Jump to content

Please help with HijackThis.log

Wayneo13

By Wayneo13
in Resolved Malware Removal Logs

 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted

Check for and remove proxy server settings in your browser if you have not set one, the following are the most common used.

 

Internet Explorer:

Tools Menu -> Internet Options  -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

Firefox:

Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

 

Chrome:

Select -> Tools menu ->  then "Options", then  go to "Change Proxy Settings", then "LAN Settings" , then  take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

 

Safari


Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

I just go back over your thread, HJT does show a proxy of sorts, if you do not know of or recognize this proxy do the following:

 

re-open HiJackThis and scan only.  Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1;<local>

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.  Reboot
 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Uninstall the following:

D:\Program Files (x86)\AWS   
D:\Program Files (x86)\BPFTP Server
D:\Program Files (x86)\Loaris    
D:\Program Files (x86)\RegistryFix

Next,

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :FilesC:\Users\Wayne\Desktop\Folders\Installed Programs\SoftonicDownloader_for_extractnow.exe    C:\Users\Wayne\Downloads\CodecPackage.exe    C:\Windows.old.000\Documents and Settings\Wayneo\AppData\Local\Application Data\Temp\ICReinstall_Firefox_Setup_17.0.exe    C:\Windows.old.000\Documents and Settings\Wayneo\AppData\Local\Temp\ICReinstall_Firefox_Setup_17.0.exe    C:\Windows.old.000\Documents and Settings\Wayneo\Desktop\ExtractNow.exe    C:\Windows.old.000\Documents and Settings\Wayneo\Desktop\Folders\Installed Programs\SoftonicDownloader_for_extractnow.exe    C:\Windows.old.000\Documents and Settings\Wayneo\Downloads\blu-ray-creator-express.exe    C:\Windows.old.000\Documents and Settings\Wayneo\Downloads\dvd-creator6.exe    C:\Windows.old.000\Documents and Settings\Wayneo\Downloads\Firefox_Setup_17.0.exe    C:\Windows.old.000\Documents and Settings\Wayneo\Downloads\latest_removewat_2.2.9_download_free_downloader.exe    C:\Windows.old.000\Documents and Settings\Wayneo\Local Settings\Temp\ICReinstall_Firefox_Setup_17.0.exe    C:\Windows.old.000\Users\Wayneo\AppData\Local\Temp\ICReinstall_Firefox_Setup_17.0.exe    C:\Windows.old.000\Users\Wayneo\Desktop\ExtractNow.exe    C:\Windows.old.000\Users\Wayneo\Desktop\Folders\Installed Programs\SoftonicDownloader_for_extractnow.exeC:\Windows.old.000\Users\Wayneo\Downloads\blu-ray-creator-express.exe    C:\Windows.old.000\Users\Wayneo\Downloads\dvd-creator6.exe    C:\Windows.old.000\Users\Wayneo\Downloads\Firefox_Setup_17.0.exe    C:\Windows.old.000\Users\Wayneo\Downloads\latest_removewat_2.2.9_download_free_downloader.exe    C:\Windows.old.000\Users\Wayneo\Local Settings\Temp\ICReinstall_Firefox_Setup_17.0.exe    D:\Program Files (x86)\AWS    D:\Program Files (x86)\BPFTP ServerD:\Program Files (x86)\Loaris    D:\Program Files (x86)\RegistryFix:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Kevin

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

 

How is your system responding now, any remaining issues or concerns...

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Is the firefox issue now resolved, do you have any remaining issues or concerns...

 

 

My own security set up is :-

 

Windows own Firewall, Microsoft Security Essentials and Malwarebytes Pro. Windows FW and MSE are free, MB does also have a free version, however I prefer the pro version as it provides auto updates and realtime protection. Cost is about £20 for a lifetime license.

 

As an extra layer I also use WinPatrol, the free version is adeqaute for general home use. Available here: http://www.winpatrol.com/download.html

 

For my browser I use Firefox with these addons: Web of Trust, Adblock Plus, Flash Block, NoScipt, Ghostery. When Firefox is open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc....

Before using NoScript read from this link http://noscript.net/ makes it easy to understand....

 

Understanding Windows 7 Firewall - http://windows.microsoft.com/en-GB/windows7/Understanding-Windows-Firewall-settings

 

Understanding Microsoft Security Essentials - http://www.microsoft.com/en-gb/security/pc-security/mse.aspx

 

Understanding Malwarebytes, how to create an exclusion in MSE - http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

 

Understanding WinPatrol - http://www.winpatrol.com/features.html

 

I also use the Professional version of Sandboxie, I believe there is also free version available. Visit this link http://www.sandboxie.com/ for access to d/l, also make sure to use the "Help and FAQ" option to understand its uses, specifically how to run your browser sandboxed!.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Thank you for the kind donation, much appreciated....

 

We need to remove the tools we`ve used. Before removal of FRST the Quarantine folder has to be deleted using the tool.... Delete the last fix file we used fixlist.txt

 

Download the latest attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

When that completes you can delete FRST from the Desktop or C:\Users\Wayne\Downloads if that was the chosen folder. Also same goes for C:\FRST folder.

 

Continue and Delete RogueKiller and its folder RK_Quarantine

 

Next,

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

The list I gave for security is the same for Windows 7 and Windows 8, only one difference in Windows 8, Microsoft Security Essentials is renamed Windows Defender.

 

I guess that will confuse some because Windows Defender was around when Vista was in use, only real change is the addition of an anti-virus component..

 

Take care,

 

Kevin

fixlist.txt

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.