Home > Highjack This > Highjack This Log (worm Problem)

Highjack This Log (worm Problem)

Choose "Perform Complete Scan" and click "Next".When done, a Scan Summary will appear with potentially harmful items that were detected. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully. Copyright © 2006-2017 How-To Geek, LLC All Rights Reserved

Register • Search • FAQ • Memberlist • Usergroups • Log in My Fixes Forum Index » Spyware/Virus » Spyware/Worm Problem Post Information Total Posts in this topic: 10 postsUsers browsing this forum: No registered users and 47 guests You cannot post new topics in this forum You cannot reply to topics his comment is here

Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide - The file C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipin32.dll is a Adware threat. FOLLOW US Twitter Facebook Google+ RSS Feed Disclaimer: Most of the pages on the internet include affiliate links, including some on this site. The HJT log you have submitted has been compared against our definitions database. http://www.ozzu.com/mswindows-forum/hijack-this-log-worm-problem-t32287.html

Share this post Link to post Share on other sites This topic is now closed to further replies. Ozzu is a registered trademark of Unmelted, LLC. I cannot figure out how to do that, could an admin delete my topic?cheers, much appreciated Share this post Link to post Share on other sites screen317    Research Team Moderators

C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump C:\WINNT\system32\r3un10n.dll,Description: The file C:\WINNT\system32\r3un10n.dll is a Adware threat. Why?When you have viruses or malware problems, often bad files end up in the restore cache and cannot be removed as long as system restore is enabled.

Please double-click Killbox.exe to run it. problem solved => formatted comp however, the log I posted contains the name of a close friend (it was her computer with the virus) and I would like to remove this It's ok that you weren't able to find Websearch toolbar. It seems I left that step out of my last post.

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged If you do have any more trouble, just post another log and a description of the problem. Click File/New Task, choose browse and navigate to the location where you saved Hijackthis. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password?

If need be, you can take all the logs along with my post and post it to a disinfection forum. After rebooting, open up Killbox again. Click the red-and-white Delete File button. Click 'OK'.

If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. this content The file C:\RECYCLER\S-1-5-21-2571499264-1133734717-3547005522-500\Dc6.exe is a Adware threat. Unknown: These are items that might be customized for you or that don't exist in the database yet. Reports: · Posted 6 years ago Top Topic Closed This topic has been closed to new replies.

O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm O9 - Extra button: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide - It is free. weblink O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...

If your issue has been resolved please let us know Sun Sep 09, 2007 6:35 am Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest I will be helping you out with your particular problem on your computer. 1. No, create an account now.

Reboot Normally Run Hijack This, scan, save and post the new log.

C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully. You're welcome. A good article to read: So how did I get infected in the first place? Worm/trojan Problem Started by aalberini , Mar 06 2007 01:46 PM Please log in to reply 1 reply to this topic #1 aalberini aalberini Members 1 posts OFFLINE Local time:04:31

Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide - A firewall is also an important tool for system security. Include the address of this thread in your request. check over here From what I saw, you're currently infected with a root-kit.

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully. Make sure you choose your user account and don't login as the Administrator. 2. Select: Delete on Reboot then Click on the All Files button.Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after

Good news is that I can open REGEDIT & the Task Manager now.I couldn't find the websearch toolbar in ad/remove or while working the manual system. HijackThis Log Attached Please follow this process in order to remove the entries flagged as dangerous: 1. I will post my logs below for Malwarebytes followed by a HijackThis log if that is appropriate. If not, see this page for manual removal.

Click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.It will open in your default text editor (preferably Notepad).Save the notepad file to your desktop by clicking (in notepad) File > The file C:\RECYCLER\S-1-5-21-2571499264-1133734717-3547005522-500\Dc8.dll is a Adware threat. Here's some info on it. C:\Documents and Settings\Barry\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.

http://www.mvps.org/sramesh2k/ToolsQuit.htmAbout C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipin32.dll:Quote:IP Insite is Spyware and it is installed by your ISP's Awful software.