Home > Hjt Log > HJT Log - Back Door - BDD

HJT Log - Back Door - BDD

Log in or Sign up PCMech Community Forum Home Forums > Help & Discussion > Online Security > BackDoor BDD Discussion in 'Online Security' started by thecult03, Dec 17, 2004. Exit Program. Do you know where your recovery CDs are ?Did you create them yet ? This site is completely free -- paid for by advertisers and donations.

http://forums.mcafeehelp.com/viewtopic.php?t=32241&highlight=backdoorbdd http://www.short-media.com/review.php?r=259 http://www.hsremove.com/hsremove.exe glc, Dec 17, 2004 #3 thecult03 Joined: Mar 23, 2004 Messages: 32 I am running goback since system restore is not a feature of wink2k. If you have Spybot S&D installed you will also need to replace one file. To learn more and to read the lawsuit, click here. You found the friendliest gaming & tech geeks around.

Back to top #5 erikhorton erikhorton Topic Starter Members 11 posts OFFLINE Local time:07:40 PM Posted 22 December 2004 - 11:27 AM Ok, here's my latest log.I did have a Run your scan in safe mode. You may need to use these backups.First create a new folder:A.

Now that we're in the middle of Legion, with Nighthold here and our raid team making excellent progress, it's time to ta… primesuspect Beepin n' Boopin Detroit, MI 15 Jan Icrontic We will use that program later in this process. Tech Support Guy is completely free -- paid for by advertisers and donations. This will restore the original deleted Hosts file.

Open the Getservice folder and click on the getservices.bat file. Yes, my password is: Forgot your password? Do you know where your recovery CDs are ?Did you create them yet ? On the Tools menu in Windows Explorer, click Folder Options.B.

Follow the instructions on the screen. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. acjsa Private E-2 Here's my hijackthios log. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [POINTER] point32.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exeO4 - HKLM\..\Run: [McAfee

Do not create a new topic for your reply. control.exe may have been deleted. I was unable to install the latest HJT file from the archive. HJT log - Back Door - BDD Started by erikhorton , Dec 20 2004 10:50 AM Please log in to reply 7 replies to this topic #1 erikhorton erikhorton Members 11

Logfile of HijackThis v1.99.0 Scan saved at 7:10:31 AM, on 12/27/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe Yes, my password is: Forgot your password? Oh well, it'll have to be plan B then. :sad: Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Then click Start -> Run -> type regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll and press the OK buttonStep 10:Please check Internet Explorer settings:Open Internet Explorer - > Tools -> Internet

Flrman1, Dec 27, 2004 #4 Flrman1 Joined: Jul 26, 2002 Messages: 46,329 Post another HJT log after you do all that please. Do I need a personalized reply from the cleaners to fix my computer?Logfile of HijackThis v1.98.2Scan saved at 10:46:47 AM, on 12/20/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted Zone: *.static.topconverting.com Thanks.

This has to be done as HijackThis creates backups. Below are links to a couple threads you need to read, and a removal tool for Home Search Assistant. Thomasville???

I now need you to delete the following files:C:\WINDOWS\ccylk.dll <-- this fileC:\WINDOWS\ntrc32.dll <-- this fileDelete this folder:C:\Program Files\Viewpoint\Viewpoint Manager\ <-- this folder, if you uninstalled ViewpointIf you get an error when

The more details you can provide the better. If they have been changed, reset your active x security settings in IE as recommended here. Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. Please uninstall Viewpoint Media Player from Add\Remove Programs.Removing Viewpoint Media Player may cause the program that bundled it to not function as intended.About Viewpoint Media Player.

Do Not run it yet. Click Apply then OK. ________________________________________________________________________ Next run aboutbuster. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsPlease download About:Buster from here: About:Buster Download. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Attached Files: getservice.txt File size: 44.4 KB Views: 31 Lynn5524, Dec 27, 2004 #3 Flrman1 Joined: Jul Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Lynn5524, Dec 26, 2004 #1 Sponsor Flrman1 Joined: Jul 26, 2002 Messages: 46,329 Hi Lynn Welcome Trojan BackDoor-BDD please help Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by acjsa, Jan 17, 2005. They may have been changed by this CWS variant to allow ALL ActiveX!!

Did you run CWShredder as directed?