Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help With HiJackThis Log: Not computer literate! PLEASE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 29th, 2011, 4:23 am

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-29 03:22:25
-----------------------------
03:22:25.395 OS Version: Windows x64 6.1.7601 Service Pack 1
03:22:25.395 Number of processors: 4 586 0x503
03:22:25.396 ComputerName: USER-HP UserName: User
03:22:30.852 Initialize success
03:22:34.614 AVAST engine defs: 11122801
03:22:40.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
03:22:40.542 Disk 0 Vendor: ST310005 HP35 Size: 953869MB BusType: 11
03:22:42.553 Disk 0 MBR read successfully
03:22:42.555 Disk 0 MBR scan
03:22:42.559 Disk 0 unknown MBR code
03:22:42.575 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
03:22:42.580 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 940184 MB offset 206848
03:22:42.605 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13583 MB offset 1925703680
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm
Advertisement
Register to Remove

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 29th, 2011, 5:31 am

The systemlook log is extremely long. Is it possible for me to attach the file here rather than pasting it in sections?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 29th, 2011, 6:27 am

newjackridi wrote:The systemlook log is extremely long. Is it possible for me to attach the file here rather than pasting it in sections?


Sure, no problem.

To attach a file, open the topic reply window, scroll down and below the input field you'll find a Browse button. Browse to the file you want to attach, then hit the add the file button. Click Submit and the file should be attached to your next post.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 29th, 2011, 1:29 pm

It says "The file is too big, maximum allowed size is 256 KiB".
The log is really big because I think it made note of every file with "a2" in the name. Can I email it to you?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 29th, 2011, 6:29 pm

Not possible.

How big is the file ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 30th, 2011, 2:16 am

5.54 mb, which is weird because it's just a notepad file.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 30th, 2011, 3:35 am

OK, rather than post a 5M file, lets try refining the search and see if it gives us something more manageable to work with.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:Filefind
emsisoft
a2util
a2dda
a2injectiondriver
a2antimalware
a2acc

:Folderfind
emsisoft
a2util
a2dda
a2injectiondriver
a2antimalware
a2acc

:Regfind
emsisoft
a2util
a2dda
a2injectiondriver
a2antimalware
a2acc

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 30th, 2011, 5:40 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 16:31 on 30/12/2011 by User
Administrator - Elevation successful

========== Filefind ==========

Searching for "emsisoft"
No files found.

Searching for "a2util"
No files found.

Searching for "a2dda"
No files found.

Searching for "a2injectiondriver"
No files found.

Searching for "a2antimalware"
No files found.

Searching for "a2acc"
No files found.

========== Folderfind ==========

Searching for "emsisoft"
No folders found.

Searching for "a2util"
No folders found.

Searching for "a2dda"
No folders found.

Searching for "a2injectiondriver"
No folders found.

Searching for "a2antimalware"
No folders found.

Searching for "a2acc"
No folders found.

========== Regfind ==========

Searching for "emsisoft"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60"="21"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"Emsisoft Anti-Malware 6.0 - Service"="700"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\asquared.Scanner.Settings\DefaultIcon]
@="C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2START.EXE,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\asquared.Scanner.Settings\shell\open\command]
@="C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2START.EXE "/c=%1""
[HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Run]
"c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60"="21"
[HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Services]
"Emsisoft Anti-Malware 6.0 - Service"="700"

Searching for "a2util"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_A2UTIL]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_A2UTIL]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2UTIL]

Searching for "a2dda"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_A2DDA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_A2DDA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2DDA]

Searching for "a2injectiondriver"
No data found.

Searching for "a2antimalware"
No data found.

Searching for "a2acc"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\amd64_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_none_5241bfa2accb7ad3]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\6.1.7601.17592 (win7sp1_gdr.110408-1631)\ComponentFamilies\amd64_prnkm005.inf_31bf3856ad364e35_none_5ecd615efdfd664a\f256!amd64_kop5650u.ppd_08d55a2acc29bbed]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_microsoft-windows-m..rds-datacontrol-rll_31bf3856ad364e35_none_5241bfa2accb7ad3]

-= EOF =-
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 30th, 2011, 7:36 pm

Nothing of any real concern in your log.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Reg
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"Emsisoft Anti-Malware 6.0 - Service"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\asquared.Scanner.Settings]
[HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Run]
"c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60"-
[HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Services]
"Emsisoft Anti-Malware 6.0 - Service"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2UTIL]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2DDA]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

If your computer is not now running the way you expect it to, can you explain to me in what way it is acting differently,
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 30th, 2011, 7:41 pm

This fix isn't going to delete WinPatrol is it?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 30th, 2011, 7:47 pm

No, it's just going to delete a couple of key values for emsisoft that are in the WinPatrol keys, that way they won't show up in WinPatrol.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 30th, 2011, 7:59 pm

I did that but it says "otl is not responding" and it has this message
Description:
A problem caused this program to stop interacting with Windows.

Problem signature:
Problem Event Name: AppHangB1
Application Name: OTL.exe
Application Version: 3.2.31.0
Application Timestamp: 2a425e19
Hang Signature: 3a44
Hang Type: 0
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033
Additional Hang Signature 1: 3a44cf85255aecb09af1e6e96aeba299
Additional Hang Signature 2: 4e26
Additional Hang Signature 3: 4e26a30753311464ea7d080761d80683
Additional Hang Signature 4: 3a44
Additional Hang Signature 5: 3a44cf85255aecb09af1e6e96aeba299
Additional Hang Signature 6: 4e26
Additional Hang Signature 7: 4e26a30753311464ea7d080761d80683

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 30th, 2011, 8:11 pm

Reboot your computer, then try running it again, let me know if the same thing happens.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 30th, 2011, 9:01 pm

yeah it did it again
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 30th, 2011, 11:42 pm

Gary suddenly two icons just appeared on my desktop. both are called desktop.ini
i opened them. the first says
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Play HP Games.lnk=@C:\PROGRA~2\HPGAME~1\HPGAME~1\MUISTA~1.EXE,-105
Norton 360.lnk=@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-109

the other says

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

what are these? why are they suddenly on my desktop? are they dangerous?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware