1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can someone look at my Hijack log

Discussion in 'Virus & Other Malware Removal' started by Linda78, Nov 11, 2004.

Thread Status:
Not open for further replies.
  1. Linda78

    Linda78 Thread Starter

    Joined:
    Oct 10, 2004
    Messages:
    14
    My hijack this log is below. I have a virus AVG won't find and destroy. Could someone look at my log and give me some instructions to get rid of the virus?

    Logfile of HijackThis v1.98.2
    Scan saved at 10:57:15 AM, on 11/11/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINNT\System32\smss.exe
    D:\WINNT\system32\winlogon.exe
    D:\WINNT\system32\services.exe
    D:\WINNT\system32\lsass.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\System32\svchost.exe
    D:\WINNT\system32\spoolsv.exe
    D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    D:\WINNT\System32\CTSvcCDA.EXE
    D:\WINNT\system32\regsvc.exe
    D:\WINNT\system32\MSTask.exe
    D:\WINNT\system32\stisvc.exe
    D:\WINNT\System32\WBEM\WinMgmt.exe
    D:\WINNT\System32\MsPMSPSv.exe
    D:\WINNT\system32\svchost.exe
    D:\WINNT\Explorer.EXE
    D:\WINNT\system32\fwr.exe
    D:\WINNT\system32\pcilog.exe
    D:\WINNT\system32\wuauclt.exe
    D:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
    D:\Program Files\hijack\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.att.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [AVG_CC] D:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [Microsoft PCI Manager] pcilog.exe
    O4 - HKLM\..\RunServices: [Microsoft PCI Manager] pcilog.exe
    O4 - HKLM\..\RunOnce: [Microsoft PCI Manager] pcilog.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [Microsoft PCI Manager] pcilog.exe
    O4 - HKCU\..\RunOnce: [Microsoft PCI Manager] pcilog.exe
    O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Run hijackthis, tick these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


    O4 - HKLM\..\Run: [Microsoft PCI Manager] pcilog.exe
    O4 - HKLM\..\RunServices: [Microsoft PCI Manager] pcilog.exe
    O4 - HKLM\..\RunOnce: [Microsoft PCI Manager] pcilog.exe

    O4 - HKCU\..\Run: [Microsoft PCI Manager] pcilog.exe
    O4 - HKCU\..\RunOnce: [Microsoft PCI Manager] pcilog.exe


    Reboot into safe mode by following instructions here: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Delete these files

    D:\WINNT\system32\fwr.exe
    D:\WINNT\system32\pcilog.exe

    then Go to Start > Run and type %temp% in the Run box, press OK . The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of that Temp folder.

    then go to C:\windows\temp and select EVERYTHING except temporary internet files, cookies and history folders and delete all that and then do the same for C:\temp

    1) Open Control Panel
    2) Click on Internet Options
    3) On the General Tab, in the middle of the screen, click on Delete Files
    4) You may also want to check the box "Delete all offline content"
    5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
    6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

    then
    Reboot &

    Download and unzip or install this program/application if you haven't already got it. If you have it, then make sure it is updated and configured as described

    AdAware SE from http://www.lavasoft.de/support/download
    and while you are at the adaware site download and install http://www.lavasoft.de/software/addons/vx2cleaner.shtml
    and run it before the main adaware scan and follow it's directions
    Run ADAWARE

    Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
    the current ref file should read at least SE1R18 08.11.2004 or a higher number/later date

    Set up the Configurations as follows:

    General Button
    Safety:
    Check (Green) all three.

    Click on "Proceed"

    Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

    Click on "Scan Now"

    Run the scanner using the Full Scan (Perform full system scan) mode.

    When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.


    Run an online antivirus check from at least one and preferably 2 of the following sites
    http://security.symantec.com/default.asp?
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    http://www.ravantivirus.com/scan/
    http://www3.ca.com/virusinfo/
    http://www.bitdefender.com/scan/licence.php
    http://www.commandondemand.com/eval/index.cfm
    http://www.freedom.net/viruscenter/onlineviruscheck.html
    http://info.ahnlab.com/english/
    http://www.pcpitstop.com/pcpitstop/AntiVirusCntr.asp

    reboot again

    then post a new hijackthis log to check what is left
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/295111

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice