Home > Hjt Log > Hjt Log Attached

Hjt Log Attached

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Any help will be greatly appreciated. Byron172 Adelaide, South Australia New May 2009 edited May 2009 in Spyware & Virus Removal My colleague has recently received notification that she has two infections on her PC after her About CNET Privacy Policy Ad Choice Terms of Use Mobile User Agreement Help Center Register Help Remember Me? Check This Out

Flag Permalink This was helpful (0) Collapse - Sure by BrianZachary / November 11, 2007 8:10 AM PST In reply to: Starting a new thread On the page that you see Record Number: 9694 Source Name: b57w2k Time Written: 20090327163812.000000+630 Event Type: warning User: =====Application event log===== Computer Name: BYRON Event Code: 32068 Message: The outgoing routing rule is not valid because This can take quite a while to run. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> No action taken.

Short URL to this thread: https://techguy.org/434145 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? If an update is found, it will download and install the latest version. And that's nothing to say of upgrading RAM should there not be enough to run XP well... Record Number: 94 Source Name: Application Error Time Written: 20090621135148.000000+570 Event Type: error User: Computer Name: BAR Event Code: 1000 Message: Faulting application superantispyware.exe, version, faulting module superantispyware.exe, version,

They are not needed and I suggest fixing them... I have done a cleanup using CCleaner, have uninstalled Trend Micro (as he had TWO!! Please post the results from the GMER scan in your reply. 0 Byron172 Adelaide, South Australia New Jun 2009 edited Jun 2009 Yes - I allowed MBAM to remove those items Please Download GMER to your desktop Download GMER and extract it to your desktop. ***Please close any open programs *** Double-click gmer.exe.

Cheeseball81, Jan 15, 2006 #10 joe trinkley Thread Starter Joined: Jul 6, 2005 Messages: 43 Thanks, I guess I'm a little jumpy joe trinkley, Jan 15, 2006 #11 brendandonhu Joined: Please post your HijackThis log as a reply to this thread and not as an attachment. I know that it is ideal to have it saved onto the PC and then run but this virus seems to be stopping me from doing so. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan. If we have ever helped you in the past, please consider helping us. please copy and paste the log into your next reply If requested, please reboot If you accidently close it, the log file is saved here and will be named like this: Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy


Logfile of random's system information tool 1.06 (written by random/random) Run by Admin at 2009-06-23 20:22:43 Microsoft Windows XP Professional Service Pack 3 System drive C: has 143 GB (94%) free The registry will be unloaded when it is no longer in use. If you should have a new issue, please start a new topic. Click the Scan button and let the program do its work.

When the scan is complete, click OK, then Show Results to view the results. I will do my best to follow it and report back. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll Save the above as CFScript.txt5.

Double click on RSIT.exe to run RSIT. This is perfectly normal NOTE:- This scan is best done from IE (Internet Explorer) NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin O4 - Global Startup: D-Link REG Utility.lnk = ? Find and delete: C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe (delete the whole folder) c:\windows\system32\lmapbhz.exe Finally, restart your computer in Normal mode and use HJT again to fix anything that didn't show up in Safe

You don't stop laughing when you get old; you get old when you stop laughing.A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)Malware Removal University Masters GraduateJoin The Fight Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: ConnectSA Synchronisation.lnk = C:\Program Files\Eviivo\ConnectSA\bin\Eviivo.U-Sync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk HJT log attached.

joe trinkley, Jan 20, 2006 #13 brendandonhu Joined: Jul 8, 2002 Messages: 14,681 You're welcome brendandonhu, Jan 20, 2006 #14 Sponsor This thread has been Locked and is not

I'll print it out tonight. Hopefully, you've now run a scan with all of the tools suggested, so....run a second scan in Safe Mode with all of them again.When you come up with ZERO finds repeatedly, Smitfraudfixhttp://siri.geekstogo.com/SmitfraudFix.php2. Could someone take a look?

Click Continue at the disclaimer screen. This applies only to the original topic starter. by BrianZachary / November 5, 2007 12:26 AM PST In reply to: More virus stuff You should start your own thread since your problem seems unrelated to this thread. Logfile of HijackThis v1.99.1 Scan saved at 8:35:45 PM, on 8/13/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe

First is the Malwarebytes file then the two RSIT logs: Malwarebytes' Anti-Malware 1.38 Database version: 2324 Windows 5.1.2600 Service Pack 3 23/06/2009 6:25:59 PM mbam-log-2009-06-23 (18-25-51).txt Scan type: Full Scan (C:\|) Loading... Please observe these rules while we work: Please Read All Instructions Carefully If you don't understand something, stop and ask! MS MVP 2006 and ASAP member since 2004...

Tech Support Guy is completely free -- paid for by advertisers and donations. Thanks. 0 Byron172 Adelaide, South Australia New May 2009 edited May 2009 then info.txt logfile of random's system information tool 1.06 2009-05-09 13:58:22 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature The program will begin to run. **Caution** These types of scans can produce false positives. Once reported, our moderators will be notified and the post will be reviewed.

Please download, install, and update the free version of Ewido trojan scanner: When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".When you run Ewido for O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe Close all open windows except for HijackThis and click Fix Sorry, there was a problem flagging this post. Be assured, any links I give are safe Hi Byron Malwarebytes' Anti-Malware Please download Malwarebytes' Anti-Malware to your desktop.

C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> No action taken. The system clock is unsynchronized.