Hijackthis Problems

Re: Hijackthis Problems20th March 2010, 4:33 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

V-Tool by DragonMaster Jay

Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3838.1677 [GMT -4:00]

Username: Broadcast - Date: 03/20/2010 - Time: 12:29:14 - Number of processors: 2 - Arch.: AMD64 SF:

((((( Security Software information )))))

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

((((( System File Verify )))))

c:\windows\system32\eventlog.dll is missing! (If XP or lower)
c:\windows\system32\drivers\beep.sys is missing!

((((( System File Enumeration )))))

Volume in drive C is Partition_1
Volume Serial Number is 3CBD-EA70

Directory of C:\WINDOWS\System32

scecli.dll netlogon.dll cngaudit.dll
3 File(s) 967,680 bytes

Directory of C:\WINDOWS\System32\drivers

atapi.sys
1 File(s) 20,952 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_1d87dda2

atapi.sys
1 File(s) 22,584 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b6d20d6f

atapi.sys
1 File(s) 20,952 bytes

Directory of C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_f8cccc79

atapi.sys
1 File(s) 20,072 bytes

Directory of C:\WINDOWS\SysWOW64

scecli.dll netlogon.dll cngaudit.dll
3 File(s) 781,824 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c

cngaudit.dll
1 File(s) 14,848 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048

scecli.dll
1 File(s) 235,520 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94

scecli.dll
1 File(s) 235,520 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d

netlogon.dll
1 File(s) 716,800 bytes

Directory of C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9

netlogon.dll
1 File(s) 717,312 bytes

Directory of C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2

atapi.sys
1 File(s) 22,584 bytes

Directory of C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e

atapi.sys
1 File(s) 20,952 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243

scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f

scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88

netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4

netlogon.dll
1 File(s) 592,896 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

cngaudit.dll
1 File(s) 11,776 bytes

Total Files Listed:
22 File(s) 5,348,960 bytes
0 Dir(s) 283,042,242,560 bytes free

-----------------------------

+++ End-of-file +++

Re: Hijackthis Problems20th March 2010, 6:01 pm

Sorry. Please re-run the Stealth MBR Rootkit Detector, but to do it, please right-click on it and click Run as Administrator.

Re: Hijackthis Problems21st March 2010, 12:14 am

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

Re: Hijackthis Problems21st March 2010, 3:29 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Re: Hijackthis Problems21st March 2010, 8:30 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3894
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/21/2010 4:29:59 PM
mbam-log-2010-03-21 (16-29-59).txt

Scan type: Quick Scan
Objects scanned: 121729
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Hijackthis Problems21st March 2010, 8:36 pm

I know that my problem in this post was with my hijackthis, but I was noticing that I saw less and less popups and was getting better functionality as we went through this process. Is my actual virus being removed as well?

I had another post called Vista Defender and it had the log from hijackthis in there, but no one responded to it and I could not bump it because it was locked. Now it's in the Trash Incinerator. I had a post about that too, but nothing happened. lol What should I do?

Re: Hijackthis Problems22nd March 2010, 2:14 am

Wait till you get this computer fixed, then re-run HijackThis on that computer again and post a new topic.

Most of the infection is removed by now.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Re: Hijackthis Problems22nd March 2010, 5:11 am

I think I made a mistake! Shocking Whoa

When I double-clicked to open OTL on my desktop, since it didn't start doing anything immediately and seemed to be waiting on me, I pasted in the custom scan information and clicked Quick Scan.
I realized that I was supposed to "Run Scan" (i.e. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.)

Should I ignore or erase what has taken place and start over at the point that I "Run Scan" ?

Re: Hijackthis Problems22nd March 2010, 5:23 am

I stopped the scan via the Task Manager. I am going to start over now and run it properly.

Re: Hijackthis Problems22nd March 2010, 5:58 am

Once again I did it wrong; plus I left out two lines in the copy/paste of info for Custom Scan.

I am now about to open OTL (with all windows/applications closed, including this one) paste the correct info in the custom scan area and hit Quick Scan. After that I will Edit/Copy, Edit/Paste the OTL.txt. and Extras notepads that will be produced as a result of this.

If any of what I just said is incorrect, please let me know. Thank you

Re: Hijackthis Problems22nd March 2010, 2:31 pm

Looks fine. Just post when it's finished.

