TechSpot

Troj_VB.AML-Ewido log file

By misswriter
Jun 5, 2006
  1. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I see that Ewido has cleaned a lot of crap from your computer.

    However, there maybe a lot more left to clean.

    Go HERE and follow the instructions exactly.

    Post afresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
     
  2. misswriter

    misswriter TS Rookie Topic Starter Posts: 23

    Hi Howard,

    Okay. I downloaded and ran all the software according to the instructions.

    Then I rebooted in safe mode and ran HijackThis, created a log file. From there, I'm lost. :( I'm not understanding what I'm supposed to be fixing. lol

    Kim
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re not supposed to be fixing anything.

    Post your HJT log and I`ll take a look at it and tell you if anything needs to be fixed and how to do it.

    Regards Howard :)
     
  4. misswriter

    misswriter TS Rookie Topic Starter Posts: 23

    Here's the log file.

    Thanks Kim
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [TgAddServer] "C:\@Home\tioga\bin\tgfix" /fds "http://www/download/tioga"

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

    O9 - Extra button: @Home - {92E71752-3340-4D08-AC68-A93FCAEC29B8} - http://home.excite.ca (file missing) (HKCU)

    Fix all 016-DPF entries.

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :)

    Edit: I suggest you copy and paste this post into a .txt document. That way you can have it open in safe mode while you are fixing the entries I advised.
     
  6. misswriter

    misswriter TS Rookie Topic Starter Posts: 23

    Okay...done.

    Here's the new log file.

    Thanks Kim
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Well done. Your HJT log is now clean.

    Regards Howard :)
     
  8. misswriter

    misswriter TS Rookie Topic Starter Posts: 23

    Howard, thank you for all your help. :bounce:

    Kim :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...