need a little help

chrissykitty · Dec 5, 2005

need to have someone check out my hijack this log. i have run everything so far, but i think i have something lurking around. please help.

chaslang · Dec 5, 2005

Our standard cleaning procedures must be followed first. They are in this sticky thread:

READ & RUN ME FIRST Before Asking for Support

If you have run ALL of the steps in the above sticky, then continue with below. Otherwise complete this READ & RUN ME first.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

chrissykitty · Dec 6, 2005

sorry for the impatience, it was mainly ignorance of the boards, i am not very experienced with forums and the corresponding etiquettes. lesson learned.
i am reasonably experienced with removal procedures and i have used this thread in the past. i have followed the sticky thread to the letter and here is my hijackthis log;

thank you for your patience!!

Edit by chaslang: Inline log removed

chaslang · Dec 6, 2005

Please read the directions again. I'll emphasize one of the key parts for you!

run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
Click to expand...

Are you having a problem doing this?

chrissykitty · Dec 6, 2005

sorry

chaslang · Dec 6, 2005

That's okay!

A couple questions:
1) Did you setup your Start Pages to load from an HTML file like the two lines below show:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\search.html

2) Do you know what this SDDetect.exe process is for:
O4 - Global Startup: LED Display Driver.lnk = C:\WINDOWS\SDDetect.exe

The below is definitely bad and we can fix it after getting answers to the above:

O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\DOCUME~1\Goli\LOCALS~1\Temp\IXP000.TMP\MsiExec.exe (file missing)

chaslang · Dec 6, 2005

Okay! Since you logged out here is a fix for the bad service.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to MSIServer ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

MSIServer

Now exit HJT and reboot. After reboot, verify that the O23 service line no longer appears.

Log in or Sign up

need a little help

chrissykitty Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chrissykitty Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chrissykitty Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member