Home > Hijack This > Hijack This Log - Winifixer

Hijack This Log - Winifixer

C:\System Volume Information\_restore{463622D4-FA1F-4669-B625-831730D753A8}\RP6\A0002888.dll Infected! If you wish to show your appreciation, then you may donate to help keep us online. C:\Program Files\NavExcel\NavHelper\v2.0.4d\v2.0.4d.cab/NHelper.dll -> Adware.NavExcel : Cleaned with backup (quarantined). Likely that virus or spyware scanners will not fix it at this point. his comment is here

Hi IndiGenus, Thanks so much for your instructions. But I didn't this time, Woohoo. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).

It may ask you to reboot at the end, click NO. If this is not your thread please start a New Topic. I'm not at all confident that System Restore would go back far enough to find a date when the system was clean. Upon reboot, Norton did not immediately detect/block any attempts like it's been doing since last week.

C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Adware.Altnet : Cleaned with backup (quarantined). So that virus is gone??? As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF:

Save it as vundo.reg and in the save as type box choose all files. Some time ago someone tried to upgrade Trend Micro antivirus. C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Adware.Altnet : Cleaned with backup (quarantined). iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast!

markp62, #3 2005/09/23 autismmommy Inactive Thread Starter Joined: 2005/09/18 Messages: 43 Likes Received: 0 Trophy Points: 81 Computer Experience: intermediate winfixer what kind of problems with desktop are you asking about? Once you see this screen click on each instance of jkhhf.dll once and then click the kill button. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra Back to top #3 g00ch g00ch New Member New Member 3 posts Posted 24 September 2005 - 01:14 PM Wow!

While I told Superantispyware to remove these, as I could not disable System Restore, I think Winfixer is still there. Starting up much faster. C:\System Volume Information\_restore{463622D4-FA1F-4669-B625-831730D753A8}\RP6\A0001865.dll Infected! C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{210F2CAF-5F7A-45AC-A6AB-AE6D6F8FD38C}" HKCR\Clsid\{210F2CAF-5F7A-45AC-A6AB-AE6D6F8FD38C} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C3378690-CCEE-4F50-A180-79B32491CF1F}" HKCR\Clsid\{C3378690-CCEE-4F50-A180-79B32491CF1F} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{59C6B750-85F9-45E4-975F-F7B775BA74B7}" HKCR\Clsid\{59C6B750-85F9-45E4-975F-F7B775BA74B7} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{61B9A725-78CD-42E8-8B94-117C7DEE20A2}" HKCR\Clsid\{61B9A725-78CD-42E8-8B94-117C7DEE20A2} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BA207667-D434-49E5-A1D1-9D8F16C1A4B9}" HKCR\Clsid\{BA207667-D434-49E5-A1D1-9D8F16C1A4B9} Restoring Windows certificates. this content More... Using Windows Explorer, find and delete the following:C:\Program Files\Internet Optimizer <-- folderC:\Program Files\Power Scan <-- folderC:\WINDOWS\wehijt.exeC:\WINDOWS\System32\dpnwsock.exeExit Explorer and reboot into Normal Mode. If you wish to show your appreciation, then you may donate to help keep us online.

Back to top #6 Micah_6:8 Micah_6:8 Evilware Emancipator Authentic Member 10,060 posts Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware! Limewire, like most any file sharing app, is an open window for infections. I understand that Symantec recommends this and I don't agree with them either. weblink C:\WINDOWS2\system32\i206lcds1f06.dll Infected!

C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dl$ -> Adware.NavExcel : Cleaned with backup (quarantined). I can remove it - but that will mean the system is virtually without an antivirus program. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu

The help you receive here is free.

So now I have those two, plus Norton Antivirus, Zone Alarm Firewall for protection.Here's my new log:Logfile of HijackThis v1.99.1Scan saved at 11:29:53 AM, on 5/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Record the name of any of these files found so you can remove them in the steps below. Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Check the Run VundoFix as a task box.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will Edit; I thought it was too good to be true so I closed IE7 and relaunched.

C:\System Volume Information\_restore{463622D4-FA1F-4669-B625-831730D753A8}\RP5\A0000793.dll Infected! http://search.msn.com/results.asp?s...snbc.msn.com&submit=Search&id=3053419&FORM=AE http://www.tomshardware.com/hardnews/20050922_104334.html Popular file-sharing site WinMX.com ceased operating and the New York office of another, eDonkey.com, appeared to be closed, in the continuing legal fallout among underworld peer-to-peer music services, industry Sign In Use Facebook Use Twitter Use Windows Live Register now! check over here Did as you said but when the computer have restarted i got the keyboard.exe, mouse.exe problems back.

My Website: UnSpyMe! Edited by Antartic-Boy, 07 April 2006 - 02:05 AM. 0 #4 Dajsel Posted 07 April 2006 - 02:14 AM Dajsel New Member Topic Starter Member 5 posts Thanks for the fast My Website: UnSpyMe! nasdaq Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ] [ Housecall online virus scan ] [ Bitdefender online virus scan ] [ AVG antivirus ]

HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined). C:\olddata\Documents and Settings\All Users\Alexander Sackey\Cookies\alexander [email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). ::Report end 0 #4 adub83 Posted 24 July 2006 - 05:07 PM adub83 New Member Topic Starter Member Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Please HKLM\SOFTWARE\Classes\BHO.PerfectNavBHO\CLSID -> Adware.KeenValue : Cleaned with backup (quarantined).

You also may get a warning from your Windows Firewall. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\vturo.dll (file missing) O2 - BHO: Open Cleanup! All rights reserved.