Home > Hjt Log > HJT Log - Jerry

HJT Log - Jerry

ID: 2   Posted March 31, 2008 Hi Jerry and welcome to Malwarebytes. Our help, and the tools we use are always 100% free. Please re-enable javascript to access full functionality. Also Kazaa will not run on my PC now - so I have messed something up????????????

Just paste your complete logfile into the textbox at the bottom of this page. The HJT log has a formatting that is just too hard to read with broken lines. wflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... Please download RogueRemover update it and run a scan for both options, and immunize.

Then in C:\Documents and Settings\Username\Local Settings, "Double Click" Temporary Internet Files. veData.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D0C4D9B8-FE9B-42FF-B730-0958349C8CF5}: NameServer = 151.164.8.201,151.164.1.8 Jerry jerry Geek Posts: 57Joined: Mon Nov 25, 2002 1:00 amLocation: Kansas City, If we have ever helped you in the past, please consider helping us. I will be notified automatically when that happens.

Now navigate to these Highlited Folders/Files and delete them: C:\WINDOWS\system32\mfcgx.exe C:\WINDOWS\msvx32.exe C:\WINDOWS\system32\uwwuy.dll C:\WINDOWS\ipcc32.dll Now empty your Recycle Bin. MalwareRemoval.com provides free support for people with infected computers. Jump to content Resolved Malware Removal Logs Existing user? Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic.

or read our Welcome Guide to learn how to use this site. Then save as remove.reg (save as type: 'all files' ) to the desktopREGEDIT4 [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""Go to the Desktop and DoubleClick Remove.reg, hit yes on the prompt to add Honorary Members 3,860 posts Interests: would love to see some honesty around this site. Share this post Link to post Share on other sites Maurice Naggar    Staff Moderators 16,648 posts Location: USA Interests: Security, Windows, Windows Update, malware prevention ID: 4   Posted May

Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O15 - Trusted Zone: www.pogo.com O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsup ... Messenger (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O15 - Trusted Zone: www.pogo.com O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsup ... This topic will be closed in a few days if we do not hear back from you. You will post three logs. 1.

In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. wflash.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... If I run SpyBot it finds at least one entry for CoolWebSearch each time - it shows it is a cookie in my name. rtutil.CAB O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ...

Name it HJT. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Your system is badly infected from the MBAM log, we need to look at a Panda scan and another HJT log. Choose Y and hit enter.3.

Reboot into Normal Mode and run HJT. Now open the Folder: HJT, on your Desktop, "Right Click" in the blank area and select "Paste". vSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... If you need this topic reopened, please send a Private Message to any one of the moderating team members.

A case like this could easily cost hundreds of thousands of dollars. Share this post Link to post Share on other sites screen317    Research Team Moderators 19,453 posts Location: CT ID: 3   Posted April 21, 2012 Are you still with us? Sent answers to email removed by ModeratorTopic: antivirus pc 2009 can remove!I have turn off system restoreFrom malwarebtyes anti-malware,I have right click on jump to the location and delete everything within

Share this post Link to post Share on other sites Jerry    New Member Topic Starter Honorary Members 19 posts ID: 5   Posted April 7, 2008 Okay, here's the new

I don't mean to be harsh but I can't help you if we can't communicate. Hang with us on LockerDomeCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector Simple and easy ways to keep your computer safe and secure on the Internet brad "Duty is a matter of the mind. If a file changes, or the malware signature database is updated, the cache is reset and the files will be rescanned next time.These files can be read, but are not visible

mAData.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... Thanks daveai If you found our service worthwhile, and want to help keep SpwareInfo running please consider donating here. "Applying computer technology is simply finding the right wrench to pound in ID: 6   Posted April 7, 2008 Hi Jerry. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra

Please reboot into safe mode - How do I boot into "Safe" mode?Go to Add/Remove Programs in the Control Panel and uninstall:Web_Rebatesif listed.Delete these files:C:\WINDOWS\mdodjosd.exeC:\WINDOWS\Win32DLL.vbsC:\WINDOWS\System32\idpefiac.dllC:\WINDOWS\System32\lurdhrwc.dllC:\WINDOWS\System32\MSKernel32.vbsC:\WINDOWS\System32\bvhzxqgx.exeC:\WINDOWS\System32\mnosjkzm.exeC:\WINDOWS\System32\haqgzt.exeC:\WINDOWS\System32\IEHost.exeC:\WINDOWS\System32\dp-him.exeC:\WINDOWS\System32\digestw.exeC:\WINDOWS\System32\haqgzt.exeC:\documents and settings\jerry smith\local settings\temp\8JdIC.exeC:\documents and settings\jerry vSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... RogueRemover only had one scan option and it found nothing. I can send mail but I am not receiving any.

vSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupda ... Be patient and persistent. C:\WINDOWS\OP_CACHE.ATR C:\WINDOWS\OP_CACHE.IDX C:\WINDOWS\system32\OP_CACHE.ATR C:\WINDOWS\system32\OP_CACHE.IDX C:\WINDOWS\system32\drivers\OP_CACHE.ATR C:\WINDOWS\system32\drivers\OP_CACHE.IDX scan completed successfully hidden files: 6 ************************************************************************** Completion time: 2007-06-09 11:52:12 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-09 11:52 --- E O F --- I Run HJT again in scan only and put a check next to these items and click fix:O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exeO20 - AppInit_DLLs: cru629.datO20 - Winlogon

Bank, credit card info and any other. We apologize for the delay in responding. I have turned off the backup system each time before I deleted the files you have noted and rebooted prior to turning it back on. Allow the ActiveX download if necessary Once the database has downloaded, click Next.

scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-04-08 22:06:06ComboFix-quarantined-files.txt 2008-04-09 02:05:46ComboFix2.txt 2008-03-24 03:21:06ComboFix3.txt 2008-03-22 03:33:35ComboFix4.txt 2008-01-08 05:08:42Pre-Run: 31,075,479,552 bytes freePost-Run: 31,063,887,872 bytes free.2008-03-23 04:27:31 --- E O F --- New Boot into "Safe Mode". "Right Click" on "My Computer" and choose "Explore". one of the changes is as follows: HKey_Local_Machine Key = Software\Microsoft\Windows\CurrentVersion\Run value = addtc32.exe Trying to change value to: C:\Windows\system32\addtc32.exe The other registry item that it keeps trying to change is Using the site is easy and fun.

I choose the agressive respone of keeping track of the changes which Agnitum recommends. Style we_universal created by weeb.