Re: Hijackthis Problems22nd March 2010, 2:33 pm

Upon pasting the message into this post, it says that the message posted was too big. Using the Edit/Select All method, there is no way to paste it by portion. How would you like me to place it here now?

Re: Hijackthis Problems22nd March 2010, 2:36 pm

Try to upload the text file to http://www.rapidshare.com

then post the download link here, please.

There is an upload tutorial on the site, in case you are lost.

Re: Hijackthis Problems22nd March 2010, 7:09 pm

To get the download link do I send it to myself?

Nevermind, this question is no longer valid.

Last edited by Kirbie on 22nd March 2010, 7:12 pm; edited 1 time in total (Reason for editing : No longer valid)

Re: Hijackthis Problems22nd March 2010, 7:12 pm

http://rapidshare.com/files/366818959/OTL.Txt.html
MD5: ADBBAB6D14FF6AF3D88B54EA1F120D44

http://rapidshare.com/files/366818962/Extras.Txt.html
MD5: B3DED0561F012182EEC805B7FE23D35D

Re: Hijackthis Problems22nd March 2010, 9:04 pm

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):
Kiwee Toolbar

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
C:\Users\Broadcast\AppData\Local\23755159.dll

:folders
C:\Users\Broadcast\AppData\Local\QJyrk5wvCU1
C:\ProgramData\QJyrk5wvCU1

:commands
[purity]
[emptytemp]
[reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Hijackthis Problems22nd March 2010, 10:52 pm

I don't have Add/ Remove in my Control Panel so I chose "Programs" and then Programs and Features which gave me a list of programs on my pc that I could change or uninstall.

In that listing, I did not see Kiwee Toolbar but I am pretty sure it's on here because I see the window pop out of the bottom right corner and I can see the toolbar in my webpage at this very moment.

Re: Hijackthis Problems22nd March 2010, 10:55 pm

I see Kiwee Toolbar checked when I click View, then Toolbars in my web browser.

Re: Hijackthis Problems22nd March 2010, 11:48 pm

After doing the above fix, do this fix, please.

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:otl
FF - prefs.js..browser.search.selectedEngine: "Kiwee Live Search"
FF - prefs.js..extensions.enabledItems: toolbar@kiwee.com:1.0
FF - prefs.js..keyword.URL: "http://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\toolbar@kiwee.com: C:\Program Files (x86)\Kiwee Toolbar\2.9.201\firefox [2009/07/07 12:55:45 | 000,000,000 | ---D | M]
O2 - BHO: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive)
O3 - HKLM\..\Toolbar: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive)
O3 - HKCU\..\Toolbar\WebBrowser: (Kiwee Toolbar) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files (x86)\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll (AG Interactive)

:files
C:\Users\Broadcast\AppData\Roaming\Mozilla\FireFox\Profiles\07vm14rp.default\searchplugins\kiwee-live-search.xml

:commands
[emptytemp]
[reboot]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: Hijackthis Problems24th March 2010, 2:33 pm

The 1st fix that I was running said that a problem cause OTL to close and it had to stop the program. After it closed, I clicked to open it again and the notepad that popped up basically said to reboot. There were two sentences there about problems and errors I think that would fix upon reboot. So that is what I did. I'm not sure if that was the notepad that I should have pasted here or not, because the program did stop running and it did not create itself like it usually does after a scan is complete. Please advise. Upon reboot, I am still getting this window everytime about Windows Defender(is that a virus?).

Re: Hijackthis Problems24th March 2010, 5:35 pm

If OTL will not work, then please go to Control Panel > Programs and Features and uninstall Kiwee Toolbar. It is spyware/adware.

For Windows Defender error, let's do this.

Please open Notepad and enter in the following:

