Home > Hjt Log > HJT Log - Please Analyse

HJT Log - Please Analyse

Please thank your helpers and there will always be help here when you need it!======================================================== Back to top #3 bjbs001 bjbs001 Topic Starter Members 9 posts OFFLINE Local time:07:06 PM Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. Lawrence Abrams Don't let BleepingComputer be silenced. Thanks, I'll give it a whirl.. Quick Navigation PressF1 Top Forums PressF1 PC World Chat Site Areas Settings Private Messages Subscriptions Who's Online Search Forums Forums Home « Previous Thread

I do not recommend using these types of programs.Why? Join the community here. So I came here looking for help. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly.

Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log Lawrence Abrams Don't let BleepingComputer be silenced. All rights reserved. IDG Communications But I'm still getting popups and redirects because I can't finish the job. Is that all of the log??

Ran lspfix ok, but tried removing 'dolsp.dll' and I received an error: "Cannot delete dolsp: Access is denied. Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program. If there was something deleted wrongly there are backups in the backreg folder. ****************************************************************************REGEDIT4[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]"{B77FB7B3-3492-4448-9A82-C86957924977}"=-"{18ABB42F-6575-4E57-A081-F4382671A987}"=-"{BBF35D26-7AA2-45A8-B020-C6C94A1BEDE0}"=-"{6E0A661E-0E0D-4C7A-8E8C-216294D9FCDD}"=-"{3252FC83-D406-418C-945D-69CCA56F5EF8}"=-"{FBDAB343-BE22-49A0-A86F-DBDD527046E6}"=-[-HKEY_CLASSES_ROOT\CLSID\{B77FB7B3-3492-4448-9A82-C86957924977}][-HKEY_CLASSES_ROOT\CLSID\{18ABB42F-6575-4E57-A081-F4382671A987}][-HKEY_CLASSES_ROOT\CLSID\{BBF35D26-7AA2-45A8-B020-C6C94A1BEDE0}][-HKEY_CLASSES_ROOT\CLSID\{6E0A661E-0E0D-4C7A-8E8C-216294D9FCDD}][-HKEY_CLASSES_ROOT\CLSID\{3252FC83-D406-418C-945D-69CCA56F5EF8}][-HKEY_CLASSES_ROOT\CLSID\{FBDAB343-BE22-49A0-A86F-DBDD527046E6}]REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]"{1A77A68C-9AB0-429B-8C11-738A729C1F37}"=-****************************************************************************Desktop.ini Contents: ****************************************************************************[.ShellClassInfo]CLSID={645FF040-5081-101B-9F08-00AA002F954E}{1A77A68C-9AB0-429B-8C11-738A729C1F37}DS4200****************************************************************************Classid's found from regsearch:**************************************************************************** And here is the lastest hijackthis log:Logfile of Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now

List 10 Free Programs for Finding the Largest Files on a Hard Drive Article Why keylogger software should be on your personal radar Get the Most From Your Tech With Our As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Go HERE and follow the manual removal procedure, in the Porat removal instructions box. Test your internet connection If this is your first visit, be sure to check out the FAQ by clicking the link above.

Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v43/yacscom.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} (McAfee.com Download+Installer Class) - http://bin.mcafee.com/molbin/shared/mcinsc...55/mcinsctl.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cabO16 - DPF: Are you having any more problems? Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If Regards Howard Aug 7, 2006 #4 (You must log in or sign up to reply here.) Show Ignored Content Topic Status: Not open for further replies.

