Home > Hjt Log > HJT Log - Crawford

HJT Log - Crawford

Open the folder. Thanks in advance for the help! 0 Advertisements #2 greyknight17 Posted 08 May 2005 - 07:57 PM greyknight17 Malware Expert Visiting Consultant 16,560 posts Another case of Aurora.Download Ewido Security Suite Back to top Page 1 of 2 1 2 Next Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous Value Matches ________________________________ »»Dumping Values........

SNiF 1.34 statistics Matching files : 0 Amount in bytes : 0 Directories searched : 1 Commands executed : 0 Masks sniffed for: *.DLL Power SNiF 1.34 - The Ultimate File Go to Start->Run and type in services.msc and hit OK. Lawrence Abrams Don't let BleepingComputer be silenced. or read our Welcome Guide to learn how to use this site.

Click on the Stop button and under Startup type, choose Disabled.3. HiJackThis log on Dell Latitude[RESOLVED] Started by Banshee , May 08 2005 07:35 PM Page 1 of 2 1 2 Next This topic is locked #1 Banshee Posted 08 May 2005 Back to top #10 Grinler Grinler Lawrence Abrams Admin 42,756 posts OFFLINE Gender:Male Location:USA Local time:07:07 PM Posted 14 August 2004 - 12:44 AM Use this file: Attached Files hiving_154.zip

Når du har gjort det, så lukker du alle andre vinduer ned. Follow the prompts to install the program. Total of file sizes: 287 bytes 0.28 K *Temp backups... "C:\Documents and Settings\Richard Crawford\Local Settings\Temp\Backs2\" keyback2.hi_ Aug 13 2004 8192 "keyback2.hi_" winkey2.re_ Aug 13 2004 287 "winkey2.re_" 2 items found: 2 User is a member of group NT AUTHORITY\INTERACTIVE.

Please do the following:Please make sure that you can view all hidden files. MINIMAL REQUIREMENTS INCLUDE: _________XP HOME/PRO; SP1; IE6/SP1 _________2K/SP4; IE6/SP1 ________________________________________________________________________________ -----END------ Fri 13 Aug 04 13:02:52  Back to top #4 Grinler Grinler Lawrence Abrams Admin 42,756 posts OFFLINE Gender:Male If in doubt, always search the file(s) and properties according to criteria! The system returned: (22) Invalid argument The remote host or network may be down.

Back to top #15 richcrawford richcrawford Topic Starter Members 9 posts OFFLINE Local time:07:07 PM Posted 14 August 2004 - 09:20 PM Thanks to all at the forum for helping Contents of log.txt follow: Fri 13 Aug 04 13:01:13 »»»»»*** www10.brinkster.com/expl0iter/freeatlast/FNF/ ***»»»»» *System: Microsoft Windows XP Professional 5.1 Service Pack 1 (Build 2600) *IE version: 6.0.2800.1106 SP1-Q330994-Q824145-Q832894-Q837009-Q831167-Q823353-Q867801 The type of the Back to top #7 richcrawford richcrawford Topic Starter Members 9 posts OFFLINE Local time:07:07 PM Posted 13 August 2004 - 05:22 PM New log.Logfile of HijackThis v1.98.2Scan saved at 5:20:26 Power SNiF 1.34 - The Ultimate File Snifferdog.

REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\aurora ! nasdaq Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ] [ Housecall online virus scan ] [ Bitdefender online virus scan ] [ AVG antivirus ] Even for an advanced computer user. User is a member of group \Everyone.

Total of file sizes: 8,192 bytes 8.00 K C:\FINDNFIX\KEYS1\ winkey.reg Fri Aug 13 2004 1:01:12p A.... 287 0.28 K 1 item found: 1 file, 0 directories. Admparse Dll 57,344 . . . . A 8-29-02 6:00 am 735. Reboot the computer now.

Several functions may not work. Delete the below files/folders manually now:C:\WINDOWS\system32\cache32_rtneg3C:\WINDOWS\system32\bingo_big2.icoC:\WINDOWS\system32\body2.icoC:\WINDOWS\system32\bubbles-ke2.icoC:\WINDOWS\system32\bubbles-ki.icoC:\WINDOWS\system32\creditcard21.icoC:\WINDOWS\system32\creditcard321.icoC:\WINDOWS\system32\creditcard32123123123asdsa.icoC:\WINDOWS\system32\creditcard32123123123asdsa1.icoC:\WINDOWS\system32\dating1.icoC:\WINDOWS\system32\datingpof1.icoC:\WINDOWS\system32\dice21.icoC:\WINDOWS\system32\disk01.icoC:\WINDOWS\system32\greenmovie.icoC:\WINDOWS\system32\greenmovie1.icoC:\WINDOWS\system32\greenmovie2.icoC:\WINDOWS\system32\greenmovie2311.icoC:\WINDOWS\system32\greenmovie2313asa.icoC:\WINDOWS\system32\greenmovie2313asaadsasfad.icoC:\WINDOWS\system32\greenmovie2313asaadsasfad112341231adsfa.icoC:\WINDOWS\system32\hotbod.icoC:\WINDOWS\system32\hotbod123121.icoC:\WINDOWS\system32\ibm laptop1.icoC:\WINDOWS\system32\ico_bikini49_gif_32x32.icoC:\WINDOWS\system32\internet popup blocker1.icoC:\WINDOWS\system32\kas pink1233.icoC:\WINDOWS\system32\kas pink1233aadsfa1.icoC:\WINDOWS\system32\kas pink1233aadsfa12.icoC:\WINDOWS\system32\kevid1.icoC:\WINDOWS\system32\kevid231231.icoC:\WINDOWS\system32\kill all spyware212412431.icoOK, it's too much for me to go through. Terminate.***********************AVENGER END**************** Synes godt om karise_larry Juniormester 06. When I click the icon I am taken to the web page for Virus Protect Pro.

Sniffing.......... Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Double click on FindIt's.bat and wait for Notepad to open a text file.

When ready, then run those two and give me the logs.Download KillBox http://www.atribune....ads/KillBox.exeDownload and install CleanUp http://cleanup.stevengould.org/Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders

HJT Log - Crawford Started by richcrawford , Jul 31 2004 03:50 PM This topic is locked 1 reply to this topic #1 richcrawford richcrawford Members 9 posts OFFLINE Local As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged If we have ever helped you in the past, please consider helping us. To learn more and to read the lawsuit, click here.

REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon Driver REG_SZ DrPMon.dll ! O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: Display All Men de er deaktiveret nu.******************HJT***********************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:46:36, on 06-02-2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Volume in drive C has no label.

Click here to Register a free account now! Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon Driver REG_SZ DrPMon.dll Logfile of HijackThis v1.99.1 Scan saved at 7:09:44 PM, on 5/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running