Home > Hjt Log > HJT Log - Post Removal Attempts But Unable To Register Some Dll/ocx - Please Advise

HJT Log - Post Removal Attempts But Unable To Register Some Dll/ocx - Please Advise

Some times as a preventative measure I saved a “prophylaxis” as a read only under the same name. Close the program window and delete the program from your desktop. C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP411\A0081909.dll Infected! Scanning Module:C:\WINDOWS\SYSTEM\SHELL32.DLL... Check This Out

Should I run another hijack this log ?Also, tried to update windows from the windows update and microsoft update links in the start program area, and am not receiving any updates Remove the checkmark from the checkbox labeled Hide file extensions for known file types.7. Scanning Module:C:\WINDOWS\SYSTEM\SVRAPI.DLL... Sign In All Activity Home Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user?

I still am having problems with slow startups. FINALLY...Here it is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:57, on 9/17/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec I get a message saying "Explorer has caused an error in shell32.dll" or sumtimes kernell32.dll and many others.I hav used adaware but even though many files were removed my computer will Type : Regkey Data : by Begbie TAC Rating : 8 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\DLOJWP Win32.Swen.A Object Recognized!

Share this post Link to post Share on other sites ktwister    New Member Topic Starter Members 10 posts ID: 9   Posted September 19, 2008 Can you please point me Remove the checkmark from the checkbox labeled Hide protected operating system files.8. This can result in the inability to start Windows (for example, the computer may stop responding/hang) or a Windows Protection Error messages may be rendered. Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started

If you intended to purchase any protective software (the symantec application comes to mind since it must be licensed to keep it up to date), then I would seriously consider purchasing We are trying our best to keep up. Attempting to delete: C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP415\A0083393.dll C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP415\A0083393.dll Deleted successfully! Back to top Related Topics Back to Virus, Spyware & Malware Removal · Next Unread Topic → 1 user(s) are reading this topic 0 members, 1 guests, 0 anonymous users

C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP412\A0083221.dll Infected! Because of ongoing enhancements, different versions of these DLLs implement different features. Look2Me-Destroyer will now shutdown your computer, click OK. * Your computer will then shutdown. * Turn your computer back on. When I booted up in Normal Mode, it reappeared in the same \Com folder.

Scan started at 28.07.2006 11:13:55 Infected! C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP412\A0082148.dll Infected! Share this post Link to post Share on other sites ktwister    New Member Topic Starter Members 10 posts ID: 13   Posted September 20, 2008 sorry for the delay, hard The system returned: (22) Invalid argument The remote host or network may be down.

If you feel the system is secure and running the way you expect, I would create a restore point to reference should the need arise in the future. his comment is here Post back your results. C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP415\A0083592.dll Infected! am only able to get into HijackThis right now through safe mode.

Disable all antivirus/anti-spyware protection. Close any open programs you may have running, especially your webbrowser.2. Everyone else please begin a New Topic. http://softsystechnologies.com/hjt-log/hjt-log-please-help-and-advise.html At present I need some expert advise; as I am beyond the boundary of my knowledge, and I may have stepped into some microstuff..TIA SidrakP.S.Removed some ; but some came back!

My SS firewall is set to block KERNEL32.DLL when it tries to communicate with the host at 224.0.0.2 . To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Scanning Module:C:\WINDOWS\SYSTEM\SHELL32.DLL...

Anybody can ask, anybody can answer.

At one point these infections broke into my safe mode, and begin affecting things. Double click on the DDS icon, allow it to run. Attempting to delete: C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP411\A0081867.dll C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP411\A0081867.dll Deleted successfully! The specialized forums I listed can read those logs and walk you through the exact method for ferreting out the problem files.The "csrss.exe" is only part of the problem..

Reconnect to the Internet. Scanning Module:C:\WINDOWS\EXPLORER.EXE... If you receive a message from your firewall about this program accessing the internet please allow it. navigate here Once the scan is complete JRT will shut down your browser with NO warning.•Shut down your protection software now to avoid potential conflicts.•Temporarily disable your Antivirus and any Antispyware real time

Below are a couple of free firewalls, unless you have another in mind. any ideas ? Please re-enable javascript to access full functionality. Microsoft Security Essentials AVG AntiVirus Free Edition Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````[/u] AVG Web TuneUp Java 8 Update 65 Java 8 Update 66 Adobe Flash Player

Scanning Module:C:\WINDOWS\SYSTEM\MPR.DLL...#:3 [MPREXE.EXE] ModuleName : C:\WINDOWS\SYSTEM\MPREXE.EXE Command Line : C:\WINDOWS\SYSTEM\MPREXE.EXE ProcessID : 4294954733 Threads : 1 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft Windows Operating System Also please be advised, the article [Q186157] states that during the installation of a new program (including Win98), files on your hard disk may be detected and replaced with older versions, Include the address of this thread in your request. Type : IECache Entry Data : dan [email protected][1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:dan [email protected]/ Expires : 12-26-10 2:16:36 PM LastSync : Hits:1

I ran CWSshredder once ;but stopped when It found the system clean. By the way, my hunch is that I picked up this Trojan while googling for lyrics to Chinese songs. Logged Print Pages: [1] 2 All Go Up « previous next » Computer Hope » Software » Computer viruses and spyware » Virus and spyware removal » spyware help Old Show 10 replies 1.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Click "OK" to remove them.Click "Yes" to confirm the deletion.Restart your computer normally to return to normal RE: csrss.exe New Malware.j creates setup1272.exe New Malware.u Grif Mar 7, 2008 2:05 PM (in response to normyeh) As I stated above, your next step is to use HijackThis and post Logged Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP Home with SP3, Comodo with Windows Firewall & Windows Defender AlwaysTryingTopic Also, when googling for others who had similar symptoms, I found most references were written in Chinese.

A case like this could easily cost hundreds of thousands of dollars. Keep up the good work.Grif Like Show 0 Likes(0) Actions 1 2 Previous Next Go to original post Actions Remove from profile Feature on your profile More Like This Retrieving data Close all windows and browsers, leaving only HijackThis running. Attempting to delete: C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP411\A0081904.dll C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP411\A0081904.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP415\A0083394.dll C:\System Volume Information\_restore{6AF3B6C9-D322-4580-9DCD-3770BB49A992}\RP415\A0083394.dll Deleted successfully! Believe it or not, I am not seeing the effects of the trojan anymore.