hey y'all, i'm trying to help fix my friends pc, it been acting up on the internet and i was trying to clean it up for him, it's currently not hooked up to the internet, but i've ran adaware and spybot S&D, here's the hijack log, thanks:
Logfile of HijackThis v1.99.1
Scan saved at 12:47:38 PM, on 6/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Download and install both programs and run both of them in safe mode explained below. Thanks.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Please download, install, and update the NEW free version of Ewido trojan scanner:
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Post the log Ewido makes back here please and a new hijackthis log. Thanks.
Please download WebRoot SpySweeper from HERE (It's a 14-day trial):
* Click Download Now to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following: o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply along with a fresh HJT log.
__________________ Stalking and killing Spyware
Have we helped you? Please consider a donation to help keep D-A-L free.Click on donate below
ok, i have downloaded both programs and installed them, but i am not able to update the ewido trojan scanner, it just says connecting to update and stays @ 0%.
as for the webroot spysweeper, it will not let me open the application, it keeps saying an error ocurred in the application
Go to start >run and type: services.msc and click OK
Scroll down in that list and look if the following services are present:
Network Security Service (NSS)
Remote Procedure Call (RPC) Helper
Workstation NetLogon Service---this one is there for sure
Please make sure it is exactly the same written as above, because there are also legit services that look very much the same as the ones above, so please choose the right one!! For example, there's also a legit service called Remote Procedure Call (RPC), without the word Helper in it. That is a good one, so please don't select that one.
Doubleclick on the service(s). In the window that will appear, click on "Stop" (if not greyed out) and change the Startup Type to disabled.
Click apply and OK and close all open windows.
Do that for each one of them if present
Then..
Run HijackThis -> config -> misc tools -> delete an NT service
In the box, type or copy/paste : Workstation NetLogon Service
then ok.
Do the same for the others if there.
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
run hijackthis and click on scan button and put checks next to these.
Ok, i did run: service.msc and only found the Workstation NetLogon Service, it is now stopped and disabled, but when i run hijack this and delete NT service for Workstation NetLogon Service it says it's not found in the registry....do you want me to continue on with the following steps with hijack this...
ok ewido scan completed and new hijack this log, unable to update ewido and spy sweeper still will not run application:
Logfile of HijackThis v1.99.1
Scan saved at 5:59:58 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
Also re-run Ewido after the above and post the log
Then...
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
__________________ Stalking and killing Spyware
Have we helped you? Please consider a donation to help keep D-A-L free.Click on donate below
Logfile of HijackThis v1.99.1
Scan saved at 10:07:46 AM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
+ Created on: 3:31:10 PM, 6/12/2006
+ Report-Checksum: 9FDE7E2B
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00000001-C003-4A2F-9142-7CB1D78DE6C1} -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD44536-9DF0-4034-939F-5BD4D98E3187} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Eupie Namocatcat\Cookies\eupie namocatcat@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{44CBE810-B63E-4057-8931-E31E6CD4E890}\RP574\A0174944.exe -> Downloader.Apropo.al : Cleaned with backup
::Report End
Save List:
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
AOL Instant Messenger
BroadJump Client Foundation
Canon S300
Conexant SmartHSFi V92 56K DF PCI Modem
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Documents To Go
Easy CD Creator 5 Basic
ewido anti-malware
Handmark® Magic Dogs(TM) for Palm OS
Handmark® PDA Money for Palm OS
HijackThis 1.99.1
Intel A/V Codecs V2.0
Intel(R) Extreme Graphics Driver
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 1
Kinoma Producer for Palm, Inc.
KODAK EASYSHARE Gallery Upload ActiveX Control
Learn2 Player (Uninstall Only)
LimeWire 4.9.30
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
MAGIX Pictures to CD & DVD
MAGIX playR jukebox
Microsoft Office XP Professional with FrontPage
Norton SystemWorks 2003
Norton WMI Update
Paint Shop Pro 7
Palm Desktop
Personal Money Tree
powerOne Personal v2.1.1 for Handhelds
QuickTime
RealOne Player
Recipe Rewards Toolbar
Remove about:blank Buddy 4.71
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
SoundMAX
Spy Sweeper
Spybot - Search & Destroy 1.4
SureThing CD Labeler - First Edition
TContext
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
