then rename it from combofix.exe to 12cbf34.exe. Do not run yet!

Then..

So go here: http://www.adrive.com/public/97c4357781f45c7e443061094b8cfaff3836f57446eb242ab2ee0b6cd68a0107.html

Download to Desktop then double click it to extract it, then click OK to self extract.

Once extracted boot to Safe Mode.

Then dbl click to enter Fixer folder.

To run it 1st double click Daft, click scan and check any found items and click fix.
Then just dbl click Fixit.cmd to run it.

When it finishes run 12cbf34

Then back to normal and run 12cbf34 again and post its log.

Do you have both Norton and Avira?

Mike
 
files no longer publicly available

no just avira but he previously had norton on here, years ago
 
Sorry i was doing maintenance on Adrive.

The link is available now.

Do that now but check back on this post as i am going to edit in more instructions for Norton.

Mike

EDIT:
Norton is hard to remove fully and properly and can cause non apparent issues and performance issues until properly cleaned.

Norton removal tool (use this to cleanup after a normal uninstall or if it will not uninstall)
http://majorgeeks.com/Norton_Removal...NRT_d4749.html

Then SymRegFix ftp://ftp.symantec.com/public/english_us_canada/tutorials/SymRegFix.exe

To download using Internet Explorer. Click the following link to download the file:

SYMMSICLEANUP.reg ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg
Save the file to the Windows desktop.

To download using Firefox. Right-click the following link and then click Save Link As to download the file:

SYMMSICLEANUP.reg [ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg

then
Use same instructions for IE or FF to get the below.

IE: MSIFIX.bat ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat

FF: MSIFIX.bat ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat

Run all above in order presented.

Mike
 
Ok the Fixit Script does report like that and was working correctly.

All my links were bad on that page glad you told me! But i fixed them so go back and do them.

Mike
 
Alrighty iv done it all, the last 2 are text files? I double clicked on both of them in the correct order. It just opens up a text file, just making sure if its supposed to do that.
 
No if they open as text files you have to rt click them and chose Save As.

After save then dbl click and approve to add to the registry.

Reread Post #4 and do the Combofix uninstalll and rename then run 12cbf34 post its log and we may be finished!

Then get me a status report on how system is running anything remaining to do?

Mike
 
Ok heres the log from yesterday, your very last program keeps giving me a text file, I even tried the ie one to see if you had them switched around. The 2nd to last one downloaded fine today, I believe I was clicking on the ie one yesterday.

Yesterday I did the uninstall combo fix n all that.

By the way when I say open as text file, I mean I right click save link as download them and it is a text file.
 
Ok I was confusing combo fix with fixer, heres the log. I uninstalled and ran combo last I dont know if thats ok. I made sure to run fixer first as posted in your instructions.

My system is running fine, avira has no problems. I went ahead and put in another hjt log.

Another question, my little brother refuses to use comodo or any firewall that will get in his way and annoy him, hes very impatient. Currently I have windows firewall on his computer, is there a better passive firewall I can get him?

I use his computer more then he does nowadays thats why I figured id help him out by cleaning it up.

What did you want me top rename .reg?


Oh yeah another thing, about 2 weeks ago when I was running utorrent and wow at the same time, the comp froze and I got some sort of error, since then utorrent downloads incredibly slow. I tried to reinstall it but it didn't help. Maybe after doing all this it will run properly again.
 
OK to clean up his computer you should be able to go thu the steps in this thread.

Most all good Firewalls take some interaction. I think the Comodo FW is the best free one.

Does he have Vista?

Do you use a Router or directly connected to the Cable/DSL modem?

For your computer we are finished so consider the following..

Thread Closing-------------------------------------------------------------------

Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.

Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Save to desktop.

This will remove all the tools we used to clean your computer.

Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.

-------------------------------------------------------------------------------------
Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below

Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.

As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

It clears what is known as Shadow copies which are used by specialized back up programs.

This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------
ERUNT
Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

ERUNT http://www.larshederer.homepage.t-online.de/erunt/
Yes! Even if you use system restore and other backups Registry and Images.
-------------------------------------------------------------------------------------

Every two weeks or so, run MBAM and SAS until clean.

They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

If they find something they can not clean, then get back to us.

Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

It was designed to be used with and to co-exist with other Virus scanners.

Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

It's like looking at it with 2 sets of eyes and from a different angle.

It works like some Firewalls do to learn what is good/bad.

After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

As it queries you about the prompt to help you determine to approve or not you can google it with one click.

http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html

Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/

I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

A Disk Scan (chkdsk) and Defrag are in order.

Mike
 
Hey im about half way done, thanks for all the help, I run xp. This is comp is using a wireless router, with transcend broad band. It is a tower less then a mile away that sends out internet to a small satellite dish on top of my roof. Which goes down to a box which connects to a router. I keep all of my families computers up to date as far as virus scanners anti spyware and firewalls are concerned. Whenever i visit i make sure they have there automatic updates\scanners scheduled. Unlike most people I like to tinker around a bit. I look forward to checking out those programs, iv always wanted a secondary virus scanner that wouldn't conflict. I used the trend micro online scanner before as a secondary and I didn't care for it.

I think thats it thanks again,

Josh
 
Really if you are behind a Router (a router is not a Firewall as some think) but by the very nature of what it does is a natural Firewall .

IMHO the windows firewall is sufficient for normal use for a normal user who don't do P2P file sharing play casino games etc. IF it is behind a Router.

I hope I have answered all your questions.

Mike
 
New problem, my brother did not have the genuine windows. After fixing it up I updated all his windows updates. Usually it would stop him at sp3, because it did not recognize his windows as genuine. But after fixing it up, it let me download sp3, I installed it, restarted, then the comp made a peeping noise and displayed nothing on the monitor. I know its not even going into windows because his little screen on his keyboard shows nothing. I have more then a few windows disc, from old computer and from work. So it would be no problem installing windows if I needed too. I have not talked to him yet, but I will guess he does not want to do a full reinstall. So my guess is maybe I can put a flash drive into the comp upon start up and perhaps reroll to where it was at yesterday before the sp3 installation. I have no clue if something like this can be done.

I have no clue why he spent over 2 grand making his rig and cheaped out when it came to getting windows.

By the way I did everything you said up until erant, I didn't have the time to do that yet.

Yes its behind a router btw. I tried unplugging the power to reset the video card resolution with no avail, I also attemped tapping f8 with no results.
 
Update, he bought a windows xp disc, attempted to install it, but the screen still displays nothing. Should I post this in another part of the forum or have I offended you all because he had a pirated version of windows?
 
Hi Tree

Been very busy at work and with some traveling.

Ok so is your own computer doing Ok and where do you stand on brothers?

Mike
 
I made a new thread and did a lot of research and found it that its a bad mobo on my bros computer, thanks for your help. My computer is fine. I followed everything in Kimsland guide.

I wont copy paste everything iv tried :). 4 Different sources agree its a dead mobo. Very likely just a coincidence that it broke down after updating to sp3.
 
I don't use or support pirated windows, every computer iv bought has come with windows, I have 2x genuine xp disc, one from this dell and one from my old emachine. The problem has already been resolved, he needs a new mobo. I gave him a windows xp from a scrapped computer(my oldddd emachine). He might end up buying vista, but I yeah I told him he needs to put genuine windows on his machine. He has the xp disc and has agreed to put genuine xp on his computer if he doesn't get vista.

I just wanted to be honest with his situation, he was like "why do they care?", last week when I told him people probably wont help his situation with pirated windows, I told him, "its illegal.." he was like "oh".

It wouldn't even boot with this hard drive, which has windows genuine on it, it would already have genuine xp on it if my dell had sata cables, I would have installed it on his hard drive already through my dell.

I use his computer when I play wow, mine is to old for the wow expansion, I only have a nvidia 6200 pci video card.
 
Thanks for being truthful
By the way, if I felt the thread was for support on pirated Windows it would have been closed straight away. As you can see I left it open.

I'm glad to hear that you have helped your brother out :grinthumb
 
Status
Not open for further replies.
Back