Home > Help Please > Help Please -- HJT Log Inside

Help Please -- HJT Log Inside

by R. Connect with BullGuard Company About UsPressPartnersContact UsCareersAffiliate Program Products Internet SecurityAntivirusPremium ProtectionMobile Security Downloads AntivirusInternet SecurityMobile SecurityPremium Protection Support Help CentreProduct GuidesForumLive Technical Support © 2017 BullGuard. Please refer to our CNET Forums policies for details. Messenger (HKLM) O9 - Extra button: Research (HKLM) O10 - Broken Internet access because of LSP provider 'vlsp.dll' missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: http://inc1.net/help-please/help-please-hijackthis-log-inside.html

Waiting for things to happen. below is a list of some of the forums that do. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Last Post 6 Hours Ago What does Google have from serving us with Google Fonts?

Reboot and post another log. Quote Report Back to top Post a reply Unread posts or replies No unread posts or replies Unread Posts (Read Only Forum) No Unread Posts (Read Only Forum) Forum Welcome guest. Allow changes only if you trust the program or the software publisher. %Gary27 can't undo changes that you allow.

I followed all of your instructions, except for the deletion of the two specified files. scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-02-04 22:45:28ComboFix-quarantined-files.txt 2008-02-05 06:45:23ComboFix2.txt 2008-02-01 19:44:48.2008-02-05 06:07:58 --- E O F --- Back to top #9 Buckeye_Sam Buckeye_Sam Malware Expert Members 17,382 posts DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-4161072093-942420087-1511315770-1001_Classes: Process 1008 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4161072093-942420087-1511315770-1001_CLASSES -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))) . 2008-02-19 20:41 . 2008-02-19 20:41 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS 2008-02-15 17:44 . 2008-02-15 17:44

d-------- C:\Deckard 2008-02-14 22:28 . 2008-02-14

Click here it's easy and free. You can change your cookie settings at any time. If it is then click on it to uncheck it.Use the Add Reply button and attach the log. https://forums.pcpitstop.com/index.php?/topic/153528-please-help-hjt-log-inside/ by pogo - http://game1.pogo.com/applet-6.8.2.23/aces/aces-en_US.cabO16 - DPF: Double Deuce Poker by pogo - O16 - DPF: First Class Solitaire by pogo - O16 - DPF: Fortune Bingo by pogo - O16 -

as a black window should open, then close after finding all the background programs.Vista and Win7 users need to right click and choose Run as AdminYou only need to get one by Grif Thomas Forum moderator / July 18, 2011 6:45 AM PDT In reply to: Grif . Please use "Reply to this topic" -button while replying. iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294} Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe" LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v

Logfile of HijackThis v1.99.1 Scan saved at 8:42:19 PM, on 4/9/2006 Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe http://www.computerhope.com/forum/index.php?topic=94854.0 Allow changes only if you trust the program or the software publisher. %Gary27 can't undo changes that you allow. After rebooting there are no more occurances of these 2 programs in the process list. Getting totally destroyed by Malware, GMER and HJT log inside, help?

First you need to delete the copy of Combofix that you have on your computer now and download the latest version from here.http://download.bleepingcomputer.com/sUBs/ComboFix.exeThen run Combofix and post a new log in You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. I have tried deleting the directory through windows, through safe mode and even from safe mode command line. Microsoft MVP Consumer Security 2008 2009 2010 2011 2012 2013 UNITE member since 2006 I don't help with logs thru PM so don't bother to post me one.

No, create an account now. Privacy Policy & Cookies Legal Terms We use cookies to ensure that we give you the best experience on our website. Reboot normally after doing the above then post a fresh, normal log plz. Back to top #11 Buckeye_Sam Buckeye_Sam Malware Expert Members 17,382 posts OFFLINE Gender:Male Location:Pickerington, Ohio Local time:11:11 AM Posted 12 March 2008 - 06:53 AM Since it's been nearly a

Generated Fri, 10 Feb 2017 08:00:37 GMT by s_wx1221 (squid/3.5.23) Yes, my password is: Forgot your password? Here is my new Hijackthis log.

What does ...

I also don't want to 'upgrade' to Vista as this system would need fairly major equipment upgrades to be fully compatible.I really do appreciate your help even with my slow replys.(edited If you can't start in Safe Mode, then run all the tools while in "normal" Windows first, then run them in Safe Mode afterward.:After downloading or transferring it to the problem Logfile of HijackThis v1.99.1 Scan saved at 10:17:14 PM, on 4/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe http://forum.securitycadets.com/index.php?showforum=23.

Delete those specific registry values when found:User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]Remove these items: "DisableRegistryTools" delete any entries found"DisableTaskMgr" delete any entries found"NoDispCpl" delete any entries found Hope this helps.Grif Flag Permalink It's a good little program. Started by D1gg3r , May 12 2010 03:03 AM This topic is locked 2 replies to this topic #1 D1gg3r D1gg3r Newbie Members 1 posts Posted 12 May 2010 - 03:03 Microsoft recommends you analyze the software that made these changes for potential risks.

Jan 27, 2017 In Progress need help please respond macho39019, Dec 5, 2016, in forum: Virus & Other Malware Removal Replies: 1 Views: 162 askey127 Dec 5, 2016 New Help please, Please let me know if anything further needs to be done. scan completed successfully hidden files: 0 **************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]-> C:\WINDOWS\system32\SSLDyn.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\System32\ticw.exeC:\PROGRA~1\INTERN~1\REMIEX~1.EXEC:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\Ro.exeC:\Program Files\Internet Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc.

Once reported, our moderators will be notified and the post will be reviewed. scanning hidden autostart entries ... Start a new discussion instead. Join over 733,556 other people just like you!

If you have problems create a thread in the forum, please.Don't post your log into other user's topic, create a new one. Completion time: 2008-02-19 20:44:11 . 2008-02-20 01:34:44 --- E O F --- Back to top #6 gary123 gary123 Member Members 12 posts Posted 19 February 2008 - 09:14 PM HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\MCX-MCX2SVC-Out-TCP ->