HJT Log

Solved
By circusboy01
Aug 14, 2011
Topic Status:
Not open for further replies.
  1. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Adobe Flash Player 10.3.183.5
    Adobe Reader 9.3
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
  2. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    TFC : 9.00 mb's of Stuff 2nd scan 0.00 Stuff

    Eset: No Threats Found.
  3. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Broni; iv'e heard that having too many things in your Start Up Menu/Start Program. Can slow a computer down. Here's everything I have in mine. Please show me what I can or should get rid of
    unatlend000000001(bf.a.30... RHDCPL? IntelPoint Superantispyware tinyspell Netgear
    LenovoFSC Adobe Reader Speed Launcher Adobe ARM Avast

    If enough things can be removed maybe it will help. At least a little CB
    ? on 2nd entrance is because I'm not sure if theif the 2nd letter is an H or not.
    Thanks again for bearing with me CB
  4. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Disable your AV program and re-run OTL fix.

    I'll address your startups little bit later.
  5. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    All processes killed
    Error: Unable to interpret < > in the current context!
    Error: Unable to interpret < > in the current context!
    Error: Unable to interpret < > in the current context!
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} deleted successfully.
    ADS C:\ProgramData\Temp:5C321E34 deleted successfully.
    File rity] not found.
    File ptytemp] not found.
    File ptyflash] not found.
    File boot] not found.

    OTL by OldTimer - Version 3.2.26.5 log created on 08252011_002135

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  6. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Broni; here's a couple more things that might be useful. Fill free to ignore..
    Usually when you boot up, right before your desktop comes on screen you hear 3 or 4 notes of the Windows music Mine opens up after only one note.

    My Netgear.stick.Connection to the Internet always has 6 to 8 out of 9 dots.
  7. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    What is Windows music Mine?

    I'm not sure what you're saying.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  8. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Oops sorry there should have been a period between music and Mine It's just sound effects that you hear when something happens like your desktop coming on screen, and lots of other things.
    Mine id set to Windows default.
    Going to start following your instructions in just a minute. But, first I need to tell you. Nothings changed. I started to download Audials Radio today. Lost it when I brought my PC back to factory settings The time indicated that it would have taken was over 1 hr. The time it took before I started having the trouble.3 or 4 minutes. Videos are still buffering and buffering and buffering. So my systems clean and nothings fixed?? Oh yea those 6 to 87 out of 9 dots I was talking about They are signal strength. I probably should have said bars but mine are shown in what looks like lit up dots. Going to follow your instructions now
  9. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    All processes killed
    Error: Unable to interpret <L> in the current context!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Raymond Wayne Solema
    ->Temp folder emptied: 325469 bytes
    ->Temporary Internet Files folder emptied: 57757706 bytes
    ->FireFox cache emptied: 43524443 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 566 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 97.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Raymond Wayne Solema
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.26.5 log created on 08252011_183609

    Files\Folders moved on Reboot...
    C:\Users\Raymond Wayne Solema\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Raymond Wayne Solema\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INY4EQCO\background-banner-middle-v9[1].jpg moved successfully.
    C:\Users\Raymond Wayne Solema\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7PFIH713\background-banner-right-v9[1].jpg moved successfully.
    C:\Users\Raymond Wayne Solema\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7PFIH713\background_banner_green_50_v9[1].jpg moved successfully.
    File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  10. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Maybe you have some internet connection issues.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
  11. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Chose quote because there is a lot of things to address
    I'll respond by number
    #2 when you said yes to prompt. you meant OK to reboot. Right?
    #3 Mine always are.
    #4 There were no infections listed
    #5 Wot is already installed.
    #6 I run MBAM often Full scan.
    #9 Had filehippo forgot to reinstall after I took PC back to factory settings
    #11 I will choose custom I just hope when it gives me choices I choose the right ones.
    #12 Not sure. But, I don't think I was infected.Wouldn't you have told me. " I found this or that,and fixed, or got rid of it for you? "
    #13 I will just as soon as I install the rest of the things you asked me to.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Correct.
  13. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Thanks for all the help. Wish me luck over at Windows. CB
  14. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Good luck :)
  15. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    I'm Back

