Thread: iso help w/ this log from hijackthis v1.99.1
View Single Post
Old 05-07-2007, 08:54 PM   #5 (permalink)
Sempurna
Analyst, Security Team
 
Sempurna's Avatar
 
Join Date: Sep 2006
Posts: 1,302
OS: Windows XP SP2


Re: iso help w/ this log from hijackthis v1.99.1
HI NihLathak,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, here’s what we do first.

Spyware Doctor's OnGuard protective functionality may interfere with certain fixes we need to make. Please follow these instructions to disable it.

To deactivate Spyware Doctor's OnGuard Tools:
  • From within Spyware Doctor, click the "OnGuard" button on the left side.
  • Uncheck "Activate OnGuard".


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O15 - Trusted Zone: http://*.trymedia.com (HKLM)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

Please download CCleaner (freeware) and save it to your desktop:
  1. Run the CCleaner installer.
  2. During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  3. Once installed, run CCleaner and click the Windows tab.
  4. Select the following:
    • Check everything under the Internet Explorer section.
    • Check everything under the Windows Explorer section.
    • Check everything under the System section.
    • Check ONLY Old Prefetch data under the Advanced section.
  5. Then, click the Applications tab:
    • UNCHECK everything there.
  6. Next, click the Options button, then click the Advanced button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  7. Next, click the Cleaner button, then click the Run Cleaner button (bottom right), then Exit.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:

Please do an online scan with Panda ActiveScan:
  1. Once you are on the Panda site click the "Scan your PC" button located at the bottom of the page.
  2. A new window will open... click the "Check Now" button.
  3. Enter your Country.
  4. Enter your State/Province.
  5. Enter your e-mail address.
  6. Select either Home User or Company.
  7. Click the big "Free Online Scan" button.
  8. If it wants to install an ActiveX component allow it.
  9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes).
  10. When the download is complete, click on "Local Disks" to start the scan.
  11. When the scan completes, if anything malicious is detected, click the "See Report" button; then "Save Report" and save it to a convenient location. Post the contents of the Panda scan report in your next reply.


NEXT:

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  1. Click on Kaspersky Online Scanner.
  2. You will be prompted to install an ActiveX component from Kaspersky, click Yes.
  3. The program will launch and then begin downloading the latest definition files.
  4. Once the files have been downloaded click on Next.
  5. Now click on Scan Settings.
  6. In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  7. Click OK.
  8. Now under select a target to scan:
    • Select My Computer.
  9. This program will start and scan your system.
  10. The scan will take a while so be patient and let it run.
  11. Once the scan is complete it will display if your system has been infected.
    • Now click on the Save Report As button.
    • In the File name: field, type kavscan.
    • In the Save as type: field, select Text file (*.txt).
  12. Save the file to your desktop.
  13. Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The log from the ComboFix scan.
  2. The log from the Panda scan.
  3. The log from the Kaspersky scan.
  4. A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
__________________

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
Sempurna is offline