Author Topic: HijackThis Log: Please help diagnose  (Read 14109 times)

0 Members and 1 Guest are viewing this topic.

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #15 on: March 20, 2008, 12:12:50 AM »
Have an emergency in the family. Please bear with me and thank you for all that you have done todate.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #16 on: March 20, 2008, 12:27:55 AM »
No problem. Take care. Let me know when you are back.
« Last Edit: March 20, 2008, 12:32:00 AM by oldman »

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #17 on: March 21, 2008, 05:38:34 PM »
The result of the Virustotal was 0/32 (0%). 
The body of the site listed 32 Antivirus Programs.
Requested logs attached.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #18 on: March 21, 2008, 07:27:37 PM »
Hi. We'll clean up the tools you used so far and run this scan tool, Malwarebytes' Anti-Malware. I also included removal instructions for Viewpointand a link with a little info about it. It's not spyware or adware but foistware. That is, it will install without you knowing it. Your choice.

I'm still interested in that file, so as soon as we are online at the same time, I'll get my address to you.

* Click start button, run, then copy and paste the following line into the box and click ok.

ComboFix /u

* Please downloadOTCleanIt

Double click OTCleanIt, click the Clean Up button.

You may get prompted by your firewall that OTCleanit/OTMoveIt wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.



* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

* Remove old restore points

- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.
 


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Viewpoint, your choice.

http://www.pchell.com/support/viewpoint.shtml

1) Right-click on the clock in your taskbar and choose Task Manager
2) Click on the Processes tab and search for VIEWMGR.EXE, if its found, click on it and then click End Task to close it
3) Click on Start, Control Panel, Add/Remove Programs
4) Uninstall any of the following programs associated with Viewpoint

Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
 
5) Close the Add/Remove Programs and Control Panel
6) Restart your computer

Warning: If you install AOL © Instant Messenger, Adobe Atmosphere plugin, or another program that requires Viewpoint, it will download and install again.

Just the Malwarebytes' log for now.

Thanks

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #19 on: March 21, 2008, 10:30:45 PM »
I had been getting a siren and virus warning about 3-4 times an hour for the past week or so. But now I have not received a warning for the past 6 1/2 hrs.
Do I still go through your last instuctions or am I home free?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #20 on: March 21, 2008, 10:53:23 PM »
Do the instructions. I like to remove the tools and old restore points first as they will be needlessly detected.

So do the clean up and system restore, then run Malwarebytes. It's always good to have a second opinion, plus you had a whole variety of infections.

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #21 on: March 22, 2008, 06:22:00 PM »
Also went into Viewpoint (your choice) and cleaned that up.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #22 on: March 22, 2008, 06:32:07 PM »
Hi bobbylee, If you are quick you can get my address. Let me know when you got it. You got 10 min.  8)

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #23 on: March 22, 2008, 06:41:54 PM »
Nothing serious found there, just a little stray adware. Let's finish the clean up. Don't forget the batch file please. Let me know how things are.

Since some reg keys where removed we'll start with system restore again. It won't take long this time.

* Uninstall Malwarebytes

* Create a new restore point

You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create

* Remove old restore points

- Go to Start - All Programs - Accessories - system tools. Launch the Disk Cleanup tool and let it run. When it finishes a box with tabs will appear, select the more options tab. On this tab you will find a section for System Restore. If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.


* Open an Internet Explorer (only) window and go to http://java.sun.com/javase/downloads/index.jsp > Scroll down to "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".

Click the download button on the right.

 > If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.

 You do not have to install the Java Web Start ActiveX Control


Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u5-windows-i586-p.exe to your desktop; do not Run it. Do not install it yet.

When the download is complete, Open Control Panel > Add/Remove Programs:

Uninstall anything that says Sun Java, Java JRE, or similar.

Close Add/Remove Programs.

In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain.

Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

Reboot your computer.

Double-click on the saved file to install the update.

Delete the downloaded installation file after completing the above procedure  and reboot if not prompted to do so.


* Clear the java cache

http://www.java.com/en/download/help/5000020300.xml

* Download and run this clean up utility. You can use it regularly. When it's first run, it is in demo mode to show you what it will remove. Review it and then rerun in real mode. It is configurable.

CleanUp by Steven Gould

http://www.stevengould.org/downloads/cleanup/


* If you are using windows firewall, please note that it doesn't provide outbound protection. A third party firewall will.

A discussion on free firewalls can be found here.

http://forum.avast.com/index.php?topic=30808.0

or

http://forum.avast.com/index.php?topic=33530.0


* Check if you have insecure applications with Secunia Software Inspector

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #24 on: March 23, 2008, 05:51:14 PM »
Hi oldman and HAPPY EASTER
I will be busy today, however, when I go into My Computer, I show
C:\Program Files\Java Soft with a subfolder JRE. Don't have JavaVM. Do I delete the sub folder and leave Java Soft?
Also, I have no spyware program installed. Thinking of getting Spy Sweeper and Zone Alarm Firewall (Free version) and uninstall Windows Firewall} Choices OK? My question is  -Do I download these programs now or wait until we are finished? Have a great day.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #25 on: March 23, 2008, 06:44:29 PM »
Happy Easter to you too. Just remove the subfolder. I believe Java Soft was the original name for the java folder.

I don't know much about spysweeper, but if you do decide to use it, make sure you use the version without the antivirus or a conflict will occur. You should also get a non resident antispyware program. This is probably the best one at the moment. Get the free version.

These are the settings I use and a link

Download  superantispyware

First update SAS Then boot into safe mode and set SAS up like this.

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked
- CHECK ALL BOXES


Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quarentine everything found.

Give ZA a try, lots use it and seem to like it. It isn't very configurable though. You don't have to uninstall windows firewall, just turn it off.

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #26 on: March 24, 2008, 07:35:56 PM »
Can't find "Java Runtime Environment" (JRE) 6 update 5 in
http://java.sun.com/javase/downloads/index.jsp
Were you saying to use superantispyware with another anti spyware program or as a stand alone?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82063
  • No support PMs thanks
Re: HijackThis Log: Please help diagnose
« Reply #27 on: March 24, 2008, 07:47:58 PM »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #28 on: March 25, 2008, 01:13:57 AM »
re java download, it's the 4th one in the list. The link DavidR gave you will do the trick also.  8)

Use 2 antispyware programs. One resident(real time scanning) and one on demand. I suggest SAS as the on demand because the free version isn't resident, but it is a very good scanner.

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #29 on: March 25, 2008, 08:18:34 PM »
Yes, I can readily see that the Java download is 4th on the list, however when I first clicked java,sun.com.... link earlier, for some reason or another, it took me to a different Java page and that is why I said that I couldn't find the download. Well anyway, I got through your instructions as best as I could.
On the steven gould link, it shows an index of download/ cleaning, parent directory with a list of clean-up files. How do I use this site?
The Secunia is a neat site that revealed some issues that I have to address.