Hijack this log please!!!!!!!! I think i ve got virus

[sam192]

sorry i can't post hijack this because i am a newbie it says?

 

[howard_hopkinso]

Hello and welcome to Techspot.

All log files must be posted as attachments, so there`s no point in you making several meaningless posts.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

Hijack this please

please

sorry for my stupidness

BTW combofix doesn't work in my vista

 

[howard_hopkinso]

Your system is infected with a variety of malware and your running an outdated version of HJT and haven`t renamed it.

Please follow the instructions in my post above.

Regards Howard

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

Sorry ive installed the latest version and here it is

Ive renamed it but it when i ran it it came up with some erroe but still saved a txt file

 

[howard_hopkinso]

If you bothered to read the instructions it quite clearly says:

[center]Do not run a HJT scan, until step15 of this thread.[/center]

Now go and follow the instructions starting at step1 and finishing at step15.

Then and only then post the requested log files.

If you don`t want to follow the instructions, then that`s ok, just reformat your system. that`ll get rid of your malware.

Regards Howard

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

Sorry i will follow instructions

 

[howard_hopkinso]

By god, I think he`s got it lol.

I`m sorry if you think I`m being rude. I assure you it`s not intentional, nor personal against you. It`s just that I get that sick and tired of telling folks the same thing over and over and over and them not doing it.

You`ve just caught me on a bad day I`m afraid.

Regards Howard

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

I understand i would have done the same thing on a good day lol. I will follow instructions and report back to you, hopefully you can help me out

One more thing do i have to download yours preffered antivirus/spyware programme?
I have got Zone alarm internet security full

 

[howard_hopkinso]

No, that`s perfectly ok.

The Antivirus/Firewall software I recommend is only to be installed, if you don`t already have any.

Regards Howard

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

Hijack Log Final

Hi, i followed all instructions
and here is the log file

 

[howard_hopkinso]

Where are the rest of the log files, such as the Combofix and AVG Antispyware logs? I also requested the results of the Panda Antirootkit scan.

Once you`ve finished these instructions, you should have 3 log files. HJT, Combofix and AVG Antispyware. They are the only logs we need, unless otherwise requested.

Regards Howard

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

Combofix log is attached below, anti spyware didn't find anything neither did rootkit

 

[howard_hopkinso]

Your HJT log has been posted from safe mode. It needed to be posted from normal mode. Not very good at following instructions are you?

Do the following.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\Windows\kbdctrl.dll
C:\Windows\neobus.dll
C:\Windows\ipwyptfg.dll
C:\Windows\bonrep.dll
C:\ScanSectorLog.dat
Folder::
C:\VundoFix Backups
C:\Program Files\RichVideoCodec
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C33240D-D292-4E3C-BB5C-3EC6541B0480}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{17943327-95B1-4F8B-9534-8F82C2497211}"=-
[-HKEY_CLASSES_ROOT\CLSID\{17943327-95B1-4F8B-9534-8F82C2497211}]
[-HKEY_CLASSES_ROOT\CLSID\{17943327-95B1-4F8B-9534-8F82C2497211}]
[-HKEY_CLASSES_ROOT\bonrep.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{BDE718BD-CC74-4BE6-B637-42D382FA475F}]
[-HKEY_CLASSES_ROOT\bonrep.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"kbdctrl"=-
"neobus"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

final

i couldn't run combofix in normal mode so i ran it in safe mode.
hope that's ok
and for hijack this log it came up as error but it still saved a txt file which ive attached

 

[howard_hopkinso]

I need to see a HJT log from normal mode, not from safe mode.

Regards Howard

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

HJT log is from normal mode combo fix isn't
But when i tried hijack this from normal mode it came up with an error message but still saved a text file

 

[howard_hopkinso]

How is your HJT log from normal mode?

Taken from your latest HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:52, on 13/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Safe mode with network support

Why does everything have to be so damn difficult.

This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sam192]

even if i do it in normal mode it still comes up as safee mode
like all others i did

I know it is normal mode because all the menus and other stuff have full colours (aero) unlike safe mode

 

[Rik]

The error message in your screenshot tells you exactly how to fix your problem. Try it.



This thread is for the use of sam192 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

NO! That`s still from safe mode with networking.

I`ve had enough of all this pissing around.

Either you`re incredibly stupid, or you`re just taking the piss.

Whatever the reason, I`ve had enough of all this BS.

Thread closed.