Pls. help me analyze what files to remove from my log file

Status
Not open for further replies.
M

mackenzie_tins

Posts: 8   +0
i was having problems on my laptop with some pop up on my screen during my start up. i already run my spybot and downloaded Norton 2007 but i it cannot be detected and removed form my laptop. So i kept on surfing the net to find some aid for my problem and i was lead in this site. I have downloaded hijackThis file from the threads that i have read in this site this morning, and when i made a scan using hijackThis, i successfully found the file that keeps popping on my screen during my start up saying "script not found C:\Windows\System32\killVBS.vbs", and i removed it. i am very happy that i dont have the pop up anymore when i opened again my laptop, however, i am not confident enough that i already removed all the malicious and harmful files on my system since i only removed the killVBS.vbs file because i dont know what are the goo and bad files on my system. pls. help me identify the files to remove so that i can fix my system.


<< attached is my log list >>

hope you can help me:wave:
 
Just adding a comment

Quickly scanned through the log (not a malware expert)
(note symantec and many others, slowing your system startup)

These two look a little strange

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs

O4 - HKCU\..\Run: [System File] C:\Documents and Settings\bestbuy\Local Settings\Application Data\My Documents.exe
 
Cannot find script file "C:\WINDOWS\system32\killVBS.vbs"

Please follow these steps,

Remember to back up the registry, see how HERE Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.

In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows
NT>CurrentVersion>Winlogon

In the right panel, locate the entry:
Userinit = "%System%\userinit.exe,%System%\wscript.exe "%system%\killVBS.vbs""

Right-click on the value name and choose Modify. Change the value data of this entry to:
C:\Windows\System32\userinit.exe,
Close Registry Editor.

Right-click Start then click Search

In the Named input box, type:
AUTORUN.INF

In the Look In drop-down list, select a drive, then press Enter.

Select the file, then open using Notepad.

Check if the following lines are present in the file:
[AutoRun]
shellexecute=wscript.exe killVBS.vbs
If the lines are present, delete the file.
Repeat steps for AUTORUN.INF files in the remaining removable drives.
Close Search Results.

Hopefully that will work.

If you dont feel confident editing the registry then dont!

Also you should probably think about uninstalling Viewpoint, its called foistware, in other words its foisted on people that dont really need it.

To get rid of it,

Go to Start > Run and copy/paste or type: taskmgr
  • Under the Processes tab find the following tasks or processes:
    ViewpointService.exe
    ViewMgr.exe
  • Highlight and click "End Process".
  • Exit Task Manager.
Click on Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab".
  • Scroll down the list and find the service called "Viewpoint Manager Service"
  • When you find the service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Disabled".
  • Now click "Apply", then "OK" and close any open windows.
Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
 
I believe using this in your post:
{list]
{*] list item 1
{*]list item 2
{/list]

Would top it off fully

Note: the { should be [ But I couldn't use [ because then it would look like this:
  • list item 1
  • list item 2

Did I say Wow out loud, er Hum, good post Kritius
 
Note: the { should be [ But I couldn't use [ because then it would look like this:

  • list item 1
  • list item 2
Click to expand...

Thanks for that, I know it didnt look right when I did it but just thought it would be better to get it posted.

Did I say Wow out loud, er Hum, good post Kritius
Click to expand...

Thanks very much mate. How does it look up there now?
 
i was trying to install avg but i was having some problem installing it
installation always failed, saying" 2 errors and 1 warning occured. click details to show more information........the details are>>>>

Local machine: installation failed
Installation:
Error: Action failed for file avg7core.sys: starting service....
Insufficient system resources exist to complete the requested service. (1450)
Warning: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: creating registry value....
Access is denied. (5)
Rollback:
Error: Action failed for registry value HKLM\SOFTWARE\Classes\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}:409: restoring registry value....
Access is denied. (5)



what does it mean?

i also tried to install avast and i was also having some problem saying that i have to remove the temporary internet files from the internet option in my control panel, i did it but still i cannot install it.

pls. help me
is it because i have norton, that is why i cant install it?
i want to install AVG or AVAST because i cant removed the W32.SillyDC and trojan Horse in my 2 USB drives.
 
i have already installed AVG.... ooopppsss ...sorry i wasn't able to removed norton yet, i didn't dare too coz when i tried to remove and uninstall the norton 2006 edition on my laptop a month ago, i always got an error in uninstalling. Maybe because norton is already installed on my laptop when my husband bought it. So since i cannot open it i just updated it to 2007 edition but that is only good for trial period. i don't know if i can uninstall norton this time.
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
O
Android wont open downloaded file
Replies
0
Views
215
oysterkissez
O
dcovalencia
Solved Downloaded a .exe file from a copy of a website
Replies
23
Views
3K
Broni
Broni

Latest posts

Back