Logs

Status
Not open for further replies.
You need to attach your logs. Do not copy and paste them. Also please state exactly what your issue is. You obviously have encountered an infection, but what is the specificity of your problem?
 
i can't seem to find the folders in which the logs are locatedm that is why i just pasted the logs here... the path says that it is located in Appdata but i cant find that folder... my problem is that the website apartmentjackpot.com is always appearing when i use the internet... thanks.
 
You should be able to save the logs to your desktop by doing
File > Save as in notepad.

But if you rather you can do the following
Application Data is a hidden folder therefore you are gonna need to unhide the folder.

My computer > tools > folder options > View tab > then select Show hidden files and folders > Click apply and ok to exit.

Now browse to the folder. Follow the instructions below as it relates to your system.

Drive letter:\Documents and Settings\User name\Application Data

eg G:\Documents and Settings\me\Application Data


You need to browse through the malwarebytes and superantispyware folders until you come upon a folder named logs. Open it you logs should be there.
 
You have yet to state what you problem is. Also please undo the unhide procedure for your protection.
 
Seeming the problem is yet to be stated by emmandgr81

Edit: Member just replied!

I would like to recommend that you un-install Norton (Symantec) AntiVirus
And install a Free Antivirus like Avast or Avira

Then do a full update and scan
It is amazing howmany issues Norton does not find

You might want to do this before replying back.
If you do decide on this (recommended) action
Then you will need to supply another fresh HJT Log (as an attachment)
 
Your HJT Log did not reflect anything that may be causing the problem. Follow the Procedure below.

This should remove anything that has attached itself to IE.

Follow these steps to use the Reset Internet Explorer Settings feature from Internet Explorer 7:
1. In Internet Explorer 7, click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

Let me know if it works.
 
do you have an idea on how to uninstall it? i cant seem to find an uninstall option in the folder where the anti virus is found
 
I have reviewed your logs as follows:
Have SuperAntisoyware remove the Tracking Cookies.
To reset Cookies to safe setting:
Open Internet Options> Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'allow first party Cookies'> CHECK 'Block third party Cookies'> CHECK Allow per session Cookies'> Apply> OK

Mbam removed 'Trojan Agent'.

Update Java: Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.

Remove the older versions of Java:
1. Click Start, Control Panel, Add/Remove Programs.
2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 10

Firewall: Please download one of these free firewalls and install it:
Comodo :http://www.personalfirewall.comodo.com/
Zonealarm: http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp

NOTE re firewall. DO this AFTER you have uninstalled Norton.

Uninstall Panda before doing any more scans. If you did an online AV scan, it stays on the system until you remove it:
[O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
/QUOTE]
Turn off Real Time:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:
C:\Program Files\ppcbooster\ppcb_32.:
C:\Windows\system32\SearchFilterHost.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [mondrv411] C:\Windows\mondrv411.exe
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [EPSON Stylus C90 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZP.EXE /FU "C:\Windows\TEMP\E_SF3D0.tmp" /EF "HKCU"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Startup: XFX Game Controller.lnk = ?[/QUOTE]
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:

Start> Run> type in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK all processes EXCEPT antivirus program, firewall and fingerprint process. If on a laptop, leave the touchpad process on startup> Apply> OK

Control Panel> Add/Remove Programs> Remove the following if there:
VnrBlock
PPCBoster
Java other than v6u10
Panda
Reboot into Normal Mode. You will get a nag message that you can just close after checking 'don't show this message again.'

Rerun a fresh HijackThis scan and attach new log. We can handle any Norton/Symantec entries if left if you decided to remove it and use other AV.
 
what do you mean by this?

QUOTE]

Quote:
Turn off Real Time:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
 
I mean you don't want it starting up and running in the background while you are running other malware cleaning programs. It can suppress results.
 
The log looks good. You still need to get the right Java installed:
Update Java:
Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.

Reopen HijackThis and scan. Check the following:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

For your consideration: You might think of getting rid of WildTangent, they are kind of known for spyware. (But it is your Choice)If you decide to do this, have HijackThis remove the following:
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
IF you want to stop the game console:
Start> Run> services.msc> right click on GameConsoleService - WildTangent, Inc.> Properties> Change Startup Type to Disabled.
IF you want to remove it:
Delete Games in Control pannel > Programs and Features

Then delete this folder.
C:\Program Files\Toshiba Games

Open Internet Options> Security tab> Restricted sites> Sites> type in:
apartmentjackpot.com
Click Add> Apply> OK.
IF you get a message that this is already in another zone, open the Trusted zone and remove it from there, then out it in Restricted.

1. Click Start, Control Panel, Add/Remove Programs.
2. Delete all Java updates except J2SE Runtime Environment 6.0 Update 10

If this has solved the original problems:
* Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
* Click the CleanUp! button.

* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

Clear your existing System Restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
This will remove all restore points except the new one you just created.

Let us know if your need additional help. It's been a pleasure helping you.
 
Status
Not open for further replies.
Back