republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > hjt log someone is placing pictures on my comp

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies


TheJoker
Premium,VIP,MVM
join:2001-04-26
Alexandria, VA
kudos:5

reply to goblinxxx

Re: hjt log someone is placing pictures on my comp

Hi goblinxxx

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

Your logs for ESET and MBAM were cut off. Please post the two logs again in your next reply.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwords that some changes were made, allow this instead of blocking it.
Please don't forget this step to disable teatimer.

You appear to be running McAfee Personal Firewall, and ZoneAlarm. You should have more than one software firewall installed, as they will conflict with each other, and you actually end up with less protection, not more. You should decide which you want to keep, and completely uninstall the other. I would uninstall ZoneAlarm as the McAfee Personal Firewall is part of your security suite.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Speedscanpro
Performance Center

Then using Windows Explorer, delete the following folder if still there:
C:\Program Files\Ascentive

Clean your Cache and Cookies in IE:
-Close all instances of Outlook Express and Internet Explorer
-Go to Control Panel > Internet Options > General tab
-Click the "Delete Cookies" button
-Next to it, Click the "Delete Files" button
-When prompted, place a check in: "Delete all offline content", click OK
Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Private Data).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
Clean other Temporary files + Recycle bin
-Go to start > run and type: cleanmgr and click ok.
-Let it scan your system for files to remove.
-Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
-Press OK to remove them.

Now you need to run HijackThis and click "Do a system scan only." Place a check next to the following entries (if they are still there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »uk.red.clientapps.yahoo.com/cust···ide.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »uk.red.clientapps.yahoo.com/cust···hoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »uk.red.clientapps.yahoo.com/cust···hoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »uk.red.clientapps.yahoo.com/cust···ide.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »uk.red.clientapps.yahoo.com/cust···hoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »uk.red.clientapps.yahoo.com/cust···hoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Pauls Poker\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Pauls Poker\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - »www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - »www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra button: InterCasino $$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - »www.intercasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - »www.intercasino.com (file missing) (HKCU)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - »»plugins.valueactive.eu/flashax/iefax.cab

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Please post a new HijackThis log, and the logs from ESET's online scanner and MBAM that were cut off in your first post, and note any errors encountered.
--
Proud ASAP member since 2005
to forum · permalink · 2009-06-16 06:00:14 ·
Forums > Broadband Tech > Security > Security Cleanup

Monday, 13-Feb 14:28:06 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online! © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics