Hijackthis Log

By ericson
Jun 21, 2008
  1. Hello,
    I think I have a virus...or many...any help is greatly appriciated.

    As far as what is wrong,..
    Popups left and right..or rather, they're being blocked but it's a war going on bewteen my tools and whatever is doing it. Further, there is general slowness with the computer (dispite the CPU not killing itself)...Internet specifically is extreamly slow.

    Maybe I should have done this log from normal mode rather than safe mode...
  2. ericson

    ericson TS Rookie Topic Starter

    Here is the hijack log from a normal boot
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well this one stands out a mile
    It's a BHO/TOOLBAR in Internet Explorer

    Please remove it (tick and fix)

    Also run Startup Control Panel and remove anyy reference to it
    Actually I'd suggest running RIES to reset IE to defaults

    Then running a scan with:

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    That's why I shouldn't check these logs

    Thanks xxdanielxx, I saw the bum bum link, and thought it was strange
    (I did google it too)

    But anyway, they want to use these words in their software so be it.
  6. ericson

    ericson TS Rookie Topic Starter

    I went the SAS route as per the option in the link from the poster below (xxdanielxx). If requested, I'll run with this tool too. Thanks!

    Note: I have ad-aware 2007 but somehow, it's installation is messed up and I can't uninstall it. I can't install 2008 with 2007 already installed. I can't run ad-aware 2007 either since it's broken. I substituted the PC Tool's program I have, during any step reference to specifically, ad-aware 2008. (I figured, you're just recommending free tools since they're free and that this substitution would be sufficient)

    Done, and attached. Thank you for the help!

    I'm yet to see anything suspicious while using the computer in normal boot mode. I'll reply if I notice anything and I'll check back in this thread to read any further suggestions you tech people have =)

    Thanks for your time thus far!
  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    look in your Lavasoft Ad-Aware folder for a file called UNWISE and run it to uninstall Ad-Aware.

    For SAS make sure to delete everything it found, check the quarantine for anything and delete it.

    Go to the link below and download CWShredder to your desktop then run it in safe mode it is better to run in safe mode. To boot in safe mode keep tapping the F8 key while your computer boots up.


    Also download SDFix from the link below to your desktop then run it SDFix will create a folder in your C drive boot into safe mode and go to C:\SDFix and run --->RunThis.bat. Post the log it creates here.


    One more thing do you have Itunes or quicktime installed. When you finish the above post a fresh hijackthis log
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Actually, I am just going to add this to the instructions above

    OTMoveit2 by OldTimer
    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524


    Is there something missing?
  10. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    nope, according to Old Timer, it will move all the variations of purityscan/clickspring adware, and all you need is to type purity and it has the ability to read Unicode and ASCII characters, it should find the entry that it is meant to and remove the associated registry entries and folders. Either way, it is a good program to have in case there are other entries later that can't be removed.
  11. ericson

    ericson TS Rookie Topic Starter

    That file wasn't there. Ad-aware's support forums directed me to a few steps that worked though. Ad-aware 2008 installed-updated-scanned and everything found was fixed.
    Done and log attached as requested.
    No Itunes, there is an "Ibook" external storage drive though. There might be some driver installed from that which I'm not aware of.
    Quicktime was uninstalled but, for some reason, there are a few pieces of the program left over. Similar deal to the Ad-aware 2007.

    Hijackthis log attatched.
    Note: I ran this Hijack log after Blind Dragon's OTMoveIt2 request.


    Thanks for the help everyone, I don't know what the wife did but the computer is far more protected now =D. Let me know if you see anything else from the logs.
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    boot into safe mode run hijackthis and place a check mark next to the following items

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

    O21 - SSODL: dchqhofw - {18c10ed5-b47f-4b85-9565-e02385cc72ae} - C:\Documents and Settings\All Users\Application Data\dchqhofw.dll (file missing)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...