Home > Hidden Files > Hidden Files Mishap: Malware? (w/ HJT Log)

Hidden Files Mishap: Malware? (w/ HJT Log)

My HJT log...pleeeease help Started by shafer5 , Feb 02 2009 09:48 PM Page 1 of 3 1 2 3 Next This topic is locked 41 replies to this topic #1 However, I do have McAfee anti-virus running at all times, and it is frequently notifying me of viruses detected and deleted, more often than not these are Vundo. Attached Files: Policies.zip File size: 279 bytes Views: 4 JSntgRvr, Dec 29, 2006 #6 germancho Thread Starter Joined: Nov 22, 2005 Messages: 40 (thanks for all your help!) ! Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically. navigate here

You should also scan your computer with program on a regular basis just as you would an antivirus software. Do you need another log ? The only way I could boot was from my Windows XP disc, and I entered via the repair option. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. https://forums.techguy.org/threads/hidden-files-mishap-malware-w-hjt-log.530485/

Folder move failed. Click here to join today! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo!

Created on 12/24/2007 13:41:41 Edited by Oleksii, 25 December 2007 - 06:58 AM. Please download ATF Cleaner by Atribune From Here and save it to your Desktop. Prerun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="cslxx.exe" ... ... Please download the OTMoveIt by OldTimer.

Your system may take longer than usual to load; this is normal. However, the original problem (the hidden files thingie) is still there: http://forums.techguy.org/windows-nt-2000-xp/530230-hidden-files-w-registry-goodness.html Ninja edit: My PC IS better, I had some problems with IE7 that got fixed right away, however the Is it because the avicap3.dll has been removed? Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017

scanning hidden autostart entries ... Back to top #2 LS CalamityJane LS CalamityJane Former Lavasoft Staff Members 8814 posts Posted 19 June 2007 - 04:16 AM Hi,Sounds like a combination of problem malware. Please do not PM me for HJT help, we all benefit from posting on the open board.Want to help others? Please don't go surfing while your resident protection is disabled!

The screen stays for 2 seconds and then it proceeds to load Windows. That is also the reason for the change in color. Save it to your desktop. If it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet

Many of the finds have likely been quarantined. check over here Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. Don't select to run the Recovery Console as we don't need it. One more time, thank you very much for your help!

I definitely will keep Symantec AntiVirus, SpyBot S&D and Sygate FireWall. Without a firewall your computer is succeptible to being hacked and taken over. Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. http://splodgy.org/hidden-files/hidden-files-help.php Please thank your helpers and there will always be help here when you need it!======================================================== Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading

When I asked to delete them, it seems that AntiVirus deleted this new item but can not delete this old Trojan Horse.It's quarantined so it shouldn't be causing any problems, but IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

Edited by thodges, 20 June 2007 - 04:50 AM.

Yes, my password is: Forgot your password? A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Click "Do a System Scan Only", and place a check next to the following items (if found): O17 - HKLM\System\CCS\Services\Tcpip\..\{23C83EFD-0F26-4B1D-B9F4-11FA0CB178B1}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{501CFDD4-8A4B-4AE6-9CB9-08EB346FFCCC}: NameServer = 85.255.116.149,85.255.112.234 O17 - Join our site today to ask your question.

The University of Dayton made me buy this computer, would that have anything to do with it? Save and extract its contents to the desktop. Using the site is easy and fun. http://splodgy.org/hidden-files/hidden-files-are-not-showing-up-even-after-several-tries.php Look for the *New Topic* Button near the top right when viewing the forums.

They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.Do a Here in the forums, replies are posted to topics only. Join over 733,556 other people just like you! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:Disable and Enable System Restore. - If you are using Windows ME or

You will be asked to reboot your computer; please do so. Advertisement germancho Thread Starter Joined: Nov 22, 2005 Messages: 40 The original problem is explained in this thread: http://forums.techguy.org/windows-nt-2000-xp/530230-hidden-files-w-registry-goodness.html Logfile of HijackThis v1.99.1 Scan saved at 3:20:59 PM, on 12/28/2006 Platform: Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running.

Several functions may not work. At the command prompt, type the following and press Enter after each line: ipconfig /flushdns (The space between g and / is needed) Exit Restart the computer. If the value is lost, it could be due to Malware or Restrictions in the registry. It is much better.

C:\qoobox\Hiv-backup\Users\00000003 moved successfully. Please download The Avenger by Swandog46 to your Desktop.Click on Avenger.zip to open the fileExtract avenger.exe to your desktop2. The University of Dayton made me buy this computer, would that have anything to do with it? I have a laptop under Windows XP SP2.

We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum. However, the machine seems back-up to speed, so let me know when I should do the update.Thanks again. Postrun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" ... Please only run the tool once, ty.

uStart Page = hxxp://udportal.udayton.edu uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: udayton.edu\www Trusted Zone: wittenberg.edu Trusted This is how to get them to me:Please go here to upload a suspicious file for analysis.http://www.uploadmalware.com/ * Enter your username from this forum as: thodges at LS * Copy and Advertisements do not imply our endorsement of that product or service.