TechSpot

Pls. help me analyze what files to remove from my log file

By mackenzie_tins
Mar 8, 2008
  1. i was having problems on my laptop with some pop up on my screen during my start up. i already run my spybot and downloaded Norton 2007 but i it cannot be detected and removed form my laptop. So i kept on surfing the net to find some aid for my problem and i was lead in this site. I have downloaded hijackThis file from the threads that i have read in this site this morning, and when i made a scan using hijackThis, i successfully found the file that keeps popping on my screen during my start up saying "script not found C:\Windows\System32\killVBS.vbs", and i removed it. i am very happy that i dont have the pop up anymore when i opened again my laptop, however, i am not confident enough that i already removed all the malicious and harmful files on my system since i only removed the killVBS.vbs file because i dont know what are the goo and bad files on my system. pls. help me identify the files to remove so that i can fix my system.


    << attached is my log list >>

    hope you can help me:wave:
     
  2. Matthew

    Matthew TechSpot Staff Posts: 5,266   +92

    Follow the steps in this guide and post back with your results.
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Just adding a comment

    Quickly scanned through the log (not a malware expert)
    (note symantec and many others, slowing your system startup)

    These two look a little strange

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs

    O4 - HKCU\..\Run: [System File] C:\Documents and Settings\bestbuy\Local Settings\Application Data\My Documents.exe
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Cannot find script file "C:\WINDOWS\system32\killVBS.vbs"

    Please follow these steps,

    Remember to back up the registry, see how HERE Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.

    In the left panel, double-click the following:
    HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows
    NT>CurrentVersion>Winlogon

    In the right panel, locate the entry:
    Userinit = "%System%\userinit.exe,%System%\wscript.exe "%system%\killVBS.vbs""

    Right-click on the value name and choose Modify. Change the value data of this entry to:
    C:\Windows\System32\userinit.exe,
    Close Registry Editor.

    Right-click Start then click Search

    In the Named input box, type:
    AUTORUN.INF

    In the Look In drop-down list, select a drive, then press Enter.

    Select the file, then open using Notepad.

    Check if the following lines are present in the file:
    [AutoRun]
    shellexecute=wscript.exe killVBS.vbs
    If the lines are present, delete the file.
    Repeat steps for AUTORUN.INF files in the remaining removable drives.
    Close Search Results.

    Hopefully that will work.

    If you dont feel confident editing the registry then dont!

    Also you should probably think about uninstalling Viewpoint, its called foistware, in other words its foisted on people that dont really need it.

    To get rid of it,

    Go to Start > Run and copy/paste or type: taskmgr
    • Under the Processes tab find the following tasks or processes:
      ViewpointService.exe
      ViewMgr.exe
    • Highlight and click "End Process".
    • Exit Task Manager.
    Click on Start > Run and type: services.msc
    • Press "OK".
    • Click the "Extended tab".
    • Scroll down the list and find the service called "Viewpoint Manager Service"
    • When you find the service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Disabled".
    • Now click "Apply", then "OK" and close any open windows.
    Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Finally, delete the following folders if they still exist:
    C:\Program Files\ViewManager\ <-- and delete this folder
    C:\Program Files\Viewpoint\ <-- and delete this folder
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Wow !
     
  6. kritius

    kritius TS Guru Posts: 2,084

    What? Lol!!
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I believe using this in your post:
    {list]
    {*] list item 1
    {*]list item 2
    {/list]

    Would top it off fully

    Note: the { should be [ But I couldn't use [ because then it would look like this:
    • list item 1
    • list item 2

    Did I say Wow out loud, er Hum, good post Kritius
     
  8. kritius

    kritius TS Guru Posts: 2,084

    Thanks for that, I know it didnt look right when I did it but just thought it would be better to get it posted.

    Thanks very much mate. How does it look up there now?
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    :grinthumb :grinthumb :grinthumb

    10/10
     
  10. mackenzie_tins

    mackenzie_tins TS Rookie Topic Starter

    i was trying to install avg but i was having some problem installing it
    installation always failed, saying" 2 errors and 1 warning occured. click details to show more information........the details are>>>>

    Local machine: installation failed
    Installation:
    Error: Action failed for file avg7core.sys: starting service....
    Insufficient system resources exist to complete the requested service. (1450)
    Warning: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: creating registry value....
    Access is denied. (5)
    Rollback:
    Error: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: restoring registry value....
    Access is denied. (5)



    what does it mean?

    i also tried to install avast and i was also having some problem saying that i have to remove the temporary internet files from the internet option in my control panel, i did it but still i cannot install it.

    pls. help me
    is it because i have norton, that is why i cant install it?
    i want to install AVG or AVAST because i cant removed the W32.SillyDC and trojan Horse in my 2 USB drives.
     
  11. kritius

    kritius TS Guru Posts: 2,084

    Did you use the fix I posted for you?

    And yes it would be better if you ditched Norton before adding more antivrus software.

    To remove Norton, use the Norton Removal Tool
     
  12. mackenzie_tins

    mackenzie_tins TS Rookie Topic Starter

    i have already installed AVG.... ooopppsss ...sorry i wasn't able to removed norton yet, i didn't dare too coz when i tried to remove and uninstall the norton 2006 edition on my laptop a month ago, i always got an error in uninstalling. Maybe because norton is already installed on my laptop when my husband bought it. So since i cannot open it i just updated it to 2007 edition but that is only good for trial period. i don't know if i can uninstall norton this time.
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...