Need help with HijackThis and AdAware for roommate's comp

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by brian2007, Oct 8, 2004.

  1. brian2007

    brian2007 Private E-2

    Hey guys,

    My roommate's computer is in bad shape and I'm trying to help him out. So here's the rundown of what I've done so far.

    Run Symantec Antivirus with the latest definitions. Found nothing.

    Now things get tricky. AdAware is finding a TON of stuff on his machine. But once it gets to the end and you try and delete everything, the program freezes up. I've tried to get by this by running AdAware for a bit and then stopping it and deleting what it found in smaller chunks. But when I do this, I get an error saying none of the files could be deleted. This leads me to believe something on his computer is preventing AdAware from running properly. I ran it in Safe Mode and it worked fine, but when I rebooted in regular mode, everything that was deleted came back and more. This leads me to think they are respawning somehow.

    I've also run HiJackThis and have done a few minor things on my own dealing with IE, but I want to get advice on where to go from here. The log is below:

    EDIT by chaslang: inline, old version, unrequested HJT log deleted.

    I've uninstalled a bunch of toolbars he had on his computer that I thought were causing the problems, and some of them deleted themselves. But I can't seem to get rid of a program in the startup menu called saap.exe which is from 180SearchAssistant. I tried running their uninstaller and it just freezes in the Add/Remove program area.

    There's also a bunch of files in the Startup folder that I've never seen before and don't have on my machine such as axinst2.exe, initial.cfg, saap.exe, etc...

    Also there have been times where the process rundll32.exe is taking up upwards of 90% of the CPU which leads me to think it's something to be removed as well. It's listed under his account and not the SYSTEM account.

    Any help would be greatly appreciated. I'm trying to fix most of his problems so he doesn't have to do a clean reinstall this weekend.

    Thanks a bunch,

    Brian
     
    Last edited by a moderator: Oct 8, 2004
    brian2007, Oct 8, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    HijackThis is the last step and we have rules about how and when to post a log. Also note you do not even have the proper version of HijackThis. You have a load of problems and trojans you must follow the below procedure.

    Please follow all the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    You have enough problems to where I would also recommend running the below items that are list in the Alternative Scans - If still having problems section of the read me:

    Bitdefender online scan
    RavAntivirus online scan <-- select Auto Clean then click Scan My PC
    TrojanScan online scan
    a-squared (a²) Free edition free but requires an email address to register


    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    NOTE: You should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!


    Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

    But also do fix this lines with HJT immediately:
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
    O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
    O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
    O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
    O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll
    O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
     
    Last edited: Oct 8, 2004
    chaslang, Oct 8, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds