Does it make a difference what order it is done in…and what HAS to be done in safe mode? It always blocks it when it tries to attempt to install something on my computer. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"7. PS: D:\Program Files\pcast D:\Program Files\Hacking\GM51.exe D:\Program Files\Hacking\Msn freezer\IceCold ReLoaded.exe The above files are legitimate so there's no need to remove them. http://exomatik.net/hjt-log/hjt-log-urgent.php

Some are saying to do the hijack this fix in normal mode, followed by deleting temp files in safe mode & running CWShredder in safe mode at the end. Press Enter to boot into Safe Mode. ==== Copy all the files below (CTRL+C) and paste (CTRL+V) them to Notepad (Start > Run, type in: notepad): C:\WINDOWS\WINLOGON.EXE C:\PROGRA~1\COMMON~1\IE-Bar D:\Program Files\pcast C:\WINDOWS\System32\2e85ba53.exe Tech Support Guy is completely free -- paid for by advertisers and donations. Log File - HJT Dropper.delf.3.L Search2web again...

C:\WINDOWS\system32\regedit.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined). Thanks. Repeat as many times as necessary to remove each Java versions. Making a copy of the instructions makes them easier to follow since this page may not be available during part of the process.

Thank you for all your help. hijack this Click me! When i try to open .exe programs, it will ask me to choose the program i want to open with, like in the picture below, instead of starting up the program C:\WINDOWS\WINLOGON.EXE -> Trojan.Lineage.agz : Cleaned with backup (quarantined).

D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP37\A0008245.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined). Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 7:42:05 AM, on 26/06/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) FIREFOX: 21.0 (en-US) Boot mode: Normal Running

Also VundoFix and VirtumondeBeGone.

C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008152.dll -> Logger.Agent.oi : Cleaned with backup (quarantined).

C:\WINDOWS\system32\myrx.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). ozegirl, Jun 5, 2005 #11 Sponsor This thread has been Locked and is not open to further replies. C:\WINDOWS\system32\dxdiag.com -> Trojan.Lineage.agz : Cleaned with backup (quarantined).

Register now! As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Oh and yes, even though the process is supposedly from a WINLOGON.exe file residing in my C:\Windows directory (as i saw from msconfig), i was unable to locate any such file Back to top #12 FZWG FZWG In Memory of FZWG, Rest in Peace Trusted Malware Techs 2,178 posts Gender:Male Posted 25 August 2006 - 09:06 PM Still no AntiVirus programnot good.

I even tried to use Killbox to end the process, but when i did that the computer immediately goes to a BSOD and reboots. C:\Program Files\Internet Explorer\dll4.exe -> Logger.Agent.om : Cleaned with backup (quarantined). Back to top #2 zizou zizou Member Members 126 posts Posted 24 August 2006 - 08:33 AM here is my HijackThis log Logfile of HijackThis v1.99.1 Scan saved at 8:42:35 PM, http://exomatik.net/hjt-log/hjt-log-research-needed.php D:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008170.pif -> Trojan.Lineage.agz : Cleaned with backup (quarantined).

So here's the HJT log Logfile of HijackThis v1.99.1 Scan saved at 13:40, on 06-08-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... C:\System Volume Information\_restore{9F61EF6F-E555-490A-ADBA-1096B5AE2A1A}\RP36\A0008103.dll -> Logger.Agent.oi : Cleaned with backup (quarantined). Back to top #4 zizou zizou Member Members 126 posts Posted 25 August 2006 - 09:58 AM Wow, thx alot for the reply..

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. But I seem to remember it not working on 95 as there are some files it needs to run that didn't exist on 95 systems dvk01, Jun 1, 2005 #5 pc slow.

Please re-enable javascript to access full functionality.