Author Topic: HijackThis log (Read 943 times)

guestolo · « **Reply #20 on:** April 16, 2006, 12:12:27 PM »

Why didn't I think to look there?

Just to be safe, can you do the following one last time please
Can you right click on Export.bat and select EDIT
Delete the contents of Export.bat
In it's place, copy and paste the contents of the code box
Close it and accept the change
Double click on Export.bat and post the contents

Code: [Select]

regedit /e Export.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell"

miszila · « **Reply #21 on:** April 16, 2006, 12:15:56 PM »

bump

only god knows y..
haha..
here it is..

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\>>> FREE PORN GALLERIES <<<]
@="java script:{document.location='http://sexmaxx.com/freegalleries.htm';}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore]
"BrowserFlags"=dword:00000022
"ExplorerFlags"=dword:00000021

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,65,00,2c,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,\
00,25,00,49,00,2c,00,25,00,4c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec]
@="[ExploreFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\application]
@="Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\ifexec]
@="[]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\explore\ddeexec\topic]
@="AppProperties"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open]
"BrowserFlags"=dword:00000010
"ExplorerFlags"=dword:00000012

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\
65,00,20,00,2f,00,69,00,64,00,6c,00,69,00,73,00,74,00,2c,00,25,00,49,00,2c,\
00,25,00,4c,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec]
@="[ViewFolder(\"%l\", %I, %S)]"
"NoActivateHandler"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\application]
@="Folders"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\ifexec]
@="[]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\open\ddeexec\topic]
@="AppProperties"

guestolo · « **Reply #22 on:** April 16, 2006, 12:20:05 PM »

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop

Code: [Select]

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shell\>>> FREE PORN GALLERIES <<<]

Double click on fix.reg and allow to add/merge to the registry at the prompt

Reboot the computer

Let me know if that helps you out
Then we just have a bit of final cleanup

miszila · « **Reply #23 on:** April 16, 2006, 12:23:49 PM »

it works!!! wow u ARE A GENIOUS!! but dont need to reboot, can?

guestolo · « **Reply #24 on:** April 16, 2006, 12:24:30 PM »

No, don't worry about the reboot
I'll be right back with final recommendations
Just hold tight

miszila · « **Reply #25 on:** April 16, 2006, 12:28:45 PM »

alright!! thank you so so so so so much!!!!!!!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #26 on:** April 16, 2006, 12:39:06 PM »

*If everything is running better
Final Cleanup
We should flush all your restore points to ensure you don't restore any nasties that may be sitting idle

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Check for updates with your anti-spyware programs and run a scan on a regular basis
Ensure you have the latest versions of Ad-Aware SE 1.06 and Spybot 1.4
In addition, in Spybot
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Please Immunize after every update

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
In addition: If you have Microsoft Office installed
Make sure you keep up on security updates
You will find a link at Windows Updates named "Office Family"

*Make sure your Firewall is enabled and running
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

+ I would opt to hold onto Ewido and CleanUp!
Ewido will become a Limited free version in a couple weeks, but it's still a great scanner to update and run once a month
I noticed you installed the Guard when installing Ewido
You should remove the Guard only, as it is not needed with the other protections you have running
Open Ewido>>Under the Main Status window under Additional options
"REMOVE GUARD"

+You can enable your Anti-spyware protections and Norton's script blocking

Go ahead and delete
fix.reg
Export.bat
findjobs.bat
remjob.bat
RegSrch.vbs
Look2MeRemover and the log
C:\BFU <-this folder
Hold onto Hijackthis and the backup folder
In a week or so, if your still happy with the way everything is running
Open Hijackthis>>Open Misc tools sections>>>Use the scroll bar and scroll down too
"Uninstall Hijackthis & Exit"
Then manually remove Hijackthis.exe and the backup folder

Forgot about this>>You can go back and rehide Hiddenfiles and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Leave Hide Extensions for known file types unchecked
* Click Yes to confirm.
* Click OK.

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

One Note: I noticed reference to SpyFalcon in your Ewido report
Are you or any other user having problems with their desktop or getting prompts to install any anti-spyware program?

miszila · « **Reply #27 on:** April 17, 2006, 09:41:11 AM »

i've done everything!!!
nope there isnt an prompt to install everything..

my computer ok already right?

guestolo · « **Reply #28 on:** April 17, 2006, 10:14:54 AM »

Yup, everything's alright

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
I'll lock this topic as your problems appear resolved
Take care

TheTechGuide Forum

News:

Author Topic: HijackThis log (Read 943 times)

guestolo

HijackThis log

miszila

HijackThis log

guestolo

HijackThis log

miszila

HijackThis log

guestolo

HijackThis log

miszila

HijackThis log

guestolo

HijackThis log

miszila

HijackThis log

guestolo

HijackThis log