HijackThis Log

Discussion in 'Malware Help (A Specialist Will Reply)' started by andrenal, Jan 24, 2006.

  1. andrenal

    andrenal Private E-2

    4 Windows Messages upon reboot after malware removal

    Just got rid of a bunch of malware. Upon reboot I get four messages, here is the first and second: 1. "Windows cannot find 'box box box box' Make sure you typed the name correctly and then try again. To search for a file, click start button then click search. 2. "Could not load 'box box box box box' specified in the registry. Make sure this file exists . . . . '

    Box represents and actual square. It doesn't have the file name, I'm assuming because I got rid of the file it was trying to load. HOW DO I GET RID OF THESE FOUR MESSAGES THAT POP UP?

    Thank You
     
    andrenal, Jan 24, 2006
    #1
  2. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: 4 Windows Messages upon reboot after malware removal

    Attach a current HJT log from normal mode.
     
    bjgarrick, Jan 24, 2006
    #2
  3. andrenal

    andrenal Private E-2

    Re: 4 Windows Messages upon reboot after malware removal

    I've attached hijackthis.log file for above problem. Thanks
     

    Attached Files:

    andrenal, Jan 24, 2006
    #3
  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: 4 Windows Messages upon reboot after malware removal

    Before we start the initial fix, please attach the logs from the two online scans listed in the READ ME. You have a few other issues we need to address first.

     
    Last edited: Jan 24, 2006
    bjgarrick, Jan 24, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: 4 Windows Messages upon reboot after malware removal

    BJ,
    Update your link for this reference. It is not inline with how step 6 reads. It was changed a few weeks ago.
     
    chaslang, Jan 24, 2006
    #5
  6. andrenal

    andrenal Private E-2

    Re: 4 Windows Messages upon reboot after malware removal

    I'm running the BitDefender right now and it's going to take 35 more minutes and I know panda scan takes a while also. Guess I just have to wait this out???
     
    andrenal, Jan 24, 2006
    #6
  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: 4 Windows Messages upon reboot after malware removal

    Yes, I need both logs with a fresh HJT log.
     
    bjgarrick, Jan 24, 2006
    #7
  8. andrenal

    andrenal Private E-2

    BitDefender

    Do you prefer cut and past or attach? One more to go....
     

    Attached Files:

    andrenal, Jan 24, 2006
    #8
  9. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: BitDefender

    Always attach any log I request, it's part of the policy in the forum.
     
    bjgarrick, Jan 24, 2006
    #9
  10. andrenal

    andrenal Private E-2

    Or is this the one you wanted?

    THis seemed better...
     

    Attached Files:

    andrenal, Jan 24, 2006
    #10
  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Re: Or is this the one you wanted?

    Yep! now attach the Panda log with a fresh HJT log.

    You can attach a total of four logs per post.
     
    bjgarrick, Jan 24, 2006
    #11
  12. andrenal

    andrenal Private E-2

    Panda Scan

    Jeez, how late are you working tonight? Looks like Panda is going to take and hour or two.....
     
    andrenal, Jan 24, 2006
    #12
  13. andrenal

    andrenal Private E-2

    Panda Report

    Here is the Panda Report
     

    Attached Files:

    andrenal, Jan 24, 2006
    #13
  14. andrenal

    andrenal Private E-2

    Anyone There?

    Just checking because someone is waiting for me to fix their computer right now. If no one is there I have to find some other help. Thanks but just haven't heard back in a while.....
     
    andrenal, Jan 24, 2006
    #14
  15. andrenal

    andrenal Private E-2

    Re: HijackThis Log Newest

    Newest HiJack THIS. There you have all you asked for. What shall I do?
     

    Attached Files:

    andrenal, Jan 24, 2006
    #15
  16. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    bjgarrick, Jan 24, 2006
    #16
  17. andrenal

    andrenal Private E-2

    First Timer TO Pro

    I appologize I was in a hurry yesturday and needed help fast. So my first computer didn't exactly have everything done it needed properly. But most of it was. Ewido was the only thing run in Safe mode for this computer. My second computer which I will be posting logs in a couple hours will have everything done properly INCLUDING Safe Mode and running all programs as directed. I will be a pro at this by the end of the day.

    Thank you for helping me through this first go round, I've had this computer for two days and am in a crunch today. THANK YOU THANK YOU.
     

    Attached Files:

    andrenal, Jan 25, 2006
    #17
  18. andrenal

    andrenal Private E-2

    Still getting Messages stated in very first post

    Still trying to get rid of Windows Message Popups on bootup. Any suggestions? See logs just posted. Thanks
     
    andrenal, Jan 25, 2006
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Still getting Messages stated in very first post

    Yes! Use this: Disable/Remove Windows Messenger
     
    chaslang, Jan 25, 2006
    #19
  20. andrenal

    andrenal Private E-2

    Windows messenger uninstalled. Still getting the messages. Can I delete the F3 lines in the Hijackthis log. They have boxes just like the messages I'm getting. Would that fix it?
     
    andrenal, Jan 25, 2006
    #20
  21. andrenal

    andrenal Private E-2

    WHy is there a report bad post in some of the right hand corner replies?
     
    andrenal, Jan 25, 2006
    #21
  22. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I was trying to avoid stepping on BJ's toes here but since it is slow.

    First as I mentioned in your other thread, your HJT version is not installed properly. You have it here:
    C:\Documents and Settings\Deb.DHNG0X51.000\Desktop\FIX Programs\HijackThis.exe

    Please fix this before continuing.

    Make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell.myway.com/
    F3 - REG:win.ini: load=??? ?
    F3 - REG:win.ini: run=??? ?
    O4 - HKCU\..\Run: [mstrap] C:\WINDOWS\system32\mstrap.exe
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
    O18 - Filter: text/plain - (no CLSID) - (no file)
    O20 - Winlogon Notify: gebca - gebca.dll (file missing)
    O20 - Winlogon Notify: jkkji - C:\WINDOWS\system32\jkkji.dll (file missing)
    O20 - Winlogon Notify: sstqo - C:\WINDOWS\system32\sstqo.dll (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\system32\mstrap.exe
    C:\WINDOWS\system32\gebca.dll
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\sstqo.dll

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST).

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    Last edited: Jan 26, 2006
    chaslang, Jan 25, 2006
    #22
  23. andrenal

    andrenal Private E-2

    Done

    Thank you all so much for your help. I am a computer tech and will follow your read me directions to the "T" from now on before I post. How does a person get to know more in depth about the Hijackthis logs and such for themselves? Resources you can point me to?
     
    andrenal, Jan 26, 2006
    #23
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Done

    You can read the sticky: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    And you you need to learn about which process and files are valid for each OS and which are not. You also need to be able to recognize valid applications and ones that are not. It takes a lot of reading. Read thru and follow along with the thousands of steps in this forum (that's a lot of reading - but it is very educational).

    Have you completed the steps in the below yet? If so, you need to attach the follow up HJT log and indicated how things are working.
     
    chaslang, Jan 26, 2006
    #24

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds