Another Hijack Thread
- Thread starter Joe_Zuki
- Start date
howard_hopkinso
Posts: 21,238 +17
Your system is infected with malware.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the AVG Antirootkit scan.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Your AVG Antispyware log says all items have been ignored. This is because you didjn`t tell AVG Antispyware to quarantine the results. See HERE for instructions.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Checkout
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Checkout.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://irc.everywherechat.com/Java/cfs40320.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Checkout.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log as well as another AVG Antispyware log.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Checkout
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
Checkout.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKUS\S-1-5-18\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://irc.everywherechat.com/Java/cfs40320.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\Checkout.exe
Reboot into normal mode and rehide your protected OS files.
Post a fresh HJT log as well as another AVG Antispyware log.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Ah, I see what you mean with the Checkout.exe file lol. It`s just unfortunate, you renamed it to the same name as a known trojan.
Delete all files in AVG Antispyware quarantine.
You`ve posted your HJT log from safe mode. I need to see a HJT log from normal mode.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Delete all files in AVG Antispyware quarantine.
You`ve posted your HJT log from safe mode. I need to see a HJT log from normal mode.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Yes, rename it to Analyze.exe, that`ll save any confusion.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Have HJT fix this entry.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
Other than that, your HJT log is clean.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/
Other than that, your HJT log is clean.
Turn off system restore.(XP/ME only) See how HERE.
Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of Joe_Zuki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Latest posts
-
UK could require solar panels on most new homes by 2027- Baldrickalpha1 replied
