Go.google gone, but downloads taking forever

BullGuard Antivirus Forum > Virus Removal > Removal Help > Go.google gone, but downloads taking forever

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

robertllr
New Member

Date Joined Nov 2008
Total Posts : 3

Posted 11-28-2008 8:43 (GMT +1)

Hi,

First timer here. I had (have) the go.google redirect virus. I tried the steps here, but could not get very far, as the Malwarebytes program would not install. However, on other advice, I tried installing a program called CureIt!, which did install and cleared up the computer enough to run the Malwarebytes, which I did per instructions here. Lots of infections were found and cleared.

However, while I can now use the internet without being redirected, it takes forever for my(possibly still?) infected Latitude D600 Windows XP Pro computer to download files from the internet, while my duplicate D600 does it in minutes. So I guess there are still issues.

Having reached the end of what I can do for myself, I am attaching the Malwarebytes log, and eagerly await your analysis of the log, and directions on what to do next.

Also, does anyone know where this virus orginated, and how it is picked up or propagated?

Thanks!

Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 2

11/28/2008 10:32:11 AM
mbam-log-2008-11-28 (10-32-11).txt

Scan type: Quick Scan
Objects scanned: 54334
Time elapsed: 6 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\TDSScfum.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Terri\Local Settings\Temp\TDSSd471.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Terri\Local Settings\Temp\TDSSd435.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14325

Posted 11-29-2008 4:53 (GMT +1)

Hello robertllr smile

Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

Reboot

Please download Combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".

Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

robertllr
New Member

Date Joined Nov 2008
Total Posts : 3

Posted 12-1-2008 4:53 (GMT +1)

Thanks for your reply.

Per your instructions, I have downloaded and run CCleaner.

However, in the system tab, I was unable to check "Old Prefetch Data" because that option was greyed out.

Also, In the Options/Setting tab, there was no box labeled "Only delete files older than 48 hours."

I have downloaded, but not yet run the Combofix, because I wanted to check with you that--having run CClearner without those two parts of the instructions followed--it would still be OK to run the Combofix.

Please advise.

Thanks again.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14325

Posted 12-1-2008 8:53 (GMT +1)

Just run Ccleaner without the two options checked, and post a combofix log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

robertllr
New Member

Date Joined Nov 2008
Total Posts : 3

Posted 12-1-2008 2:12 (GMT +1)

I hope I did this right.

When I ran ComboFix, per instructions, the program gave me several prompts, which I obeyed, including the suggestion that I download and install a "Windows Recovery Console."

I also got a confirmation request on terminating a "AMD wireless network connection." Since everything seemed to be waiting for my reply, I clicked yes.

ComboFix seems to have run. It automatically rebooted, too, which I was also not expecting. The reboot meant I then had to close several windows that the machine always opens on startup--two concerning problems with hardware--and that AMD confirmation again.

ComboFix then created and opened the attached log.

Thanks again for all your help!

************************************************

ComboFix 08-11-30.01 - User 2008-12-01 4:51:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.189 [GMT -8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\drivers\fad.sys
c:\windows\system32\TDSSosvd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS

((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-11-30 19:32 . 2008-11-30 19:32 <DIR> d-------- c:\program files\CCleaner
2008-11-28 13:55 . 2008-11-28 14:43 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-28 12:31 . 2008-11-28 12:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-28 11:19 . 2008-11-28 11:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-28 11:19 . 2008-11-28 11:19 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-28 11:19 . 2008-11-28 11:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-28 11:18 . 2008-11-30 19:30 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-28 11:18 . 2008-11-28 11:18 <DIR> d-------- c:\program files\AVG
2008-11-28 11:18 . 2008-11-28 11:56 <DIR> d-------- c:\documents and settings\User\Application Data\AVGTOOLBAR
2008-11-28 11:18 . 2008-11-28 11:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-28 10:13 . 2008-11-28 10:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 10:13 . 2008-11-28 10:13 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes
2008-11-28 10:13 . 2008-11-28 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 10:13 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 10:13 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-28 09:37 . 2008-11-28 09:37 <DIR> d-------- c:\documents and settings\User\DoctorWeb
2008-11-26 18:02 . 2001-04-16 09:16 951,284 --a------ c:\windows\system32\drivers\vsc.sys
2008-11-26 18:02 . 2000-09-12 09:33 204,800 --a------ c:\windows\system32\vsc32cnf.cpl
2008-11-26 18:02 . 2001-03-13 11:15 118,876 --a------ c:\windows\system32\vscapi.dll
2008-11-26 18:02 . 2008-11-26 18:02 256 --a------ c:\windows\_delis32.ini
2008-11-26 18:02 . 2008-11-26 18:02 41 --a------ c:\windows\wininit.ini
2008-11-26 18:01 . 2008-11-26 18:03 <DIR> d-------- c:\program files\Roland
2008-11-26 17:51 . 2008-11-26 17:51 1,409 --a------ c:\windows\system32\PGMUS.FOT
2008-11-26 17:51 . 2008-11-26 17:51 1,409 --a------ c:\windows\system32\pgjazz__.FOT
2008-11-26 17:51 . 2008-11-26 18:19 66 --a------ c:\windows\BBW_INFO.INI
2008-11-26 17:50 . 2008-11-26 17:50 <DIR> d-------- c:\program files\PowerTracks DirectX Plugins
2008-11-26 17:49 . 2008-11-26 18:12 <DIR> d-------- C:\bb
2008-11-26 17:14 . 2007-09-08 06:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel
2008-11-26 17:14 . 2008-11-28 11:19 <DIR> d-------- c:\documents and settings\Administrator
2008-11-26 14:26 . 2007-09-08 06:39 <DIR> d-------- c:\documents and settings\User\Application Data\Intel
2008-11-26 14:26 . 2008-11-26 14:26 <DIR> d-------- c:\documents and settings\User\Application Data\Dell
2008-11-26 14:26 . 2008-11-28 09:37 <DIR> d-------- c:\documents and settings\User
2008-11-22 13:32 . 2008-11-22 13:32 <DIR> d-------- c:\documents and settings\Robert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 20:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 22:13 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-11-22 22:21 --------- d-----w c:\program files\Common Files\AOL
2008-11-22 21:28 --------- d-----w c:\program files\AVS4YOU
2008-10-25 14:55 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 00:31 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"GC75-Manager-Class"="c:\program files\Dell TrueMobile 5100\GPRSMgr.exe" [2004-03-26 721017]
"AMD Wireless Network Configuration"="c:\windows\system32\am772cfg.exe" [2003-06-19 135331]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"vsc32cnf.exe"="c:\program files\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\program files\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-09-15 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"= vscapi.dll
"WAVE1"= vscapi.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-28 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-28 76040]
R2 RVIEG01;VSC Engine;\??\c:\program files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [2008-11-26 187992]
R2 RVIEGVST;VSC VST Engine;\??\c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2008-11-26 188276]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-21 24652]
R3 Am772;AMD Alchemy(tm) Solutions Wireless 802.11 Adapter;c:\windows\system32\DRIVERS\Am772.sys [2003-07-10 174278]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\DRIVERS\ozscr.sys [2007-09-08 92550]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\DRIVERS\vsc.sys [2008-11-26 951284]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-bascstray - BascsTray.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/

c:\windows\Downloaded Program Files\CONFLICT.1\Manager.exe - c:\windows\Downloaded Program Files\CONFLICT.1\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.5.cab
c:\windows\Downloaded Program Files\CONFLICT.1\DownloadManagerV2.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 04:54:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\BAsfIpM.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-12-01 4:56:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 12:56:55

Pre-Run: 30,454,075,392 bytes free
Post-Run: 30,525,661,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

166 --- E O F --- 2008-11-28 20:15:40

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14325

Posted 12-1-2008 5:03 (GMT +1)

Ok.

Get this version of Hijackthis from http://danborg.org/spy/hjt/alternativ.exe

Save it in a permanent folder of your choice, such as C:\HJT\. To create this specific folder on your hard drive: Double click the 'My Computer' icon on your desktop, then under the category hard disk drives: double click Local Disk:, then select file->New -> Folder and name it HJT

Run hijackthis. (alternativ exe).

Choose the "Do a system scan and save a log file" option to perform your scan.

HijackThis will analyze your system, and automatically open a notepad textfile containing the HijackThis log when the scan is finished.

Open the text files containing the logs with a text editor and click Edit -> Select All, followed by Edit -> Copy.
From within the browser window and with the message body text box selected, click Edit -> Paste.

Post hijackthis log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Friday, January 09, 2009 3:11 AM (GMT +1)
There are a total of 65.964 posts in 16.185 threads.
In the last 3 days there were 23 new threads and 96 reply posts. View Active Threads