Home > Hjt Log > HJT Log Help -- HSA CWS

HJT Log Help -- HSA CWS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe Be sure that there is nothing set to ignore in HJT or disabled in msconfig... A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large If this service is stopped, protected content might not be down loaded to the device.TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcsLOAD_ORDER_GROUP : TAG

If this service is stopped, Remote Assistance will be unavailable. Have you been fixing all of the entries and deleting all of the files? Edited by Matt, 26 October 2005 - 02:16 PM. 0 #3 Excal Posted 29 October 2005 - 12:34 PM Excal Malware Slayer Extraordinaire! Run eraser and erase the folders in your user name, not the new one.

ID: 6   Posted December 12, 2005 1. Next press the Apply button and then the OK to exit the Internet Properties page. ID: 2   Posted December 12, 2005 Download about:buster by RubbeRDuckY Here.Update About:BusterUnzip the contents of AboutBuster.zip and an AboutBuster directory will be created.Navigate to the AboutBuster directory and double-click on

Excal 0 #4 :Rolleyes: Posted 29 October 2005 - 05:06 PM :Rolleyes: Member Topic Starter Member 18 posts Ok, no problem for the delayLogfile of HijackThis v1.99.1Scan saved at 20:04:54, on Here is the new log. Logfile of HijackThis v1.99.1 Scan saved at 4:36:36 PM, on 5/22/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe Any thoughts? -- Scan 1 -------- About:Buster Version 2.0 Attempted Clean Of Temp folder.

Here is a copy of my HJ This log. Done! Delete those and ran Spybot S&D which came up with a clean scan. If this service is stopped, remote desktop sharing will be unavailable.

Thank you both so much. Budfred ..... Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htmO8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htmWhat to do:If you don't recognize the name of the

Everyone else please begin a New Topic. 0 Back to Virus, Spyware, Malware Removal · Next Unread Topic → Similar Topics 0 user(s) are reading this topic 0 members, 0 guests, Spysweeper . I didn't mention before that when I first experienced problems with this HSA I couldn't run Housecall. We will be using it later.Next, download cws-hsa.reg to your desktop but do not run it yet.

Now Ad-Aware scans come up with an all clear. ATF Cleaner... O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\RunOnce: [srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exeO4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exeO4 - Global Startup: Acrobat

Reply With Quote 08-01-2004,01:16 AM #8 classicsoftware View Profile View Forum Posts View Blog Entries View Articles Exalted Grand Master GeekModerator Join Date Jul 2001 Location Wyncote, PA, USA Posts 10,559 So I let it reinfect, started the process again and here are the results. Rebooted in safe mode. Sign In Become an Icrontian Sign In · Register All Discussions Categories Categories All Discussions Activity Best Of...

Reply With Quote 07-31-2004,10:17 PM #7 virtualj View Profile View Forum Posts View Blog Entries View Articles Apprentice Geek Join Date Jul 2004 Location Montana Posts 9 Aboutbuster results Hey Budfred, Post a complaint about malware here!! If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Budfred .....

The full name is usually important-sounding, like 'Network Security Service', 'Workstation Logon Service' or 'Remote Procedure Call Helper', but the internal name (between brackets) is a string of garbage, like 'Ort'. If this service is disabled, any services that explicitly depend on it will fail to start.TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\tlntsvr.exeLOAD_ORDER_GROUP : TAG : Step 2 Download AboutBuster Unzip it to your desktop but don't run it yet. Done! -- Scan 2 -------- About:Buster Version 2.0 Attempted Clean Of Temp folder.

To stop service, turn off System Restore from the System Restore tab in My Computer->PropertiesTYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcsLOAD_ORDER_GROUP : TAG If you get the access denied message, unplug your computer without shutting it down then turn it back on again. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through Article What Is A BHO (Browser Helper Object)?

If this service is disabled, any services that explicitly depend on it will fail to start.TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS START_TYPE : 2 AUTO_STARTERROR_CONTROL : 0 IGNOREBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcsLOAD_ORDER_GROUP Back to top Back to Resolved or inactive Malware Removal 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear SpywareInfo Forum → Reply With Quote 08-02-2004,09:48 PM #15 Budfred View Profile View Forum Posts View Blog Entries View Articles Amateur Master GeekModerator Join Date Jul 2002 Location Minn Posts 17,373 You can certainly BLEEPINGCOMPUTER NEEDS YOUR HELP!

When trying to run Hijack This, direct access from site link was blocked and I had to sneak in the back door by sending the install via e-mail.Hijack This log is Sorry it took so long to get back - Friday night and I was out mowning the lawn..... MVP Hosts File .