TechSpot

new here, can someone check my log :)

By RST531
Nov 1, 2007
  1. first off, great site. i did the whole clean up and it went smooth. so here is my log and text files. can someone check them out and let me know what file i should fix with hijackthis.exe. thank in advance
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    RST531, I don't do the hijack logs- someone will be along to review the logs. But as a matter of information, what 'clean up' are you referring to? Additionally, are you having a problem with your system that might indicate you have malware? Or are you just looking for someone to help to streamline the system?
     
  3. RST531

    RST531 TS Rookie Topic Starter

    ok sorry about that. the clean up was "Viruses/Spyware/Malware, preliminary removal instructions" the 15 step process.
    link here: techspot.com/vb/topic58138 (cant post links yet)

    Well my comp was acting up, i was getting pop up saying my sytem needed virus program so i closed it and then this will happen 3 more times and an hour or more later the same series of pop ups will happen again. that was the first i noticed i had a prob. and also for web searches i would get redirect to this website something like web-prayers com. so i did the above process and it seems to work now but i wanna confirm it to be safe. also i wanted my comp to be alil more streamlined since its work computer.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You haven`t attached a Combofix log as per the instructions. Nor have you let us know the results of the Panda Antirootkit scan.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cshelpdesk/start.asp?user=ppolague

    O2 - BHO: (no name) - {18637589-64B3-4E6C-9D57-0FA0D96A840B} - (no file)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {F01720C0-6026-4C2A-90F4-F081BF246A85} - C:\WINDOWS\system32\awvww.dll (file missing)

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post fresh HJT and Combofix logs, as well as the results of the Panda Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. RST531

    RST531 TS Rookie Topic Starter

    ok sorry about the combofix log (mistaken the vundo text as the combofix text) attached now.

    and for the Panda Antirootkit, it didnt find or do anything. and attached is the new HJT log.

    and again thanks for taken the time to check my stuff out. :wave:
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

    Let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. RST531

    RST531 TS Rookie Topic Starter

    ok here is the new combofix.txt.

    and i think everything is fine. the problems that usually happened, hasnt so far. but i wanna get some experienced advice to be sure i didnt miss anything.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Use the following script in Combofix as last time.

    Once done, delete the C:\Qoobox folder.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of RST531 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. RST531

    RST531 TS Rookie Topic Starter

    great! thanks for all the help.

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...