TechSpot

hjackthislog please help

By undead2000
Jul 3, 2005
  1. erm my friend is having problems with popups when he starts up his computer his browser is coming up and showing popups abouth something friend finder or something like that heres his hijack this log thx a lot in advance :D
     
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Tell your friend to stop installing every junk anti-spy program under the sun!
    Having more programs does NOT make it better or safer.
    That can only be achieved by using SAFE browsers like Firefox or Opera, an NOT using the buggy/holey Internet Explorer!

    To start with, move HJT away from the Desktop to e.g. C:\Program Files\HJT
    C:\Documents and Settings\DoNotEnter\Desktop\HijackThis.exe


    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:

    PSFree.exe
    Popupscn.exe
    vc multi.exe
    swdoctor.exe
    OBJ SOFT LOUD.exe
    Ares.exe

    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Panicware\Pop-Up Scanner\Popupscn.exe
    C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Documents and Settings\All Users\Application Data\Online Wait Third Great\vc multi.exe
    D:\Ares\Ares.exe

    Next, run a HJT scan and place a tick-mark in the little square before (if still there):
    ...................................................................................................
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\Panicware\Pop-Up Scanner\Popupscn.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.208.220.71::444
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [ThirdGreatViewSupport] C:\Documents and Settings\All Users\Application Data\Online Wait Third Great\vc multi.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [wave dumb] C:\DOCUME~1\DONOTE~1\APPLIC~1\GRIDTY~1\OBJ SOFT LOUD.exe
    O4 - HKCU\..\Run: [ares] "D:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
    O4 - HKCU\..\Run: [Pop-Up_Scanner] "C:\Program Files\Panicware\Pop-Up Scanner\Popupscn.exe"
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    Fix ALL O16 - DPF: entries
    O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.

    Now tell your friend to go and install AT LEAST SP1, better is SP2 (includes SP1).
    And to go to www.getfirefox.com and do just that!
     
  3. undead4110

    undead4110 TS Rookie

    thx a lot man ur help was greatly apprieciated il tell him when he gets back on msn
     
  4. ricvai7

    ricvai7 TS Rookie Posts: 31

    Please post your fresh HijackThis log file..so we can check if your system is clean or not
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...