Home > Hijack This > Hijack This Log Attached. What's Wrong Please?

Hijack This Log Attached. What's Wrong Please?

Please download and run RogueKiller 32 bit to your desktop.RogueKiller<---use this one for 64 bit systemsWhich system am I using?Quit all running programs.For Windows XP, double-click to start.For Vista or Windows What am I doing wrong? You can copy them to a CD/DVD, external drive or a pen drive<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.<+>The removal of Did we mention that it's free. weblink

Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now Do you want me to send it? This applies only to the originator of this thread. Before you ask a question, or before you get upset by a response, see here: http://www.catb.org/~esr/faqs/smart-...ons.html#intro Sick of slow internet?

scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00179a2b1613] "0016dbd6ff1f"=hex:4f,c3,34,fb,c5,73,86,55,ff,be,64,88,92,b0,df,56 "0016cef2d1e0"=hex:6f,63,0a,4c,44,62,e5,bb,31,75,d8,32,b3,e6,b1,92 "0016dbbe1180"=hex:41,8d,49,c1,17,f3,c3,5e,18,c3,05,2a,3d,4a,a3,d6 "0017d54c1a71"=hex:32,b7,be,9d,96,6a,ab,28,0e,d7,eb,1e,af,11,f0,24 "08007bca39f6"=hex:7b,2d,16,3d,53,c1,7a,0c,eb,7c,9d,ff,a8,af,37,27 "08007be80959"=hex:8c,90,4b,a8,54,76,85,71,81,eb,4a,ba,fc,2b,e5,84 "0012370a8284"=hex:fe,4e,3c,88,07,2f,33,8e,91,c3,d9,c2,55,6b,2b,30 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00179a2b1613] "0016dbd6ff1f"=hex:4f,c3,34,fb,c5,73,86,55,ff,be,64,88,92,b0,df,56 "0016cef2d1e0"=hex:6f,63,0a,4c,44,62,e5,bb,31,75,d8,32,b3,e6,b1,92 "0016dbbe1180"=hex:41,8d,49,c1,17,f3,c3,5e,18,c3,05,2a,3d,4a,a3,d6 "0017d54c1a71"=hex:32,b7,be,9d,96,6a,ab,28,0e,d7,eb,1e,af,11,f0,24 "08007bca39f6"=hex:7b,2d,16,3d,53,c1,7a,0c,eb,7c,9d,ff,a8,af,37,27 "08007be80959"=hex:8c,90,4b,a8,54,76,85,71,81,eb,4a,ba,fc,2b,e5,84 "0012370a8284"=hex:fe,4e,3c,88,07,2f,33,8e,91,c3,d9,c2,55,6b,2b,30 scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DeviceNotSelectedTimeout"="15" or read our Welcome Guide to learn how to use this site. No security suite is install, direct connection to the internet through the DSL modem, checked the network settings are all the same in all browsers / apps (direct connection), and still Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4

Under the Hidden files and folders heading, select Show hidden files and folders. E.g. [!] Key Not Deleted : HKU\S-1-5-21-1209626233-1858311023-2878856544-1000\Software\AppDataLow\Software\PriceGong [!] Key Not Deleted : HKU\S-1-5-21-1209626233-1858311023-2878856544-1000\Software\AppDataLow\Software\Savings Bull If AdwCleaner failed, please try again and start AdwCleaner by right-clicking it and selecting Run as Click Yes to confirm.Please download GMER from one of the following locations and save it to your desktop:Main Mirror This version will download a randomly named file (Recommended)Zipped Mirror This version Back to top #7 Funny Girl Funny Girl Member Members 13 posts Posted 07 September 2015 - 12:53 PM When I ran AdwCleaner yesterday and sent you the files.

Other members who need assistance please start your own topic in a new thread. Information on A/V control HERE regards, schrauber If I've not posted back within 48 hrs., feel free to send a PM with your topic link. No, create an account now. https://forums.malwarebytes.com/topic/158531-cpu-usage-problems-hijackthis-log-inside/ on the system, please remove or uninstall them now and read the policy on Piracy.Failure to remove such software will result in your topic being closed and no further assistance being

What's next? To start viewing messages, select the forum that you want to visit from the selection below. Do you see the file extension ".exe" on the FRST program? Thank you!

