Micro hijackthis file
- Thread starter tomika
- Start date
- Status
Hi tomika and welcome to TechSpot.:wave:
Your pc is infected but you have posted in the wrong forum.
You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.
Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into a new thread in the Security and the Web forum, only after doing the above.
We also need to know the result of Panda Antirootkit.
Your pc is infected but you have posted in the wrong forum.
You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.
Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into a new thread in the Security and the Web forum, only after doing the above.
We also need to know the result of Panda Antirootkit.
Hry Rik,
Thanks for the instructuins, I followed the steps from Viruses/Spyware/Malware, preliminary removal instructions.
Finally ended up -after running Spyware remover- in a startup loop! it starts normally and I have to choose the user and it says "Loading Your settings..." tha imidiately says that "Saving Your settings and shuting down"!
No matter what I do, run safe mode with all the possibilities never pass this stage! Please help me! I cannot even get in anymore!
I would be greatfull if somebody can help me!
Thanks for the instructuins, I followed the steps from Viruses/Spyware/Malware, preliminary removal instructions.
Finally ended up -after running Spyware remover- in a startup loop! it starts normally and I have to choose the user and it says "Loading Your settings..." tha imidiately says that "Saving Your settings and shuting down"!
No matter what I do, run safe mode with all the possibilities never pass this stage! Please help me! I cannot even get in anymore!
I would be greatfull if somebody can help me!
howard_hopkinso
Posts: 21,238 +17
howard_hopkinso
Posts: 21,238 +17
I have already moved this thread to our Security forum, so there`s no need to open a new thread.
Please post a fresh HJT log as per these instructions.
Regards Howard
This thread is for the use of tomika only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Please post a fresh HJT log as per these instructions.
Regards Howard
This thread is for the use of tomika only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Hey,
I did everything You told, all the cleaners come out ok!
Please help me to analyse this output!
NOw seems ok, exept that any ap wont start at teh first time, if I check the procceses there are already like 5 and than I need to click 6th tome to get one running!
Ad-Aware-OK
CCleaner-ok
AVG-Antispy-ok
Panda rootkit-ok
and here is the HJT result:
next post
Thanks a lot for Your help in advance!
Tomika
I did everything You told, all the cleaners come out ok!
Please help me to analyse this output!
NOw seems ok, exept that any ap wont start at teh first time, if I check the procceses there are already like 5 and than I need to click 6th tome to get one running!
Ad-Aware-OK
CCleaner-ok
AVG-Antispy-ok
Panda rootkit-ok
and here is the HJT result:
next post
Thanks a lot for Your help in advance!
Tomika
howard_hopkinso
Posts: 21,238 +17
Your HJT log contains a bogus programme.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Ad-Ware Pro
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Ad-Ware Pro.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {3A2224A0-B114-4491-9305-FD0E4B55FA1E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [AdwareProMFC] C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\Program Files\Ad-Ware Pro
Reboot into normal mode and rehide your protected OS files.
Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Combofix will automatically save the log file to C:\combofix.txt
Post the Combofix log as well as a fresh HJT log.
Regards Howard
This thread is for the use of tomika only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Ad-Ware Pro
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Ad-Ware Pro.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: (no name) - {3A2224A0-B114-4491-9305-FD0E4B55FA1E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [AdwareProMFC] C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or folders(if there).
C:\Program Files\Ad-Ware Pro
Reboot into normal mode and rehide your protected OS files.
Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Combofix will automatically save the log file to C:\combofix.txt
Post the Combofix log as well as a fresh HJT log.
Regards Howard
This thread is for the use of tomika only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Here are the HJT and Combofix log
Hello Howard,
Here come the logs You requested!
It seems still I'm having isuues with applications!
For instance I have to click on IE for like 6-7 times and than one window opens, in the processes I can see all of them !
Thanks for Your help again!
Hello Howard,
Here come the logs You requested!
It seems still I'm having isuues with applications!
For instance I have to click on IE for like 6-7 times and than one window opens, in the processes I can see all of them !
Thanks for Your help again!
howard_hopkinso
Posts: 21,238 +17
I can`t see anything nasty in your log files.
I think your problems are probably caused by corruption, rather than malware.
Since you`ve already tried a Windows repair and it hasn`t solved your problems, I suggest you backup your important data and reformat.
Regards Howard
This thread is for the use of tomika only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I think your problems are probably caused by corruption, rather than malware.
Since you`ve already tried a Windows repair and it hasn`t solved your problems, I suggest you backup your important data and reformat.
Regards Howard
This thread is for the use of tomika only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Thank You
That is a good news I have no more nasty stuff!
I'm thinking to restore my XP again since, I had to delete some of my system files during the procedure I did!
I'm really grateful for Your support!!
Thanks a lot.. I will let You know the result of restore!
Regards,
Tomika
That is a good news I have no more nasty stuff!
I'm thinking to restore my XP again since, I had to delete some of my system files during the procedure I did!
I'm really grateful for Your support!!
Thanks a lot.. I will let You know the result of restore!
Regards,
Tomika
- Status
Similar threads
Latest posts
-
BlizzGone: Blizzard cancels 2024 convention but promises an eventual return- GodisanAtheist replied
