HijackThis scan.Please verify if all seems ok.

Status
Not open for further replies.

ibanez7

Posts: 24   +0
Hello to all!
I hope i'm posting in the right place.If not please move to proper forum.Thanks.
I've just cleaned a couple of virus from a computer and all seems good now but i'd like a second opinion so i took a hijackthis scan and would like to verify if all is ok.I followed the instructions to attach the file hope it's ok.If not please let me know.Thanks very much
 
Hello and welcome to Techspot.

Your HJT log doesn`t look bad at all.

However, I`m a little concerned at this suspicious entry.

O4 - HKCU\..\Run: [svchost32] C:\WINDOWS\system32\svchost32dl.exe I can find no info for this file svchost32dl.exe.

In the light of that, I`d like you to go HERE and follow the instructions in the order they are given.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:

Edit: I have moved this thread to our security and the web forum.
 
Thank you very much for your help and info.I'll go do all that and rescan and post back in.Again Thanks for the help
 
ok Here is what i did.Ran Trendmicro, bitdefender,Kapersky found nothing,ran pandasoft and got some cookie spyware but didn't know how to find them to remove i'll attach the log.Then i installed and ran the Look2me destroyer with scan log attached.Then ran the vundofix and found nothing.I was going to run the Smitfraud but there's a virus in it so i terminated that.Then i searched for that file svhost32.dll found 2 of them and saved them to floppy then deleted both.I restarted computer and took another hijack scan and they are now gone.Could you now tell me how to get rid or find out where those files for the panda scan are hiding?they are some type of cookies but not sure how to find them.Also what do you think about the new scan log from hijack.Thanks a lot
 
Your HJT log is clean.

Run the Ewido scan in the instructions I gave you and that will clean out any tracking cookies etc.

Regards Howard :)
 
thank you very much for your help.I'm on my way now to run the ewido scan then i'll retry the panda.Thanks again
 
hijack this log scan help!

hello!
Could someone have a look at this log.I did a hijackthis scan through remote assistance on my brother's computer and figured i'd post in here and possibly see if there's anything wrong on it.Thanks a lot.
 
Not too bad, again :) , on the face of it, but there's one or two.

Same instructions as before... HERE

Or if Howard gives you more specific instructions, follow them Instead. I'm just a believer in scanning anyway first (if there's even a hint of a problem) just to be on the safe side.
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...c4trQWeCzOWPAG6qMiekUH+lqlVZgrjwNKnahmSJQU5fU
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - blank (file missing)

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.


Regards Howard :)

P.s I merged your other HJT thread into this one.
 
thank you very much for all your help people.I appreciate it very much.I'll do all of your instructions and will post back the final scan.Thanks again
 
If you follow those instructions now, it's for your own benefit and peace of mind only.

Once your HJT log is clean, it won't get any cleaner :p Howard is probably right (he usually is!). I'm just being very cautious for some reason at the moment.
 
Hello again people!
Sorry for being a pest but i have one more from my brother in law who's having a very hard time with his computer.I got him to start all the scans you showed me and all info and figured i'd post his hijack scan while he's starting on those.I also wanted to ask is there somewhere that i can read up and search how to decipher those codes in order to understand a bit more what exactly i'm throwing out in order to protect those pc's better.Thanks again i really appreciate it.
 
Your brother-in-law is running a completely unpatched version of Windows, this is not recommended.

Tell him to go HERE and follow the instructions exactly.

Then, post a fresh HJT log, only after doing the above.

Regards Howard :)
 
Thanks again for your help.I guess from what you say unpatched version is pirated.Sorry i didn't know and will look into that.I'll send him there and again thanks for the help.
 
I think you may have misunderstood.

I didn`t mean it was pirated, only that it was unpatched. I.E not having any service pack installed, which is a security risk.

Regards Howard :)
 
I'll definitely look in to getting all the updates and SP2 if he doesn't have them.Thanks for letting me know they changed drive i beleive a few weeks ago and probably don't have a clue they need to update everything.I'll get him to clean then take all updates.Again thanks
 
Status
Not open for further replies.
Back