Help with Hijacker

Hi and Welcome,


Running the guide was one part of the initial cleanup steps and while it may get the majority of the malware on your PC it may not get all which is why at the end of the guide, we ask you attach all the requested logs as one of our malware experts will look over them and tell you what to remove.

You not attached any logs, but if your having problems attaching, it maybe because you on loging in didnt tick the "remember me" box, or your trying to attach too many to one post, toy need to attach three to one post then the remaining to a second post, in this thread.

 

You need to attach the other 3 requested logs:

• CounterSpy
• GetRunKey - the log is c:\runkeys.txt
• ShowNew - the log is c:\newfiles.txt

Then you need to run this WareOut Removal and attach the requested log from it.


Then run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O17 - HKLM\System\CCS\Services\Tcpip\..\{83B569E3-B93A-41B8-BC26-FCDA12B1F0B2}: NameServer = 85.255.116.164,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CCBD5C1-5957-41AE-B401-DCEC2043F7F1}: NameServer = 85.255.116.164,85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\..\{961083F0-6AD1-49F5-86EC-9789FE58B631}: NameServer = 85.255.116.164,85.255.112.131
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.164 85.255.112.131

After clicking Fix, exit HJT.

Now attach a new HJT log.

It will take two messages to attach the above 5 mentioned logs.

 

No you have to create the log but if nothing was found, I don't need a log.

Complete the other steps I have you in my last message.

 

That depends on your status! Are you still having problems?

You should do the below additional steps!

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Also you should have HJT fix the below lines:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

 

Yes it could be caused by malware, but I doubt it. We could run some other scans looking for things like rootkits but I expect your problems are due to what is being run on your system.


NOTE: None of the below is really a Malware Forum topic nor are any of these items malware. They are jsut meant to show that a slow PC does not necessarily mean you have malware.

Do you really need both Yahoo and Google Toolbars? That is rather excessive. Norton/Symantec is a massive resource hog. However, before going further on Symantec, first uninstall CounterSpy which was installed while doing the READ & RUN ME. We are finished with it now and this will help speed things up a little.

Then stop running things that are not necessary:

Run this Disable/Remove Windows Messenger to remove Windows Messenger.

Do you want this Installshield package to always be running looking for updates to your system, or would you rather do it yourself?
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

Why does Napster have to load at startup and thus always be running?
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

Why not only load Napster when you want to use it?

Run HijackThis and fix the below unnecessary startups:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup


Now attach a new HJT log and a new log from ShowNew.

How are things running now?

 

Then reconsider whether you really need the Yahoo and Google Toolbars. However first uninstall the CounterSpy trial. We are finished with it and it may be blocking some fixes I gave to you previously.

After uninstalling CounterSpy, run HJT and fix the below lines again:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

Also Run this ViewpointKiller to remove Viewpoint Media software.

Also you did not do everything I asked you to do in message # 8. I still see the below which I specifically gave you steps to remove. Complete the instructions in step 8.
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_03



Then attach new logs from ShowNew and HJT.

 

I still see this in your newfiles.txt log:

J2SE Runtime Environment 5.0 Update 8

Did you forget to uninstall it? Or is it not showing in Add/Remove programs?

You also did not fix this line with HJT:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway