Home > Hjt Log > HJT Log (not Sure What I'm Infected With)

HJT Log (not Sure What I'm Infected With)

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Please include a link to this thread with your request. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List If I knew what it meant then I would be able to tell you if I installed it but not sure! Check This Out

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal I downloaded ComboFix from BleepingComputer, and when I ran it, I got the following notices:Error - Win32 onlyIncompatible OK. HJT log included. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 schrauber schrauber Mr.Mechanic Malware Response Team 24,794 posts OFFLINE Gender:Male Location:Munich,Germany Local time:01:00 AM Posted

You found the friendliest gaming & tech geeks around. scanning hidden files ... Please, check the file size as well and post another HJT log for me. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know.

that is the only thing i can think of... Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. registry editing and windows task manager were disabled by the virus, though I was able to get regedit back through gpedit.msc, and task manager back with a reg add command that I'll reinstall both, and then the ESET process.

THEY CAN HIDE, BUT THEY CAN'T ESCAPE! Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Login R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\uk.htmO15 - Trusted Zone: *.od2.comI have no idea what they are. Click Yes to confirm.

about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. The second log shown not only a different operating system, but also that the Services are in the wrong directory C:\Windows.0 is not a legitimate Windows directory unless there's something about Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.Push the button.Push Share this post Link to post Share Once that is done, reboot and post a new HijackThis log. 0 Trogan London, UK Mar 2007 edited Mar 2007 Whilst we appreciate that you may be busy, it has been

It is for your router. the print spooler problem happened a few times. the virus apparently infected my computer (winxp) while i was watching some videos (ranma 1/2) online: alot of popups are on the website that i was on, and i accidentally clicked No problem with the delayed response.

Sometimes the user knows of a new program that we havenít seen yet, and we like to make sure we donít delete any legit program. his comment is here I am not doubting you otherwise I would not do it I would just like to know what all this means as I don't really understand it all I just do Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Logfile of HijackThis v1.99.1 Scan saved at 2:20:15 AM, on 2/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe

Combofix only works for workstations with Windows 2000 and XP. What problems do you still have left?MALWAREBYTES ANTIMALWARE-------------------------------------------Please launch MBAM and update the program before performing a scan.If an update is found, the program will automatically update itself. I followed the instructions in the sticky thread about what to do before posting. this contact form If not, weíll try something else.What can you tell me about the following entries?

A valid, working link to the closed topic is required. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. and these are from the current HJT log with Vista: C:\WINDOWS.0\System32\smss.exe C:\WINDOWS.0\system32\winlogon.exe C:\WINDOWS.0\system32\services.exe C:\WINDOWS.0\system32\lsass.exe C:\WINDOWS.0\system32\svchost.exe C:\WINDOWS.0\System32\svchost.exe C:\WINDOWS.0\Explorer.EXE C:\WINDOWS.0\system32\VTTimer.exe C:\WINDOWS.0\SOUNDMAN.EXE C:\WINDOWS.0\system32\spoolsv.exe C:\WINDOWS.0\system32\wscntfy.exe Please get it together and decide which system you're working

NOTE: Combofix will disconnect your machine from the Internet as soon as it starts.

So I closed those while it was preparing the log file.FYI, during the process, one window popped up for a bit:Catchme cffxe.dll (I think that was it)Then the log preparing window i just did that to see if any programs 'changed' their names. Do not use the "X" in the upper right corner to close the window.4. Note: Do not mouseclick combofix's window while it's running.

So basically the Services can't do what they are suppose to do. Select the View Tab. Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-28 352920] S3 PSSDK42;PSSDK42;c:\windows.0\system32\drivers\pssdk42.sys [2010-4-9 38976] S3 tmeter;TMeter Service;c:\windows.0\system32\drivers\tmeter.sys --> c:\windows.0\system32\drivers\tmeter.sys [?] S3 tmeterMP;tmeterMP;c:\windows.0\system32\drivers\tmeter.sys --> c:\windows.0\system32\drivers\tmeter.sys [?] S3 w900bus;Sony Ericsson 900i driver (WDM);c:\windows.0\system32\drivers\w900bus.sys --> c:\windows.0\system32\drivers\w900bus.sys [?] S3 http://softsystechnologies.com/hjt-log/hjt-log-infected-please-help.html Apr 23, 2010 #3 Bobbye Helper on the Fringe Posts: 16,335 +36 Melissa, I do not have enough information to answer your question.

Help please Forum Rules | Contact Forum Editor | Report a Post << Prev… Pages 1 2 3 4 5 6 >> Next… Copying HJT log from infected PC? Please re-enable javascript to access full functionality.