TechSpot

Help needed with HijackThis log file

By dean
Sep 1, 2005
Topic Status:
Not open for further replies.
  1. Thanks in advance for any assistance you can give me with this as I'm new to HijackThis...
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Please would you take a few moments to read this post. A message for all newcomers. Thanks.

    Now to your problems.

    You don`t have any Windows service packs installed on your computer. You need to install at least sp1 or preferably sp2. However, before you do that, read these two posts, and follow the instructions exactly.

    How to remove trojans, and it`s ilk.

    Then read this. How to remove Begin2search / coolwebsearch and other nasties.

    Once you`ve done that, install a Windows service pack, and update it via the Windows updates.

    Then post a fresh HJT log as an attachment.

    Regards Howard :wave: :wave:
     
  3. dean

    dean TS Rookie Topic Starter

    Thanks for the quick reply. Here's the new hjt log after completeing the tasks you suggested.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    We need to solve yours in two stages.
    First Stage:
    Download PocketKillbox here: http://www.downloads.subratam.org/KillBox.zip. Extract it from the zip file, remember where it goes.

    Boot in Safe Mode. (press F8 a few times upon rebooting).
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.


    Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste this entry:
    C:\WINDOWS\System32\PAL\KLP\svchost.exe
    Click on the Action menu and choose "Delete on Reboot". In the Action menu select "Process and Reboot". You'll be prompted to reboot, do so.

    Second stage:
    Boot again in Safe Mode.
    Next, open Windows Task Manager.
    Press CTRL+SHIFT+ESC.
    Click the Processes tab, select the process (if there) and click End Process for:
    WeatherEye.exe
    PowerReg Scheduler.exe

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll (file missing)
    O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
    O4 - Startup: PowerReg Scheduler.exe
    O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
    O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
    O23 - Service: Windows LAN Service Manager - Unknown owner - C:\WINDOWS\System32\PAL\KLP\svchost.exe
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.
     
  5. dean

    dean TS Rookie Topic Starter

    So far so good

    Norton antivirus detected the download.fugif virus when Ewido started a scan on the system32 folder. I removed it prior to executing the two steps suggested, and before installing SP2. Here's the latest hjt...

    Dean
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Let HJT fix the following.

    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE This is not any kind of malware, but it is unecessary, and a resource hog. Up to you whether you want to keep it or not.

    O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)

    Other than that your log is clean.

    Regards Howard :)
     
  7. dean

    dean TS Rookie Topic Starter

    Already done...

    Thank you for your assistance!

    Dean
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.