also @ TechSpot: OCZ Vertex 450 SSD Review

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

HJT Log

Discussion in 'Virus and Malware Removal' started by circusboy01, Aug 14, 2011.

Page 4 of 5

circusboy01 TechSpot Enthusiast Posts: 666
Broni said: ↑

What is Windows music Mine?

I'm not sure what you're saying.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Chose quote because there is a lot of things to address
I'll respond by number
#2 when you said yes to prompt. you meant OK to reboot. Right?
#3 Mine always are.
#4 There were no infections listed
#5 Wot is already installed.
#6 I run MBAM often Full scan.
#9 Had filehippo forgot to reinstall after I took PC back to factory settings
#11 I will choose custom I just hope when it gives me choices I choose the right ones.
#12 Not sure. But, I don't think I was infected.Wouldn't you have told me. " I found this or that,and fixed, or got rid of it for you? "
#13 I will just as soon as I install the rest of the things you asked me to.
circusboy01, Aug 25, 2011

#61
Broni Malware Annihilator Posts: 39,379 +177

#2 when you said yes to prompt. you meant OK to reboot. Right?

Correct.

Broni, Aug 25, 2011

#62
circusboy01 TechSpot Enthusiast Posts: 666

Thanks for all the help. Wish me luck over at Windows. CB

circusboy01, Aug 26, 2011

#63
Broni Malware Annihilator Posts: 39,379 +177

Good luck

Broni, Aug 26, 2011

#64
circusboy01 TechSpot Enthusiast Posts: 666

I'm Back

Broni,
I need your help. You told me to download, and install Seconia PSI Which I did.
You also told me to run it once a week. That's were I'm having problems. Every once in a while I get a notice ,down by the clock saying that Secunia has detected something. I don't know if the something is good or if it's something I need to worry about,and if it is a problem. I don't know how to fix it. When I open it up. I'm at a complete loss. I have no clue whats going on. Ray

circusboy01, Aug 30, 2011

#65

Broni Malware Annihilator Posts: 39,379 +177

I didn't say anything about running it weekly.
That would be excessive.
Once a month will be sufficient.

Also it doesn't need to run as a startup.

Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.

Broni, Aug 30, 2011

#66

circusboy01 TechSpot Enthusiast Posts: 666

Sorry about the weekly/monthly. I remembered wrong.
When quick start up was almost finished downloading I got this:
Unable to execute file.
c:\programs file(x86) Quickstartup.exe

Create process failed code740
The requested operation requires elevation.

But, it still gave me two desktop icons. Quick Start UP & Glary Utilities Freeware.
Now I don't know what I'm looking for. But, when I open Quick Start up. It sure looks complete there's a list of all the things that are in my start up.I know because I remember typing a list for you. Many of the entries have rectangular bars indicating some kind of usage Ray

circusboy01, Aug 31, 2011

#67
Broni Malware Annihilator Posts: 39,379 +177

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Attach the file to your next reply.

Broni, Aug 31, 2011

#68
circusboy01 TechSpot Enthusiast Posts: 666

Broni said: ↑

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Attach the file to your next reply.

Don't know how to go tom file typr? So I will tell you what I got when I downloaded ths link Got 2 autoruns,one with a ? one autorunc and one EULA.
Autoruns with ? is like a help page Autoruns opens up a thing that looks alot like my Winpatrol Autorunc opens up white print on a black background. But it goes right away.EULA opens sysinternal software license terms. opened up ln notebook. Looks like one of those logs I sent you.. Ray

circusboy01, Aug 31, 2011

#69
Broni Malware Annihilator Posts: 39,379 +177

Download HijackThis:
http://free.antivirus.com/hijackthis/
by clicking on Installer under Version 2.0.4
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

Broni, Aug 31, 2011

#70
circusboy01 TechSpot Enthusiast Posts: 666

Broni; sorry it took so long to reply. I've been feeling deal crappy for the last 3 days. Haven't even wanted to get on the computer..
It looks like something I posted made you think I was having Computer problems again. I guess I could back track, and find the Post. But I'm still not 100% feeling o.k. So I'm just not up to it..
Suffice it to say. "I'm not having any Computer problems. But I would like to find out what should be in my Win Patrol start up program,and what I can get rid of..
Thanks though for remindingf me about Hijack This I've had it for over a year. I just forgot about it. After I took my Pc back to factory settings the last time. I will install it and send you a log. Just in case I have problems I don't know about. Don't worry about me trying to fix things myself. I can't read HJT logs Ray

circusboy01, Sep 4, 2011

#71
Broni Malware Annihilator Posts: 39,379 +177

Get better and good luck then

Broni, Sep 4, 2011

#72
circusboy01 TechSpot Enthusiast Posts: 666

Thanks Here's the HJT log.

Sorry. Got a problem. I hit select all,and the log turns blue. As it should. But, when I hold down the right button on the mouse, to drag and drop to TS.It turns back to white , and wont D&D. I tried the left button, and it stays blue. But, also wont D&D.

Is there, something different, I need to do to D&D when I'm running as Admin.

This is an edit. Looked back at old posts. Now I remember why you wanted me to install HJT

Ray

circusboy01, Sep 4, 2011

#73
Broni Malware Annihilator Posts: 39,379 +177

I'm not sure what you're doing.
You select all where and why all?

Broni, Sep 4, 2011

#74
circusboy01 TechSpot Enthusiast Posts: 666

I'm sure you know that when drag and drop you first have to turn the words blue, or you wont be able to move them to where ever you want. I recently found out that you could hit Select all in the drop down menu, and all the word will turn blue. It's a lot easier than the methods I used to use.
Hold the key down on the mouse slowly move it from the top of the page to the bottom. The letters will turn blue, as the cursor passes them.
Sometimes you have to use this method
Take your mouse to the top turn the first line blue. move the mouse to the bottom.
turn the last line blue, all the rest of the words will turn blue.
SO. Hitting select all is just an easier way of turning the log blue Ray

circusboy01, Sep 5, 2011

#75
Broni Malware Annihilator Posts: 39,379 +177

What exactly are you dragging and dropping.
I have no idea what exactly you're doing.

Broni, Sep 5, 2011

#76
circusboy01 TechSpot Enthusiast Posts: 666

I installed an HJT log, like you asked me to.. I'm trying to D&D it into TS so I can send it to you.
It's the last thing you asked me to do.

circusboy01, Sep 5, 2011

#77
Broni Malware Annihilator Posts: 39,379 +177

Select all text.
Right click, click "Copy".
Go back here.
Right click inside reply box, click "Paste".

Broni, Sep 5, 2011

#78
circusboy01 TechSpot Enthusiast Posts: 666

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:51:21 PM, on 9/5/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\tinySpell\tinyspell.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Raymond Wayne Solema\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raymond Wayne Solema\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raymond Wayne Solema\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raymond Wayne Solema\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Raymond Wayne Solema\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service for StartNow Toolbar - Unknown owner - C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) Here's the HJT log. Thanks agaln for looking at it for me. ray

--
End of file - 8873 bytes

circusboy01, Sep 5, 2011

#79
Broni Malware Annihilator Posts: 39,379 +177

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')

5. Click on Fix checked button.

Restart computer and you should be good to go.

Broni, Sep 5, 2011

#80

Page 4 of 5

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.

Similar Topics

HJT log
Jan 4, 2005
HJT Log
Feb 13, 2006
Hjt log
Dec 12, 2006
HJT log
Aug 3, 2006
HJT Log
Aug 2, 2007
HJT log
Sep 18, 2007
HJT log!!
Aug 17, 2007
HJT Log
Aug 28, 2007