TechSpot

HijackThis log. Please help

By jbisset
Oct 3, 2008
  1. My PC is VERY slow and is locking up (just started the other day). Please help me determine if my log is clean. Thank you.
     
  2. BillAllen55

    BillAllen55 TS Maniac Posts: 368

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I agree. I took a look at the log and you have quite a lot of entries needing removing. Follow the instructions on the site referenced, including Malwarebytes and SuperAntispyware. Run HijackThis again AFTER running the other programs and attack all three logs here.

    Please follow the directions in the other steps.
     
  4. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    Also reset IE to its default settings

    To use RIES in Internet Explorer 7, follow these steps:1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.
    Note If you cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.
     
  5. Hondo2K7

    Hondo2K7 TS Rookie

    Malwarebytes Anti-Malware log

    Malwarebytes' Anti-Malware 1.28
    Database version: 1229
    Windows 5.1.2600 Service Pack 2

    10/4/2008 6:02:52 PM
    mbam-log-2008-10-04 (18-02-52).txt

    Scan type: Quick Scan
    Objects scanned: 45033
    Time elapsed: 5 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Printer Driver (Backdoor.Bot) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    D:\WA7P (Unknown.Vundo.Related) -> Quarantined and deleted successfully.
    D:\WA7P\Quar (Unknown.Vundo.Related) -> Quarantined and deleted successfully.

    Files Infected:
    D:\WINDOWS\system32\PRINTDRV.EXE (Backdoor.Bot) -> Delete on reboot.
    D:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Hondo2K7, was you former user name jbisset? If so please advise. I see the membership dates are the same, however we have no notice that you have chosen a different user name. If you are someone else with a problem, please start a new thread, tell us what the problems are.

    This thread is for the use of jbisset, who was referred to the malware cleaning URL, which includes running Malwarebytes, SuperAntispyware and HijackThis, followed by attaching all three logs here.
     
  7. Hondo2K7

    Hondo2K7 TS Rookie

    Hondo2K7

    Probably uploaded attachment to wrong post, new to using this . sorry for the mix up.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...