Home > Hijackthis Log > Hijackthis Log (multiple Viruses And Trouble With Gmer)

Hijackthis Log (multiple Viruses And Trouble With Gmer)

Some malware detect the presence of anti-virus/anti-malware and mask themselves. To learn more and to read the lawsuit, click here. They may otherwise interfere with our tools. also, there are 2 drivers (from what I can see) that seem at least suspicious: c:\\windows\\system32\\drivers\\psxqlkplxcjhinc.sys c:\\windows\\system32\\drivers\\lqyqbhzec.sys Find these files using GMER, select them, and click Copy. have a peek here

Cris. I don't know what to do since it is a system file.. There you will find an Explorer-like interface (with folders and files) find this file: C:\Windows\system32\hjgruimtkiqqow.dll select it and click Delete. In my case, I use Firefox for almost all internet surfing but keep Internet Explorer running and updated so I can use Windows Updates and a few other sites which require

You can upload it here , when you will add your new post . Report Back to top Posted 3/12/2010 5:08 PM #83734 markusg Advanced member Date Joined Nov 2016 Total Posts: 406 no problem open malwarebytes, klick update. Use the arrow keys to select the Safe mode menu item. go to the Files tab.

folder on you C:\ drive if they fail to open automatically.Please Copy and Paste the contents of both files in your next reply. Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. When i try to run it, it just gives me a log file with a whole lot of garblish.

There are different opinions on this one but most browsers can be "secured" better than they are at default.. If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.Everyone else please begin a New Topic. Thank you . The posting of advertisements, profanity, or personal attacks is prohibited.

I have tried "go to file," but it says the pathnames are invalid. In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy. Click Close. c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft SQL

n7gmo46c.exe) and allow the gmer.sys driver to load if asked. So, It's more about YOU and your habits than the security software you install.. Did you manage to get rkill to run? When you run it the second time make sure it's not still in demo mode.download from here http://www.stevengould.org/downloads/cleanup/Download ComboFix from Here or Here to your Desktop.

You can change your cookie settings at any time. navigate here Also, instead of directly deleting the files, I recommend only moving and renaming them (with ren). Member of ASAP and UNITEProud Graduate of the WTT Classroom Back to top #10 jiggaman_16 jiggaman_16 Member Members 73 posts Gender:Male Location:Jamaica Posted 06 April 2011 - 10:45 PM ComboFix 11-04-06.01 Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Many times, the customer wants all their important data saved from a computer that barely runs.. Caia Flag Permalink This was helpful (0) Collapse - Virus ETC. Sometimes malware will name themselves numerically (e.g. 583207.exe) to make it harder to detect in the registry (which actually makes it easier for you to spot).Lastly try ccleaner to clean up http://softsystechnologies.com/hijackthis-log/hijackthis-log-xp-has-trouble-shutting-down.html As the last BD scan log shows a new infected file, if gmer works this time, also find the file: C:\WINDOWS\SYSTEM32\MSSRV32.EXE and delete it.

Now click the Scan button. Navigation through folders will be a lot slower than normal, because at every step GMER will also search for hidden files, which takes longer. scanning hidden autostart entries ...scanning hidden files ...

There are specific ways to search and eliminate such threats, and GMER was designed to do just that.

in hindsite, it was a bad idea. pallison: 2nd page of ComboFix log.......((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2007-12-28 15:05 65536]"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-28 15:05 All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Malware/virus problem with ANYKUY.com Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Music Engine\ymetray.exe [2007-07-24 15:58:00][hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 13:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dllR0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 11:05]S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []S3

Please do the following from Normal Mode: Download and run OTL by Oldtimer Please download OTL by Oldtimer by clicking here and save the file (called OTL.com) to your desktop.Close all When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.Note: These logs can be located in the OTL. uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://149.151.141.3/auth/CCALogin.CAB DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - hxxp://studentupdate.wpunj.edu/webinstall/webinst.cab . ************************************************************************** catchme this contact form Sometimes using a different set of scanners tells them..