also @ TechSpot: Asus P7P55D Deluxe Motherboard Review
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Go Back   TechSpot OpenBoards > Operating Systems & Software > Virus & Malware removal
Reload this Page Help with HJT Log, Thanks.

Help with HJT Log, Thanks.

Closed Thread
Bookmark Thread Tools
  #1  
Old 02-20-2005
bay bay is offline
Newcomer, in training
  
Member since: Feb 2005, 1 posts
Help with HJT Log, Thanks.
Would someone be so kind to help me with my HJT log. I have run Adware, NoAdware, Norton, CWShredder and finally Hijack This. However I still have problems with IE, whenever I open my homepage another page opens aswell. This also happens whenever I click on a link or 'back'. I am not sure which logs I should delete from my HJT report (and not sure if all I have to do is get HJT to fix them?)
As you may be able to tell I am not really computer literate!

ps BIG Thanks to realblackstuff he obviously knows what he is doing.
Attached Files
File Type: txt hijackthis1.txt (7.7 KB, 5 views)
  #2  
Old 02-20-2005
TechSpot Evangelist
  
Location: has left the building
Member since: Aug 2003, 8,160 posts
Boot in Safe Mode
Switch off System Restore
Use ctrl/alt/del and in Taskmanager try to stop:
MsnMsgr.Exe
emptemp2.exe
PowerReg Scheduler V3.exe

Next, UNinstall anything to do with this FAKE:
C:\Program Files\MSN Messenger\MsnMsgr.Exe

Next, run HJT on its own and let it 'fix' if still there:
C:\Program Files\MSN Messenger\MsnMsgr.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: emptemp2.lnk = C:\Program Files\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Startup: PowerReg Scheduler V3.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105964427656
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C20EB175-0DD0-4979-A994-1F0DBA69F627} (EGEGAUTH Class) - http://akamai.downloadv3.com/binarie...1032_EN_XP.cab

If these are NOT from YOUR ISP, 'fix' with HJT
O17 - HKLM\System\CCS\Services\Tcpip\..\{98EE1F25-E5F2-4CB3-9E11-0DBA7D058FDF}: NameServer = 203.12.160.35 203.12.160.36

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
Empty all contents from your \Temp directory.
Boot normal. If all OK, turn System Restore back on.

And stop using IE except for Windows updates!
go to www.getfirefox.com
To remove this ad, sign in. To register for a new account, click here.
  
Closed Thread

Tip: Download Advanced SystemCare 3 Freeware - 1 Click A Day to Clean, Repair, Protect & Optimize your PC.

Thread Tools


Similar Topics
Topic Category Replies Last Post
Another HJT log seeking advice, thanks Virus & Malware removal 1 02-19-2005 06:17 AM
Request to review HJT log Virus & Malware removal 1 01-05-2005 03:59 AM
HJT log Virus & Malware removal 1 01-04-2005 03:29 PM
Begin2search problems / hjt log in safe mode Virus & Malware removal 2 12-02-2004 05:58 AM
Begin2search problem\my HJT log Virus & Malware removal 7 11-28-2004 09:11 AM


All times are GMT -4. The time now is 07:48 AM.