    Broni,
    I need your help. You told me to download, and install Seconia PSI Which I did.
    You also told me to run it once a week. That's were I'm having problems. Every once in a while I get a notice ,down by the clock saying that Secunia has detected something. I don't know if the something is good or if it's something I need to worry about,and if it is a problem. I don't know how to fix it. When I open it up. I'm at a complete loss. I have no clue whats going on. Ray
  16. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    I didn't say anything about running it weekly.
    That would be excessive.
    Once a month will be sufficient.

    Also it doesn't need to run as a startup.

    Download, and install Quick Startup: http://www.glarysoft.com/qs.html
    Go File>Export, save report, and paste it into your next post.
  17. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Sorry about the weekly/monthly. I remembered wrong.
    When quick start up was almost finished downloading I got this:
    Unable to execute file.
    c:\programs file(x86) Quickstartup.exe

    Create process failed code740
    The requested operation requires elevation.

    But, it still gave me two desktop icons. Quick Start UP & Glary Utilities Freeware.
    Now I don't know what I'm looking for. But, when I open Quick Start up. It sure looks complete there's a list of all the things that are in my start up.I know because I remember typing a list for you. Many of the entries have rectangular bars indicating some kind of usage Ray
  18. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
  19. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Don't know how to go tom file typr? So I will tell you what I got when I downloaded ths link Got 2 autoruns,one with a ? one autorunc and one EULA.
    Autoruns with ? is like a help page Autoruns opens up a thing that looks alot like my Winpatrol Autorunc opens up white print on a black background. But it goes right away.EULA opens sysinternal software license terms. opened up ln notebook. Looks like one of those logs I sent you.. Ray
  20. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
  21. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Broni; sorry it took so long to reply. I've been feeling deal crappy for the last 3 days. Haven't even wanted to get on the computer..
    It looks like something I posted made you think I was having Computer problems again. I guess I could back track, and find the Post. But I'm still not 100% feeling o.k. So I'm just not up to it..
    Suffice it to say. "I'm not having any Computer problems. But I would like to find out what should be in my Win Patrol start up program,and what I can get rid of..
    Thanks though for remindingf me about Hijack This I've had it for over a year. I just forgot about it. After I took my Pc back to factory settings the last time. I will install it and send you a log. Just in case I have problems I don't know about. Don't worry about me trying to fix things myself. I can't read HJT logs Ray
  22. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    Get better and good luck then :)
  23. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    Thanks Here's the HJT log.

    Sorry. Got a problem. I hit select all,and the log turns blue. As it should. But, when I hold down the right button on the mouse, to drag and drop to TS.It turns back to white , and wont D&D. I tried the left button, and it stays blue. But, also wont D&D.


    Is there, something different, I need to do to D&D when I'm running as Admin.




    This is an edit. Looked back at old posts. Now I remember why you wanted me to install HJT


    Ray
  24. Broni

    Broni Malware Annihilator Posts: 46,173   +251

    I'm not sure what you're doing.
    You select all where and why all?
  25. circusboy01

    circusboy01 TechSpot Enthusiast Topic Starter Posts: 804   +9

    I'm sure you know that when drag and drop you first have to turn the words blue, or you wont be able to move them to where ever you want. I recently found out that you could hit Select all in the drop down menu, and all the word will turn blue. It's a lot easier than the methods I used to use.
    Hold the key down on the mouse slowly move it from the top of the page to the bottom. The letters will turn blue, as the cursor passes them.
    Sometimes you have to use this method
    Take your mouse to the top turn the first line blue. move the mouse to the bottom.
    turn the last line blue, all the rest of the words will turn blue.
    SO. Hitting select all is just an easier way of turning the log blue Ray
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.