Home > Help Me > Help Me With This HJT Log Please!

Help Me With This HJT Log Please!

Jun 28, 2006 HJT log please help. If you know that you have the Vundo/Virutumonde trojan and other programs have not been able to remove it, please take the following steps using the free tools below. If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Login now.

I am an XFINITY Forum Expert and I am here to help.We ask that you post publicly so people with similar questions may benefit.Was your question answered? If you know that this is a program you use, then it's OK.Close all open applications. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Powered by vBulletin Version 4.2.2 Copyright © 2017 vBulletin Solutions, Inc. https://www.bleepingcomputer.com/forums/t/618594/hijackthis-log-please-help-diagnose/

List 10 Free Programs for Finding the Largest Files on a Hard Drive Article Why keylogger software should be on your personal radar Get the Most From Your Tech With Our Discussions cover Windows 2003 Server, Windows installation, adding and removing programs, driver problems, crashes, upgrading, and other OS-related questions.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion HJT- LOG PLEASE HELP ME!! It may also hijack the browser to unwanted advertising related sites.

If so, leave it. Options Mark as New Bookmark Subscribe Subscribe to RSS Feed Highlight Print Report Help please... Please what do I do? Reboot when installed and return to make sure there are no others.

If not, tick it and fix as well. Will check again tomorrow. Just paste your complete logfile into the textbox at the bottom of this page. All submitted content is subject to our Terms of Use.

Here's the Answer Article Google Chrome Security Article What Are the Differences Between Adware and Spyware? Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do. I don't understand 1 bit of the result and i dont know what to do either. May 8, 2007 #2 (You must log in or sign up to reply here.) Show Ignored Content Topic Status: Not open for further replies.

Follow Us Facebook How To Fix Buy Do More About Us Advertise Privacy Policy Careers Contact Terms of Use © 2017 About, Inc. — All rights reserved. https://www.lifewire.com/how-to-analyze-hijackthis-logs-2487503 Logfile of HijackThis v1.99.1 Scan saved at 4:17:15 AM, on 11/30/05 Platform: Windows NT 4 SP6 (WinNT 4.00.1381) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\spoolss.exe Caveat Emptor.... O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) Very safe This entry is not running from the System32 folder, so it is probably nasty.

Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cabO16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...p1/imloader.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Vundo/VirtuMonde is an adware program that downloads and displays popup advertisements, often seen as Winfixer. Please re-enable javascript to access full functionality. Back to top #5 nasdaq nasdaq Malware Response Team 34,748 posts OFFLINE Gender:Male Location:Montreal, QC.

Javascript You have disabled Javascript in your browser. I was wondering if there were some malware that was partially quarantined and probably activate themselves again whenever I use the internet- Maybe Spybot couldn't fish out all the malware. To be sure, you should check this file. In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze.

With the help of this automatic analyzer you are able to get some additional support. I'm not engaging in sock-puppetry here and you won't find 100 upvotes and comments about how helpful AssertNull is in answering questions and I won't be answering programming questions under this SHOW ME NOW CNET © CBS Interactive Inc.  /  All Rights Reserved.

Only OnFlow adds a plugin here that you don't want (.ofb).O13 - IE DefaultPrefix hijackWhat it looks like: O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?O13 - WWW.

Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. Spyware removal software such as Adaware or Spybot S&D do a good job of detecting and removing most spyware programs, but some spyware and browser hijackers are too insidious for even See here for more. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode". - Reboot. =============== After rebooting, rescan with hijackthis and post back a new log.

You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. And it freezes and a ctrl/alt/delete shows a program called "Quick" running then - ending it unfreezes explorer.So far I have - run scandisk and it has fixed errors. The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. O17 - HKLM\System\CS1\Services\Tcpip\..\{078dafce-9239-489e-8549-ea7b205898aa}: NameServer = 78.46.223.24,162.242.211.137 Do you know the IP or Domain '78.46.223.24,162.242.211.137'?

Messenger (HKLM)O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dllO12 - Plugin for .taf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dllO14 - IERESET.INF: START_PAGE_URL=click hereO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click hereO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - In the box that pops up type in 'cmd'. Dashboard for XFINITY TV on the X1 Platform Get details on weather, traffic, sports and more all from your XFINITY TV on the X1 Platform Dashboard. How To Analyze When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run.

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL What to do:If you don't Read the all-new, FREE 200-page online guide: How to Build Your Own PC! NOTE: Using robot software to mass-download the site degrades the server and is prohibited.