TechSpot

My hijackthis log

By Majestic
Sep 22, 2006
  1. [EDIT] Hijackthis log has been updated.

    Ok,I've done everything as suggested in http://www.techspot.com/vb/topic58138.html
    including the removal tools that I first thought were bad.

    I believe I've removed a whole load of virii/torjans etc. Ive tried to reinstall NAV but just before it completes it stops, removes everything and says the installation was interupted. Could this be another virus?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {278B661A-14A8-D8B0-6AF4-03088B866149} - C:\WINDOWS\system32\unaoakg.dll

    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt1.dll (file missing)

    O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A9B3A941-A76A-4E51-8470-D2D604486720}: NameServer = 194.72.0.114 62.6.40.162<Only fix this, if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\system32\unaoakg.dll
    C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :wave: :wave:

    This thread is for the use of Majestic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Majestic

    Majestic TS Rookie Topic Starter

    Ok, I've done what you said.

    System has been running much better after completing the whole http://www.techspot.com/vb/topic58138.html guide. Except for Iexplorer, which was still being redirected, firefox was fine though.

    Now that I've done what you said Iexplorer is running fine.

    When I ran the killbox I did exactly what was said but when I tried to kill the second dll, ater the countdown to reebot I got a "pendingfilerenameoperations registry data has been removed by external process" pop up warning thing and it didnt reboot.So I restarted manually.

    Is this bad?
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    Don`t worry about the killbox message it`s fine. You can now delete the killbox backups folder.

    It appears you`re not running any antivirus or firewall software. This is a huge security risk.

    Download and install either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes. You can get them HERE, HERE, HERE and HERE.

    Install whichever firewall you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times. Run the antivirus updates.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Majestic only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Majestic

    Majestic TS Rookie Topic Starter

    I've just reinstalled AVG free. Did a full scan and came up clean.

    There is one thing however. I can't view streaming video in webpages. It comes up with a "cannot create directshow player" error. My own searching suggestes a dll is corrupt or missing.

    Should I try a XP repair? Or would reinstalling DirectX help?
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Before attempting a repair, I suggest you download and install the latest versions of Java and Flash Player. See if that solves your problem.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...