Home > Hjt Log > HJT Log And Attachments Here. Thank You!

HJT Log And Attachments Here. Thank You!

You seem to have CSS turned off. You seem to have CSS turned off. By clicking on "Follow" below, you are agreeing to the Terms of Use and the Privacy Policy. Your file is queued in position: 1.

It is a Dell Inspiron 6000 running XP Home Edition. Please don't fill out this field. Attempting to delete C:\WINDOWS\system32\vturp.dllC:\WINDOWS\system32\vturp.dll Could not be deleted.Performing Repairs to the registry.Done!Beginning removal... I would want a new set of logs from DDS and GMER before we continue, since the logs posted are a week old now. __________________ Practice Safe Surfing** PC Safety and visit

Your file is queued in position: 3. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 Essential piece of software. If you need this topic reopened, please send a Private Message to any one of the moderating team members.

Back to top #9 SS369 SS369 Topic Starter Members 43 posts OFFLINE Gender:Male Local time:04:58 PM Posted 21 February 2007 - 10:30 PM Wow, what a marathon! Completion time: 2009-01-21 21:34:24 - machine was rebooted [Bijou] ComboFix-quarantined-files.txt 2009-01-22 03:34:10 Pre-Run: 22,912,069,632 bytes free Post-Run: 24,826,503,168 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" If you don't want to install any AV software, I'd recommend doing an online scan with NOD32, or installing the NOD32 trial. This will scan the file.

ComboFix 09-01-21.02 - Administrator 2009-01-21 21:04:34.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.247.119 [GMT -6:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: McAfee Contents of the 'Scheduled Tasks' folder 2008-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2009-01-22 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (AMANDA-Bijou).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe [] . - - Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017 find this What's the point of banning us from using your free app?

This applies only to the originator of this thread. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\McAfee.com\Agent\Mcdetect.exe c:\progra~1\McAfee.com\Agent\McTskshd.exe c:\progra~1\McAfee.com\PERSON~1\MpfService.exe c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\WLTRAY.EXE c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . That renders the newest version (2.0.4) useless urielb themaskedmarvel 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 HELP THE SYRIANS!

uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.dell4me.com/myway mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector https://forums.malwarebytes.org/topic/175255-keep-getting-popunderscan-you-check-hjt-log-for-me/ tnx.. Attempting to delete C:\WINDOWS\system32\sstwa.iniC:\WINDOWS\system32\sstwa.ini Has been deleted! The Temp folder will open.

When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperitive that Attempting to delete C:\WINDOWS\system32\klnmp.iniC:\WINDOWS\system32\klnmp.ini Has been deleted! Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the

All the latest spy/malware programs are doing their respective things and deleting found objects. Click here to Register a free account now! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:38 PM, on 5/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exeO4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"O4 - HKLM\..\Run: [RoxioAudioCentral]

Anyway here is the Jotti scan and another HJT. When it has unzipped, open that folder and double click on Find.bat. Please be patient.

Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo!

Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin Microsoft: "You've got questions. Share this post Link to post Share on other sites TwinHeadedEagle    Malware Analyst Experts 14,488 posts Location: Serbia ID: 3   Posted November 21, 2015 Hello,        They Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these.

DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. Empty the Recycle Bin. If for some reason you cannot completely follow one instruction, inform me about that.Do not ask for help for your business PC. Attempting to delete C:\WINDOWS\system32\jkkjk.dllC:\WINDOWS\system32\jkkjk.dll Could not be deleted.

The info requested is below. SS369 Back to top #8 RichieUK RichieUK Malware Assassin Malware Response Team 13,614 posts OFFLINE Local time:09:58 PM Posted 21 February 2007 - 05:01 PM Download NGenFix:http://download.norman.no/public/NGenFix.exeDisconnect from the internet,close Logfile of HijackThis v1.99.0 Scan saved at 3:30:07 PM, on 2/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe Thank you! 01-26-2009, 08:35 AM #3 btech Registered Member Join Date: Jan 2005 Location: Texas Posts: 78 OS: XP Bump.

sorry for bumping this up AGAIN. Reboot and post a new hijackthis log. 0 OptionsEdit egoisticfreak Feb 2005 edited Feb 2005 Here it is again. =) Logfile of HijackThis v1.99.0 Scan saved at 4:22:21 PM, on 2/20/2005 With the help of this automatic analyzer you are able to get some additional support. Since this is not my laptop, and the owner does not have the install cd's for it.

How much RAM do you have in the PC, and have you done a virus scan with some decent software recently? Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. McAfee is horrible, looks like you got rid of it all though. If you get a message saying File has already been analyzed: click Reanalyze file now Once scanned, copy and paste the results in your next reply.

Non-experts need to submit the log to a malware-removal forum for analysis; there are several available. Spybot didn't do the trick either. File igfxtray_.exe received on 01.29.2009 0256 (CET) Current status: Loading ... Attempting to delete C:\WINDOWS\system32\awvtt.dllC:\WINDOWS\system32\awvtt.dll Has been deleted!Performing Repairs to the registry.Done!VundoFix V6.3.8Checking Java version...Java version is 1.5.0.3Scan started at 7:21:30 AM 2/22/2007Listing files found while scanning....C:\WINDOWS\system32\jkkjk.dllC:\WINDOWS\system32\kjkkj.bak1C:\WINDOWS\system32\kjkkj.iniBeginning removal...

Thank you ahead of time!SS369 Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 RichieUK RichieUK Malware Assassin Malware Response Team 13,614 posts OFFLINE Comparison Chart Deals Top Searches hijackthis windows 10 hijackthis malware anti malware registry hijack this anti-malware hijack hjt security Thanks for helping keep SourceForge clean. Do not close the window until scan is complete. If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Reboot your computer to go back to normal mode and post a new log. 0 OptionsEdit egoisticfreak Feb 2005 edited Feb 2005 Hey no problem. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AudioDeck.lnk = C:\Program Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.* After reboot, post the contents of the log from Dr.Web in your next reply.