You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
HJT log and malware baddies giving me pop ups
- Thread starter Xristus
- Start date
- Status
- Not open for further replies.
:wave: welcome to TechSpot :wave:
Please follow the instructions in the sticky thread at the top of the forum, with the title Follow these instructions BEFORE posting your HJT log.
Only THEN please post your HJT log as a .TXT attachment, as per the instructions in that thread.
Regards, Spike
Please follow the instructions in the sticky thread at the top of the forum, with the title Follow these instructions BEFORE posting your HJT log.
Only THEN please post your HJT log as a .TXT attachment, as per the instructions in that thread.
Regards, Spike
Updates
I ran the following
CWshredder-Found nothing
Spybot-Cleaned out what it found
F-secure or w/e- the following files were found using but I was unable to locate them to remove them. I have show hidden files on so I'm slightly baffled as to why I can't find them.
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052512.exe Trojan-Downloader.Win32.Swizzor.eu
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052513.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052514.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053545.exe Trojan-Downloader.Win32.Swizzor.dv
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053546.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053547.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP384\A0054699.exe Trojan-Downloader.Win32.Swizzor.fg
TrendMicro-Froze up on me or just decided to stay at two bars for over two hours
Ive cleared the cookies and all that jazz from the browsers so I'll resubmit a HJT log in place of the old one and if there are any further things I may have overlooked please notify me.
Also if it requires booting into safe mode don't hesitate to tell me I'm capable of doing that if its needed.
Thanks again
Xristus
I ran the following
CWshredder-Found nothing
Spybot-Cleaned out what it found
F-secure or w/e- the following files were found using but I was unable to locate them to remove them. I have show hidden files on so I'm slightly baffled as to why I can't find them.
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052512.exe Trojan-Downloader.Win32.Swizzor.eu
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052513.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052514.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053545.exe Trojan-Downloader.Win32.Swizzor.dv
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053546.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053547.exe Trojan-Downloader.Win32.Swizzor.fg
C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP384\A0054699.exe Trojan-Downloader.Win32.Swizzor.fg
TrendMicro-Froze up on me or just decided to stay at two bars for over two hours
Ive cleared the cookies and all that jazz from the browsers so I'll resubmit a HJT log in place of the old one and if there are any further things I may have overlooked please notify me.
Also if it requires booting into safe mode don't hesitate to tell me I'm capable of doing that if its needed.
Thanks again
Xristus
That's good. The files in system volume information are within restore points. Simply disable system restore to get rid of them.
Could you now please follow the rest of the instructions, and we'll take a look. When done, please post a fresh HJT log and your Ewido scan log in a new reply to this thread.
Could you now please follow the rest of the instructions, and we'll take a look. When done, please post a fresh HJT log and your Ewido scan log in a new reply to this thread.
Heh here we go again
I've now attached a copy of the ewido scan I ran. I performed the full system one. I've also left an updated copy of the HJT log. I tried once again to get trend to run but it hits two bars and doesnt get any progress no matter how long I let it run.
I've got to get going so if theres anything else let me know.
Thanks again Spike
`Xristus
I've now attached a copy of the ewido scan I ran. I performed the full system one. I've also left an updated copy of the HJT log. I tried once again to get trend to run but it hits two bars and doesnt get any progress no matter how long I let it run.
I've got to get going so if theres anything else let me know.
Thanks again Spike
`Xristus
1, Place HiJackThis into its own directory (eg, c:\hjt\ ) - IMPORTANT!
2, Reboot to Safe Mode, disable system restore, and show all hidden files and folders
3, Open ask manager, and end the following if present...
Scr Admin Comp.exe
4, Run HJT, and fix the following...
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {AEAE8F6B-8E20-6EAF-6525-257ED17D0964} - C:\DOCUME~1\LAPTOP~1\APPLIC~1\OOZEPL~1\PhoneDead.exe (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKCU\..\Run: [Stupid flaw] C:\DOCUME~1\LAPTOP~1\APPLIC~1\SUPPOR~1\Scr Admin Comp.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
All 016 entries
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
/* Fix the following only if it is not recognised/wanted */
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCAD5D0-E6F8-4F65-BC66-53EC1F25BB0E}: NameServer = 24.217.0.5,24.217.0.55
5, Delete the following files and folders (in bold)...
C:\Program Files\AWS\
C:\Program Files\AOL\AOL Toolbar 2.0\
C:\DOCUME~1\LAPTOP~1\APPLIC~1\SUPPOR~1\
C:\DOCUME~1\LAPTOP~1\APPLIC~1\OOZEPL~1\
Re-enable System restore, reboot to normal mode.
You also need to install a firewall - ZoneAlarm or Sunbelt Kerio are both good options.
2, Reboot to Safe Mode, disable system restore, and show all hidden files and folders
3, Open ask manager, and end the following if present...
Scr Admin Comp.exe
4, Run HJT, and fix the following...
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {AEAE8F6B-8E20-6EAF-6525-257ED17D0964} - C:\DOCUME~1\LAPTOP~1\APPLIC~1\OOZEPL~1\PhoneDead.exe (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O4 - HKCU\..\Run: [Stupid flaw] C:\DOCUME~1\LAPTOP~1\APPLIC~1\SUPPOR~1\Scr Admin Comp.exe
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
All 016 entries
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
/* Fix the following only if it is not recognised/wanted */
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCAD5D0-E6F8-4F65-BC66-53EC1F25BB0E}: NameServer = 24.217.0.5,24.217.0.55
5, Delete the following files and folders (in bold)...
C:\Program Files\AWS\
C:\Program Files\AOL\AOL Toolbar 2.0\
C:\DOCUME~1\LAPTOP~1\APPLIC~1\SUPPOR~1\
C:\DOCUME~1\LAPTOP~1\APPLIC~1\OOZEPL~1\
Re-enable System restore, reboot to normal mode.
You also need to install a firewall - ZoneAlarm or Sunbelt Kerio are both good options.
- Status
- Not open for further replies.
Similar threads
- Replies
- 47
- Views
- 8K
- Replies
- 10
- Views
- 7K
-
TechSpot is dedicated to computer enthusiasts and power users.
Ask a question and give support.
Join the community here, it only takes a minute.