Consumer Products > Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier)
HijackThis Log: Please help diagnose
oldman:
Progress. We'll thin some of this out and see what's left.
Go to add/remove programs and uninstall, this program if present
webHancer
EbatesMoeMoneyMaker
Open HJT, run a system scan only, check mark these lines if present
R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:\PROGRA~1\INCRED~1\BHO\BHO.dll (file missing)
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll (file missing)
O2 - BHO: (no name) - {39AF31DD-EAFC-45EA-A56C-385B52E25CC0} - (no file)
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - "C:\WINDOWS\System32\smiehlp.dll (file missing)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU
Close all other browsers/windows, click fix, close HJT.
Tell me about these. They are desktop components. They might be images/pictures.
--- Code: ---O24 - Desktop Component 0: (no name) - http://online.comcast.net/images/headerBkg.gif
O24 - Desktop Component 1: (no name) - http://a.sc.msn.com/3H/]4B2,]W{U[5UV-93_}+P3K.gif
O24 - Desktop Component 2: (no name) - http://www.comcast.net/images/headerBkgHome.jpg
O24 - Desktop Component 3: (no name) - http://ar.atwola.com/content/B0/0/H7pTL2Luf0_kw3xmlj8W1sns8a9RRNke8_SAqLzKBa609jmULHVa8jgFKtiL69KXipvyB0VioSQms4jAsPUrDsHr6P51JmcDxLm10XfuR4M$/aol
O24 - Desktop Component 4: (no name) - http://www.scottrade.com/images/swap/personhome10.jpg
O24 - Desktop Component 5: (no name) - http://ar.atwola.com/content/B0/0/H7pTL2Luf0_kw3xmlj8W1sns8a9RRNke8_SAqLzKBa609jmULHVa8jgFKtiL69KXw9Izqq7cD1MUykrTGpaSaHInWABV0uDCe6UbwKw5ZHU$/aol
--- End code ---
Please go to the Logitech web site and download and install the newest version of their Desktop Messenger client. Yours is several years old and the newer one does not corrupt the registry as the one currently used is doing. That will clean up the 018 lines.
http://www.logitech.com/index.cfm/494/3041&cl=us,en?osid=1&file=
It can probably be unistalled as it is a update notification. The info on what it does in on the page along with the download link.
Then in normal windows
Open the extracted SDFix folder and double click RunThis.bat to start the script again.
Type A to create a System Report.
Please be patient as this scan may take some time
When the scan is done a notepad will open with the report.
Attach SystemReport.txt to your next reply. You can find the report at this location: C:\SDFix\SystemReport.txt along with a new HJT log.
Thanks
bobbydee:
Removed webHancer
Unable to remove EbatesMoe Money Maker
Jumping ahead (did not do HJT system scan- waiting first for your answer about Ebates)
024 0 Comcast Header - No Text (no longer use Comcast as a provider)
024 1 Denied Directory listing
024 2 Comcast Header - No Text
024 3 CNN Money Header - No Text
024 4 Scottrade Header - 404 Error Page Not Found
024 5 CNN Newsnight - Header
I guess I could also use the word Banner instead of Header
oldman:
Leave Moemoney for now, just fix the other lines and any of the 024 you don't what. Then continue on. I'll look for a method of removing Moemoney.
bobbydee:
System Report
oldman:
We'll try to get rid of moe money in safe mode.
* Please download
OTMoveIt2 by OldTimer.
Save it to your desktop. Again do not run it yet, we'll use it later.
* Open HJT, run a system scan only, check mark these lines if present
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://if.searchcentrix.com/sidecat.jsp?p=98567&appid=21&id=15013268572106
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] wjview /cp:p "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O9 - Extra button: Ebates - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
Close all other browsers/windows, click fix, close HJT.
* Boot into safe mode, go to add/remove programs and uninstall the following
My Search Bar
Search Assistant - My Search
Ebates Moe Money Maker
* Boot back into normal windows.
* Please double-click OTMoveIt2.exe to run it.
Please note the location of the boxes where the copy/paste is to be done
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\Program Files\PurityScan
C:\Program Files\NewDotNet
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
purity
Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found here
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
* Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
[*]Please, never rename Combofix unless instructed.
[*]Close any open browsers.
[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
[*]Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.[/color]
-----------------------------------------------------------[/list]
[*]Close any open browsers.
[*]WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
[*]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[*]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
[/list]
-----------------------------------------------------------[*]Double click on combofix.exe & follow the prompts.
[*]When finished, it will produce a report for you.
[*]Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
[/list]
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
I will require:
OTMOVEIT2 results
combofix log
HJT log
Thanks
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version