8 Steps done Hjt needs review

By treetops ยท 24 replies
Mar 23, 2009
  1. My brothers computer ran for years with no protection I put avg super anti spyware spyweare doctor spybot search and destroy on it about a year ago but I notice eventually every anti virus seemed to become corrupt. Avg stopped updating and most recently avast complete scan took over 48 hours, so I would stop it. I recently got your recomended avira wich is currently running great. I followed your steps. But I have a feeling there are most likely still nastiesdue to all those years of neglect so I would like a hjt review.

    Currently I have super anti spyware and avira running

    Attached Files:

  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi Tree

    So go here and download to Desktop: http://www.adrive.com/public/97c4357781f45c7e443061094b8cfaff3836f57446eb242ab2ee0b6cd68a0107.html

    Double click it to run it.

    Then click OK to self extract.

    Once extracted dbl click to enter Fixer folder.

    To run it 1st double click Daft, then click scan and check any found items and click fix and then exit.

    Then just dbl click Fixit.cmd to run it.

    But boot to Safe mode and run it! When finished reboot.


    Download ComboFix

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Download SDFix to Desktop.


    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

    Finally update and run MBAM Quick Scan and post log.

    Lastly a new HJT log.

  3. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    Before I installed avira malware bytes wouldnt even update. Thanks for your help here is the rest of the logs.

    Heres the last hjt log almost forgot it.
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    OK we still have issues.

    Uninstall ComboFix
    type combofix /u
    click ok

    Then redownload a new combofix to the desktop. Then rename it from combofix.exe to 12cbf34.exe. Do not run yet!


    So go here: http://www.adrive.com/public/97c4357781f45c7e443061094b8cfaff3836f57446eb242ab2ee0b6cd68a0107.html

    Download to Desktop then double click it to extract it, then click OK to self extract.

    Once extracted boot to Safe Mode.

    Then dbl click to enter Fixer folder.

    To run it 1st double click Daft, click scan and check any found items and click fix.
    Then just dbl click Fixit.cmd to run it.

    When it finishes run 12cbf34

    Then back to normal and run 12cbf34 again and post its log.

    Do you have both Norton and Avira?

  5. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    files no longer publicly available

    no just avira but he previously had norton on here, years ago
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Sorry i was doing maintenance on Adrive.

    The link is available now.

    Do that now but check back on this post as i am going to edit in more instructions for Norton.


    Norton is hard to remove fully and properly and can cause non apparent issues and performance issues until properly cleaned.

    Norton removal tool (use this to cleanup after a normal uninstall or if it will not uninstall)

    Then SymRegFix ftp://ftp.symantec.com/public/english_us_canada/tutorials/SymRegFix.exe

    To download using Internet Explorer. Click the following link to download the file:

    SYMMSICLEANUP.reg ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg
    Save the file to the Windows desktop.

    To download using Firefox. Right-click the following link and then click Save Link As to download the file:

    SYMMSICLEANUP.reg [ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg

    Use same instructions for IE or FF to get the below.

    IE: MSIFIX.bat ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat

    FF: MSIFIX.bat ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat

    Run all above in order presented.

  7. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    The specified service does not exist as a installed service.

    Thats what combo gave me when I double clicked the fixit windows nt command script, it said that about 10 times.

    I only use firefox by the way

    Then SymRegFix ftp://ftp.symantec.com/public/englis.../SymRegFix.exe

    no such file or directory
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok the Fixit Script does report like that and was working correctly.

    All my links were bad on that page glad you told me! But i fixed them so go back and do them.

  9. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    Alrighty iv done it all, the last 2 are text files? I double clicked on both of them in the correct order. It just opens up a text file, just making sure if its supposed to do that.
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    No if they open as text files you have to rt click them and chose Save As.

    After save then dbl click and approve to add to the registry.

    Reread Post #4 and do the Combofix uninstalll and rename then run 12cbf34 post its log and we may be finished!

    Then get me a status report on how system is running anything remaining to do?

  11. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    Ok heres the log from yesterday, your very last program keeps giving me a text file, I even tried the ie one to see if you had them switched around. The 2nd to last one downloaded fine today, I believe I was clicking on the ie one yesterday.

    Yesterday I did the uninstall combo fix n all that.

    By the way when I say open as text file, I mean I right click save link as download them and it is a text file.
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    OK then rename it to a .reg.

    I do not see the 12cbf34 log?

    From my last post!
  13. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    Ok I was confusing combo fix with fixer, heres the log. I uninstalled and ran combo last I dont know if thats ok. I made sure to run fixer first as posted in your instructions.

    My system is running fine, avira has no problems. I went ahead and put in another hjt log.

    Another question, my little brother refuses to use comodo or any firewall that will get in his way and annoy him, hes very impatient. Currently I have windows firewall on his computer, is there a better passive firewall I can get him?

    I use his computer more then he does nowadays thats why I figured id help him out by cleaning it up.

