Hijack log - please check

By Nola1031
Dec 14, 2007
  1. Hello,

    I was having problems with the fakealert trojan and Mygeek/CPVfeed browser plugin. Popups and IE browser redirect was driving me nuts. I had Kaspersky Internet Security 7 and Counterspy active on my computer when this happen.

    So glad I found your site. I followed the instructions under "Viruses/Spyware/Malware, preliminary removal instructions." Ran all the programs and the problems seem to be resolved. But figured I would post my HJT log in case there is still something that needs to be removed. I did not find the Combofix log or AVG antispyware log. But they did not show any problems after scanning. The panda antirootkit did not find a problem. Please let me know if I need to do anything else.

  2. fastco

    fastco TS Rookie Posts: 1,511

    Your HJT log looks pretty clean to me!! Good Job. Just put a check next to these entries and click FIX.

    O2 - BHO: OFK System - {A04EE79B-B894-4CE9-AD27-CAEBA40709A4} - C:\WINDOWS\blopenvtdq.dll (file missing)

    O3 - Toolbar: The retnsrp - {33421C60-E929-428C-8848-7D66E6056A3A} - C:\WINDOWS\retnsrp.dll (file missing)

    O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
  3. Daveskater

    Daveskater Banned Posts: 2,031

    Hello, Nola1031, and welcome to Techspot :wave:

    Please take a moment to read the following threads to make your experience here as enjoyable as possible :)

    Message for all newcomers

    SNGX1275's Guide to making a good post/thread

    The Techspot FAQ

    If you could take a minute to fill in some of your profile information that would be helpful to all members of the forum :)
    Knowing someone's location in the world can be extremely helpful, even if you just put a country.

    Also remember to post any problems or questions that you have in the appropriate forums

    With regards to your log, I too can't see anything bad other than what fastco has pointed out. Fix thoes entries and you'll have yourself a clean log :)
  4. Nola1031

    Nola1031 TS Rookie Topic Starter

    Thanks for checking my HJT log - Fastco & Daveskater. I have followed your instructions and cleared out the 3 files with HJT. Also went in and posted my profile information. Will add my computer specs when I do a system check.

    Really great to find this information and it worked! So glad to have those annoying popups and brower redirect taken care of without reformatting my hard drive. I could not gain access to task manager & I could not get them cleaned out with my antivirus or counterspy. So thanks again.

  5. Daveskater

    Daveskater Banned Posts: 2,031

    No problem, mate, it's what we're here for ;)

    Glad to hear you're sorted and I hope you hang around a bit longer :) It's up to you of course, though ;)
  6. Nola1031

    Nola1031 TS Rookie Topic Starter

    Hi DaveSkater,

    I was wondering if I should delete the programs that I ran to clean up my computer? My antivirus program keeps saying there is a virus when it scans Combofix and Smitfraud fix on my system. I have Kaspersky Internet Security 7.0.

  7. evilfantasy

    evilfantasy Banned Posts: 428

    Actually you need to put a check mark next to ALL of the O18 entries and fix them.

    Attach the combofix log and a new HijackThis scan.
  8. Nola1031

    Nola1031 TS Rookie Topic Starter

    HJT Log is attached

    I did not find a combofix log after working though the cleanup on my computer. Stated this in my earlier post. I do have a folder on my C drive labeled ComboFix. Did not see any text file in there or where I would have saved a log when this program ran. I did run another HiJackthis scan and have attached the log.

  9. evilfantasy

    evilfantasy Banned Posts: 428

    Open HijackThis and select Do a system scan only then place a check mark next to:

    Check all of the O18 - Protocol entries

    Close all windows except for HijackThis and click Fix checked

    Download Superantispyware (SAS) SUPERAntispyware Free Edition

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment along with a new HijackThis log in the next post.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.