PDA

View Full Version : Hijack This Log



JJH954
2005-11-12, 04:24
I installed and uninstalled a program called Warez and now I have a popup I cannot get rid of. Here is the log from HiJack This. Any help would be appreciated.

LonnyRJones
2005-11-13, 04:03
Hi JJ954
Welcome to the forum

Please attach or post a log in log/txt format, no Pdfs please

JJH954
2005-11-13, 04:23
Here it is in text format.

Thanks,


JJH954

LonnyRJones
2005-11-13, 09:59
Hello

Set windows to show hidden file's, folder's and extensions
>click here for instructions<. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Reboot into safe mode Click here if needed (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx) For instructions.

Start Hijackthis and place a check next to these items If there.

all the O1 - Hosts:'s

O2 - BHO: (no name) - {E8585BB3-E70C-7C2B-88BE-D44F028ED025} - C:\DOCUME~1\Joe\APPLIC~1\AMENBU~1\idleview.exe
O4 - HKLM\..\Run: [draw four cast anti] C:\Documents and Settings\All Users\Application Data\SetupHoldDrawFour\Slow bin.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [liesenc] C:\DOCUME~1\Joe\APPLIC~1\BLEHIN~1\option face ping.exe
====================================
Hit fix checked and close Hijackthis.

delete these folders
C:\Documents and Settings\All Users\Application Data\SetupHoldDrawFour\Slow bin.exe
C:\DOCUME~1\Joe\APPLIC~1\BLEHIN~1\option face ping.exe
C:\DOCUME~1\Joe\APPLIC~1\AMENBU~1\idleview.exe

Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a fresh hijackthis log please
Open notepad (not wordpad) and copy and paste the bolded below into it:

dir %Windir%\tasks /a h > files.txt
notepad files.txt

Save this as findjobs.bat , choose to save it as *all files and place it on your desktop.
Doubleclick on op findjobs.bat and post the content of the txtfile you get in your next reply

be sure to mention any current problems.

tashi
2005-11-17, 19:35
Due to lack of a response this topic will be archived.
If you need the topic reopened please pm your volunteer helper.