also @ TechSpot: Motorola Droid 4 unboxing, hands-on video
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Tech Support > Virus and Malware Removal
Reload this Page Help with HJT Log, Thanks.

Download Now:

Help with HJT Log, Thanks.
Thread Tools Search this Thread
  #1  
Old 02-20-2005
bay bay is offline
Newcomer, in training
  
Member since: Feb 2005, 1 posts
Help with HJT Log, Thanks.
Would someone be so kind to help me with my HJT log. I have run Adware, NoAdware, Norton, CWShredder and finally Hijack This. However I still have problems with IE, whenever I open my homepage another page opens aswell. This also happens whenever I click on a link or 'back'. I am not sure which logs I should delete from my HJT report (and not sure if all I have to do is get HJT to fix them?)
As you may be able to tell I am not really computer literate!

ps BIG Thanks to realblackstuff he obviously knows what he is doing.
Attached Files
File Type: txt hijackthis1.txt (7.7 KB, 5 views)
  #2  
Old 02-20-2005
TechSpot Evangelist
  
Location: has left the building
Member since: Aug 2003, 8,165 posts
Boot in Safe Mode
Switch off System Restore
Use ctrl/alt/del and in Taskmanager try to stop:
MsnMsgr.Exe
emptemp2.exe
PowerReg Scheduler V3.exe

Next, UNinstall anything to do with this FAKE:
C:\Program Files\MSN Messenger\MsnMsgr.Exe

Next, run HJT on its own and let it 'fix' if still there:
C:\Program Files\MSN Messenger\MsnMsgr.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: emptemp2.lnk = C:\Program Files\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Startup: PowerReg Scheduler V3.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105964427656
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C20EB175-0DD0-4979-A994-1F0DBA69F627} (EGEGAUTH Class) - http://akamai.downloadv3.com/binarie...1032_EN_XP.cab

If these are NOT from YOUR ISP, 'fix' with HJT
O17 - HKLM\System\CCS\Services\Tcpip\..\{98EE1F25-E5F2-4CB3-9E11-0DBA7D058FDF}: NameServer = 203.12.160.35 203.12.160.36

When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.
Empty all contents from your \Temp directory.
Boot normal. If all OK, turn System Restore back on.

And stop using IE except for Windows updates!
go to www.getfirefox.com
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 08:53 AM.