Need help with this Hijack log
- Thread starter JeffatTT
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
HJT logs should be posted as a .txt attchment.
Go HERE and follow the instructions. Start at step 3, then do steps 1/2/4/5 etc.
Post a fresh HJT log as an attachment into this thread, only after doing the above.
I have moved this thread to our security and the web forum.
Regards Howard :wave: :wave:
HJT logs should be posted as a .txt attchment.
Go HERE and follow the instructions. Start at step 3, then do steps 1/2/4/5 etc.
Post a fresh HJT log as an attachment into this thread, only after doing the above.
I have moved this thread to our security and the web forum.
Regards Howard :wave: :wave:
Hijack log... please advise.
OK... just ran safemode... ran the Smit fraud dos based program to find and clean.
Here's the latest Hijack file. Also, I noticed on the c drive not only a Windows flolder but a Window.1 and Window.0 folder as well. Additionally, when I booted in safemode, I was given a choice of 3 Windows XP operatiing systems to logon to. I choose the first 1 in the list since they looked identical.
Please help me.
OK... just ran safemode... ran the Smit fraud dos based program to find and clean.
Here's the latest Hijack file. Also, I noticed on the c drive not only a Windows flolder but a Window.1 and Window.0 folder as well. Additionally, when I booted in safemode, I was given a choice of 3 Windows XP operatiing systems to logon to. I choose the first 1 in the list since they looked identical.
Please help me.
howard_hopkinso
Posts: 21,238 +17
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Click start/run and type regsvr32 /u C:\WINDOWS.1\system32\shdocvw.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Poker.com
EmpirePokerMaster\EmpirePoker
PartyGaming\PartyCasino
PartyGaming\PartyPoker
PartyGaming.Net\PartyPokerNet
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
poker.exe
RunEPoker.exe
RunCasino.exe
RunApp.exe
RunPF.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS.1\system32\shdocvw.dll
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.1\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
Fix all 016-DPF entries.
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
C:\WINDOWS.1\system32\Shdocvw.dll
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
C:\Program Files\Poker.com\poker.exe
C:\windows\system32\blank.htm
Reboot into normal mode and turn system restore back on.
Regards Howard
Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html
Click start/run and type regsvr32 /u C:\WINDOWS.1\system32\shdocvw.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
Poker.com
EmpirePokerMaster\EmpirePoker
PartyGaming\PartyCasino
PartyGaming\PartyPoker
PartyGaming.Net\PartyPokerNet
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
poker.exe
RunEPoker.exe
RunCasino.exe
RunApp.exe
RunPF.exe
Close task manager.
Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS.1\system32\shdocvw.dll
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.1\system32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
Fix all 016-DPF entries.
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files(if there).
C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
C:\WINDOWS.1\system32\Shdocvw.dll
C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
C:\Program Files\Poker.com\poker.exe
C:\windows\system32\blank.htm
Reboot into normal mode and turn system restore back on.
Regards Howard
Thank you Howard for the quick reply. Just completed all of your steps.
I could not delete c:\Windows.1\system32\shdocvw.dll.. so i renamed it
badshdocvw.bad
However I received an error message upon reboot stating the above file could not be located and Explorer would not run.
The computer must still think it is booting to the Windows.1 folder. I just have a blank screen. I AM able to launch the task manager but nothing else.
what next?
I could not delete c:\Windows.1\system32\shdocvw.dll.. so i renamed it
badshdocvw.bad
However I received an error message upon reboot stating the above file could not be located and Explorer would not run.
The computer must still think it is booting to the Windows.1 folder. I just have a blank screen. I AM able to launch the task manager but nothing else.
what next?
howard_hopkinso
Posts: 21,238 +17
Yikes,,. I'm troubleshooting this remotely. And not sure whether the person on the other end even has the Windows CD.
Any way around the CD.? I noticed the missing file I referred to IS in the Windows folder.. just not in the Windows.1 folder.
What exactly would this mean? Can I get the system to boot to the correct folder?
Jeff
Any way around the CD.? I noticed the missing file I referred to IS in the Windows folder.. just not in the Windows.1 folder.
What exactly would this mean? Can I get the system to boot to the correct folder?
Jeff
- Status
Similar threads
Latest posts
-
The Best Phones: Top Picks for Every Price Range- UncleMikeRetro replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- godrilla replied
