Home > Hjt > HJT & MBAM Logs To Analyze

HJT & MBAM Logs To Analyze

Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! It has done this 2 time(s). D: is Removable E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Inc.)O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKU\S-1-5-21-2141977767-2994533718-58751993-500\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} http://exomatik.net/hjt/hjt-combofix-logs.php

Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========== Processes (SafeList) ========== PRC - [2008/10/10 06:45:26 | 00,013,088 | ----

its just that I was a bit confuse from your note it said if you already had any scanning programs on the computer to please remove them and download the version. uStart Page = hxxp://www.scbwi.org/Pages.aspx/Who-We-Are---What-We-Do uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421; mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff That will come later and will be in the instructions.

The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. Please continue to follow my instructions and reply back until I give you the "all clean". It has done this 1 time(s). Alternatively, you can click the button at the top bar of this topic and Track this Topic.

Ken S.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:39:15 PM, on 9/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program It has done this 3 time(s). 5/31/2012 3:39:35 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-12 214664]R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]R2 AGCoreService;AG Core Services;c:\program files\agi\core\4.2.0.10752\AGCoreService.exe [2010-1-21 20480]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program

I have most of the problems fixed and my McAfee Security Center reinstalled. IF REQUESTED, ZIP IT UP & ATTACH IT . BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Just click Back to top #4 falco falco Topic Starter Members 20 posts OFFLINE Local time:03:44 PM Posted 09 February 2010 - 05:14 AM The computer 'seems' to be running

The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. Back to top #3 fireman4it fireman4it Bleepin' Fireman Malware Response Team 13,403 posts OFFLINE Gender:Male Location:Bement, ILL Local time:05:44 PM Posted 08 February 2010 - 12:15 PM Hello and welcome here is the log thank you in advance. Display as a link instead × Your previous content has been restored.

We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. It has done this 2 time(s). 5/31/2012 3:38:40 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. Any direction on my next step w/ the log info below would be greatly appreciated.

OTL & Extras Logs follow:OTL logfile created on: 10/8/2009 9:26:49 AM - Run 1OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Media Center Edition Service Pack 3 It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly.

We do not screen for malware using HijackThis. AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} . ============== Running Processes =============== . C: is FIXED (NTFS) - 454 GiB total, 327.589 GiB free.

BLEEPINGCOMPUTER NEEDS YOUR HELP!

Sign In All Activity Home Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? It has done this 2 time(s). Inc.)IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchIE The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly.

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [PMX Daemon] ICO.EXEO4 If we have ever helped you in the past, please consider helping us. Thank you! Inc.)O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 7100 Series\ezprint.exe ()O4 - HKLM..\Run: [FaxCenterServer4_in_1] C:\Program Files\Lexmark 7100 Series\fm3032.exe ()O4 - HKLM..\Run: [Gateway Extended Warranty] C:\Program Files\Gateway\GWCares\GWCares.exe (BillP

Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)O2 - BHO: Yahoo! mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-12 34248]S3 mfesmfk;McAfee Inc. The following corrective action will be taken in 100 milliseconds: Restart the service. 6/2/2012 10:29:29 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user?

I'm getting runtime errors on startup of my computer (vb... 0 and MBAM 440). The reason for this is so we know what is going on with the machine at any time. It runs SO slow and seems to hose? Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users.

IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:10:16 PM, on 5/31/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Safe mode Running processes: C:\Program The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/2/2012 10:12:08 PM, Error: EventLog [6008] - The previous system shutdown at 10:05:43 PM on 6/2/2012 was unexpected. Jun 1, 2012 #6 marcela TS Rookie Topic Starter Posts: 17 good morning I will past the following mbytes, gmer and the dds log thank you for your help Malwarebytes Anti-Malware

Everything seems to be fixed and McAfee running OK, but I did see some errors noted in the Extras.txt log. It has done this 2 time(s). I will start right away I have kaspersky as the antivirus and in your preliminary list it says to scan your computer first. It has done this 1 time(s).

Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Media Player Adobe Reader 8.3.1 Akamai NetSession Interface Akamai NetSession Interface Service AmIcoSingLun Apple Application Support Apple Software Update ASUS AI Recovery mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-12 79816]R3 mfebopk;McAfee Inc. Doing so could cause changes to the directions I have to give you and prolong the time required. Inc.)IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\S-1-5-21-2141977767-2994533718-58751993-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2141977767-2994533718-58751993-500\S-1-5-21-2141977767-2994533718-58751993-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/31 05:57:47 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\