Hijackthis Log Help Plz

Status
Not open for further replies.
B

BoG

Posts: 19   +0
Hi guys,

Honestly the best help tech site I have seen and it is laid out nice and simple. I followed the 15 steps to get these logs. I am not sure if I made a mistake somewhere.

I know aboutadog is there but I am not sure if there is anything else.

Thanks for all your help in advance.
 
You need to re-run combofix and let it complete without interrupting it and attach the log.

----------

Download DelDomains.inf
IE users Right-click on the link and select Save As.
Firefox users Right-click on the link and choose Save link as...

Save it to the desktop.

From the desktop Right-click on DelDomains.inf

Select Install making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note:, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

-----------

Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please attach the Find AWF report in your reply.
 
I attached the AWF report based on the instructions you listed earlier. When I tried running combofix it never finishes. I left if over night and still was running so I am not sure if I am missing something.
 
OK, don't try to use combofix again.

----------

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

C:\Program Files\DellSupport\bak\DSAgnt.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\system32\bak\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
C:\Program Files\EPSON\Ink Monitor\bak\InkMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe
C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe
C:\Program Files\Trend Micro\Internet Security 2007\bak\pccguide.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
C:\Program Files\Common Files\Ahead\Lib\bak\NeroCheck.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\bak\TMAS_OEMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIAIA.EXE
Click to expand...

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please attach the new FindAWF log in your reply.

----------
 
Here is a new AFW file after running the steps you provided in the last post.

As one of the issues after running all these anti spam and anti virus programs I am having trouble with my Trend Micro Security system.
 
I am having trouble with my Trend Micro Security system.
Click to expand...

Trouble????

----------

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\PROGRA~1\DELLSU~1\BAK
C:\PROGRA~1\ITUNES\BAK
C:\PROGRA~1\QUICKT~1\BAK
C:\WINDOWS\SYSTEM32\BAK
C:\PROGRA~1\ATITEC~1\ATICON~1\BAK
C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
C:\PROGRA~1\EPSON\INKMON~1\BAK
C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
C:\PROGRA~1\INTEL\INTELM~1\BAK
C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK
C:\PROGRA~1\TRENDM~1\INTERN~2\BAK
C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK
C:\PROGRA~1\COMMON~1\AHEAD\LIB\BAK
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
C:\PROGRA~1\JAVA\JRE16~2.0_0\BIN\BAK
C:\PROGRA~1\TRENDM~1\INTERN~2\TMAS_OE\BAK
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK
Click to expand...

Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please attach the new FindAWF log in your reply.
 
When I double click on Trend Micro icon in the taskbar I get this message.

"Your Personal Firewall has shutdown. Trying restarting Trend Micro Internet Security to restore your Personal Firewall. If the problem persists, please restart your computer. If you continue to receive this warning, please contact Technical Support"

I am attaching 3rd AWF file after following the instructions from last post.
 
You may have to reinstall Trend Micro. Or try updating it if it will let you.


Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

----------

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
* Finally add the contents of the Report.txt in your next post as an Attachment with a new HijackThis log
 
I did the AWF part along with downloading SDFix part. When I try to reboot in Safe Mode my screen is just black and not loading in Safe Mode.

I tried to use these instruction
http://www.bleepingcomputer.com/tutorials/tutorial61.html#winxo and have made the change Using the System Configuration Tool Method but I think the system is constatly trying to load in Safe Mode so that means I cant start it up at all.
 
I managed to run the machine in Safe Mode. I am running the Safe Mode instructions. Will post results as soon as its done.
 
Ok it ran in Safe Mode and I followed these instructions

"* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC."

Now it is back to not being able to restart the machine (just black screen). I think it is still trying to load in Safe Mode and it is not working.
 
I changed it back to Normal Boot Mode using msconfig command. Here are the results from the SDFix report and new HijackThis log
 
Have you tried to reinstall Trend Micro. You are working without full antivirus protection. Is it a paid version?


Open HijackThis and select Do a system scan only then place a check mark next to:

O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Poker\Titan Poker\casino.exe
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\Poker\UltimateBet\UltimateBet.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\Poker\PACIFI~1\pacificpoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\Poker\CDPoker\casino.exe
O15 - Trusted Zone: *.whataboutadog.com

Close all windows and click Fix checked.


How is the computer now?
 
I have uninstalled Trend Micro for the time being and will reinstall a new version as soon as I get this issue fixed.

I did the steps in last post and I ran HijackThis again and in the log I still see whataboutdog. The log file is attached.
 
Delete the copy of combofix if you still have it and download a new one.

Please download Combofix by sUBs from either here or here

Save Combofix.exe to your your Desktop.

  • Double click combofix.exe & follow the prompts. (from the keyboard select 1 and press enter)
  • When finished, it will produce a log for you.
  • Attach that log in your next reply.

Do not mouseclick combofix's window while it's running. That may cause your computer to stall

Also attach a new HijackThis log after combofix is done.
 
I delted and downloaded a new ComboFix and ran it. This time it finished and created a log file. It is attached along with the new HJT log.
 
That is very good, maybe things will start to act right now. :cool:

Can you get to safe mode using the F8 method to run SDFix?

If not don't try to use the msconfig option.

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
* Finally add the contents of the Report.txt in your next post as an Attachment

----------

We need to do the FindAWF again also. You may still have this downloaded, and that is fine to use.

Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please attach the Find AWF report in your reply.
 
It does feel like we are making a small progress. This time Safe Mode started using F8 method.

Here are the reports from SDFix and from FindAWF.
 
Sorry, I must have missed your response.


Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:

C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
Click to expand...

Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please attach the new FindAWF log in your reply.
 
Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK
Click to expand...

Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please attach the new FindAWF log in your reply.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
NukePunk
New PC this year, any help welcome :)
Replies
9
Views
1K
AlaskaGuy
AlaskaGuy
J
How will AI reshape the data center?
Replies
5
Views
115
erickmendes
erickmendes

Latest posts

Back