Home > Hjt Log > Hjt Log File Please Help - Msclean.exe

Hjt Log File Please Help - Msclean.exe

Half of your hijackthis log is still malware... A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\8J7RQC59\ac3[1].txt -> Downloader.Agent.awb : Cleaned with backup (quarantined). I've been monitoring my task manager when I open my browser and CsRemind.exe kicks in. have a peek at these guys

C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned. Old_John_McKenna View Public Profile Send a private message to Old_John_McKenna Find all posts by Old_John_McKenna #3 10-11-05, 22:28 kpolillo Newbie Join Date: Nov 2005 Posts: 4 Re: Help instead of the last one, that explains why I didn't see an antivirus installed. C:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not checked!

I found the file in Windows media player you said to delete and I did, but there was also another one under it called Setup_Bikinidesk_bundle. With all folder and files viewed in safe mode I still could not find the files Don asked me to delete. C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\8J7RQC59\pre[2].emf -> Exploit.MS05-053-WMF : Cleaned with backup (quarantined). Reboot now and post a new log.

On the mend now though. It's a shame we have to spend so much of our screen time trying to deal with malware, spybots, viri, worms, torjans, etc... C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers. Clean out ALL Temp Files This process will

Please also re-enable the real-time protection for any anti-spyware programs I asked you to disable before proceeding with the fix. Disable and Re-enable System Restore to Flush Infected Restore Points Next, Run Rav again and post back with what it comes back with don77 View Public Profile Find all posts by don77 #8 July 2nd, 2004, 03:42 AM Ellie That particular worm is beyond my expertise to fix. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial

Here is the HiJackThis log:---------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:16:14 PM, on 7/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware At the General tab, which should be the first tab you are currently on, click on the 'Delete Files' button and put a checkmark in 'Delete Offline Content'. Please do so before attempting to browse it. At the same time CsRemind.exe shows up, another file called Mess.exe launches.

Earlier today my computer was even playing music at me, despite the fact that i had no programs running. C:\WINDOWS\system32\qwinnpex.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined). [2036] C:\WINDOWS\system32\qwinnpex.exe -> Adware.ZenoSearch : Error during cleaning. If so, delete it so that the Value Data box is empty, close your registry editor and boot into Safe Mode. C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

Are you looking for the solution to your computer problem? More about the author All that said, I went into safe mode to find the file you ask me to delete. Then download & RUN combofix ...This program will remove :- Qoologic L2M Ssk & more besides... C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!

Is this yours? [/ QUOTE ] I use a wireless network at home because Comcast Internet won't come all the way down my driveway so I have a small directional antenna I'd also like you to confirm which of these relate to your current ISP / Network please. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = Beyond The Network America, Inc. C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned. check my blog This alone can save you a lot of trouble with malware in the future.

I will at least get you started on this mess. C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Valuead : Cleaned. C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.

sorry I'm not very computer savvy, where do i find "HijackThis.exe" so i can change its name and try again?

It will ask you whether you'd like to remove all checked items. SEO by vBSEO 3.5.2 ThemeWelcome · log in · join Show navigation Hide navigation HomeReviewsHowChartsLatestSpeed TestRun TestRun PingHistoryPreferencesResultsRun StreamsServersCountryToolsIntroFAQLine QualitySmoke PingTweak TestLine MonitorMonitor GroupsMy IP isWhoisCalculatorTool PointsNewsNews tip?ForumsAll ForumsHot TopicsGalleryInfoHardwareAll This malware has completely disabled Norton on my system.Joe · actions · 2004-Jun-8 10:49 am · jenovaunionjoin:2004-06-08North Tonawanda, NY

jenovaunion Member 2004-Jun-8 11:26 am I have the same problem here as Ellie P.S.

The reinstall will solve your other problems as well. Ellie Mclean View Public Profile Find all posts by Ellie Mclean #7 July 2nd, 2004, 01:34 AM don77 CTH Subscriber Join Date: Mar 2004 Location: Mass. Navigate into C:\Program Files\Trend Micro\HijackThis folder. news Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

It says that someone was on the guest accound a 12 am this morning. C:\Documents and Settings\Chris\Cookies\[email protected][1].txt -> TrackingCookie.Realcastmedia : Cleaned. C:\Documents and Settings\Chris\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : Cleaned. All rights reserved.

So far nothing we have done this morning has changed anything. It is so hard to use the computer do to these error messages and difficulty in switching between users (takes at least 3-5minutes) to get back to the welcome screen when I also ran AVG again and it is still finding the same trojans (bcd) in the same files Last edited by Ellie Mclean; July 2nd, 2004 at 12:48 AM. Not Current. [ QUOTE ] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride =; O17 - HKLM\System\CCS\Services\Tcpip\..\{AED0DE72-F86B-4E8D-AF31-9E5DF8E65811}: NameServer = Related to a private network.

etc? Right-click in that pane and choose "select all" Now press "Next" again. It will find a number of spyware files and registry keys. Click on Start | Run and type MSConfig in the 'Run' box.