Home > General > Hjt-mofab13

Hjt-mofab13

Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content PC Pitstop Members Forums Calendar More PC Pitstop Take your time with this and be careful, you have a lot of nasty infections, Thanks. 1) Download CCleaner from this link: http://www.ccleaner.com/ Review the instructions http://www.ccleaner.com/help/tour1.asp and please do not When you finish, post a new ewido scan report along with any feedback you have. We'll talk soon!

If you still need help, please do this. 1) Post a new HJT log, things change quickly in an infected log. Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled. Generated Wed, 25 Jan 2017 02:31:30 GMT by s_wx1077 (squid/3.5.23) Your cache administrator is webmaster.

Please try the request again. Your cache administrator is webmaster. We do want this off of your computer. Thanks...Phil Edited by pskelley, 30 October 2005 - 09:34 AM.

Now when we delete the file or folder, it will be moved to the bin and can be restored IF we make a mistake and need it back. Your cache administrator is webmaster. I do not have this item on my Window XP computer. Generated Wed, 25 Jan 2017 02:31:30 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection

I checked the properties on the folder and saw that it was created October 11, 2005. Please try the request again. In the Delete window, type Windows Overlay Components and press OK. Open HJT > Open the Misc Tools section > Open Process Manager > Locate the process and click it to highlite it > Kill Process > you may get a prompt,

RIGHT click on it and choose Properties. The system returned: (22) Invalid argument The remote host or network may be down. Your cache administrator is webmaster. The system returned: (22) Invalid argument The remote host or network may be down.

Logfile of HijackThis v1.99.1 Scan saved at 1:44:05 AM, on 10/30/2005 You did a great job with the HJT removal instructions and the HJT log is clean so here is some Thanks. Please try the request again. I would still like your help in this matter.

Back to top #5 mofab13 mofab13 New Member Members 5 posts Posted 30 October 2005 - 01:02 AM Hi pskelley..... Below, please find my new hjt log. Before I look at the ewido scan and your new HJT log, let's deal with this: C:\Program Files\System Files\System.exe There has never been any doubt in my mind that the file: C:\WINDOWS\cqqztoz.exe >>> file C:\WINDOWS\etb\ >>> folder C:\WINDOWS\TU9GQUIA\ >>> folder C:\WINDOWS\zzdvdlq.exe >>> file C:\WINDOWS\System32\APD123.exe >>> file C:\WINDOWS\System32\dlp4dx.exe >>> file C:\WINDOWS\System32\emia.exe >>> file C:\Windows\Prefetch: Locate this folder and delete all of the contents

Take a look at them and let me know what you think.This is something we need to investigate and these items are not the items ewido has been giving false positives Generated Wed, 25 Jan 2017 02:31:30 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.5/ Connection Generated Wed, 25 Jan 2017 02:31:30 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.9/ Connection Please try the request again.

We will move it to your Recycle Bin (do not empty the bin for a few days until you are sure the only impact on the system is a positive one). Generated Wed, 25 Jan 2017 02:31:30 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.6/ Connection Both programs back up what they remove so delete anything the programs say should be removed. 3) Ewido scan: Please download Ewido Security Suite it is a trial version of the

Mofab13 Logfile of HijackThis v1.99.1 Scan saved at 7:35:14 PM, on 10/28/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe

I was hoping that by looking at the contents of the System Files folder you could tell if it was bad, like nothing in it but the System.exe file. Use the same online scans to find out if they are bad: C:\Program Files\Common Files\Sony Shared\Visualizer\ExlGen.dll C:\Program Files\Windows Media Player\wmplayer.exe.tmp We have other issues with ewido, especially all of the items Please re-enable javascript to access full functionality. As I said, I have no such folder on my XP computer.

Your cache administrator is webmaster. Logs are many and volunteers are few. I did the scan at the beginning and got the following: The virusscan.jotti.org site said it found: Dloader.trojan (probable variant) The kaspersky.com site said it was OK. Generated Wed, 25 Jan 2017 02:31:30 GMT by s_wx1077 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.10/ Connection

I've done everything you listed except for deleting: C:\Program Files\System Files\System.exe I didn't delete the file or folder yet because I am not sure. Let me know what you think. Below find my newest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 1:44:05 AM, on 10/30/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: Please try the request again.

The system returned: (22) Invalid argument The remote host or network may be down. AOL Spyware Protection <<< I do not know if this aol product will interfer with HJT? I am 99% sure it is bad, but I moved it to the top so you can check it with the online scans. It is very possible we will have to run ewido again and this time in safe mode.

Then check out those two questionable files from the ewido scan. In the Delete window, type cmdService and press OK.