patonb
Golden Master
- Messages
- 9,748
- Location
- In Gov't Regulated Cubical
Mak... Last I knew, and the site still says, its Vista 32 only...
Please HJT as I can no longer user my laptop
- Thread starter Therookie
- Start date
- Status
joelm3103
Fully Optimized
- Messages
- 1,750
- Location
- -Trinidad- and Tobago, Caribbean.
patonb
Golden Master
- Messages
- 9,748
- Location
- In Gov't Regulated Cubical
Just tried and got incompatible OS, Error Win32 only
D/l right from bleeping computers... newest I can find.
D/l right from bleeping computers... newest I can find.
patonb
Golden Master
- Messages
- 9,748
- Location
- In Gov't Regulated Cubical
No, just means you can't run Combofix.
You should wait and see what Osiris has to say about your ht log.
You should wait and see what Osiris has to say about your ht log.
joelm3103
Fully Optimized
- Messages
- 1,750
- Location
- -Trinidad- and Tobago, Caribbean.
As stated before you should wait and see what Osiris says about your log.
Stuff that looks suspicious are:
Stuff that looks suspicious are:
Wait for a confirmed answer from Osiris to continue as I can be wrong.
joelm3103
Fully Optimized
- Messages
- 1,750
- Location
- -Trinidad- and Tobago, Caribbean.
When the scans are complete, be sure to post it's log also so it can reviewed as well.
There is a lot more than just those few entries. 
The start of the log doesnt even look right. There is no explorer.exe running? There is only hijackthis.exe running? If that was the case you wouldnt even see the window for the logs. See what i mean by there is more going on than can be fixed by HJT.
Dead Entries that can be removed:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
This entry is very suspecious:
O4 - HKCU\..\Run: [fqdkbxfp] C:\Users\AppData\Local\sglkkcbwj\owarnntuqiw.exe
That is not a known folder used for any legit programs that i know of. Not to mention the file name for the executable is all wrong. That is an infection that is tied to your Registry. You need to delete that from your system and remove it from your registry.
Now another thing that troubles me is that you have multiple anti-virus programs installed. I see entries for both Symantec and McAfee. You should never have multiple installed. You need to remove 1 or both and get a better program to use like AVG or MSE.
The start of the log doesnt even look right. There is no explorer.exe running? There is only hijackthis.exe running? If that was the case you wouldnt even see the window for the logs. See what i mean by there is more going on than can be fixed by HJT.
Dead Entries that can be removed:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
This entry is very suspecious:
O4 - HKCU\..\Run: [fqdkbxfp] C:\Users\AppData\Local\sglkkcbwj\owarnntuqiw.exe
That is not a known folder used for any legit programs that i know of. Not to mention the file name for the executable is all wrong. That is an infection that is tied to your Registry. You need to delete that from your system and remove it from your registry.
Now another thing that troubles me is that you have multiple anti-virus programs installed. I see entries for both Symantec and McAfee. You should never have multiple installed. You need to remove 1 or both and get a better program to use like AVG or MSE.
joelm3103
Fully Optimized
- Messages
- 1,750
- Location
- -Trinidad- and Tobago, Caribbean.
All those file missing entries on the service section, I read somewhere that they can be may be just an error and some of them can be legit. I could be wrong on that but I swore I read it somewhere when researching the HijackThis and how to analyze the logs.
Also that separate entry that looks suspicious, I'll agree on that, also it's set to run which means it's on start up which may be a big part of the issues he's having.
From multiple AV's, he also has entries leading towards AVG as well (or dead entries that were left when he uninstalled it).
Edit: Thread I was referring to is this "HijackThis helpers take note please concerning HijackThis (file missing) entries". It's dated a few years back, in 2003 and may be fixed, not certain though.
Also that separate entry that looks suspicious, I'll agree on that, also it's set to run which means it's on start up which may be a big part of the issues he's having.
From multiple AV's, he also has entries leading towards AVG as well (or dead entries that were left when he uninstalled it).
Edit: Thread I was referring to is this "HijackThis helpers take note please concerning HijackThis (file missing) entries". It's dated a few years back, in 2003 and may be fixed, not certain though.
- Status