@echo off
echo Now doing DLL cleanup. If you do not want this, exit now...
pause
echo DLL Cleanup > dllcleanup.txt
regsvr32 /u wuapi.dll >> dllcleanup.txt
regsvr32 /u wuaueng.dll >> dllcleanup.txt
regsvr32 /u wucltui.dll >> dllcleanup.txt
regsvr32 /u wups.dll >> dllcleanup.txt
regsvr32 /u wuweb.dll >> dllcleanup.txt
regsvr32 /u atl.dll >> dllcleanup.txt
regsvr32 /u softpub.dll >> dllcleanup.txt
regsvr32 /u wintrust.dll >> dllcleanup.txt
regsvr32 /u initpki.dll >> dllcleanup.txt
regsvr32 /u mssip32.dll >> dllcleanup.txt
pause
regsvr32 /s wuapi.dll >> dllcleanup.txt
regsvr32 /s wuaueng.dll >> dllcleanup.txt
regsvr32 /s wucltui.dll >> dllcleanup.txt
regsvr32 /s wups.dll >> dllcleanup.txt
regsvr32 /s wuweb.dll >> dllcleanup.txt
regsvr32 /s atl.dll >> dllcleanup.txt
regsvr32 /s softpub.dll >> dllcleanup.txt
regsvr32 /s wintrust.dll >> dllcleanup.txt
regsvr32 /s initpki.dll >> dllcleanup.txt
regsvr32 /s mssip32.dll >> dllcleanup.txt
echo (((((( EOF )))))) >> dllcleanup.txt
start dllcleanup.txt
pause
delete dllcleanup.bat

Then, click File > Save as...
Save as dllcleanup.bat to your Desktop.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on dllcleanup.bat, and it will finish quickly and launch a log.

Please post that in your next reply.

Last edited by DragonMaster Jay on 25th March 2010, 7:07 pm; edited 1 time in total

Re: Hijackthis Problems25th March 2010, 5:45 pm

I do not have "Programs and Features" in my control panel, nor do I have "Add/Remove" Programs. So I typically go to control panel and choose "Programs".

Unfortunately, Kiwee does not show up in that list no matter how many times I view it. I went to their website using the toolbar above and found their uninstall instructions, which are basically what you told me to do, but using Add/Remove. There is a second option that they provided in event that the first doesn't work. I have pasted that below. Do you suggest I go that route?

Kiwee Toolbar : Updating / Removing the Kiwee Toolbar
How do I uninstall the Toolbar?
To uninstall the Kiwee Toolbar simply follow these steps:

1. Open the Windows Control Panel
2. Select "Add / Remove Programs" (Vista/Win 7-Programs, and then Programs and Features)
3. Select the Kiwee Toolbar from the list of installed applications
4. Click on the "Remove" button
5. Once the Kiwee Toolbar Uninstaller launches, follow the on screen prompts

If that doesn't work, here's Plan B:

1. close your Internet Explorer and Mozilla Firefox sessions and your messenger applications; hit CTRL+SHIFT+ESC to open Task Manager, highlight the kwtbaim.exe process and click "end process". Then close the task manager.
2. check your Control Panel for any Kiwee entries and delete all the ones you find
3. go to C:\Program Files and delete the AGI folder
4. go to C:\Documents and Settings\All Users\Application Data\agi (it may be located under C:\Users\(your PC name)and make sure that no folders exist for Kiwee; if one does, delete it. If you don't see an entry for Application Data, you will need to do the following go to Tools -> Folder Options-> View tab and make sure that the first 7 options under Files and Folders are checked. Then go to the Hidden Files and Folders menu and make sure that the radio button for "Show Hidden Files and Folders" is clicked and that the Hide extensions for known file types and Hide protected operating system files (Recommended) are not checked.

Once you follow these steps, you should be able to see all Application Folders.

5. go to C:\Documents and Settings\Guest\Application Data\AGI (it may be located under C:\Users\(your PC name) and make sure that no folder exists for Kiwee; if one does, delete it.

For Windows Vista and Windows 7 you need to make sure you're logged in as Admin and click continue when the system asks for permissions to proceed. Only as Admin you have rights to access and modify files and folders on drive C.

This will remove Kiwee toolbar completely from your computer. The toolbar we provide is both spyware and malware free and there is no virus associated with it, so it's perfectly safe to use on a computer that meets the minimal system requirements. We hope you'll join us again in the future.

Re: Hijackthis Problems25th March 2010, 5:50 pm

You can try it if you like.

Re: Hijackthis Problems25th March 2010, 6:05 pm

DLL Cleanup gave me these responses in this order.

Then it produced a notepad called DLL cleanup which only said : "DLL Cleanup" and another document titled dllcleanup.txtv

Re: Hijackthis Problems25th March 2010, 7:13 pm

Please download Fix Windows Update by Ramesh Kumar and save to your Desktop.

Extract it to your Desktop.
Then, double-click on the program and click the Fix Windows Update button.
Reboot your computer and see if it will work now.

