Need Major Help With Hijack This Log :(

By litlemiss
Feb 4, 2005
Topic Status:
Not open for further replies.
  1. Here is my hijack log i was gone for a week and come home to my computer slammed with popups spyware ect Any one help me.i have attached the file..Thanks all for taking the time reading this again hijack posted below... :hotbounce

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.

    Go HERE and follow the instructions very carefully.

    I suggest that you print them out.

    Regards Howard :wave: :wave:
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    First of all, go stand in the corner, with your face to the wall!
    Shame on you for not having any anti-virus software installed!
    Go to www.grisoft.com and get the free AVG7. Install it, update it, then run a FULL scan. You'll be surprised!

    Your Hijackthis is outdated (see also my post that Howard mentioned).

    You should at least install XP/SP1 (Service Pack 1).
    If you want to go for SP2, you don't need to install SP1 first.
    Make a proper backup, and take a System restore point before you install SP1 or SP2.

    Do your homework first, using the link that Howard advised, then post a fresh log from the new HJT (after an AntiVirus installation, do NOT get anything Norton/Symantec).
  4. litlemiss

    litlemiss Newcomer, in training Topic Starter

    here is new hjt log
  5. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Quick work!

    Boot in Safe Mode
    Switch off System Restore

    Press ctrl/alt/del and in Taskmanager try to STOP these processes:
    AUserInit.exe
    LiveUpdate.exe
    fqsmel.exe
    hpdll.exe
    wsxsvc.exe
    d3hf.exe
    iyuecab.exe
    llli.exe
    itspsspc.exe
    sysmonnt

    Next, run Hijackthis STANDALONE and let it 'fix' (if still there):

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
    O2 - BHO: (no name) - {F699BDDF-79E1-9C92-0589-185405AFF04E} - (no file)
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [fqsmel] c:\windows\system32\fqsmel.exe
    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [d3hf.exe] C:\WINDOWS\system32\d3hf.exe
    O4 - HKLM\..\Run: [s77O36V] iyuecab.exe
    O4 - HKCU\..\Run: [Potb] C:\Documents and Settings\Nora\Application Data\llli.exe
    O4 - HKCU\..\Run: [dwoERWZ4g] itspsspc.exe
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)
    O15 --->>> You do NOT trust ANYbody EVER <<<---
    O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.1.0.39/aces/aces-ob-assets.cab
    O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-6.0.4.37/backgammon/backgammon-ob-assets.cab
    O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.4.37/canasta/canasta-ob-assets.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105253340962

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Delete all files/directories from: C:\Documents and Settings\Nora\Local Settings\Temp
    Delete your temp. internet files and cookies.

    Run Spybot S&D again and let it 'immunise' your PC, takes only a few seconds.

    In future, switch off your PC when you go away for a day or longer.

    Now think about your XP SP1 or SP2. SP1 is a MUST.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.