Home > Hjt Log > HJT Log - Unable To Remove Virus. Please Help.

HJT Log - Unable To Remove Virus. Please Help.

This is extremely important, otherwise you'll have problems with the workaround and you'll get database incompatibility errors.I know when you install Malwarebytes, that mbam.exe gets deleted immediately, but in either way, scanning hidden services & system hive ... CF disconnects your machine from the internet. Is reformatting my C drive my only option left? have a peek at these guys

Remove It Pro picks it up and removes it but also finds other infected files which it cannot remove. This virus is slowing down my system. I use this program all the time as it seems quite a good one. Cannot remove Win32Tr/_/er Agent Virus-Please Help Started by beeker , Jul 21 2009 09:46 PM Please log in to reply 1 reply to this topic #1 beeker beeker Newbie Members 1

JLYC: here's the new log after doing all the things I described aboveLogfile of HijackThis v1.98.2Scan saved at 12:08:03 PM, on 10/7/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program The process that need to run on Startup is: Filename: RtHDVCpl.exe This is part of the Realtek Semiconductor High Definition Audio System driver. Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. As for the entries in HJT, I'd rather you not remove anything yet. I will take a look at your Preliminary Virus and Malware Removal thread next and post my results asap. Some trojans include Troj_Pakes.GQ & Troj_push plus others.

Back to top #3 erik7k2 erik7k2 New Member Members 5 posts Posted 07 November 2008 - 01:07 AM SDFix: Version 1.240 Run by Erik on 07/11/2008 at 12:35 AM Microsoft Windows So check msconfig again> if you see the RtHDVCpl.exe, recheck it. I know there is no reference to rtkbtmnt.exe as I checked for that, but I have not checked for other items relating to RealTek Audio but I will untick these if When the machine reboots, tap the F8 key before Windows startsYou are presented with a Windows XP Advanced Options menu.

It looks like you have multiple Internet Explores set up instead of using the tabs. If yes, is it active?I tried a bootscam with avast, which detected viruses again, which I deleted but it came back after I restarted windows. It is running correctly in the DDS log: C:\Windows\RtHDVCpl.exe The entry you were having the problem with was running from the temp directory: C:\Users\Tony\AppData\Local\Temp\RtkBtMnt.exeClick to expand... Thanks for your replies.

NOTE: When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show Edited by Aaflac, 11 November 2008 - 03:08 PM. Please read and follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Be sure that you update the programs. The entry in the temp directory, as I mentioned previously, is most likely a 'left-over' driver entry from the setup at download or driver update.

HIjackthis log included... << < (3/3) Eddy: Before formatting have the following ready:- Have a full installation cd of Windows (or a recovery cd)- Make sure you have a firewall and More about the author UK R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Upload Suspicious Files to Lavasoft.Malware removal assistance? I will see Registry enteries, Services and drivers in Combofix.

They stopped supplying it, but maybe someone there has one you can borrow. Attached logs will not be reviewed. Not really sure what all those home and search pages are for. check my blog Sign in to follow this Followers 2 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page.

This does not remove the item or uninstall anything> it just stops it from starting on boot. Since it appears in the temp file, it starts creating labuage.bin files, useless foulders and rubbish that fill up your disk at great speed. About the spelling comments I made about the quote.

Update MBAM your several definition versions behind.

ID: 5   Posted October 20, 2008 Are you rebooting? I'm unable to remove whatever I have. I hope someone can help. Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to.

The fact that is it running from a temp file does make it suspect. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. I know how to use msconfig so I will try that once the TFC program has finished. http://exomatik.net/hjt-log/hjt-log-to-remove-trojan.php UK R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!

HIjackthis log included... << < (2/3) > >> JLYC: --- Quote from: whocares on October 07, 2004, 04:26:47 PM ---format c: /flattening the system and setting it up PROPERLY would be It will allow you to boot up into a special recovery/repair mode if needed. If you try to delete it, you can't.