Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help With HiJackThis Log: Not computer literate! PLEASE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 30th, 2011, 11:50 pm

I just checked and for some reason my folders were set to unhidden. but i had them as hidden!
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm
Advertisement
Register to Remove

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » December 31st, 2011, 3:16 am

The two files you see are always there, it's just that they are system files and usually kept hidden. It seems that for some reason OTL has malfunctioned (or more likely been "interfered with" by Norton) and as a result this has occurred.

I've not known this to happen before.

Please set your files back to hidden by doing the following ....

  • Click Start > Control Panel > Appearance and Personalisation > Folder Options
  • Click on the View tab.
    • Click the Don't show hidden files, folders and drives option to select it.
    • Scroll down and check the Hide protected operating system files (recommended) option.
  • Click OK

Next

Create a System Restore Point

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre reg fix into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Next

Since OTL is having problems deleting those registry keys and values, let's try something else.

First

Temporarily disable Norton by right clicking its Icon in the System Tray (bottom right corner of your screen) and choosing the appropriate option from the menu.

Next

Download MiniRegTool by Farbar and extract it to your Desktop.

64 bit version

  • Double click on MiniRegTool.exe to launch the program.
  • If prompted by UAC, allow the prompts.
  • Check the following radio button ....
    • Delete Key(s)/Value(s) including locked/Null-embedded
  • Copy/Paste the contents of the code box below into the white input box.
Code: Select all
HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run | c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60
HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services | Emsisoft Anti-Malware 6.0 - Service
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\asquared.Scanner.Settings
HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Run | c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60
HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Services | Emsisoft Anti-Malware 6.0 - Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2UTIL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2DDA

  • Click on the Go button.
  • If prompted, allow the prompt.
  • The fix will run and a log file will open.

Next

Re-enable Norton before re-connecting to the Internet.

Post me the contents of the log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » December 31st, 2011, 10:41 pm

MiniRegTool by Farbar
Ran by User (administrator) on 2011-12-31 21:40:09

====================================
HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run|c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60 value not found.
HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services|Emsisoft Anti-Malware 6.0 - Service value not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\asquared.Scanner.Settings not found.
HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Run|c:\program files (x86)\emsisoft anti-malware\a2guard.exe /d:60 value not found.
HKEY_USERS\S-1-5-21-3193119406-1769082486-1526078369-1000\Software\BillP Studios\WinPatrol\Services|Emsisoft Anti-Malware 6.0 - Service value not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2UTIL deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_A2DDA deleted successfully.
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » January 1st, 2012, 4:59 am

Seems like OTL had managed to remove the Winpatrol entries before failing but had not managed to remove the two legacy keys, those have now been removed by MiniReg Tool.

How is your computer behaving now ?

If you're still having problems please give me a brief description of what they are.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » January 1st, 2012, 6:16 pm

My computer seems to be behaving correctly. It starts like 5-7 seconds slower, but I did download Super Anti Spyware, and last time I had that on a computer it started up a little slow to, so I expect as much.
A few questions
Do all my logs look fine?
Are you sure a hacker isn't on my computer? (Don't know if you can tell by looking at my logs)
and how can I repay you for all of your hard work here?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » January 1st, 2012, 6:46 pm

In answer to your questions ....

As far as I can see your logs look clear. There's no sign of an active infection, and no signs of an intruder.

All help here is free of charge, however any voluntary donations to the forum are always much appreciated.

As your problems appear to be resolved, it's time to remove the tools we've used to clean your machine ....

First

Let's clear out OTL and the files and folders it created. This will also remove TDSSKiller and SystemLook.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Please delete ...

aswMBR
MiniRegTool
Any log files they made.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » January 1st, 2012, 7:17 pm

I did that and now OTL.exe is gone, but tdsskiller and systemlook are still here?
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » January 2nd, 2012, 3:32 am

Then in that case, please delete the following folders ....

Systemlook
TDSSKiller
TDSSKiller.zip

If there are any log files from either of them left on your desktop, then you can delete those as well.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby newjackridi » January 2nd, 2012, 11:06 am

Done!
Thank you do much, Gary!
newjackridi
Regular Member
 
Posts: 82
Joined: December 22nd, 2011, 5:35 pm

Re: Need Help With HiJackThis Log: Not computer literate! PL

Unread postby Gary R » January 2nd, 2012, 1:32 pm

You're very welcome, glad we could help. :)

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware