Home > Hjt Log > HJT Log With Find-Qoologic Backup Need Help

HJT Log With Find-Qoologic Backup Need Help

Mikarn & Prui will not go away Started by Rio , May 01 2005 09:26 PM Page 1 of 3 1 2 3 Next This topic is locked 34 replies to First we'll get rid of the rogue ContextMenuHandler Download & unzip the attached file (to your desktop) Doubleclick the reg file & allow it to merge with the registry... 2. Backing Up: C:\WINDOWS\system32\kkdcan.dll 1 file(s) copied. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\LocalNet Express 2.0\pac-addwl.html O8 - Extra context menu item: Refresh Pa&ge with Full Quality

I am having trouble with pop up adds I have run the scans listed on the read me first page except that semantic surity check does not work. If not close it yourself. 2. Same things happen with Ad-Aware, etc. REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu REG_SZ {85BBD920-42A0-1069-A2E4-08002B30309D} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files REG_SZ {750fdf0e-2a26-11d1-a3ea-080036587f03} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With REG_SZ {09799AFB-AD67-11d1-ABCD-00C04FC30936} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu REG_SZ {A470F8CF-A1E8-4f65-8335-227475AA5C46} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu REG_SZ {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} REG_SZ Start Menu Pin »»»»»»»»»»»»»»»»»»»»»»»»» Active

Under the Hidden files and folders heading, select Show hidden files and folders. Double click L2MFix.bat and select only option #1 for Run Find Log by typing 1 and then pressing: Enter Your computer is scanned, although it may appear that nothing is happening Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT Beside "Startup Type" in the dropdown menu select "Disabled".

I still can't get my flash player or shockwave to work or install and I can't run windows update which I think is because the flash wont work. but you don't appear to have any 8O It's past 1am here now ... After a reboot, the Desktop and icons appear and then disappear (this is normal). Stay logged in MajorGeeks.Com Support Forums Home Forums > ----------= PC, Desktop and Laptop Support =------ > Malware Help - MG (A Specialist Will Reply) > MajorGeeks.Com Menu MajorGeeks.Com \ All

After you uncheck these, click on the Save button and close Microsoft AntiSpyware. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. bjgarrick, Jul 27, 2005 #12 bymtl Private E-2 I ran another scan from trend micro house call and Qoologic is gone. We invite you to ask questions, share experiences, and learn.

Scroll down to: System Startup Service Right click on it and select Properties Click Stop to stop the service, then change the Startup Type to: Disabled Click Apply, then click OK. Continue to validate When it says "Validation Complete" please click: Continue to return to your previous activity Copy what the Assistant reports, and provide it in your reply. at »www.computercops.biz/pos ··· 36-.html · actions · 2005-Jul-27 10:01 pm · ratkinsjoin:2005-07-05Lexington, MA ratkins Member 2005-Jul-28 11:54 am Many thanks for all of your suggestions. Backing Up: C:\WINDOWS\system32\kzdhela2.dll 1 file(s) copied.

I hit OK to proceed then I got. 16 bit MS-DOS Subsystem C:\Windows\System32\Cmd.exe C:\Windows\System32\AUTOEXEC.NT the system file is not suitable for running MS-DOS and Microsoft Windows application. It is being used by another person or program." 2.The Ewido log is only available to me in safe mode, since it was saved in safe mode. 3.There was no "TVMedia" Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- BUILTIN\Administrators (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) Solo log of deleted files.

Adware:Adware/nCase No disinfected C:\WINDOWS\System32\FLEOK Adware:Adware/Apropos No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\load.exe Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\downloaded program files\ATPartners.inf Spyware:Spyware/Harnig No disinfected C:\WINDOWS\Downloaded Program Files\load.exe Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Randy-n-Jamie\Application Data\tvm*.dll Virus:Bck/Webber.P Disinfected For the Epolvy Troajn, please download Advanced Process Termination: http://www.diamondcs...wnloads/apt.zip Unzip it to the Desktop Double-click on My Computer and navigate to C:\WINNT\System32 Locate the file C:\WINNT\System32\rzvkicy.exe Don't delete it yet, Is there anything else I can try to get rid of those annoying pop-ups? My pc has been rebooting randomly for a couple weeks now.

Click Start. For real-time protection, there is SpywareGuard. Hit Scan & Clean now. If you wish to show your appreciation, then you may donate to help keep us online.

Page 1 of 2 1 2 Next > Advertisement CulleokaAl Thread Starter Joined: Aug 7, 2005 Messages: 10 Logfile of HijackThis v1.99.1 Scan saved at 9:39:57 AM, on 8/7/2005 Platform: Windows Copy the contents of L2MFIX find log 1.03 and post it in your reply along with a new HijackThis log. After a reboot, your desktop and icons will appear, then disappear (this is normal).


I tried running windows update with all those closed and this is the message I get [Error number: 0x8DDD0004] The website has encountered a problem and cannot display the page you It may find malware entries and request action to clean up. C:\Documents and Settings\Randy-n-Jamie\Desktop\l2mfix System Rebooted! Now, Copy and Paste C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ntuu.exe into the box – If it exists, it will show up in Blue.

Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". New .txt files attached. "Find activesetup", version1, launched at: 21:09 Operating System: Windows XP HKLM\Software\Microsoft\Active Setup\Installed Components\ ">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Microsoft Windows Media Player" \StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS] PLEASE NOTE THAT You will have to make 2 post but its ok. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter.

Please note any errors and report them back here if any. Your system must reboot now. Backing Up: C:\WINDOWS\system32\lhgif11n.dll 1 file(s) copied. Mark it as an accepted solution!I am not a Comcast employee.

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT AUTHORITY\SYSTEM (IO) ALLOW Full access NT AUTHORITY\SYSTEM (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full Search for and remove the following folder (bold): C:\Program Files\SurfSideKick 3 Reboot. If Pro: run this tool http://homepage.ntlw...XPHomeFiles.exe If Home: run this tool http://homepage.ntlw...XPHomeFiles.exe Reboot after running it, make a new findqoologic-log, and post it here Kind regards, Hans The help you receive Backing Up: C:\WINDOWS\system32\dunput.dll 1 file(s) copied.

I don't like it.. but it does appear to work.. as far as I know it seems to be working... Post the new log as a reply to this thread.

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Locate PocketKillbox (Procede with this step even if they do not show in blue) Now, Copy and Paste C:\WINDOWS\RMAGEN~1.dll into the box – If it exists, it will show up in Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended). TekTV [TekSavvy] by bjlockie367.