TechSpot

Hijackthis Log Help Plz

By BoG
Dec 14, 2007
Topic Status:
Not open for further replies.
  1. Hi guys,

    Honestly the best help tech site I have seen and it is laid out nice and simple. I followed the 15 steps to get these logs. I am not sure if I made a mistake somewhere.

    I know aboutadog is there but I am not sure if there is anything else.

    Thanks for all your help in advance.
  2. evilfantasy

    evilfantasy Banned Posts: 428

    You need to re-run combofix and let it complete without interrupting it and attach the log.

    ----------

    Download DelDomains.inf
    IE users Right-click on the link and select Save As.
    Firefox users Right-click on the link and choose Save link as...

    Save it to the desktop.

    From the desktop Right-click on DelDomains.inf

    Select Install making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

    Note:, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

    -----------

    Please download FindAWF:
    http://noahdfear.net/downloads/FindAWF.exe

    Save the file to the Desktop
    Double-click the FindAWF icon.

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 1 then Enter to scan for bak folders
    The scan may take a while, please be patient.

    When done, a text file, Find AWF report is produced.
    Please attach the Find AWF report in your reply.
  3. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    I attached the AWF report based on the instructions you listed earlier. When I tried running combofix it never finishes. I left if over night and still was running so I am not sure if I am missing something.
  4. evilfantasy

    evilfantasy Banned Posts: 428

    OK, don't try to use combofix again.

    ----------

    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 2 then Enter to restore files from bak folders

    A text file opens called: files.txt
    Click below the line and paste the following list of files to be restored:

    Next, close and click Yes to save the changes.

    Once files.txt is saved, FindAWF does the following:
    -It attempts to terminate the process represented by each filename on the list, if running
    -Deletes the rogue file from the parent folder, if present
    -Copies the original file to the parent folder

    When done with the above, it automatically runs a new scan and opens a new log.
    Please attach the new FindAWF log in your reply.

    ----------
  5. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    Here is a new AFW file after running the steps you provided in the last post.

    As one of the issues after running all these anti spam and anti virus programs I am having trouble with my Trend Micro Security system.
  6. evilfantasy

    evilfantasy Banned Posts: 428

    Trouble????

    ----------

    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 3 then Enter to remove bak folders

    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed:

    Next, close and click Yes to save the changes.

    Once folders.txt is saved, FindAWF does the following:
    -It deletes the contents of the bak folders
    -Removes the bak folders

    When done with the above, it automatically runs a new scan and opens a new log.
    Please attach the new FindAWF log in your reply.
  7. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    When I double click on Trend Micro icon in the taskbar I get this message.

    "Your Personal Firewall has shutdown. Trying restarting Trend Micro Internet Security to restore your Personal Firewall. If the problem persists, please restart your computer. If you continue to receive this warning, please contact Technical Support"

    I am attaching 3rd AWF file after following the instructions from last post.
  8. evilfantasy

    evilfantasy Banned Posts: 428

    You may have to reinstall Trend Micro. Or try updating it if it will let you.


    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 4 then Enter to reset domain zones

    This removes all entries from the domain zones.
    When the program returns to the main menu, use the following option:
    Press E then Enter to EXIT

    ----------

    Download SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following:
    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, the Advanced Options Menu should appear;
    * Select the first option, to run Windows in Safe Mode, then press Enter.
    * Choose your usual account.
    * Open the extracted SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    *] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
    * Finally add the contents of the Report.txt in your next post as an Attachment with a new HijackThis log
  9. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    I did the AWF part along with downloading SDFix part. When I try to reboot in Safe Mode my screen is just black and not loading in Safe Mode.

    I tried to use these instruction
    http://www.bleepingcomputer.com/tutorials/tutorial61.html#winxo and have made the change Using the System Configuration Tool Method but I think the system is constatly trying to load in Safe Mode so that means I cant start it up at all.
  10. evilfantasy

    evilfantasy Banned Posts: 428

    So are you stuck trying to load safe mode?
  11. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    Yes. Not sure what I can do now.
     
  12. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    I managed to run the machine in Safe Mode. I am running the Safe Mode instructions. Will post results as soon as its done.
  13. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    Ok it ran in Safe Mode and I followed these instructions

    "* Open the extracted SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC."

    Now it is back to not being able to restart the machine (just black screen). I think it is still trying to load in Safe Mode and it is not working.
  14. evilfantasy

    evilfantasy Banned Posts: 428

    Try to use msconfig and get back to Normal Boot Mode.
  15. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    I changed it back to Normal Boot Mode using msconfig command. Here are the results from the SDFix report and new HijackThis log
  16. evilfantasy

    evilfantasy Banned Posts: 428

    Have you tried to reinstall Trend Micro. You are working without full antivirus protection. Is it a paid version?


    Open HijackThis and select Do a system scan only then place a check mark next to:

    O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Poker\Titan Poker\casino.exe
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker\UltimateBet\UltimateBet.exe
    O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\Poker\PACIFI~1\pacificpoker.exe
    O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\Poker\CDPoker\casino.exe
    O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\Poker\CDPoker\casino.exe
    O15 - Trusted Zone: *.whataboutadog.com

    Close all windows and click Fix checked.


    How is the computer now?
  17. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    I have uninstalled Trend Micro for the time being and will reinstall a new version as soon as I get this issue fixed.

    I did the steps in last post and I ran HijackThis again and in the log I still see whataboutdog. The log file is attached.
  18. evilfantasy

    evilfantasy Banned Posts: 428

    Delete the copy of combofix if you still have it and download a new one.

    Please download Combofix by sUBs from either here or here

    Save Combofix.exe to your your Desktop.

    • Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
    • When finished, it will produce a log for you.
    • Attach that log in your next reply.

    Do not mouseclick combofix's window while it's running. That may cause your computer to stall

    Also attach a new HijackThis log after combofix is done.
  19. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    I delted and downloaded a new ComboFix and ran it. This time it finished and created a log file. It is attached along with the new HJT log.
  20. evilfantasy

    evilfantasy Banned Posts: 428

    That is very good, maybe things will start to act right now. :cool:

    Can you get to safe mode using the F8 method to run SDFix?

    If not don't try to use the msconfig option.

    Download SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following:
    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, the Advanced Options Menu should appear;
    * Select the first option, to run Windows in Safe Mode, then press Enter.
    * Choose your usual account.
    * Open the extracted SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    *] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
    * Finally add the contents of the Report.txt in your next post as an Attachment

    ----------

    We need to do the FindAWF again also. You may still have this downloaded, and that is fine to use.

    Please download FindAWF:
    http://noahdfear.net/downloads/FindAWF.exe

    Save the file to the Desktop
    Double-click the FindAWF icon.

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 1 then Enter to scan for bak folders
    The scan may take a while, please be patient.

    When done, a text file, Find AWF report is produced.
    Please attach the Find AWF report in your reply.
  21. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    It does feel like we are making a small progress. This time Safe Mode started using F8 method.

    Here are the reports from SDFix and from FindAWF.
  22. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    For pure selfish reasons.
    BUMP

    :)
  23. evilfantasy

    evilfantasy Banned Posts: 428

    Sorry, I must have missed your response.


    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 2 then Enter to restore files from bak folders

    A text file opens called: files.txt
    Click below the line and paste the following list of files to be restored:

    Next, close and click Yes to save the changes.

    Once files.txt is saved, FindAWF does the following:
    -It attempts to terminate the process represented by each filename on the list, if running
    -Deletes the rogue file from the parent folder, if present
    -Copies the original file to the parent folder

    When done with the above, it automatically runs a new scan and opens a new log.
    Please attach the new FindAWF log in your reply.
  24. BoG

    BoG Newcomer, in training Topic Starter Posts: 19

    Thanks for the continued help. Here is the latest FindAWF log
  25. evilfantasy

    evilfantasy Banned Posts: 428

    Double-click the FindAWF icon once again

    If a Security Alert shows, allow the program to run.
    As instructed, press any key to continue.
    Use the following option: Press 3 then Enter to remove bak folders

    A text file opens called: folders.txt
    Click below the line and paste the following list of folders to be removed:

    Next, close and click Yes to save the changes.

    Once folders.txt is saved, FindAWF does the following:
    -It deletes the contents of the bak folders
    -Removes the bak folders

    When done with the above, it automatically runs a new scan and opens a new log.
    Please attach the new FindAWF log in your reply.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.