Re: Hijackthis Problems25th March 2010, 9:56 pm

Did that and I went the same thing as last time, but when I clicked "ok" through all the errors that kept popping up like before, the end result was a notepad document with this:

DLL Cleanup
(((((( EOF ))))))

Re: Hijackthis Problems26th March 2010, 1:16 am

Now, test to see if it will update.

Re: Hijackthis Problems26th March 2010, 4:41 am

Excuse me if I seem a little slow, but I have gotten confused in the midst of all of my issues popping up. What exactly am I checking now?

Re: Hijackthis Problems26th March 2010, 2:32 pm

Whether Windows Defender will update or not?

Re: Hijackthis Problems26th March 2010, 3:15 pm

Same windows defender message upon start-up Sad tearing

The uninstall for Kiwee couldn't be done because that process was not found in the task manager either.

Re: Hijackthis Problems26th March 2010, 6:04 pm

Would you like to use a different anti-spyware program?

Re: Hijackthis Problems26th March 2010, 7:00 pm

I don't care at all. I didn't install anything on this computer in the beginning. Those things are typically done by my husband or step-son, however neither of them are in town, so whatever you tell me to do that is going to make this thing virus free and safe is what is going to happen. And there will be no complaints from anyone! This is my means of work and communication; even my phone is attached to my computer, so PLEASE fire away! (Gunsmoke)

If it works, let's do it.

Re: Hijackthis Problems26th March 2010, 7:03 pm

Try to download and install Ad-Aware: http://www.lavasoft.com/products/ad_aware_free.php

Re: Hijackthis Problems29th March 2010, 3:03 pm

The Ad-Aware Plus that is on their site seems like it may be good. Both the Ad-Aware Free and Plus require me to complete some form of financial offer on their site to get the software for free. Since that is the case, is the Plus a better candidate to do the financial offer for or is the regular one better for my computer?

Re: Hijackthis Problems29th March 2010, 3:21 pm

Just the free version will work well.

But, that is up to you.

Re: Hijackthis Problems30th March 2010, 4:19 am

My confusion lies in the fact that BOTH are "free", but according to the site, I must make a purchase by completing an offer first.

Re: Hijackthis Problems30th March 2010, 4:49 am

The gray download button is for the "real" free version.

The Ad-Aware Plus is on a "Trial-Pay" marketing technique. It is quite weird.

Here is a better download link for only the free version:
http://download.cnet.com/Ad-Aware-Free-Anti-Malware/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5

Re: Hijackthis Problems30th March 2010, 5:56 am

All done!

Re: Hijackthis Problems30th March 2010, 7:01 pm

Good.

Re: Hijackthis Problems31st March 2010, 2:34 am

Anything I'm supposed to do now?

Re: Hijackthis Problems31st March 2010, 4:03 am

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Re: Hijackthis Problems1st April 2010, 12:42 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Re: Hijackthis Problems1st April 2010, 4:18 am

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

You are now done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Re: Hijackthis Problems1st April 2010, 2:38 pm

I Just ran the OTC.exe by OldTimer and there are a few programs left after reboot. I'm not sure which of these I should keep for protection. I have Ad-Aware, Ad-Aware Installer, A-squared Hijack Free, Vtool folder, FIX WU Folder, Malware Bytes and AntiMalware, and Win32KDiag.

Should any of these things be kept for the protection of my pc?

Re: Hijackthis Problems1st April 2010, 2:51 pm

Delete all of those except for Ad-Aware and Malwarebytes. Smile...

Re: Hijackthis Problems1st April 2010, 3:21 pm

My recycle bin is missing...lol Shocking Whoa

I typed it in the search of my start menu and still got nothing.

Re: Hijackthis Problems1st April 2010, 3:24 pm

Last edited by Kirbie on 1st April 2010, 3:25 pm; edited 1 time in total (Reason for editing : Wrong image was posted!)

Re: Hijackthis Problems1st April 2010, 6:27 pm

Right click on your Desktop and choose Personalize.

Then, on the left, click Change Desktop Icons.

When the window pops up, make sure there is a check next to Recycle Bin, and hit OK.

Return to your Desktop, and it should be there.

Re: Hijackthis Problems1st April 2010, 9:03 pm

Everything has been run. This is the log you requested:

Results of screen317's Security Check version 0.99.2
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 8.5
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
AVS Registry Cleaner version 1.1
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 18
Adobe Flash Player 10
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
AVG avgwdsvc.exe
AVG avgtray.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Re: Hijackthis Problems2nd April 2010, 3:12 am

Please consider updating to Windows Vista Service Packs 1 & 2.
Windows Vista Service Packs 1 & 2 contain all the updates released since the first release plus support for new types of hardware and emerging hardware standards.
It is now available via Windows Update or as a standalone installation here.

================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

=======================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Hijackthis Problems

descriptionRe: Hijackthis Problems20th March 2010, 4:33 pm

descriptionRe: Hijackthis Problems20th March 2010, 6:01 pm

descriptionRe: Hijackthis Problems21st March 2010, 12:14 am

descriptionRe: Hijackthis Problems21st March 2010, 3:29 am

descriptionRe: Hijackthis Problems21st March 2010, 8:30 pm

descriptionRe: Hijackthis Problems21st March 2010, 8:36 pm

descriptionRe: Hijackthis Problems22nd March 2010, 2:14 am

descriptionRe: Hijackthis Problems22nd March 2010, 5:11 am

descriptionRe: Hijackthis Problems22nd March 2010, 5:23 am

descriptionRe: Hijackthis Problems22nd March 2010, 5:58 am

descriptionRe: Hijackthis Problems22nd March 2010, 2:31 pm

descriptionRe: Hijackthis Problems22nd March 2010, 2:33 pm

descriptionRe: Hijackthis Problems22nd March 2010, 2:36 pm

descriptionRe: Hijackthis Problems22nd March 2010, 7:09 pm

descriptionRe: Hijackthis Problems22nd March 2010, 7:12 pm

descriptionRe: Hijackthis Problems22nd March 2010, 9:04 pm

descriptionRe: Hijackthis Problems22nd March 2010, 10:52 pm

descriptionRe: Hijackthis Problems22nd March 2010, 10:55 pm

descriptionRe: Hijackthis Problems22nd March 2010, 11:48 pm

descriptionRe: Hijackthis Problems24th March 2010, 2:33 pm

descriptionRe: Hijackthis Problems24th March 2010, 5:35 pm

descriptionRe: Hijackthis Problems25th March 2010, 5:45 pm

descriptionRe: Hijackthis Problems25th March 2010, 5:50 pm

descriptionRe: Hijackthis Problems25th March 2010, 6:05 pm

descriptionRe: Hijackthis Problems25th March 2010, 7:13 pm

descriptionRe: Hijackthis Problems25th March 2010, 9:56 pm

descriptionRe: Hijackthis Problems26th March 2010, 1:16 am

descriptionRe: Hijackthis Problems26th March 2010, 4:41 am

descriptionRe: Hijackthis Problems26th March 2010, 2:32 pm

descriptionRe: Hijackthis Problems26th March 2010, 3:15 pm

descriptionRe: Hijackthis Problems26th March 2010, 6:04 pm

descriptionRe: Hijackthis Problems26th March 2010, 7:00 pm

descriptionRe: Hijackthis Problems26th March 2010, 7:03 pm

descriptionRe: Hijackthis Problems29th March 2010, 3:03 pm

descriptionRe: Hijackthis Problems29th March 2010, 3:21 pm

descriptionRe: Hijackthis Problems30th March 2010, 4:19 am

descriptionRe: Hijackthis Problems30th March 2010, 4:49 am

descriptionRe: Hijackthis Problems30th March 2010, 5:56 am

descriptionRe: Hijackthis Problems30th March 2010, 7:01 pm

descriptionRe: Hijackthis Problems31st March 2010, 2:34 am

descriptionRe: Hijackthis Problems31st March 2010, 4:03 am

descriptionRe: Hijackthis Problems1st April 2010, 12:42 am

descriptionRe: Hijackthis Problems1st April 2010, 4:18 am

descriptionRe: Hijackthis Problems1st April 2010, 2:38 pm

descriptionRe: Hijackthis Problems1st April 2010, 2:51 pm

descriptionRe: Hijackthis Problems1st April 2010, 3:21 pm

descriptionRe: Hijackthis Problems1st April 2010, 3:24 pm

descriptionRe: Hijackthis Problems1st April 2010, 6:27 pm

descriptionRe: Hijackthis Problems1st April 2010, 9:03 pm

descriptionRe: Hijackthis Problems2nd April 2010, 3:12 am

descriptionRe: Hijackthis Problems