could someone look at this HijackThis log file? any nasties?

By josharm ยท 7 replies
May 4, 2006
  1. hi there. ccleaner seemed to help alot but i wanted some other opinions.
    here's the log file.
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log as an attachment into this thread, only after doing the above.

    Regards Howard :wave: :wave:
  3. josharm

    josharm TS Rookie Topic Starter


    alright. i scanned, read, and tweaked.
    the files are attached.
  4. josharm

    josharm TS Rookie Topic Starter

    whoops. here is the attatched txt file

    sorry mate. new to this
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Locate the following services(if there) and double click on them. Select stop if they are running and set the startup type to disabled. Click apply/ok.

    Microsoft Update

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).


    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

    O1 - Hosts: This *must* be the first line: localhost #

    O4 - HKLM\..\Run: [Microsoft Update] wuammgr32.exe

    O4 - HKLM\..\RunServices: [Microsoft Update] wuammgr32.exe

    O4 - HKCU\..\Run: [Microsoft Update] wuammgr32.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - .cab?1142554795390

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    wuammgr32.exe You will need to search your computer to find this file.

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
  6. josharm

    josharm TS Rookie Topic Starter

    thanks howard.

    did what you said.
    was quite a trial but i think i learnt something.
    you didn't ask me to post back but here's the new Hijack This log.
    thanks again
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Regards Howard :)
  8. josharm

    josharm TS Rookie Topic Starter


    just read your "message for newcomers" downloaded the everest .exe and will fill out my user profile as i think i will be back here a bit.
    thanks heaps again.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...