Home > Help Please > Help PLEASE ! Hijackthislog Included >>

Help PLEASE ! Hijackthislog Included >>

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Logfile of HijackThis v1.99.1 Scan saved at 12:04:05 PM, on 3/3/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. The shortcut file should appear in the folder. have a peek here

C:\WINDOWS\system32\iifddayx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Attempting to delete C:\WINDOWS\system32\pmnmlkk.dll C:\WINDOWS\system32\pmnmlkk.dll Could not be deleted. Click here to join today! I ran it again and it says everything fines, but it's not. https://forums.techguy.org/threads/solved-help-please-hijackthislog-included.335867/

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WW7OZVYX\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully. Waiting for things to happen. 0 OPDiscussion Starter ericluther 8 Years Ago Thank you I ran the scan and it did improve performance however I am still getting popups here is We apologize for the inconvenience, and hope we'll see you again on Google. "http://sorry.google.com/sorry/misc/?contin...%3D140%26sa%3DN Back to top #13 RichieUK RichieUK Malware Assassin Malware Response Team 13,614 posts OFFLINE Local time:05:11 http://groups-beta.google.com/group...doneTitle=Back+to+Search&&d#47d4d4af21aa8c10e >> Go to Start and run services.msc Find Windows Management Instrumentation and make sure the service is set to automatic. (double click to get its properties) Select the Dependency tab

C:\WINDOWS\system32\pmnmlkk.dll scheduled to be moved on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mySearchAssistant (Adware.BHO) -> Quarantined and deleted successfully. The file must be present at the location <\\p2g.com\sysvol\p2g.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (The network path was not found. ). Please note that your topic was not intentionally overlooked.

Now click "Apply to all folders", Click "Apply" then "OK" Delete these files C:\WINDOWS\ceres.dll c:\windows\system32\pqurqe.exe START – RUN – key in %temp% OK - Edit – Select all – File – Do you at least have the XP firewall enabled? Solved: help please... More about the author Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully. Go to Tools, Folder Options and click on the View tab. IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file) O2 - BHO:

Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: Messenger - http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=21568&start=15 We'll restore your access as quickly as possible, so try again soon. button Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into I think I have come to the right place to get help.HijackThis.LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 23:33:11, on 29/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot

If you don't, enable it now: http://www.duxcw.com/faq/win/xp/firewall.htm Rollin' Rog, Mar 3, 2005 #13 kyla1979 Thread Starter Joined: Feb 28, 2005 Messages: 13 the cwshredder and erasing it during safe mode navigate here I've used/run to try and get rid of it with the following softwares with new version and updates: A2 Guard Spybot Look2Me-Destroyer Ad-Aware Se CounterSpy Trojan Remover Trojan Hunter (keeps hanging Volume Serial Number is 2563-14EE Directory of C:\WINDOWS\System32 ------ Temp Files in System32 Directory ------ Volume in drive C has no label. When it's finished it will produce a log.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChange) -> Quarantined and deleted successfully. Advertisement Recent Posts Asus Router: wrong static or... Thanks Brad Back to top #6 FZWG FZWG In Memory of FZWG, Rest in Peace Trusted Malware Techs 2,178 posts Gender:Male Posted 19 April 2006 - 07:57 PM Bradsf, Glad this Check This Out Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

Please perform the following scan:Download DDS by sUBs from one of the following links. Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab O16 - DPF: Yahoo! Find.bat is running from: C:\Documents and Settings\Kayla\Desktop\Find It NT-2K-XP ------- System Files in System32 Directory ------- Volume in drive C has no label.

Go to Tools, Folder Options and click on the View tab.

Staff Online Now Cookiegal Administrator crjdriver Moderator dvk01 Moderator etaf Moderator valis Moderator DaveA Trusted Advisor Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Go to Tools, Folder Options and click on the View tab. Volume Serial Number is 2563-14EE Directory of C:\WINDOWS\System32 11/28/2004 02:41 PM 32 {4B2120FD-6568-4C2A-A637-936311B14E59}.dat 10/19/2004 10:53 AM 380,928 ??rvices.exe 10/15/2003 02:03 AM

Microsoft 10/15/2003 12:03 AM dllcache 2 File(s) 380,960 but ARRRGGGGHHH!!!!

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully. Several functions may not work. Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4300/mcfscan.cab O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v51/h2hpool/h2hpool.cab O21 - SSODL: eplrr - {8DAF42F6-142E-4DDF-AE85-AAA682CA6F5C} - C:\WINDOWS\System32\eplrr3.dll O23 - http://faviconize.com/help-please/help-please-hi-jack-log-included.html Try going to Folder Options > View and enable both "show hidden files" and UN check, temporarily, "hide protected system files" Then navigate to c:\windows\system32 and see if you can find

C:\WINDOWS\system32\rex2 moved successfully. Tech Support Guy is completely free -- paid for by advertisers and donations. Note:Do not mouse-click combofix's window while it is running. Back to top #4 FZWG FZWG In Memory of FZWG, Rest in Peace Trusted Malware Techs 2,178 posts Gender:Male Posted 18 April 2006 - 06:00 PM Razor, Please download Ewido Anti-Malware:

Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - Eric ComboFix 08-04-20.5 - Owner 2008-04-21 9:53:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.636 [GMT -4:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point * Resident AV is C:\WINDOWS\system32\bbc5 moved successfully. Print this and boot to safe mode Fix these with HJT R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

Incident name: C:\WINDOWS\TEMP\win57.tmp Detection name: DIAL_RELAID.J User name: Xxxxx Note: If Search for and clean Trojans is turned on and executed after scanning, click Next to view the final action taken. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL O9 - Extra button: Messenger - In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems scanning hidden files ...

HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4300/mcfscan.cab O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://mirror.worldwinner.com/games/v51/h2hpool/h2hpool.cab O21 - SSODL: eplrr - {8DAF42F6-142E-4DDF-AE85-AAA682CA6F5C} - C:\WINDOWS\System32\eplrr3.dll O23 - No, create an account now.

HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.