My Hjt Log, Help

redi

By redi,
in Malware Removal

 Share Followers 0

Recommended Posts

redi

redi

Posted
Posted

My computer has been running really slow. It's a pretty new computer also. My processes are at 61 using 27 percent CPU usage. I want to delete some of these programs running but don't want to mess anything up. Any help is appriciated. Thanks Here's my HJT log...

Edit: Fixed, thanks

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

You might want to print these direcrtions out, because you will have to close IE when fixing the HijackThis entries.

Now, close all explorer windows, and then run HijackThis. Click the button that says 'Scan' then have it fix the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.i--search.com/ie/

R3 - Default URLSearchHook is missing

.....

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

.....

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

.....

O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/ireg.reg

O4 - HKLM\..\Run: [qmin] C:\WINDOWS\System32\qmin\jnahhigb.exe

O4 - HKLM\..\Run: [FkOIfHrK] C:\documents and settings\brent\local settings\temp\FkOIfHrK.exe

O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe"

.....

O18 - Protocol hijack: mhtml -

.....

Next, unhide hidden files and folders, look here for directions.

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Then boot into Safe Mode:

To get into the Windows 2000 / XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

From Safe Mode delete the following files and folders in red.

Go to this path and delete all the files in the temp folder.

C:\documents and settings\brent\local settings\temp\

c:/ireg.reg <-- the file

C:\WINDOWS\System32\qmin\jnahhigb.exe <-- the folder which will remove everything in it

C:\Program Files\RBEnhance\rbenh.exe <-- the folder which will remove everything in it

Then reboot into normal mode, and post a new logfile.

Good luck! :D

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Hi,

Download Ad-aware SE Personal 1.05

http://www.snapfiles.com/get/adaware.html

After installing AAW, and before running the program, you need to first update it: Launch Ad-Aware, and click "Check for Updates" above the start button; you'll be prompted to download and install the latest Definitions File.

Then boot into Safe Mode:

To get into the Windows 2000 / XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

Run CWShredder from Safe Mode.

Double click CWShredder.exe, click Fix,

This will scan your computer for the bad files and delete them.

Then have HijackThis fix the following from Safe Mode. Make sure you have all explorer windows closed.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.i--search.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.i--search.com/ie/

R3 - Default URLSearchHook is missing

.....

O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/ireg.reg

O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe"

.....

O18 - Protocol hijack: mhtml -

.....

Next, delete the files and or folders in red.

c:/ireg.reg <-- the file

C:\Program Files\RBEnhance\rbenh.exe <-- the folder which will remove everything in it

Next, launch Ad-Aware, and press Start > Next to let it scan your drives...

It will find a number of "bad" files and registry keys. Press 'Next'

Right-click in that results pane and choose "select all"

Press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

Then when done, restart your computer.

Run an online virus scan at http://housecall.antivirus.com/

Once the housecall scan is finished, re-run HijackThis, and post a new logfile.

Good luck! :D

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Ok, Lets try this...

Download Ad-aware SE Personal 1.05

http://www.snapfiles.com/get/adaware.html

After installing AAW, and before running the program, you need to first update it: Launch Ad-Aware, and click "Check for Updates" above the start button; you'll be prompted to download and install the latest Definitions File.

Next, launch Ad-Aware, and press Start > Next to let it scan your drives...

It will find a number of "bad" files and registry keys. Press 'Next'

Right-click in that results pane and choose "select all"

Press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.

Then when done, restart your computer, and post a new logfile.

Now, as for the Safe Mode issue. It's hard to say, it could just be some weird glitch, or something like that.

Good luck! :D

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Close all explorer windows, run HijackThis and have it fix the following.

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

Then download and run this program.

RapidBlaster Killer (Direct Download)

RapidBlaster Killer will create a log file named "scanlog.txt" in the same folder as "rbkiller.exe" if RapidBlaster is detected, and will notify the user of the file path/location (plus any other actions that took place during optional clean up).

Next, download KillBox (Direct Download)

Put it in a convenient location and then double-click on KillBox.exe to launch the program.

Select the Replace on Reboot option and put a checkmark in the Use Dummy checkbox if it is not checked. Make sure the Use Dummy checkbox is checked as it clears each time you do these steps.

Paste this file into the top Full Path of File to Delete field.

c:/ireg.reg

Click the Delete File button which looks like a stop sign.

Click Yes at the Replace on Reboot prompt.

Click No at the Pending Operations prompt.

Reboot, when it prompts you. Then post a new logfile.

Good luck! :D

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Hi,

Can you please reboot, and then post a brand new HijackThis log. So run HijackThis, click 'Scan' then click save log. Then copy and paste the new log here for analysis. :)

Also, you don't have HJT in a Permanent folder.

Click My Computer, then C:\

In the menu bar, File->New->Folder.

That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

This will allow backups to be made and saved By hijackthis in case something goes wrong

Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Ok, please post the contents of this file in red.

Open My Computer

Go into the your local C:\

find this file ireg.reg

right click it

choose open with

select Notepad

Then the file will open in Notepad. Please copy and paste all the contents of the file here.

If you can not find the file let me know. :)

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Ok, reason I asked was because I saw it come back with the log. I have one more place for you to check. Can you please check: C:\!submit <-- if it's there do the same thing as I asked before.

right click it

choose open with

select Notepad

Then the file will open in Notepad. Please copy and paste all the contents of the file here.

Once again, if it's not there let me know. :)

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Hmm... Ok, I think that Microsoft Ant-Spyware and SpywareGuard might be conflicting. So please disable them. To do so follow these directions.

Disabling MS Anti-Spyware

Right click it's icon in the system tray

Security Agent Status

Set that to disable

Then right click the icon again and choose to shut down MS Anti-Spyware

Disabling SpywareGuard

open it and click 'file' then 'exit'

Then open HijackThis, run it, and have it fix the following. Once again, make sure all explorer windows are closed.

O4 - HKLM\..\Run: [rbenh ml710e] "C:\Program Files\RBEnhance\rbenh.exe"

O4 - HKLM\..\Run: [WinSP] REGEDIT.EXE -s c:/ireg.reg

....

O18 - Protocol hijack: mhtml -

....

Then reboot, and run this online virus scan.

http://housecall.trendmicro.com/

Then post a new HijackThis logfile. I won't be able to look at it again tonight as I am going to bed. But I will check back here tomorrow. :D

B

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Your log looks clean now. Great Job! :D

Now, you can enable MS AntiSpyware and SpywareGuard

How to enable MS Anti-Spyware

Start

All Program

Microsoft AntiSpyware Folder

Click the MS AntiSpyware icon to restart the program

How to enable SpywareGuard

Click on the Start button > Go to All Programs > Find SpywareGuard and choose SpywareGuard Control Panel > Double click the SG icon in your task tray > Click the Enable SpywareGuard Protection button.

While your SpywareGuard Control Panel is open click on the Live Update button > Follow prompts and then close the SpywareGuard Control Panel clicking the "X".

Also, make sure to check out this link.

How did I get infected in the first place?

If you are still having problems let me know.

B

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing