TechSpot

hello  highjackthis?

By KeriBurke
Oct 16, 2005
  1. I think i'm following the correct directions. Can anyone tell me if this log looks good. I do know that I had a backdoor virus and I couldn't open my computer or some file folders. I was helped by a HP help and support tech and he corrected my problem (i think, everything seems to work now) I have macafee, adaware, spybot search and destroy and a new one i downloaded today (thanks to the HP GUY) spysubtract. I do have mozilla and I usually use it for my browser.. I'm not sure if any of the above info is helpful but i'm just trying to find out if my computer is in good shape now. Thanks to anyone who helps.

    -Keri
     

    Attached Files:

  2. zephead

    zephead TechSpot Paladin Posts: 1,569

    HJT alone will not overcome viruses and other stuff. if you want to do this yourself...

    download, install, and update AVG free edition. (free.grisoft.com) do not run a scan.

    download, install ad-aware SE personal (http://www.lavasoftusa.com/software/adaware/). update definitions file dut do not run a scan.

    download, install ccleaner (http://www.majorgeeks.com/download4191.html), choose not to install the context options during setup)

    download, install ewido security suite (http://www.ewido.net/en/) uncheck "Install background guard" and "Install scan via context menu" during installation.

    reboot your computer into safe mode by pressing F8 repeatdley during the boot process until you get a menu. use your arrow keys to select safe mode and hit enter. log into windows as "administrator", not your normal user account.

    run a full system scan in AVG antivirus.

    reboot your computer into safe mode by pressing F8 repeatdley during the boot process until you get a menu. use your arrow keys to select safe mode and hit enter. log into windows as "administrator", not your normal user account.

    run a full system scan in ad-aware. when prompted with the results, check everything except the "MRU objects" and click "delete" in the bottom right corner.

    reboot your computer into safe mode by pressing F8 repeatdley during the boot process until you get a menu. use your arrow keys to select safe mode and hit enter. log into windows as "administrator", not your normal user account.

    open ewido and run a complete system scan. when it finds its first problem, If Ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

    open ccleaner, and run the operation "run cleaner" in corner

    reboot your computer, letting it boot normally and log into your user account. download mozilla firefox (www.mozilla.org) and make it your default browser. when you sue the internet, use firefox instead of IE to do so.

    these operations take out more than 90% of your problems. run hijackthis, save a logfile, and post it here.

    and you can uninstall mcaffee, as it is a truly bad product and doesn't protect your system. you are far better off with AVG free edition, which costs nothing and keeps itself up to date. for a firewall i'd reccomend sygate, but we haven't gotten that far yet.

    good luck
     
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You should STOP downloading all those stupid silly games!
    They will inundate your PC with adware, spyware, trojans and what not!

    When running a HJT scan, at least FIX all your O16 entries.
    Then post a new log (but NOT before you followed zephead's good advice!)
     
  4. KeriBurke

    KeriBurke TS Rookie Topic Starter

    now what

    alright; i followed zepheads directions. Now I already had mozilla and adaware. I downloaded AVG ccleaner and the ewido. I did everything in the order you said. I'm going to post the highjackthis log now.

    I also have another question.. should I keep the following programs on my computer... spybot search and destroy and spysubtract? are they still needed if I have the other programs? I already got rid of macaffee.
     
  5. zephead

    zephead TechSpot Paladin Posts: 1,569

    ahh, i can see the difference already!

    ***right, can do***

    rbs is right - most online games (such as the ones leaving all of this crap behind on your machine) are simply traps to get spyware onto your computer.
    you shouldn't need them (especially spysubtract), ad-aware se personal is fine. and i can tell you right off the bat to get rid of panicware - the google toolbar for firefox has more than sufficient protection but without any overhead.
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /U/ UNinstall anything to do with this
    /R/ unRegister the xxx.DLL in that line
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    /R/ O2 - BHO: WinStat - {0BAE99AF-A9F7-4f7e-9C72-2C1CC81BE0FF} - C:\WINDOWS\System32\WinStat13.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
    /R/ O2 - BHO: (no name) - {61234313-6329-6256-7241-ABCE7204AFFF} - C:\WINDOWS\System32\g_ext.dll
    /R/ O2 - BHO: (no name) - {64243135-2463-2796-3683-279268379362} - C:\WINDOWS\System32\mspost.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
    /P/ O4 - HKLM\..\Run: [B1lY] C:\documents and settings\owner\local settings\temp\B1lY.exe
    /P/ O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\SYSTEM32\IRKTOW.EXE
    /P/ O4 - HKLM\..\Run: [nbkrc6YC] C:\documents and settings\owner\local settings\temp\nbkrc6YC.exe
    /P/ O4 - HKLM\..\Run: [vs2T3tR] uresync.exe
    /P/ O4 - HKLM\..\Run: [0O667Ict] C:\documents and settings\owner\local settings\temp\0O667Ict.exe
    /P/U/ O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\Program Files\Panicware\Pop-Up Stopper Basic\PSBasic.exe"
    /P/ O4 - HKCU\..\Run: [rurq] C:\PROGRA~1\COMMON~1\rurq\rurqm.exe
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O15 - Trusted Zone: www.bestbuy.com
    Fix ALL your O16 - DPF: entries
    O21 - SSODL: mspost.dll - {64243135-2463-2796-3683-279268379362} - C:\WINDOWS\System32\mspost.dll
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    ...................................................................................................
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...