    What did you want me top rename .reg?

    Oh yeah another thing, about 2 weeks ago when I was running utorrent and wow at the same time, the comp froze and I got some sort of error, since then utorrent downloads incredibly slow. I tried to reinstall it but it didn't help. Maybe after doing all this it will run properly again.
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    OK to clean up his computer you should be able to go thu the steps in this thread.

    Most all good Firewalls take some interaction. I think the Comodo FW is the best free one.

    Does he have Vista?

    Do you use a Router or directly connected to the Cable/DSL modem?

    For your computer we are finished so consider the following..

    Thread Closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Save to desktop.

    This will remove all the tools we used to clean your computer.

    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
    Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.

    ERUNT http://www.larshederer.homepage.t-online.de/erunt/
    Yes! Even if you use system restore and other backups Registry and Images.

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.

    Look at http://www.javacoolsoftware.com/spywareblaster.html

    Run SpyBot ocassionally and use the Immunize function.

    I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

  15. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    Hey im about half way done, thanks for all the help, I run xp. This is comp is using a wireless router, with transcend broad band. It is a tower less then a mile away that sends out internet to a small satellite dish on top of my roof. Which goes down to a box which connects to a router. I keep all of my families computers up to date as far as virus scanners anti spyware and firewalls are concerned. Whenever i visit i make sure they have there automatic updates\scanners scheduled. Unlike most people I like to tinker around a bit. I look forward to checking out those programs, iv always wanted a secondary virus scanner that wouldn't conflict. I used the trend micro online scanner before as a secondary and I didn't care for it.

    I think thats it thanks again,

  16. mflynn

    mflynn TS Rookie Posts: 2,655

    Really if you are behind a Router (a router is not a Firewall as some think) but by the very nature of what it does is a natural Firewall .

    IMHO the windows firewall is sufficient for normal use for a normal user who don't do P2P file sharing play casino games etc. IF it is behind a Router.

    I hope I have answered all your questions.

  17. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    New problem, my brother did not have the genuine windows. After fixing it up I updated all his windows updates. Usually it would stop him at sp3, because it did not recognize his windows as genuine. But after fixing it up, it let me download sp3, I installed it, restarted, then the comp made a peeping noise and displayed nothing on the monitor. I know its not even going into windows because his little screen on his keyboard shows nothing. I have more then a few windows disc, from old computer and from work. So it would be no problem installing windows if I needed too. I have not talked to him yet, but I will guess he does not want to do a full reinstall. So my guess is maybe I can put a flash drive into the comp upon start up and perhaps reroll to where it was at yesterday before the sp3 installation. I have no clue if something like this can be done.

    I have no clue why he spent over 2 grand making his rig and cheaped out when it came to getting windows.

    By the way I did everything you said up until erant, I didn't have the time to do that yet.

    Yes its behind a router btw. I tried unplugging the power to reset the video card resolution with no avail, I also attemped tapping f8 with no results.
  18. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    Update, he bought a windows xp disc, attempted to install it, but the screen still displays nothing. Should I post this in another part of the forum or have I offended you all because he had a pirated version of windows?
  19. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

  20. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi Tree

    Been very busy at work and with some traveling.

    Ok so is your own computer doing Ok and where do you stand on brothers?

  21. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    I made a new thread and did a lot of research and found it that its a bad mobo on my bros computer, thanks for your help. My computer is fine. I followed everything in Kimsland guide.

    I wont copy paste everything iv tried :). 4 Different sources agree its a dead mobo. Very likely just a coincidence that it broke down after updating to sp3.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    The help stops here. We do not assist people using pirated copies.
  23. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Yes where do you stand on this?
    Have you advised him to get genuine?
    Obviously TechSpot cannot support your "brother's" computer, presently
  24. treetops

    treetops TS Evangelist Topic Starter Posts: 2,073   +219

    I don't use or support pirated windows, every computer iv bought has come with windows, I have 2x genuine xp disc, one from this dell and one from my old emachine. The problem has already been resolved, he needs a new mobo. I gave him a windows xp from a scrapped computer(my oldddd emachine). He might end up buying vista, but I yeah I told him he needs to put genuine windows on his machine. He has the xp disc and has agreed to put genuine xp on his computer if he doesn't get vista.

    I just wanted to be honest with his situation, he was like "why do they care?", last week when I told him people probably wont help his situation with pirated windows, I told him, "its illegal.." he was like "oh".

    It wouldn't even boot with this hard drive, which has windows genuine on it, it would already have genuine xp on it if my dell had sata cables, I would have installed it on his hard drive already through my dell.

    I use his computer when I play wow, mine is to old for the wow expansion, I only have a nvidia 6200 pci video card.
  25. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Thanks for being truthful
    By the way, if I felt the thread was for support on pirated Windows it would have been closed straight away. As you can see I left it open.

    I'm glad to hear that you have helped your brother out :grinthumb
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...