Tech Support Forum - View Single Post

greyknight17 · 04-15-2005, 01:46 PM

You have an outdated version of HijackThis. Download the newest version at http://www.greyknight17.com/spy/HijackThis.exe and run it.

Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3....rchPageHome.htm
O4 - HKLM\..\Run: [xyhdbgk] c:\windows\system32\xyhdbgk.exe -start
O4 - HKCU\..\Run: [ihoaffa] c:\windows\lpvgpre.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

c:\windows\system32\xyhdbgk.exe
c:\windows\lpvgpre.exe
EGDACCESS_1058.dll

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

04-15-2005, 01:46 PM	#5 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	You have an outdated version of HijackThis. Download the newest version at http://www.greyknight17.com/spy/HijackThis.exe and run it. Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version. 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Get HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless. Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below. Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.hotbar.com/dyn/hotbar/3....rchPageHome.htm O4 - HKLM\..\Run: [xyhdbgk] c:\windows\system32\xyhdbgk.exe -start O4 - HKCU\..\Run: [ihoaffa] c:\windows\lpvgpre.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist: c:\windows\system32\xyhdbgk.exe c:\windows\lpvgpre.exe EGDACCESS_1058.dll Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools