Need Major Help With Hijack This Log :(

By litlemiss ยท 4 replies
Feb 4, 2005
  1. Here is my hijack log i was gone for a week and come home to my computer slammed with popups spyware ect Any one help me.i have attached the file..Thanks all for taking the time reading this again hijack posted below... :hotbounce

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions very carefully.

    I suggest that you print them out.

    Regards Howard :wave: :wave:
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First of all, go stand in the corner, with your face to the wall!
    Shame on you for not having any anti-virus software installed!
    Go to and get the free AVG7. Install it, update it, then run a FULL scan. You'll be surprised!

    Your Hijackthis is outdated (see also my post that Howard mentioned).

    You should at least install XP/SP1 (Service Pack 1).
    If you want to go for SP2, you don't need to install SP1 first.
    Make a proper backup, and take a System restore point before you install SP1 or SP2.

    Do your homework first, using the link that Howard advised, then post a fresh log from the new HJT (after an AntiVirus installation, do NOT get anything Norton/Symantec).
  4. litlemiss

    litlemiss TS Rookie Topic Starter

    here is new hjt log
  5. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Quick work!

    Boot in Safe Mode
    Switch off System Restore

    Press ctrl/alt/del and in Taskmanager try to STOP these processes:

    Next, run Hijackthis STANDALONE and let it 'fix' (if still there):

    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
    O2 - BHO: (no name) - {F699BDDF-79E1-9C92-0589-185405AFF04E} - (no file)
    O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
    O4 - HKLM\..\Run: [fqsmel] c:\windows\system32\fqsmel.exe
    O4 - HKLM\..\Run: [HPNT] C:\Program Files\hpdll\hpdll.exe
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\System32\wsxsvc\wsxsvc.exe
    O4 - HKLM\..\Run: [d3hf.exe] C:\WINDOWS\system32\d3hf.exe
    O4 - HKLM\..\Run: [s77O36V] iyuecab.exe
    O4 - HKCU\..\Run: [Potb] C:\Documents and Settings\Nora\Application Data\llli.exe
    O4 - HKCU\..\Run: [dwoERWZ4g] itspsspc.exe
    O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O15 - Trusted Zone: *
    O15 - Trusted Zone: * (HKLM)
    O15 - Trusted IP range:
    O15 - Trusted IP range: (HKLM)
    O15 --->>> You do NOT trust ANYbody EVER <<<---
    O16 - DPF: Aces Up! by pogo -
    O16 - DPF: Backgammon by pogo -
    O16 - DPF: Canasta by pogo -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Delete all files/directories from: C:\Documents and Settings\Nora\Local Settings\Temp
    Delete your temp. internet files and cookies.

    Run Spybot S&D again and let it 'immunise' your PC, takes only a few seconds.

    In future, switch off your PC when you go away for a day or longer.

    Now think about your XP SP1 or SP2. SP1 is a MUST.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...