Home > Hijack This > Hijack This Log File For My MOTHER-IN-LAW!

Hijack This Log File For My MOTHER-IN-LAW!

The 'trojan' kaspersky found is not a virus...C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Owner\AppData\Local\Temp\IDC1.tmp\[1]popcaploader_v10[1].cab Infected: not-a-virus:Downloader.Win32.PopCap.b 1When I said ATFCleaner will get rid of it, I wasn't referring to the DLL Hook error you were Click "Check for updates now" then click "Connect". All rights reserved. Mar 31, 2008 #8 katieanne TS Rookie Topic Starter Posts: 18 highjack this it won#t let me attach HJT log as it says i have already attached, Tried changing file name http://splodgy.org/hijack-this/hijack-this-log-file-could-somebody-help-me-with-this.php

I just used ATF again to be sure but I dont see an option to save. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ORcuT93FBL (Trojan.FakeAlert) -> Quarantined and deleted successfully. Please re-enable javascript to access full functionality. Copyright Dennis Publishing 2010, All rights reserved Skip Navigation Primary Navigation Channel 9 Home Site Navigation All Content Shows Events Forums Toggle Search Search Channel 9 Search Sign In Tech

Similar Topics Trojandownloader Apr 14, 2008 Pakes.U, Toolbar888, TrojanDownloader HELP Sep 9, 2006 Abebot / TrojanDownloader.XS Apr 28, 2008 Abebot popups Apr 4, 2008 Abebot Apr 7, 2008 Abebot removal Apr O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0a\aoltray.exe O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe O4 - Global Startup: hp center.lnk Here are my recommendations for keeping your Computer clean in future: Visit Microsoft Windows Updates regularly and install all Critical updates and update Internet Explorer. Type Y to begin the cleanup process.

Please do not use your computer while the scan is running. Thank you, Joe.


If you would like to assist the fight against spyware, you can donate here. Joe's Website. "I can resist everything but Allow it to scan your computer, and then restart your computer when requested. I can access individual items by browsing the Control Panel tree in Windows Explorer.What I've tried so far...1) Starting and stopping the Software Licensing service.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. Should I begin backing up my hard drive and prepare for the worst? Thank you x Mar 31, 2008 #4 Blind Dragon TS Evangelist Posts: 3,908 not a problem, I will be around for a while today Mar 31, 2008 #5 katieanne Apr 1, 2008 #23 Blind Dragon TS Evangelist Posts: 3,908 Hi Katie, Everything above sounds good, only other thing I want you to check while in windows explorer -> C:\ProgramData\wxknopgd (delete

If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" Logfile of HijackThis v1.99.1 Scan saved at 20:19:09, on 04/06/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\hgh0ijk3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.File delete failed. Jump to content Build Theme!

Your Display Name will now be the only name you have for the forum and, if you used your Username to log in, you will now need to use your Display https://forums.whatthetech.com/index.php?showtopic=112472 Close all windows before continuing. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Users\Eileen\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully. No input is needed, the scan is running.

Click Cancel, and then click Cancel again to close the Date and Time dialog box. have a peek at these guys michael harshman Here is the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:58:43 PM, on 2/28/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Only thing found were some minor Adware and cookie stuff with low threat.I have tried to use some registry cleaners but they always want you to buy after it is scanned. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

When completed, you will receive this message: Done removing infected files! Here's the MBAM text. Yes, my password is: Forgot your password? http://splodgy.org/hijack-this/hijack-this-file-please-look-for-me.php This will expand the section.

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Thank you Malwarebytes' Anti-Malware 1.09 Database version: 574 Scan type: Full Scan (C:\|E:\|) Objects scanned: 103367 Time elapsed: 20 minute(s), 51 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databasesClick on My Computer under Scan.Once the scan

It's 100% free.

Follow the instructions that pop up for posting the results. Press any Key and it will restart the PC. Should or will there be need to reformat? When trying to go to http://www.microsoft.com/security/malwareremove/default.mspx to try and download the Malicious Software Removal Tool (KB890830), upon hitting the Download button, I get the following URL with a "Internet Explorer cannot

Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log You should post next with, 1)Kaspersky report 2)Fresh HijackThis log This thread is for the use of katieanne only. Also, Spybot, Adaware, and Ewido can not remove everything all of the time. this content Click here to join today!

I think I have completed every step as best I can. Every now and then, I come over to make sure she's updated (windows and Norton, etc.). We want to provide a resource for managing smartphone issues, particularly with malware, but with other things as well. CLick the Ok button and Notepad will open with a log of actions taken during the fix.

Click the "Next" button. If they do not, click once on the circle next to them to put a green checkmark in it.:   "Unload recognized processes & modules during scan" "Scan registry for all Thanks for all the help.So here is the Hijack log fileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:12 PM, on 7/17/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: Last modified Dec 22, 2007 at1:24PM Larsenal W3bbo wrote:  Larsenal wrote:  W3bbo wrote: Time to format, that Add/Remove programs list looks fairly innocuous.

Sign In Use Facebook Use Twitter Use Windows Live Register now! Look2Me-Destroyer will now shutdown your computer, click OK . Thread Status: Not open for further replies. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump

C:\WINDOWS\system32\h04m0ah1ed4.dll Infected! Login now. Allow the scan to finish. Anybody can ask, anybody can answer.

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Will run tools 2 and 3 now and post logs. Kritius - you seem to be a genius at getting rid of this thing. Share this post Link to post Share on other sites Ozzmosis Member Full Member 6 posts Posted February 26, 2005 · Report post OK...   Looks like things are pretty

That's true. HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully. That's not going to go over well. Here's how it works.