Need Help Analyzing HiJack This log

Status
Not open for further replies.
My son's computer has gone bonkers. I've run spybot s&d, AdawareSE, MS Antispyware, Symantec, etc.... All with and without safemode and with system restore disabled. Msconfig, regedit are disabled... will not come up or will come up for a few seconds and disappear. He also runs AOL IM and was receiving suspicious IM's popping up unsolicited from his own screen name. We uninstalled AOL IM. I've been working on this for 2 days and cannot figure it out! All I've read in web is about HiJack This, so I downloaded and now need help with reading the logs. Please!!!! I'm not totally computer illiterate <sp?>, but do not want to delete things I know nothing about.
 

Attachments

  • hijackthis.txt
    3.4 KB · Views: 6
Put Hijackthis in a permanent directory of its own, e.g. c:\Program Files\HJT, NOT in Temp or on the desktop.
With System Restore OFF, boot in safe mode.
Press ctrl/alt/del and in Taskmanager try to STOP: MSNGMSNGR32.EXE (This is a fake)

Next, run HJT on its own, and let it 'fix' if still there:
C:\WINDOWS\system32\MSNGMSNGR32.EXE
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKCU\..\RunOnce: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O15 - Trusted Zone: .windowsupdate.com[/url]

When done, delete C:\WINDOWS\system32\MSNGMSNGR32.EXE
Empty your Temp directory, delete all temp. internet files and cookies.
Go to www.getfirefox.com and install Firefox. Use that for browsing from now on.
Use IE only for Windows-updates, NOTHING else.
 
Fixes Worked

Thanks realblackstuff... the computer seems to be working properly now. This is what I did:

I put HJT in its own folder.
Turned System Restore OFF and booted in safe mode.
I could not get to the Taskmanager, so could not stop MSNGMSNGR32.exe.
I can HJT and the only thing that showed up from the list of things to fix you gave me was: 02 - BHO PCTools Site Guard.
I did a search for MSNGMSNGR32.EXE on computer and deleted all instances.
I also did a search in regedit for MSNGMSNGR32.exe and found 2 instances and deleted them (I know, I know)
I found two other files in the registry that I had written down as suspicious... NVMsnW and MsVBdll... know anything about these files?
I emptied Temp directory, etc.
Rebooted in normal mode
Downloaded Firefox (nice... thanks)
Reran HJT in normal mode and found two other items to be fixed from your list:
R3 - Default URLSearchHook is missing
and
015 - Trusted Zone: <can't put the URL in... it's the microsoft one>
I went ahead and had HJT "fix" them.

Msconfig now works from start-->run and everything else seems to be working.

I'm assuming I should now turn System Restore back on??

I've attached the last HJT log from the scan I ran after I did all of the above.

Thank you SO MUCH for your help!!!!
 
Run HJT again and let it fix:
R3 - Default URLSearchHook is missing
O15 - Trusted Zone: .windowsupdate.com[/url]
NEVER trust ANYONE for O15 !!!

Both NVMsnW and MsVBdll are baddies. Remove from your Registry, note the extensions if any (.pif and/or .dll most likely) and delete all occurrences from your PC.

When done, you can switch System Restore back on.
Enjoy.
 
Thanks!

realblackstuff - Thanks, I really appreciate the help! Everythings working great! Now if I can keep the kid from downloading everything in sight, I think I'll be able to keep my sanity :approve:
 
Status
Not open for further replies.
Back