TechSpot

Hi, I Need An Interpreter For My HJT Log

By debonair247
Mar 1, 2007
  1. The HFT list looks like Chinese Algebra to me. Please Advise!
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is infected with a variety of nasties.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there)

    Image ActiveX Object

    Close control panel.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. debonair247

    debonair247 TS Rookie Topic Starter

    Help! Encountering Roadblocks in removal steps

    Greetings:

    When I reach the SmithFraudFix, my computer (Xp OS) doesnt' reboot in to Safe Mode by tapping nor holding down the F8key, in order to start the Clean process. Please Advise!

    So far, after running CCleaner, and installing AVG Anti-Spy, Ad-Aware, and SFFix, my System Alert Pop-ups and Active X Objects are no longer active and present. Wow!

    But I need to proceed thru the remaining steps, I know.

    Thanx
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged your new thread into this one. Please continue to post in this thread.

    What happens when you try and enter safe mode?

    Regards Howard :)

    This thread is for the use of only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. debonair247

    debonair247 TS Rookie Topic Starter

    Safe Mode Reply

    My computer simply starts back up in normal mode. Nothing changes when I tap on or hold down the F8 key.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Taken from HERE.

    See if that helps at all.

    If not, run SmitFraud from normal mode if you can.

    Regards Howard :)

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. debonair247

    debonair247 TS Rookie Topic Starter

    Scan Results & Logs

    I was able to run/clean SFfix in normal mode. All programs operated properly, except Ad-Aware stopped and froze its scanning process at a file in "docs & settings" folder. I attempted this twice, but, I needed to cancel to close it out. Other then that, everything else worked fine.

    Thanx
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O4 - Startup: Reboot.exe

    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk121YYUS

    O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll

    O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab

    O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab

    O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab

    O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log and let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. debonair247

    debonair247 TS Rookie Topic Starter

    HJT Log After 'Fixed Problems'

    It appears that ALL of my malware, adware, spyware, and ware-ever else has been eliminated.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. debonair247

    debonair247 TS Rookie Topic Starter

    Sure Thing

    Thank you for your tech-pertise... it's all worth following thru your instructions to completion. Much props and gratitude.

    DT
     
  12. debonair247

    debonair247 TS Rookie Topic Starter

    Help, More Pop-ups!

    Greetings:

    Most of the malware, adware, and spyware pop-ups I had are gone, but, I am still getting a pop-up for DriveCleaner, and this other pop-up comes up right before I log into a my yahoo mail (but its screen window is blank):

    http://em.gad-network.com/eas?cu-70&login=672125&mediad_prefix, etc... windows explorer

    Please Advise!
    Thanx
     
  13. tomrca

    tomrca TS Rookie Posts: 1,000

    from spybot forum:I am using SpybotS&D for the last 1.5 years and it is removing most malwares,adwares,spywares successfully and I have put my appreciation in CNET's download.com forum also.I have updated it uptodate,but the following malwares/adwares still remain undetected:-
    trafficwaypointcash.com/access.php,emoctionsplanet.com,avatarsplanet.com,
    ~Hotsexy girls Internet Explorer~,~Crazygirls internet Explorer~,amaena.com,
    burstnet.com,em.gad -network.com. These are all opened in IE only,forcibly through 'epass-key.com/?' with an id=4321&nums=N011WWG1Z-
    Why SpybotS&D cannot detect these and remove?
    Can SpybotS&D give new detection rules for invasion of such malwares ?
    Thanks,BMENON.
    clear all url's

    i would have thought that avg antispyware cleaned that one. run blacklight http://www.f-secure.com/blacklight/
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Attach the Autoruns log here, as well as a fresh HJT log.

    Regards Howard :)

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. debonair247

    debonair247 TS Rookie Topic Starter

    Attached: AutoRun Log & Fresh HJT Log

    Here's my new AutoRun Log & Fresh HJT Log.

    Thanx
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT and click the Config button, followed by the Misc Tools button. Click the Open Uninstall manager button. Click the Save List button and save to wherever you want. Close HJT and attach the list here.

    Regards Howard :)

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. debonair247

    debonair247 TS Rookie Topic Starter

    HJT Uninstall List

    Here's the uninstall list.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.

    Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
    * Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.

    Download and run the Blacklight programme. Follow all the instructions carefully.

    Let me know the results of the above rootkit scans

    Regards Howard :)

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. debonair247

    debonair247 TS Rookie Topic Starter

    Rootkit Results

    The AVG rootkit found and removed 5 root paths.
    The BLBeta rootkit eliminator found NO hidden root paths.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    So, how`s your system running now?

    Regards Howard :)
     
  21. debonair247

    debonair247 TS Rookie Topic Starter

    So far, so good!

    So far, no pop-ups. But I'll see how it goes and keep you posted after about 24 hrs.

    Thanx a million, Howard.
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s good news.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of debonair247 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. debonair247

    debonair247 TS Rookie Topic Starter

    Sure Thing

    I'll be in touch tomorrow... thanx.
     
  24. debonair247

    debonair247 TS Rookie Topic Starter

    No more pesky pop-ups!

    It's been 24 hrs and I have received NO more pop-ups.
    Thanx again Howard.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...