HiJackthis log
#1
Posted 01 June 2006 - 04:01 PM
Register to Remove
#2
Posted 06 June 2006 - 01:53 PM
HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder. Please do so, before proceeding.
Close all Windows and browsers, leaving only HijackThis running.
Place a check against each of the following.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
Then, click on FIX CHECKED
Then, please run Hijack This again. Scan and copy the log and post it into this topic.
Please advise if any problems remain.
Please use the button to reply.
Want to help others? Join the ClassRoom and learn how.
#3
Posted 06 June 2006 - 03:11 PM
#4
Posted 06 June 2006 - 03:25 PM
#5
Posted 06 June 2006 - 04:27 PM
HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.
Looks like these were missed, or came back. Lets see if they are gone in a new log.
Close all Windows and browsers, leaving only HijackThis running.
Place a check against each of the following.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Then, click on FIX CHECKED
Then, please run Hijack This again. Scan and copy the log and post it into this topic.
Please advise if any problems remain.
Please use the button to reply.
Want to help others? Join the ClassRoom and learn how.
#6
Posted 06 June 2006 - 04:54 PM
#7
Posted 06 June 2006 - 06:11 PM
Want to help others? Join the ClassRoom and learn how.
#8
Posted 07 June 2006 - 06:50 AM
#9
Posted 07 June 2006 - 11:11 AM
It appears you are using many more than one full time Anti-Virus program.
There can be conflicts and other problems running more than one at a time on your PC. I would advise to uninstall all but one of these onboard AV programs, in Control Panel>Add/Remove Programs. (Avast4,AVG7,F-Prot, Kasperskys and Nortons Symantec.) That is a lot(5) of Anti-Virus Programs.
Having only one onboard Anti-Virus Program is sufficient.
Please do the above, before proceeding.
I will be offering a few free protection programs that will be safe to run along with any AV you choose to keep, and will not produce any problems, by using them all at the same time.
Why we are having such difficulty removing these two entries with Hijack This, I cannot say. Be sure you close all windows and your Internet Explorer browser, before running Hijack This and keep them closed until finished.
They should be no problem at all to remove.
Close all Windows and browsers, leaving only HijackThis running.
Place a check against each of the following.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Then, click on FIX CHECKED
Then, please run Hijack This again. Scan and copy the log and post it into this topic.
Please advise if any problems remain.
Please use the button to reply.
Want to help others? Join the ClassRoom and learn how.
#10
Posted 07 June 2006 - 05:10 PM
Register to Remove
#11
Posted 07 June 2006 - 05:53 PM
I had forgotten that SpySweeper could prevent HJT removals. This may be what is preventing those two entries from being removed.
We need to temporarily disable SpySweeper, as it will attempt to prevent us from making the necessary changes.
To disable SpySweeper:
Open it and click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".
Reverse the process when we have finished.
Looks like there may still be 3 Anti-Virus programs running. AVG, Kasperskys and Norton/Symantec. I would try Uninstalling both AVG and Kasperskys in Control Panel>Add/Remove Programs.
You may need to use ctl/alt/del, to go into Task Manager and stop them running, before they will Uninstall. Hilight each of those that are found in Task Manager and then click on END PROCESS. Exit Task Manager.
Then Uninstall them in Add/Remove Programs.
Next:
Close all Windows and browsers, leaving only HijackThis running.
Place a check against each of the following.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Then, click on FIX CHECKED
Then, please run Hijack This again. Scan and copy the log and post it into this topic.
Please advise if any problems remain.
Please use the button to reply.
Want to help others? Join the ClassRoom and learn how.
#12
Posted 08 June 2006 - 12:26 PM
Edited by brown1950, 08 June 2006 - 12:27 PM.
#13
Posted 08 June 2006 - 01:55 PM
Well, that should get me 50 lashes with a wet noodle. Looks like SpySweeper was preventing the removals with Hijack This. Sorry about that.
That does not solve the problem with too many Anti-Virus Programs.
Kasperskys may require some additional effort.
First, Boot into Safe Mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
Go to Start > Run and type in Services.msc then click OK
Click the Extended tab.
Scroll down until you find the service. Kaspersky Internet Security 6.0 (AVP)
Click once on the service to highlight it.
Click Stop
Right-Click on the service. Kaspersky Internet Security 6.0 (AVP)
Click on 'Properties'
Select the 'General' tab
Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
From the drop-down menu, click on 'Disabled'
Click the 'Apply' tab, then click 'OK'
While remaining in SAFE MODE.
Next:
Are you able to find those AV Programs by using ctl/alt/del and going into Task Manager ? If so, hilight them, one at a time and click on END PROCESS. Then go to the next and do the same.
Then, exit Task Manager.
They will be,
Avast4
AVG7
Kaspersky Internet Security 6.0
Then go to Control Panel>Add/Remove Programs and Uninstall/Remove them.
Then, reboot into Normal Mode.
Please run Hijack This. Scan and copy the log and post it in this topic.
Please let me know of any problems you are having with the Uninstall\Removal of those AV Programs.
Please use the button to reply.
Want to help others? Join the ClassRoom and learn how.
#14
Posted 08 June 2006 - 03:48 PM
#15
Posted 08 June 2006 - 06:26 PM
Well, it now looks like all your Anti-Virus Programs have been removed.
You do need one AV and one firewall.
Below you will find a link to Zone Alarm, which has a good free firewall for personal use, another for kerio and a link to sygate. Note that it is not recommended to run two firewalls simultaneously, not even along with the new Microsoft firewall.
http://www.zonelabs....sku_list_za.jsp
http://www.kerio.com/us/kpf_home.html
http://smb.sygate.co...cts/spf_pro.htm
Here is a link for a free AVG ANTI-VIRUS:
http://free.grisoft....1/lng/us/tpl/v5
With that done, your Hijack This log looks to be clean.
If there are no continuing issues, I recommend the following.
One of the best features of Windows XP is the System Restore option, however if Malware infects a computer with this operating system the Malware can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after a virus removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
- Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
- Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
Download the new Ad-Aware SE version, and follow the instructions on how to do a full scan: http://forums.spywar...showtopic=11150
-reboot after using Ad-Aware SE. Also while there get the VX2 plugin and follow the instructions to run it also.
- How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
- MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
- Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
http://castlecops.co...tlite7736-.html
So how did I get infected in the first place?
Safe surfing.
Want to help others? Join the ClassRoom and learn how.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users