Results of 8 Steps

By seanpaulz · 6 replies
Apr 13, 2009
  1. Any input would be great.



    Attached Files:

  2. jesse14

    jesse14 TS Rookie

    im no pro but im bored and ive had a vudo thing before i used kaspersky in safe mode and di a deep scan then i used cc cleaner to remove stuff i think once the deep scanned finished my pc worked fine again for a little while but then i had to reinstall windows because it came back.

    and if im right root kit is a lot of virus and Trojans and stuff all working together and very hard to remove but don't take my word im no pro
  3. touch

    touch TS Rookie Posts: 978

    Hello Sean

    You should remove one of your antivirus programs - Avast or Norton/Symantec from add/remove programs in controlpanel.

    Download HostsExpert:

    Choose one of the servers at the file on your desktop

    Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
    Run HostsXpert 4.2 - Hosts File Manager from its new home
    Click on "File Handling".
    Click on "Restore MS Hosts File".
    Click OK on the Confirmation box.
    Click on "Make Read Only?"
    Click the X to exit the program.

    Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Reboot, attach new new hijackthis log, and tell how your computer are behaving
  4. seanpaulz

    seanpaulz TS Rookie Topic Starter Posts: 18

    Thanks for the help Touch.

    I preformed the instructions you have provided and posted the log.

  5. touch

    touch TS Rookie Posts: 978


    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =*
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =*
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -

    The following are not spyware/malware, but I suggest you place a check mark next to the following entries and hit 'Fix checked', as these programs may be taking up system resources.

    O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
    (Description: RealPlayer scheduler. Completely unnecessary. Removing this entry will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    (Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
    (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

    Reboot, post fresh hijackthis log and tell how things are running ?
  6. seanpaulz

    seanpaulz TS Rookie Topic Starter Posts: 18

    Ok, I checked and fixed all of the files that you suggested.

    Attached is the new log.

    A quick note, everything seems to be running fine now. The only thing that still worries me is when I log in to safe mode, there are two log in options; Admin and my profile. The Admin is password protected and I cant get in to it.

    When I log in normally, only my profile exists and it shows that I am the Admin.

    Any advice on that?

    Thank again!
  7. touch

    touch TS Rookie Posts: 978

    Possibly. It´s normal in safe mode, there are an admin account, and even it´s password protected, you should be able to open it, if you hit Enter, when it ask for a password.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...