TechSpot

HijackThis scan.Please verify if all seems ok.

By ibanez7
May 11, 2006
  1. Hello to all!
    I hope i'm posting in the right place.If not please move to proper forum.Thanks.
    I've just cleaned a couple of virus from a computer and all seems good now but i'd like a second opinion so i took a hijackthis scan and would like to verify if all is ok.I followed the instructions to attach the file hope it's ok.If not please let me know.Thanks very much
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your HJT log doesn`t look bad at all.

    However, I`m a little concerned at this suspicious entry.

    O4 - HKCU\..\Run: [svchost32] C:\WINDOWS\system32\svchost32dl.exe I can find no info for this file svchost32dl.exe.

    In the light of that, I`d like you to go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:

    Edit: I have moved this thread to our security and the web forum.
     
  3. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    Thank you very much for your help and info.I'll go do all that and rescan and post back in.Again Thanks for the help
     
  4. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    ok Here is what i did.Ran Trendmicro, bitdefender,Kapersky found nothing,ran pandasoft and got some cookie spyware but didn't know how to find them to remove i'll attach the log.Then i installed and ran the Look2me destroyer with scan log attached.Then ran the vundofix and found nothing.I was going to run the Smitfraud but there's a virus in it so i terminated that.Then i searched for that file svhost32.dll found 2 of them and saved them to floppy then deleted both.I restarted computer and took another hijack scan and they are now gone.Could you now tell me how to get rid or find out where those files for the panda scan are hiding?they are some type of cookies but not sure how to find them.Also what do you think about the new scan log from hijack.Thanks a lot
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Run the Ewido scan in the instructions I gave you and that will clean out any tracking cookies etc.

    Regards Howard :)
     
  6. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    thank you very much for your help.I'm on my way now to run the ewido scan then i'll retry the panda.Thanks again
     
  7. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    hijack this log scan help!

    hello!
    Could someone have a look at this log.I did a hijackthis scan through remote assistance on my brother's computer and figured i'd post in here and possibly see if there's anything wrong on it.Thanks a lot.
     
  8. Spike

    Spike TS Evangelist Posts: 2,168

    Not too bad, again :) , on the face of it, but there's one or two.

    Same instructions as before... HERE

    Or if Howard gives you more specific instructions, follow them Instead. I'm just a believer in scanning anyway first (if there's even a hint of a problem) just to be on the safe side.
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sp/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...c4trQWeCzOWPAG6qMiekUH+lqlVZgrjwNKnahmSJQU5fU
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - blank (file missing)

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - blank (file missing)

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - blank (file missing)

    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.


    Regards Howard :)

    P.s I merged your other HJT thread into this one.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No need to follow those instructions, on this occasion.

    Cheers Spike.

    Regards Howard :)
     
  11. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    thank you very much for all your help people.I appreciate it very much.I'll do all of your instructions and will post back the final scan.Thanks again
     
  12. Spike

    Spike TS Evangelist Posts: 2,168

    If you follow those instructions now, it's for your own benefit and peace of mind only.

    Once your HJT log is clean, it won't get any cleaner :p Howard is probably right (he usually is!). I'm just being very cautious for some reason at the moment.
     
  13. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    here's the log scan after doing instructions in safe mode.Thank you very much for your help.
     
  14. Spike

    Spike TS Evangelist Posts: 2,168

    Your log is still clean :)
     
  15. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    Thank you very much for all the help
     
  16. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    Hello again people!
    Sorry for being a pest but i have one more from my brother in law who's having a very hard time with his computer.I got him to start all the scans you showed me and all info and figured i'd post his hijack scan while he's starting on those.I also wanted to ask is there somewhere that i can read up and search how to decipher those codes in order to understand a bit more what exactly i'm throwing out in order to protect those pc's better.Thanks again i really appreciate it.
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your brother-in-law is running a completely unpatched version of Windows, this is not recommended.

    Tell him to go HERE and follow the instructions exactly.

    Then, post a fresh HJT log, only after doing the above.

    Regards Howard :)
     
  18. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    Thanks again for your help.I guess from what you say unpatched version is pirated.Sorry i didn't know and will look into that.I'll send him there and again thanks for the help.
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I think you may have misunderstood.

    I didn`t mean it was pirated, only that it was unpatched. I.E not having any service pack installed, which is a security risk.

    Regards Howard :)
     
  20. ibanez7

    ibanez7 TS Rookie Topic Starter Posts: 24

    I'll definitely look in to getting all the updates and SP2 if he doesn't have them.Thanks for letting me know they changed drive i beleive a few weeks ago and probably don't have a clue they need to update everything.I'll get him to clean then take all updates.Again thanks
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...