Register now! Thanks.This should only take me a few minutes... Dismiss Notice TechSpot Forums Forums Software Virus and Malware Removal Today's Posts Whats wrong please (hijackthisattached) Byliverpoolrdbest Apr 4, 2007 I have a 3 month old sony vaio laptop and it TechSpot is a registered trademark.

Thanks again! ---Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 11:44, on 2008-04-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe have a peek at these guys As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. What you want is fast internet, internet that goes Full Tilt Quick Navigation PressF1 Top Forums PressF1 PC World Chat Site Areas Settings Private Messages Subscriptions Who's Online Search Forums Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

Otherwise they might stop OTL. Go up to File > Save As... HELP PLEASE!!! check over here Browsing only works in IE Sounds strange.

Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here C:\WINDOWS\system32\mshtmlsed.exe C:\WINDOWS\system32\MSRundll.exe C:\WINDOWS\system32\sInit117.exe C:\WINDOWS\20074222657878.exe C:\WINDOWS\system32\MSRundll.exe C:\WINDOWS\system32\winsys16_070307.dll C:\Program Files\Common Files\CPUSH\cpush0.dll C:\WINDOWS\system32\42adntos.dll C:\WINDOWS\system32\winveu74.dll C:\WINDOWS\system32\HelpIE.dll C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll C:\WINDOWS\system32\41eecfsb.dll C:\WINDOWS\system32\MyFavor.dll C:\WINDOWS\2007331205331230.exe C:\DOCUME~1\GRANTJ~1\LOCALS~1\Temp\upxdnd.exe C:\WINDOWS\2007331221352593.exe C:\WINDOWS\system32\sInit117.exe C:\WINDOWS\Kernelmh.exe C:\WINDOWS\20074222657878.exe C:\WINDOWS\web\related.htm C:\WINDOWS\system32\WPDShServiceObj.dll C:\PROGRA~1\eklg\flmh.dll C:\PROGRA~1\eklg\flmh.dllClick to expand... The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after

are active before connecting to internet.

Back to top #11 Funny Girl Funny Girl Member Members 13 posts Posted 08 September 2015 - 01:40 PM When I move FRST I right click and send to desktop. SDFix: Version 1.171 Run by Lance on 2008-04-15 at 23:11 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Click on the button that has the red circle with the X in the middle after you enter each file. hijackthis.log attached Started by RockiesInOctober , Apr 13 2008 09:50 PM Page 1 of 2 1 2 Next This topic is locked 18 replies to this topic #1 RockiesInOctober RockiesInOctober New

Don't worry, this is normal.6. Try What the Tech -- It's free! It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal this content What the Tech → Spyware / Malware / Virus Removal → Virus, Spyware & Malware Removal Javascript Disabled Detected You currently have javascript disabled.

I don't know how else to do it. Please, turn off all programs, including browsers.Double-click on AdwCleaner to start the program.Click on the Scan button.Wait until the search has finished.Click on the Clean button.Click on OK.Click on OK on Please, paste the content of that file in your reply. Only attach them if requested or if they do not fit into the post.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days.

If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. It creates a log file, called Fixlog.txt, on the desktop. Click the Fix button. Insert your OS CD and let it do the repairs with the OS. 8.) Make sure that you are using the latest version of Java.

Back to top #19 Funny Girl Funny Girl Member Members 13 posts Posted 12 September 2015 - 08:00 PM These are the two files it created. [.ShellClassInfo] [email protected]%SystemRoot%\system32\shell32.dll,-21769 If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please You too could train to help others- Join the Classroom Back to top #5 RockiesInOctober RockiesInOctober New Member New Member 13 posts Posted 14 April 2008 - 01:10 PM Thanks again!

I tried it several times and it worked. Please help. Click here to Register a free account now! Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.

Remove any threats foundOnce completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and You will be prompted to install an ActiveX component from Kaspersky, Click Yes. I also don't see any evidence of a firewall (other than perhaps the standard Windows firewall, which is average at best). Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump

Advanced Search Forum PressF1 Help my boss with his HiJackThis log please?