Author Topic: HijackThis Log: Please help diagnose  (Read 14091 times)

0 Members and 1 Guest are viewing this topic.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #30 on: March 26, 2008, 12:53:55 AM »
452 is the newest, 451 comes in either zipped or unzipped. They both do the same.

I PMed you my address, if you could mail me that file I had you make, I'll have a look and see what it's all about.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #31 on: March 28, 2008, 07:50:18 AM »
Hi bobbydee

Everything going ok?

You have a couple of files to delete.

C:\system.bat
C:\info.exe


Then empty your recycle bin.

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #32 on: March 28, 2008, 06:53:22 PM »
System Report Txt

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #33 on: March 29, 2008, 07:12:50 AM »
Hi, thanks that's an old one. thanks for continuing this in the forum. Others may benifit from what we find. I just didnt want the contents of system.bat post in case they where really malicious.

you can delete get.bat, the look.txt it created on your desktop and any logs, other notepads that where created during the cleaning of your computer. I forgot to mention that earlier.

We'll use a tool to get those files.

Please download
 OTMoveIt2 by OldTimer.


Save it to your desktop.

Please double-click OTMoveIt2.exe to run it.


Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


C:\system.bat
C:\info.exe



Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.



Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found here
 C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")






Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #34 on: March 29, 2008, 06:29:00 PM »
C:\system.bat moved successfully.
C:\info.exe moved successfully.

BTW Spybot is constantly giving me a message that reads:
Category: Sessions Manager
Change: Value Changed
 
Entry: Boot Execute

Old data: autocheck autochk *\aswBoot.exe\A:"*"/L:
New data: autocheck autochk \*

Allow change                             Deny change

Anyone know anything about this?


Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 82057
  • No support PMs thanks
Re: HijackThis Log: Please help diagnose
« Reply #35 on: March 29, 2008, 06:40:48 PM »
If you schedule a boot-time scan (or after you install avast) then aswboot.exe should run, after the first run then that value I assume would change so that it doesn't run on every boot but only once after you select it ?

However I have never seen this stuff about session manager from spybot S&D when I used it but I also didn't run the resident element of it when I did have it.

WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.541) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #36 on: March 29, 2008, 06:52:36 PM »
Good the files are gone.

Open OTMOVEIT2 then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet -  allow this.  A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself

Spybot. Like DavidR, I never used the resident. I wonder if it is monitoring the registy and is seeing the bootscan setting being changed?

Offline bobbydee

  • Jr. Member
  • **
  • Posts: 25
Re: HijackThis Log: Please help diagnose
« Reply #37 on: March 31, 2008, 02:48:22 PM »
Thanks oldman for all your help and patience in resolving my problems. It's nice to know that there are people like you, and others, who are so willing to help those of us who are far less computer savvy. Take care.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4143
  • Some days..... MOS...this bug's for you
Re: HijackThis Log: Please help diagnose
« Reply #38 on: April 01, 2008, 07:48:33 AM »
You're welcome bobbydee, we all learn as we go.