Home > Hjt Log > HJT Log - Kimber

HJT Log - Kimber

Started by dolleeee4 , Feb 16 2009 11:03 AM Page 1 of 2 1 2 Next This topic is locked 24 replies to this topic #1 dolleeee4 dolleeee4 New Member Authentic Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE MSConfigStartUp-Yahoo! Please re-enable javascript to access full functionality. [Resolved]Please Help with my computer.. Registry Keys Infected: HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> Quarantined and deleted successfully.

Dave Microsoft MVP - Internet Explorer 2006-2007-2008-2009 noahdfear, #2 Log in or Sign up to hide this advert. 2005/02/18 kimbers Inactive Thread Starter Joined: 2005/02/17 Messages: 2 Likes Received: For full access please Register. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program.

OT I do not respond to PM's requesting help. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c8955} (Trojan.BHO) -> Quarantined and deleted successfully. Please note that many features won't work unless you enable it. Thanks Logfile of HijackThis v1.99.1 Scan saved at 8:03:54 PM, on 2/18/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe

Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\EW593V7F.SH! The video did not play properly. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: browser-security.microsoft.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: C:\WINDOWS\system32\hgdfeeeh4fdg.dll - {c5bf49a2-94f3-42bd-f434-3604812c8955} - C:\WINDOWS\system32\hgdfeeeh4fdg.dll (file missing)

Unlimited uploads. McAfee & Spybot notices popped up saying there was a registry change. XenForo add-ons by Waindigo™ ©2015 Waindigo Ltd. â–² â–¼ What was the problem with this solution?

C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\KRF720H9.SH! Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Legal Policies and Privacy Sign inCancel You have been logged out.

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] Quick Links HelpWithWindows.com RoseCitySoftware.com Recommended Links Menu Log in or Sign up Search Search titles only Posted by Member: Separate names with a comma. If this is an issue or makes it difficult for you -- please tell your helper. 4. Please include the C:\ComboFix.txt in your next reply. "copy/paste" a new HijackThis log file into this thread as well.

Contents of the 'Scheduled Tasks' folder 2009-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-15 c:\windows\Tasks\McDefragTask.job - c:\windows\system32\defrag.exe [2008-04-13 19:12] 2009-02-01 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32] 2009-02-16 c:\windows\Tasks\MP Scheduled when I double click my computer, & click tools menu there is no Folders Option??No problem. Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. Reboot your computer normally, start HijackThis and perform a new scan.

HJT Log - Kimber Started by kimber , Jul 31 2005 10:50 AM Please log in to reply 3 replies to this topic #1 kimber kimber Members 2 posts OFFLINE Go Back Trend MicroAccountSign In  Remember meYou may have entered a wrong email or password. Logs will be closed if you haven't replied within 3 days If you would like to for the help you received. It's 100% free.

After clicking "remove selected" on Malwarebytes a screen popped up reading ~ Regedit has been disabled and will affect the quarantining process. C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\UTCJKDGT.SH! Anyway any help would be greatly appreciated.Logfile of HijackThis v1.99.1Scan saved at 11:39:07 AM, on 31/07/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\CSAFE\AUTOCHK.EXEC:\IBMTOOLS\APTEZBTN\APTEZBP.EXEC:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXEC:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXEC:\PROGRAM FILES\ADAPTEC\EASY

C:\WINDOWS\system32\TDSSlxcp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

uStart Page = uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearch Bar = hxxp://search.winzy.com/ie.html uDefault_Page_URL = hxxp://www.dell.ca/myway mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: &Yahoo! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKCU-Run-RoboForm - c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe HKCU-Run-WMPNSCFG - c:\program files\Windows Media Player\WMPNSCFG.exe HKCU-Run-jsf8uiw3jnjgffght - c:\docume~1\KIMBER~1\LOCALS~1\Temp\winlognn.exe HKCU-Run-tezrtsjhfr84iusjfo84f - c:\docume~1\KIMBER~1\LOCALS~1\Temp\csrssc.exe HKLM-Run-CTSysVol - c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: browser-security.microsoft.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9}

Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\HK1S0R7F.SH! HKEY_CLASSES_ROOT\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Javascript You have disabled Javascript in your browser.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. Several functions may not work. When I click on it the window opens and reads "Navigation Canceled" . C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\BP4KSFJR.SH!

Look for the following items and click in the checkbox in front of each item to select it:O4 - Startup: Microsoft Office (2).lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Startup: Microsoft Office It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal Cheers. Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\YFBNJKBM.SH!

Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017 Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? C:\DOCUME~1\KIMBER~1\LOCALS~1\Temp\TEMPOR~1\Content.IE5\D8KV9149.SH! Register now!

Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvovuyebiyini (Trojan.Hiloti) -> Delete on reboot.