Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Can someone tell me what I should do now as I had my HJT File auto analyzed. But what do I do now that I have the results?
http://hijackthis.de/logfiles/b6c0ef5de1321a22cc63b59965649b70.html
mh2005,To start with Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into Safe Mode and run Ewido
When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.Don't run it yet
Then download and run ccleaner to clean out all your temp files. Make sure there is not anything in the recycle bin that you need as ccleaner will delete recycle bin items unless checked not to do so.Don't run it yet
download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor.Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Now run ewido and afterward run ccleaner
Then while still in safe mode navigate to and delete this file if found:
C:\WINDOWS\Nail.exe
If you need to post your Hijack This log in this thread.
0 
Hey Jabuck. Thanks man. I used the info you gave to Mike. It really helped out. Thanks. Here is my HJT file after running ewido, HJT and CSTshredder.
Logfile of HijackThis v1.99.1
Scan saved at 12:01:07 AM, on 13/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HJT - HiJack This\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-ca\msnappau.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.exe
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://mlslink.mlxchange.com/Control/WebDog.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
0
Looks a lot better.Run Ht again,close all windows and browsers, then place a check to the left of these items then press"fix checked".
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) -http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) -http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://mlslink.mlxchange.com/Control/WebDog.cab
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe
You should be clean
0
thanks, I will do that.
Do you know anything about ISTBar? I have gone through my regedit and there are a few files which won't delete. It keeps saying error while deleting.
{HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar\historyfiles
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar\historystring
0
Yes,I didn't see it in your HT log.If you have it unchecked in msconfig it would not show up in the HT log or it could be partly removed. Try running the removal tool at this link http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html
0
I ran the symantec program and it said ISTBar is not found on this computer?
This is strange because Ewido keeps finding it and I keep deleting it.
Any other hints. Another forum suggested using etrust Pest Patrol or Spy Hunter as I cannot find Spyware Doctor 3.2.1. SD 3.2.2. only scans and will not delete malicious programs.
Any suggestions for a good firewall?
Thanks for your help.
mh
0
Post the Ewido log.Run ewido when the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later. Then post in the text editor that you use to type you post.
0
will post it as soon as the scan is done.
thanks
currently in safe mode on my pc. using my laptop to send this message
0
You don't have an antivirus running per your HT scan.Free antivirus at this link http://free.grisoft.com/doc/1
Make sure the firewall is on. Go to start>control panel>security center to check.
0
here is the report. it says error during cleaning.
ewido security suite - Scan report
+ Created on: 2:10:17 PM, 13/11/2005
+ Report-Checksum: 353DED9A+ Scan result:
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
:mozilla.17:C:\Documents and Settings\zeb\Application Data\Mozilla\Firefox\Profiles\82r8ohav.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.18:C:\Documents and Settings\zeb\Application Data\Mozilla\Firefox\Profiles\82r8ohav.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
::Report End
0
currently my pc is in safe mode so should I reboot into safe mode with networking and then d/l the antivirus and firewall progs?
or should i wait until I can solve the ISTBar problem first?
0
Try this on istbar from safe mode.Press ctrl,alt,delete to bring up task manager. Scroll down the list and if you see ist,istbar or istsvc press end task. Then navigate to C:\Progran Files\ist(everwhat the last of it is)right click on it>delete.
0
Jabcuk. Nothing in the processes page related to IstBar.
I only have explorer.exe; svchost.exe, lsass.exe; services.exe;winlogon.exe;csrss.exe;smss.exe
I downloaded avg but it won't install. I think I will have to boot in normal mode becuase I have to remove sygate and then install avg.
what do you think?
0
No IST files in sight
sygate doesn't work on my pc..it won't let me uninstall it cause it says that the windows installer may not be functioning correctly (and I was not in safe mode so that is taken out of the question)
Also it doesn't open on my pc. I think its corrupted.These two errors came up when I tried to install AVG on my PC
1. Initialization: Windows Firewall Activity checking failed. Access Denied. (5)
2. Installation: Error: Action failed for file avgupsvc.exe: starting service...this service cannot be started in Safe Mode (1084)Grrr...this has taken all day...thanks for you help
When I boot in on normal mode AVG doesn't even show up on my desktop which is strange.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
