Home > Hijackthis Log > Hijackthis Log Please Help:uc Search More Toolbar

Hijackthis Log Please Help:uc Search More Toolbar

Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] No idea what Wizmax is or what it's used for! Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX then Please download WebRoot SpySweeper from HERE (It's a 2 week trial): Click the Free Trial link under "Downloads/SpySweeper" to download the program. http://exomatik.net/hijackthis-log/hijackthis-log-for-security-toolbar-7-1.php

Back to top #16 plea plea Member Members 29 posts Posted 12 April 2007 - 02:17 PM I don't know very much about computers at all (that's probably kind of obvious If you could help me fix it, I'd be very very grateful. (I'll post a separate thread) I'm going to try and open up the net and download HijackThis on to C:\WINDOWS\system32\gnffdedcvc_nav.dat absent ! Click the Start button.

Save the file as an HTML to your Desktop. Actually, it is a great idea to change passwords regularly, but not many folks actually do that (myself included, all too often). I've installed the latest Java which on the program list in Control Panel is registered as Java Runtime Environment (JRE) 6 Update 1 - is this the correct one? Install one of those 2 programs and run another HiJack This and let's see what's left.

Then run one additional ComboFix scan (not Comboscan) and post that log back here please. You do have to run Adaware and clean the items it finds, you don't do anything with SpywareBlaster except install it and keep it updated. Scan started at 16/02/2006 15:14:15 Infected! oh,btw...I've tried to remove weatherbug but it won't delet.

and here is the Combofix report: (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\nvs2.inf C:\install.log C:\WINDOWS\system32\gnffdedcvc_navps.dat C:\WINDOWS\system32\gnffdedcvc.exe C:\WINDOWS\system32\gnffdedcvc.dat ((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-29 )))))))))))))))))))))))))))))))))) 2007-03-29 15:49 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2007-03-29 11:47

It is so slow that she doesn't actually use it anymore... I can't do anything on my computer because of zestyfind and a few others. Good luck Kaputnick, Mar 26, 2004 #3 autumnrain Private E-2 Need more help please!

OK. Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll O10 - Unknown file in Back to top Back to Solved Malware Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear PC Pitstop Forums → Community To learn more and to read the lawsuit, click here.

Also post a new Hijack This log. First of all I just want to thank you guy. Click the Summary tab and click Finish. Close all open programs and windows and doubleclick on ComboScan.exe to run it and follow the prompts.

To avoid confusion also start a new thread here on the forum for her system when you are ready. http://exomatik.net/hijackthis-log/hijackthis-log-search-assistant-etc.php Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - F:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! You will need to also update AVG Anti-Spyware 7.5 to the latest definition files. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

Thanks for all your help. I'm just afraid im gonna mess it up worst than it already is. They are available from the MajorGeeks homepage. this content Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

Pager] 1O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\msnmg.exeO4 - HKCU\..\Run: [PeerGuardian] f:\Program Files\PeerGuardian2\pg2.exeO4 - HKCU\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /M "Stylus RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.Save it in the same folder you made earlier (c:\BFU).Do not do anything Thanks for your help!

Can you please tell me how.

IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O2 Unusual items in these logs - Wizmax, apparently a Korean company, but possibly a digital rights protection software? Thread Status: Not open for further replies. If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

And be sure to check for updates, I have seen Adaware updated every day. I wouldn't feel confident advising you on what to remove other than the most obvious. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program have a peek at these guys that looks better but I think there is something else going on under the hood that we need to find.

Nettoyage contenu C:\Documents and Settings\Phoebe\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalisée avec succès ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement As long as the hard disk light is flashing, the program is still working properly.»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build C:\WINNT\SYSTEM32\fp0o03d3e.dll Infected! Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: Yahoo! Javascript You have disabled Javascript in your browser. A window will open with a warning. Attempting to delete: C:\WINNT\SYSTEM32\fp0o03d3e.dll C:\WINNT\SYSTEM32\fp0o03d3e.dll Deleted successfully!

When the scan is complete, a file will open (C:\ComboScan.txt). I don't know alot about computers and the site u gave me for removing zestyfind looked kinda hard. Use your up arrow key to highlight SafeMode then hit enter.5. Thank you you guys, you've really been a big help.

Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Back to top #5 Jintan Jintan Advanced Member Members 1,062 posts Gender:Male Posted 29 March 2007 - 12:15 PM Looks like ComboFix picked up some of the NaviPromo more active files, Please re-enable javascript to access full functionality. Please re-enable javascript to access full functionality.

Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 Open Notepad and copy and paste the above Go to Edit - Select All. Firefox/Opera will need to be closed first for the cleaning to be effective. Then copy/paste that log back here, along with a new ComboFix scan and the Navilog report please.

Go to Add/Remove Programs in Control Panel and uninstall all versions Java/JRE (Sun Java Runtime Environment/J2SE Runtime Environment) and reboot.