Home > Hijack This > HiJack This Log - 2nd PC Infected

HiJack This Log - 2nd PC Infected

If you removed any malware, reboot and repeat the scans that revealed it earlier. This is to make sure that the malware has not managed to reinstall itself. http://aumha.org/freeware/freeware.phpFor version with the Installer: Use the setup program to install ERUNT on your computerFor the zipped version: Unzip all the files into a folder of your choice.Click Erunt.exe to backup c:\windows\system32\F8BDBB437E.sys moved successfully. ========== SERVICES/DRIVERS ========== Service\Driver d6e964c8 deleted successfully. C:\Program Files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar (Adware.SelectRebates) -> Quarantined and deleted successfully. http://splodgy.org/hijack-this/hijack-this-log-seriously-infected.php

C:\Program Files\SelectRebates\Toolbar\logo.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully. If you're not already familiar with forums, watch our Welcome Guide to get started. In a few weeks, compare your saved scan with a new scan, looking for unexpected changes.6.1.5 Ask in the BBR Security or Software Forums before making changes other than reapplying hotfixes. C:\Program Files\SelectRebates\Toolbar\i_magnifying.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully.

C:\Program Files\SelectRebates\Toolbar\ReviewSite.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully. C:\Program Files\SelectRebates\SelectRebatesDownload.exe (Adware.SelectRebates) -> Quarantined and deleted successfully. Remember, properties can be faked by hackers, so consider them reminders not proof.c) When in doubt about a suspicious file, submit if for analysis. Be sure to both download and install the latest version of the program, and then update each products database.

C:\Program Files\SelectRebates\Toolbar\Basis.xml.dym (Adware.SelectRebates) -> Quarantined and deleted successfully. C:\Program Files\SelectRebates\SRebates.dll (Adware.SelectRebates) -> Delete on reboot. C:\Program Files\SelectRebates\Toolbar\Coupons.bmp (Adware.SelectRebates) -> Quarantined and deleted successfully. BOClean purchased by Comodo (to be re-released at a future date); Ewido purchased by AVG, now branded AVG Antispyware (instructions to be updated soon)03 April 2007by CalamityJane: Changed BOClean submissions email

bsacco, Mar 1, 2004 #3 cybertech Moderator Joined: Apr 16, 2002 Messages: 72,017 Go here and run at least two of the online scanners. c:\windows\DUMP4d35.tmp moved successfully. Tech Support Guy is completely free -- paid for by advertisers and donations. Check that your anti-virus software is working again.14.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully. Re-secure the computer and any accounts that may be violated. C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (Adware.SelectRebates) -> Quarantined and deleted successfully. Please note the phrase "in detail." "I've followed all the steps" may not be enough information for those who are here to help.iv) The third paragraph should contain the HijackThis log

Which steps you had to skip and why, etc... https://www.wilderssecurity.com/threads/hijackthis-log-from-infected-computer.41819/ Check that the anti-virus monitor is working again.14. C:\Program Files\SelectRebates\FFToolbar\chrome.manifest (Adware.SelectRebates) -> Quarantined and deleted successfully. cybertech, Mar 1, 2004 #2 bsacco Thread Starter Joined: Jun 11, 2003 Messages: 709 This is bsacco again...

C:\Program Files\SelectRebates\SahImages\sah-logopop.gif (Adware.SelectRebates) -> Quarantined and deleted successfully. have a peek at these guys Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet Depending on the instructions in the virus encyclopedia for your scanner, it may be necessary to use auxiliary virus removal tools. 9.1 First, be sure to submit a copy of any valis replied Feb 10, 2017 at 4:59 PM Network File sharing SSTank replied Feb 10, 2017 at 4:56 PM NET Runtime version...

Still having the same symptoms...And again, thank you so much for your help...I appreciate your time spent with this. I've used Avast and AVG AntiVirus programs and also SuperAntiSpyware. http://forums.techguy.org/t110854/s.html Come back and post another HJT log for review. http://splodgy.org/hijack-this/hijack-this-please-i-think-i-ve-been-infected.php Update and run any anti-virus (AV), anti-trojan (AT) and anti-spyware (AS) products you already have installed on your computer. Do full scans of your computer.

got feedback?Any feedback you provide is sent to the owner of this FAQ for possible incorporation, it is also visible to logged in users.by keith2468 edited by Wildcatboy last modified: 2010-07-29 MBAM may make changes to your registry as part of its disinfection routine. Run the scan, enable your A/V and reconnect to the internet.

Only an internal analysis of the file can reveal what it really does.

C:\Program Files\SelectRebates\Toolbar (Adware.SelectRebates) -> Quarantined and deleted successfully. How should I reinstall?What questions should I ask when doing a security assessment?Why can't I browse certain websites?How do I recover from Hosts file hijacking?What should I do about backups? / contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - On the other hand, hackers often install legitimate FTP server or email server software, and because the server software is legitimate, it will not show up in a virus scan. 6.1.4

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully. Submit suspected malware.9.2 If a removal tool is required, it is best to first try the tool of the scanner's vendor. Removed AboutBuster from list of removal tools (obsolete and no longer supported)03 April 2007 by CalamityJane:Section 4 removed temporarily for revision. http://splodgy.org/hijack-this/hijack-this-log-please-help-horribly-infected.php Post about lessons learned.16.

Thanksm0le is a proud member of UNITE Back to top #5 crazy8oooo crazy8oooo Topic Starter Members 38 posts OFFLINE Local time:05:05 PM Posted 05 August 2009 - 09:05 PM I'm Javascript You have disabled Javascript in your browser. The scan will begin and "Scan in progress" will show at the top. ForumsJoin All FAQs → Security → 1.

Report the crime.Reports of individual incidents help law enforcement prioritize their actions. Click here to fight backIf I have helped you fix your PC then please donate. Click here to Register a free account now! Make the password "infected."In earlier versions of Windows, you need some third party software.

The Forums are there for a reason!Thanks- If I have helped you, consider making a donation to help me continue the fight against Malware! c:\windows\DUMP35b6.tmp moved successfully. Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM.

HKEY_CLASSES_ROOT\CLSID\{98279c38-de4b-4bcf-93c9-8ec26069d6f4} (Adware.SelectRebates) -> Quarantined and deleted successfully. It will scan your file and submit it to 19 anti-malware vendors.)6.