Help needed with HijackThis log file
- Thread starter dean
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Please would you take a few moments to read this post. A message for all newcomers. Thanks.
Now to your problems.
You don`t have any Windows service packs installed on your computer. You need to install at least sp1 or preferably sp2. However, before you do that, read these two posts, and follow the instructions exactly.
How to remove trojans, and it`s ilk.
Then read this. How to remove Begin2search / coolwebsearch and other nasties.
Once you`ve done that, install a Windows service pack, and update it via the Windows updates.
Then post a fresh HJT log as an attachment.
Regards Howard :wave: :wave:
Please would you take a few moments to read this post. A message for all newcomers. Thanks.
Now to your problems.
You don`t have any Windows service packs installed on your computer. You need to install at least sp1 or preferably sp2. However, before you do that, read these two posts, and follow the instructions exactly.
How to remove trojans, and it`s ilk.
Then read this. How to remove Begin2search / coolwebsearch and other nasties.
Once you`ve done that, install a Windows service pack, and update it via the Windows updates.
Then post a fresh HJT log as an attachment.
Regards Howard :wave: :wave:
RealBlackStuff
Posts: 6,450 +3
We need to solve yours in two stages.
First Stage:
Download PocketKillbox here: http://www.downloads.subratam.org/KillBox.zip. Extract it from the zip file, remember where it goes.
Boot in Safe Mode. (press F8 a few times upon rebooting).
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste this entry:
C:\WINDOWS\System32\PAL\KLP\svchost.exe
Click on the Action menu and choose "Delete on Reboot". In the Action menu select "Process and Reboot". You'll be prompted to reboot, do so.
Second stage:
Boot again in Safe Mode.
Next, open Windows Task Manager. Press CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there) and click End Process for:
WeatherEye.exe
PowerReg Scheduler.exe
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll (file missing)
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: Windows LAN Service Manager - Unknown owner - C:\WINDOWS\System32\PAL\KLP\svchost.exe
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
First Stage:
Download PocketKillbox here: http://www.downloads.subratam.org/KillBox.zip. Extract it from the zip file, remember where it goes.
Boot in Safe Mode. (press F8 a few times upon rebooting).
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste this entry:
C:\WINDOWS\System32\PAL\KLP\svchost.exe
Click on the Action menu and choose "Delete on Reboot". In the Action menu select "Process and Reboot". You'll be prompted to reboot, do so.
Second stage:
Boot again in Safe Mode.
Next, open Windows Task Manager. Press CTRL+SHIFT+ESC.
Click the Processes tab, select the process (if there) and click End Process for:
WeatherEye.exe
PowerReg Scheduler.exe
Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
...................................................................................................
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll (file missing)
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: Windows LAN Service Manager - Unknown owner - C:\WINDOWS\System32\PAL\KLP\svchost.exe
...................................................................................................
Now click on the Fix Checked button in HJT. Exit HJT.
When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
howard_hopkinso
Posts: 21,238 +17
Let HJT fix the following.
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE This is not any kind of malware, but it is unecessary, and a resource hog. Up to you whether you want to keep it or not.
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
Other than that your log is clean.
Regards Howard
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE This is not any kind of malware, but it is unecessary, and a resource hog. Up to you whether you want to keep it or not.
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
Other than that your log is clean.
Regards Howard
- Status
Similar threads
Latest posts
-
AMD Radeon RX 8000 RDNA 4 GPUs rumored to use slower 18 Gbps GDDR6 memory- MarcusNumb replied
-
SuperAntiSpyware problem- learninmypc replied
