Home > Hijackthis Log > Hijackthis Log (multiple Viruses And Trouble With Gmer)

Hijackthis Log (multiple Viruses And Trouble With Gmer)

by ClaudiaWalky / June 15, 2010 7:18 AM PDT Hi, talking with my brother about a problem I have with the RAM in my pc,he told me:"Maybe you have a virus." But I've tried this, I used GMER CMD >> very smart girl lol http://www.sendspace.com/file/4lfb1r then I had these 2 files in C:\windows I deleted Mssrv32 and svchost still there http://www.sendspace.com/file/q5zzfu but Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. Thank you . weblink

go to windowsupdate.microsoft.com install all important updates. what next?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:40:57 PM, on 2/22/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program there can be a lag between the time a virus is released and the time it can been detected and preventions created.also, perhaps needless to say, those bad guys can be Still, setting IE security settings to "High" cure many of the problems..

Yes which security software do you recommend? [ If they have a free version available,that would be better for me.:) ] Flag Permalink This was helpful (0) Collapse - Your Choices In one such instance, it took me two days of running scans and repairing the operating system to get it back to a clean condition while still saving the files.. how do we know . But it's a little more complicated, so we'll cross that bridge if/when we get to it.

Member of ASAP and UNITEProud Graduate of the WTT Classroom Back to top #3 jiggaman_16 jiggaman_16 Member Members 73 posts Gender:Male Location:Jamaica Posted 01 April 2011 - 05:13 AM I've run Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Who's online This forum has 37,989 registered members. If you don't recognize a legit program in one of the items marked as FIX IF UNKNOWN, please post it back here and maybe we can help you.

i don't know what i would have done. 2 bad i can't buy you a beer, you deserve it. Thanks! For instance: dir system32 dir "Program Files" As a hint, before trying to delete/rename files this way, first use the attrib command (as explained in that article) to remove all file There are currently no users on-line.

and again I can't explore files from GMER here are some screen shots http://www.sendspace.com/file/a7qh5q http://www.sendspace.com/file/gmd60c I did another scan and I found svchost rootkit gone....... Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"mRun: [igfxtray] That may cause it to stall.please note:Combofix should never take more that 20 minutes including the reboot if malware is detected.Do the following only if combofix stalls after 20 or so Share this post Link to post Share on other sites noideawhatimdoin    New Member Topic Starter Members 18 posts ID: 7   Posted February 24, 2009 i have posted it, i

delete combo fix? Click Close. uStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def Jump to content BitDefender 2009 Products Bitdefender Forum Existing user? I will be following both.

In the last 3 days there were 1 new threads and 4 reply posts. have a peek at these guys Report Back to top Posted 3/13/2010 10:34 AM #83744 markusg Advanced member Date Joined Nov 2016 Total Posts: 406 your old passwords to new passwords. Use the arrow keys to select the Safe mode menu item. Sign in here.

Spybot is a little outdated and doesn't seem to detect or remove some of the recent spyware items and it doesn't detect viruses at all. Music Engine\ymetray.exe [2007-07-24 15:58:00][hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 13:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dllR0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 11:05]S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []S3 All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Malware/virus problem with ANYKUY.com Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power http://exomatik.net/hijackthis-log/hijackthis-log-multiple-infections.php Thanks again to chaslinux and everyone!

Do they have a magical antivirus as nursery growers have magical ingredients to make plants grow and bloom bigger and better? Not sure if ad-aware and avg are playing nice with each other. You can upload it here , when you will add your new post .

start run combofix /uninstall enter. 2.

Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Also had a host error but that seems to have stopped. Save ComboFix.exe to your Desktop IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Share this post Link to post Share on other sites Tayseer 0 Newbie Members 0 9 posts Gender:Female Posted September 16, 2009 well there was an error but never mind..

Flag Permalink This was helpful (0) Collapse - CPMDAVE's addition.... I am having a problem with my computer. IAT/EATDrives/Partition other than Systemdrive (typically C:\)Show All (don't miss this one)Then click the Scan button & wait for it to finish.Once done click on the [Save..] button, and in the File http://exomatik.net/hijackthis-log/hijackthis-log-xp-has-trouble-shutting-down.php Share this post Link to post Share on other sites This topic is now closed to further replies.

Do i need to run combofix to get past this stage? Can be? Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

It's not written in that article, but to change the current folder you can use this command: dir "

" after which you press Enter. I have ad-aware, avg anti-virus, and zone alarm for firewall. how can you tell that? Several functions may not work.

All submitted content is subject to our Terms of Use. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. also the name and location of the virus keeps changing. "Infection";"Trojan horse Dropper.Generic3.AXEV";"c:\Users\kewane\jeeun.exe";"";"4/4/2011, 5:34:17 PM" Back to top #8 jiggaman_16 jiggaman_16 Member Members 73 posts Gender:Male Location:Jamaica Posted 04 April 2011 Thank you for helping us maintain CNET's great community.

Besides these reports , please run another Deep System Scan and then save the scan log. Please be patient while I try to assist with your problem.