HJT file attached, did RBS's walkthtough, but still sick!

Status
Not open for further replies.
K

krazzognik

Same story, task manager/regedit/msconfig closes... so does device manager! Something else, adaware freezes when it gets to windows/system32/npp, well not freezes, I can cancel the search, but it more or less freezes. so I'll do a custom check of everything but that folder, and then that folder and nothing else and adaware will run normal, and finds nothing wrong. also my documents will randomly open, (only 3 times thus far, problems first noticed about 2 days ago) antivirus finds nothing, spybot did its thing and got rid of a few. but the big prob still remains! Any help would be greatly appreciated!
 

Attachments

  • hijackthis.txt
    4.5 KB · Views: 5
Boot in Safe Mode.
Switch System restore OFF, see how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
FireDaemon.EXE
rpcapd.exe

Next, click Start/Run and type services.msc and click OK. Look for the service:
FireDaemon.EXE
rpcapd.exe
Doubleclick it, click Stop if it's running, and change the Startup type to Disabled.

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
O23 - Service: FireDaemon Service: host (host) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: FireDaemon Service: scvhost (scvhost) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.
 
did all that but still had some issues... but did find the culprit with the trendmicro online scan, it was the ituneshelper.exe... symantec didnt see the virii until trendmicro did...stupid virus scan thanks for the help!!
 
I doubt that ituneshelper.exe is a baddie, that must be a socalled 'false positive'.
Did Trendmicro 'clean' it or delete it, or what?

Please tell me as much as you can, as loads of HJT-logs have this program in it.
 
Status
Not open for further replies.

Similar threads

N
Windows 11 review round-up: Better than Windows 10, but still a work in progress
2
Replies
30
Views
6K
loki1944
L
G
  • Locked
Inactive Major loser hacker with no life
Replies
1
Views
2K
Broni
Broni
N
An error occurred applying attributes to the file. Access is denied?
Replies
2
Views
4K
DelJo63
D

Latest posts

Back