TechSpot

Hijack log - please check

By Nola1031
Dec 14, 2007
  1. Hello,

    I was having problems with the fakealert trojan and Mygeek/CPVfeed browser plugin. Popups and IE browser redirect was driving me nuts. I had Kaspersky Internet Security 7 and Counterspy active on my computer when this happen.

    So glad I found your site. I followed the instructions under "Viruses/Spyware/Malware, preliminary removal instructions." Ran all the programs and the problems seem to be resolved. But figured I would post my HJT log in case there is still something that needs to be removed. I did not find the Combofix log or AVG antispyware log. But they did not show any problems after scanning. The panda antirootkit did not find a problem. Please let me know if I need to do anything else.

    Sincerely,
    Nola
     
  2. fastco

    fastco TS Booster Posts: 1,122

    Your HJT log looks pretty clean to me!! Good Job. Just put a check next to these entries and click FIX.

    O2 - BHO: OFK System - {A04EE79B-B894-4CE9-AD27-CAEBA40709A4} - C:\WINDOWS\blopenvtdq.dll (file missing)

    O3 - Toolbar: The retnsrp - {33421C60-E929-428C-8848-7D66E6056A3A} - C:\WINDOWS\retnsrp.dll (file missing)

    O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
     
  3. Daveskater

    Daveskater Banned Posts: 1,687

    Hello, Nola1031, and welcome to Techspot :wave:

    Please take a moment to read the following threads to make your experience here as enjoyable as possible :)

    Message for all newcomers

    SNGX1275's Guide to making a good post/thread

    The Techspot FAQ

    If you could take a minute to fill in some of your profile information that would be helpful to all members of the forum :)
    Knowing someone's location in the world can be extremely helpful, even if you just put a country.

    Also remember to post any problems or questions that you have in the appropriate forums

    With regards to your log, I too can't see anything bad other than what fastco has pointed out. Fix thoes entries and you'll have yourself a clean log :)
     
  4. Nola1031

    Nola1031 TS Rookie Topic Starter

    Thanks for checking my HJT log - Fastco & Daveskater. I have followed your instructions and cleared out the 3 files with HJT. Also went in and posted my profile information. Will add my computer specs when I do a system check.

    Really great to find this information and it worked! So glad to have those annoying popups and brower redirect taken care of without reformatting my hard drive. I could not gain access to task manager & I could not get them cleaned out with my antivirus or counterspy. So thanks again.

    Nola1031
     
  5. Daveskater

    Daveskater Banned Posts: 1,687

    No problem, mate, it's what we're here for ;)

    Glad to hear you're sorted and I hope you hang around a bit longer :) It's up to you of course, though ;)
     
  6. Nola1031

    Nola1031 TS Rookie Topic Starter

    Hi DaveSkater,

    I was wondering if I should delete the programs that I ran to clean up my computer? My antivirus program keeps saying there is a virus when it scans Combofix and Smitfraud fix on my system. I have Kaspersky Internet Security 7.0.

    Sincerely,
    Nola1031
     
  7. evilfantasy

    evilfantasy Banned Posts: 428

    Actually you need to put a check mark next to ALL of the O18 entries and fix them.

    Attach the combofix log and a new HijackThis scan.
     
  8. Nola1031

    Nola1031 TS Rookie Topic Starter

    HJT Log is attached

    I did not find a combofix log after working though the cleanup on my computer. Stated this in my earlier post. I do have a folder on my C drive labeled ComboFix. Did not see any text file in there or where I would have saved a log when this program ran. I did run another HiJackthis scan and have attached the log.

    Nola1031
     
  9. evilfantasy

    evilfantasy Banned Posts: 428

    Open HijackThis and select Do a system scan only then place a check mark next to:

    Check all of the O18 - Protocol entries

    Close all windows except for HijackThis and click Fix checked

    Download Superantispyware (SAS) SUPERAntispyware Free Edition

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment along with a new HijackThis log in the next post.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...