Home > Hjt Log > HJT Log - Not Sure Of What's Infected My Computer

HJT Log - Not Sure Of What's Infected My Computer

the difference in performance between then and now seems very great. Inc.)O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: Click here for instructions for running in Safe Mode.g) If you are on a Windows system that has separate administrator accounts (Windows XP, 2000, NT), work using an account with administrator Many experts in the security community believe the same. this content

Click on "details." This will take you to a Microsoft webpage explaining the fix and allowing you to reapply it. 6.1.3 Under software versions, software you didn't install. This will prevent the file from accidentally being activated. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 All Rights Reserved.

I think maybe I did something to the comp. Be sure to mention that you tried to follow the Prep Guide but were unable to get RSIT to run.Why we no longer ask for HijackThis logs?: HijackThis only scans certain I will target Vundo first of all and then clean the rest in later fixes.Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done Sorry, there was a problem flagging this post.

WOW64 equates to "Windows on 64-bit Windows". Make the password "infected."In earlier versions of Windows, you need some third party software. If MBAM will not run, try renaming it. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo!

Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the Post the log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on Please make sure that the Web address (URL) is correctly spelled and punctuated, then try reloading the page.Make sure your Internet connection is active and check whether other applications that rely

download here: http://www.javacoolsoftware.com/spywareblaster.htmlGood Luck ! ok this is what I did:1. Link 1 for 32-bit versionLink 2 for 32-bit versionLink 1 for 64-bit versionLink 2 for 64-bit version This tool needs to run while the computer is connected to the Internet so Open the All files and folders option.

So I got desperate and tried that 'unhackme' program. Regedit, however, produced the following four keys from the full list you gave me: HomeSecurePage.com.exe, icmntr.exe, isfmm.exe and isfmntr.exe. I will now do a complete scan of the pc using the SuperAntispyware program. If using Vista or Windows 7 be aware that the programs we ask to use, need to be Run As Administrator.

Ok I ran malwarebytes and here is what happened. news Right click on that file and choose Install. Attempting to delete C:\windows\system32\nmeicfbu.iniC:\windows\system32\nmeicfbu.ini Has been deleted! Ok this is what happens.

Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. We want to provide help as quickly as possible but if you do not follow the instructions, we may have to ask you to repeat them. those included in the "rogue/suspect" list on this page or advertised on Google. have a peek at these guys It's shorter and it is kept up to date more frequently.You will have to close your web browser windows later, so it is recommended that you print out this checklist and

Register now to gain access to all of our features, it's FREE and only takes one minute. Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\PCHButton.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\thinksnet.exeO4 - Click OK.When VundoFix re-opens, click Scan for Vundo button.Once the scan is complete, right-click inside the listbox (white box) and click Add more files?Copy & paste the 2 entries below into

Reference links to product tutorials and additional information sources.Notes: a) Your AV and AT vendors cannot reliably protect you from new malware until they receive a copy of it.

For example, is it a system slow down? To see, IF your computer is up-to-date with all patches do an on-line scan with:http://secunia.com/vulnerability_scanning/online/ Flag Permalink This was helpful (0) Back to Spyware, Viruses, & Security forum 31 total posts Please DO NOT post the log in any threads where you were advised to read these guidelines or post them in any other forums. Now hit Apply and then OK.Run HiJackThis.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. Attempting to delete C:\WINDOWS\msagent\chars\adbli.tmpC:\WINDOWS\msagent\chars\adbli.tmp Has been deleted! Thread Tools Show Printable Version Search Thread Advanced Search Display Linear Mode Switch to Hybrid Mode Switch to Threaded Mode June 29th, 2008 #1 transient Guest My computer is infected http://exomatik.net/hjt-log/hjt-log-infected-again.php If you removed any malware, reboot and repeat the scans that revealed it earlier. This is to make sure that the malware has not managed to reinstall itself.

In general, once the update is complete, stop and start the program before running your scan. can be downloaded from HERE.

Each forum has its own set of instructions and procedures for requesting help and posting a HJT log, so abide by the requirements I ran a full system scan using norton anti virus and norton didn't show up any virus, so I guess the virus has now been eradicated. On the next restart, HomeSecurePage.com is back.

MBSA causes them when it checks for weak passwords.- The messages above are not normally problems.6.2.2 Save a copy of the results. Attempting to delete C:\WINDOWS\msagent\chars\adbli.ini2C:\WINDOWS\msagent\chars\adbli.ini2 Has been deleted! Removed AboutBuster from list of removal tools (obsolete and no longer supported)03 April 2007 by CalamityJane:Section 4 removed temporarily for revision. My computer runs Windows XP, and I have Ad-Aware, Avast Antivirus, and CCleaner.

But it's very slow and half of the things I try to open I get error msgs such as the one I attached. If you encounter a file that is "undeletable" or returns after the deletion, then open the regdit and first delete it's corresponding key by using the Find in the regedit (while The cd copier wouldnt allow me to copy it from the HJT folder.But as mentioned earlier, the mother is worried that by using her PC to post the log it will The Dream - Cookie Jar...(Trackfiends.net).mp3[2015/08/16 23:24:43 | 04,939,022 | ---- | C] () -- C:\Kidz Bop Kids - Kidz Bop 4 - Miss Independent.mp3[2015/08/16 23:24:39 | 00,068,670 | ---- | C]

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exeO4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exeO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [AGRSMMSG]