Home > Hjt Log > HJT Log - Possibly Trojan Getcodec.a

HJT Log - Possibly Trojan Getcodec.a

I don't care what others say about ESET, if it's not working for me, it's not working. Tell me where it is located.If it is not in startup or processes tab, please do this:I noticed in your first post that you've gone thru HJT forums which means you Your HijackThis log was posted in the Vista forum. I uploaded the MBAM from reading in another site. Check This Out

Widgets.lnkbackup=c:\windows\pss\Yahoo! Flag Permalink This was helpful (0) Collapse - Thanks by bill0224 / February 21, 2009 1:07 AM PST In reply to: Try the standalone removal tool It didn't find anything! Save the file to your desktop, with the default name of uninstall_list Copy & Paste the entire contents of that file in your in your next post. 4. I wonder if it's really doing anything?!

cybertech, Jun 26, 2008 #17 Slickness Thread Starter Joined: Jun 14, 2008 Messages: 13 Move it log < C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2H4ELJZB\index[1].htm > C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2H4ELJZB\index[1].htm moved successfully. Tech Support Guy is completely free -- paid for by advertisers and donations. I did delete the files that were in quarantine, but the problem still remains.

Please post your hijackthis log again and let me know if you are still having problems. scanning hidden autostart entries ... If you were using Bitdefender, then I would know exactly how to proceed because that is what I have personally used for years. Page 2 of 2 < Prev 1 2 Advertisement Slickness Thread Starter Joined: Jun 14, 2008 Messages: 13 heres the kaspersky scan Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit

I attempted to download Comodo firewall via Opera10 and as soon as I click on the save button for to begin the download XP bluescreens and reboots. scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(648)c:\windows\system32\Ati2evxx.dll- - - - - - - > 'lsass.exe'(704)c:\windows\system32\FarLsp.dll.Completion time: 2009-02-24 1:22:40ComboFix-quarantined-files.txt 2009-02-24 Join over 733,556 other people just like you! Back on the main screen, under Scan for Harmful Software click Scan your computer.

Thank You ! You found the friendliest gaming & tech geeks around. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully. I am not sure that I understand your response.

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal Click the red Moveit! Microsoft recommends doing the same....Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop.

Please re-enable javascript to access full functionality. http://softsystechnologies.com/hjt-log/hjt-log-trojan-horse.html Save it in its folder (create a new folder in your desktop then save HijackThis.exe in this new folder).Run HijackThis.exe then do a HijackThis scan and save the log.Copy and paste After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. C:\Users\Owner\Music\flowmotion vocals.mp3 moved successfully.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll c:\documents and settings\All Users\Application Data\svhost.exe c:\documents and settings\Shannon\Local Settings\Temporary Internet Files\fbk.sts c:\program files\Spyware Guard 2008 c:\program files\Spyware Guard 2008\conf.cfg rootkit infection)-- Use Kernel Direct File Access-- Use Kernel Direct Registry Access-- Use Direct Disk AccessClick Close button then re-scan the system again using SAS.+++++ If SuperAntispyware will not install, please Please be patient while it scans your computer. this contact form All submitted content is subject to our Terms of Use.

I had checked off "Computer" which put checkmarks in all the other folders. cybertech, Jun 26, 2008 #22 Slickness Thread Starter Joined: Jun 14, 2008 Messages: 13 i think i deleted it cause i right clicked it then it disappered but it usually asks windows-virus LittleBlue 9 posts since Oct 2008 Community Member 3Contributors 11Replies 12Views 8 YearsDiscussion Span 7 Years Ago Last Post by crunchie 0 crunchie 990 8 Years Ago Hi and welcome

By the power of truth, I, while living, have conquered the universe. ~Scratch~My help is always free, but if you want to donate to help me continue my fight against malware

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f6e0ef5f-5f03-43f9-8e02-bbaaa95eaa9c} (Trojan.Banker) -> Quarantined and deleted successfully. I has alot of trouble in safemode as several times I couldn't type in my password- the keyboard was out of order. This prevents your computer from connecting to these untrusted sites by redirecting them to 127.0.0.1 which is your own local computer.hpHosts Support ForumUpdate your Antivirus programs and other security products regularly It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. I have never downloaded any key Logging programs, so Add/Remove Programs doesnt show anything out of the ordinary. navigate here Proceed in running a QUICK scan for Drive C (this is where your OS is installed).Let SAS fix the detected items. (Note: SAS automatically quarantine detected items and you will be

NRDNick: The blue screen happens so fast it's not possible to see the message it gives, I tried checking event viewer but didn't find anything. I suggest to remove Limewire application. Please try again now or at a later time. I'm not saying ALL of them were from the DL folder, but a good portion were.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop. Show Ignored Content Page 2 of 2 < Prev 1 2 As Seen On Welcome to Tech Support Guy! Solved: Need help possible trojan! Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes

Widgets.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"TapiSrv"=3 (0x3)"JavaQuickStarterService"=2 (0x2)"clr_optimization_v2.0.50727_32"=3 (0x3)"Bonjour Service"=2 (0x2)"Ati HotKey Poller"=2 (0x2)[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="c:\\Program Files\\McAfee\\MWL\\MwlSvc.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="c:\\Program Files\\Ventrilo\\Ventrilo.exe"="c:\\Program Files\\Yahoo!\\Yahoo! Everyone else please begin a New Topic. The reason I paid for it WAS b/c of it's online scan, so the finding of issues is probably good, I'm not saying it's not, but clearly there's other issues which Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On

If your computer reboots, run Rkill again before continuing on to the next step. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vebadupefa (Trojan.Vundo.H) -> Quarantined and deleted successfully. Thank you and have a great day.