HJT Log for my laptop, can someone help

Status
Not open for further replies.
You have a large number of installs that make major demands on your resources. How much memory do you have installed?
You have AVG 8.0 competing with Symantec. That will never do. Uninstall one and use the other.
Since AVG 8.0 free version came out, it has been clear that it is a trouble-prone antivirus program... nothing like its predecessor AVG 7.5
You migh rethink all the stuff you have installed that makes call demands on your system and your online behavior. I would think things would improve if you deactivated some of it.
 
I agree with ray, you need to either remove norton completely or uninstall AVG. You shouldn't have both.

But after that...

You have a worm that propagates via the popular instant messaging application, MSN Messenger. It does this by sending a message and a .ZIP file that contains a copy of itself to target contacts.

The message it sends may be any of the following:

• Did you see this picture, it's hilarious!!!!!
• Have I shown you this new picture of my cat :)
• Hey, check out this great photo from my trip to England

This thing will also terminate windows security center

-----------------------------------------------------------------


Remove bad HijackThis entries
  • Run HijackThis
  • Click on the System Scan Only button
  • Put a check beside all of the items listed below (if present):

    O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

---------------------------------------------------------------------

OTMoveit2 by OldTimer
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    [b]%WinDir%\svchost.exe[/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

*This is not the legitimate %system%\svchost.exe
---------------------------------------------------------------

Malwarebytes' Anti-Malware

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach this log with your reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Attach the OTMoveit2 log and MBAM log along with a fresh hijackthis and we can go from there
 
Update...

Hi there, Blind Dragon and Raybay,

Thanks for both of your replies, I hope you arent offended but Im responding to both of you in this responce.

So far I have Uninstalled Norton. I decided to just use the AVG because the Norton software wasnt picking up anything an I was pretty sure something was up with my laptop. I have run AVG and updated it till it gave me a clean run.

I also downloaded spybot and ran that till it gave me a clean run.

I done the HJT and I didnt have the:
O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe


I then downloaded the OTMoveit thing and done the copy and paste log. I have attached it.

I downloded and intalled (making sure that both of the boxes were ticked). But It kept telling me it cant update and to check that my firewall allows the Malwarebytes... I dont have a fire wall other than windows one. So i turned it off and exited spybot and avg and it still told me it couldnt update so I havent run the scan.

Thanks sooo much its looking so much better now... but its still slow and I would like to have it running as well as possible so any more advice is verrry much appriciated.

Cheers!
 
Update..

I ran the norton removal tool and there were no problems.

Then I retried the update and it ran for 2 second and then told me again that i should check I was connected to the internet and that I didnt have my firewall blocking it.

I ran the system scan and it didnt find anything.

I have attached a copy of the malware log and the hjt log.

thanks again for all this help! I have learnt so much to day.
 
Remove bad HijackThis entries
  • Run HijackThis
  • Click on the System Scan Only button
  • Put a check beside all of the items listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

-------------------------------------------------------------------------------

Update your Java Runtime Environment
  • Click the following link
    Java Runtime Environment 6 Update 6
  • The 5th option down is the one you want (click Download)
  • Check the box to agree to terms of service
  • Check the box for your operating system and click 'Download selected'at the bottom
  • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
  • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_06 folder

---------------------------------------------------------------------

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

-----------------------------------------------------------------------------

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
i done every thing you listed and the malware managed to update... i ran it here is the log

i also attached the kasper log

is there anything else that needs doing?
 
Those are obviously clean logs. Time to clean up and secure the work you did.


Launch OTMoveit2! and click on the green Cleanup! button - it will uninstall some of the programs we use and then uninstall itself along with moved files/folders

-----------------------------------------------------------------------

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

    clear system restore points

    • This is a good time to clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.

  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  4. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  5. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.This is done in Vista through control panel -> windows updates.

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
 
done

Thanks so much for the help.

I have installed a firewall as well now. hopefully my lovely laptop will stay in working order......
 
Defrag

I have used the one that is on the pc in the passed but it takes at least awhole day to complete.

Can you suggest a good free one?

Thanks.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
B
Help with PUBG Mobile Pc
Replies
0
Views
418
basitdogar
B
IkariQuit
How to Enable XMP InsydeH20 Bios for Ram Upgrade
Replies
0
Views
447
IkariQuit
IkariQuit

Latest posts

Back