need assistance, please take a look at this HijackThis Log

Comodo has helped me get my system back under control but I’m sure There is still something left in here.
I have persistant attempts to connect from china and suadi arabia. My system keeps trying to announce itself to various IP’s and I just dont feel comfortable with it. I wish I had time to learn to counterhack but I’m afraid I have a “real job” I have to go and waste my life at =) oh well. Thanks for looking

[attachment deleted by admin]

I have looked at it but I will look into it again tomorrow; i will go to sleep but it looks quite okey.

I will look at the software that you have installed.

Regards,
Valentin

MSIE: Unable to get Internet Explorer version!
that can't be good

delete the following

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common
O23 - Service: [at]%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

I strongly recommend running a boot disk (there various resue systems, but this is what I use)

then use the windows installer. run it. click on check for repairs(something like that)

P.S. change all your passwords incuding the email

Thanks for your response I deleted the files as you said here is the new hjtlog.
Sorry for the delay I had to do that work thing and will be headed back there soon.

[attachment deleted by admin]

I am particularly concerned with the %systemroot% files with unknown owners

I am particularly concerned with the %systemroot% files with unknown owners
[s]I agree too

Do you have the windows 7 installer disc?? If not, you can get a windows 76 system recovery disc from here
(choose from 32x and 64x)

Follow the steps here because there torrent files (It has step by step guild to getting it and running it)

You’ll choose the one to repair files :)[/s]
sorry I don’t know what I was thinking ???

just follow this below (it’s easy) :slight_smile:

sorry :slight_smile:

can someone tell me what this is for exe? CIJURJTAC.exe

Mod break: the following advice is flawed and therefor edited. Please don’t follow it. The considerations of JamesFrance and jay2007tech given after this hit the nail on the head here.

Delete these entries:
O17 - HKLM\System\CCS\Services\Tcpip..{4F67D0F1-A561-4780-B3B7-E206FF2E020D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS1\Services\Tcpip..{4F67D0F1-A561-4780-B3B7-E206FF2E020D}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CS2\Services\Tcpip..{4F67D0F1-A561-4780-B3B7-E206FF2E020D}: NameServer = 156.154.70.22,156.154.71.22
O23 - Service: [at]%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)

Hope it helps!
:slight_smile:

Are you a trained Malware removal expert?

HijackThis is not a tool for beginners to mess about with and I see no reason to suggest deleting the entries for Comodo DNS which is what you are suggesting.

Could a mod please remove the post by jagdish. There is no justification to remove those entries.

For the entries in O17 from the hijack this log. Those are comodo dns entries ← those are safe

as for CISVC.EXE (file missing)
It has 2 purposes
it’s for windows indexing and the other it can be used for a key logger (repairing the altered file will solve those problems). The file just needs to be repaired. That’s all. If the person doesn’t like windows indexing service, all the person needs to do is go to services.msc and set it to “manual” But the file needs to be fixed first before. If the person asks I show how step-by-step
Follow the link below to repair the altered files