TechSpot

Results of 8 Steps

By seanpaulz
Apr 13, 2009
  1. Any input would be great.

    Thanks.

    -Sean
     

    Attached Files:

  2. jesse14

    jesse14 TS Rookie

    im no pro but im bored and ive had a vudo thing before i used kaspersky in safe mode and di a deep scan then i used cc cleaner to remove stuff i think once the deep scanned finished my pc worked fine again for a little while but then i had to reinstall windows because it came back.

    and if im right root kit is a lot of virus and Trojans and stuff all working together and very hard to remove but don't take my word im no pro
     
  3. touch

    touch TS Rookie Posts: 978

    Hello Sean

    You should remove one of your antivirus programs - Avast or Norton/Symantec from add/remove programs in controlpanel.

    Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html

    Choose one of the servers at Majorgeeks....save the file on your desktop

    Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
    Run HostsXpert 4.2 - Hosts File Manager from its new home
    Click on "File Handling".
    Click on "Restore MS Hosts File".
    Click OK on the Confirmation box.
    Click on "Make Read Only?"
    Click the X to exit the program.

    Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Reboot, attach new new hijackthis log, and tell how your computer are behaving
     
  4. seanpaulz

    seanpaulz TS Rookie Topic Starter Posts: 18

    Thanks for the help Touch.

    I preformed the instructions you have provided and posted the log.

    Thanks.
     
  5. touch

    touch TS Rookie Posts: 978

    Great.

    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...a/key_features/ext360_dcab.html?noreloadredir


    The following are not spyware/malware, but I suggest you place a check mark next to the following entries and hit 'Fix checked', as these programs may be taking up system resources.

    O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
    (Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    (Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
    (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)



    Reboot, post fresh hijackthis log and tell how things are running ?
     
  6. seanpaulz

    seanpaulz TS Rookie Topic Starter Posts: 18

    Ok, I checked and fixed all of the files that you suggested.

    Attached is the new log.

    A quick note, everything seems to be running fine now. The only thing that still worries me is when I log in to safe mode, there are two log in options; Admin and my profile. The Admin is password protected and I cant get in to it.

    When I log in normally, only my profile exists and it shows that I am the Admin.

    Any advice on that?

    Thank again!
     
  7. touch

    touch TS Rookie Posts: 978

    Possibly. It´s normal in safe mode, there are an admin account, and even it´s password protected, you should be able to open it, if you hit Enter, when it ask for a password.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...