Please choose YES. Select all options under the utilities menu. The HijackThis web site also has a comprehensive listing of sites and forums that can help you out. Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017

Register now! Using any torrent or, peer-to-peer (P2P) file sharing program (i.e. Click here to Register a free account now! Very few legitimate programs use it (Norton CleanSweep uses APITRAP.DLL), most often it is used by trojans or agressive browser hijackers.In case of a 'hidden' DLL loading from this Registry value

Aug 7, 2006 #3 howard_hopkinso TS Rookie Posts: 24,177 +19 Sorry, I forgot about that. Volume Serial Number is 7C42-A86F Directory of C:\WINDOWS\System32 01/22/2005 09:02 PM 223,199 h22o0cf3ef2.dll 01/22/2005 08:27 PM

DLLCACHE 01/19/2005 08:33 PM 223,499 i4420ehoeh4c0.dll 01/19/2005 06:05 PM 223,479 m0820aloedqc0.dll 01/16/2005 03:07 PM BLEEPINGCOMPUTER NEEDS YOUR HELP! Close browser/s.

Facebook Google+ Twitter YouTube Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones CPUs Storage Cases To learn more and to read the lawsuit, click here. Also added logfiles from the other users of this pc.

L2mfix will continue to scan your computer and when it's finished, notepad will open with a log.

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL What to do:If you don't Please re-enable javascript to access full functionality. Unlike typical anti-spyware software, HijackThis does not use signatures or target any specific programs or URL's to detect and block. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Back to top #5 EnlancE EnlancE Topic Starter Members 6 posts OFFLINE Local time:07:06 PM Posted 30 December 2004 - 02:06 PM Alright...This one.Logfile of HijackThis v1.99.0Scan saved at 20:05:55, Part of the problem is that she doesn't keep her antivirus updated, doesn't update Windows, doesn't have a firewall, etc, etc... Let me know if it`s successful.

Ask a question and give support. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze) is a security risk which can make your system susceptible to a smörgasbord of malware infections, remote attacks, and exposure of personal Back to top #4 Grinler Grinler Lawrence Abrams Admin 42,756 posts OFFLINE Gender:Male Location:USA Local time:07:06 PM Posted 30 December 2004 - 11:11 AM You need to pick one log successful deleting local copy: chmpobj.dll deleting local copy: cXbview.dll deleting local copy: d0j00a1med.dll deleting local copy: enp4l17q1.dll deleting local copy: hrp2057oe.dll deleting local copy: i4420ehoeh4c0.dll deleting local copy: irj8l51u1.dll deleting local

This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Log:Logfile of HijackThis v1.99.0Scan saved at 10:36:26 PM, on 1/22/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\LogWatNT.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\McAfee.com\VSO\mcshield.exec:\windows\system32\pfqqgeba.exec:\windows\system32\packager.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Hijack This\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR0 Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter!

Please analyse Started by EnlancE , Dec 23 2004 09:50 AM Please log in to reply 5 replies to this topic #1 EnlancE EnlancE Members 6 posts OFFLINE Local time:07:06 In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. ShowWnd.exe Search your system for this file and delete all instances of it. Lets investigate some more to see if we find anything that HijackThis did not detect.Please download CKScanner and save it to your Desktop. <-Important!!!Double-click on CKScanner.exe and click Search For Files.

Start -> Programs. Click OK at the file saved message box.Double-click the ckfiles.txt icon on your desktop to open the log and copy/paste the contents in your next reply.Please download Malwarebytes' Anti-Malware (v1.50.1) and Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). In HijackThis 1.99.1 or higher, the button 'Delete NT Service' in the Misc Tools section can be used for this.

First Pass Completed Second Pass Scanning Second pass Completed!Backing Up: C:\WINDOWS\system32\chmpobj.dll 1 file(s) copied.Backing Up: C:\WINDOWS\system32\cXbview.dll 1 file(s) copied.Backing Up: C:\WINDOWS\system32\d0j00a1med.dll 1 file(s) copied.Backing Up: C:\WINDOWS\system32\enp4l17q1.dll 1 file(s) copied.Backing Up: C:\WINDOWS\system32\hrp2057oe.dll You may also... Click on the processes tab and end process for(if there). Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htmO8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htmWhat to do:If you don't recognize the name of the

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged or read our Welcome Guide to learn how to use this site. If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their