Home > Hijackthis Log > Hijackthis Log - Possible Worms?

Hijackthis Log - Possible Worms?

to help speed up your system. MBAM may "make changes to your registry" as part of its disinfection routine. Find all posts by annalindsay #9 01-06-08, 00:15 bricat Global Moderator Join Date: Jun 2003 Location: belfast Posts: 34,622 Re: HijackThis log (where's the worm?) there is no by looking at it and telling me if anything is wrong Allan: That's not how we work.Please follow the instructions in the following link and post the requested logs: http://www.computerhope.com/forum/index.php/topic,46313.0.html SuperDave: this content

FT Server""%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe:*:Enabled:Updates from HP""%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger""C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Advertisement Recent Posts What's for Dinner...... O4 - Global Startup: ONSPEED.lnk = C:\Program Files\ONSPEED\onspeedgui.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program and b) that I needed to download HijackThis from Trend. https://forums.techguy.org/threads/hijackthis-log-possible-worms.536724/

then let us know how the computer is running. __________________ PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE. what do I do now? Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Software

Hope all is well with you today and God bless. :) Renmoo05-07-2006, 09:10 AMHello there. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or Boyfriend accidentally opened infected e-mail and caught the virus. annalindsay View Public Profile Send a private message to annalindsay Visit annalindsay's homepage!

Contents of the 'Scheduled Tasks' folder "2008-05-29 18:18:00 C:\WINDOWS\Tasks\preupd.job" - C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 00:35:59 Join our site today to ask your question. We may have to do it again but that will come.Gogo Die Hijacker DieMember ofALLIANCE OF SECURITY ANALYSIS PROFESSIONALSSince 2004Warning My killer dog at work.QUOTEIMPORTANT - Before Posting a HijackThis LogInstructions And it does have a check mark in it.

Just paste your complete logfile into the textbox at the bottom of this page. Also, I switched the "Set Restore Points" back ON last night (I'd switched them off for a few hours after reading somewhere that it was necessary) - do I need to Lionlady23 replied Feb 10, 2017 at 5:46 PM Loading... I am not accustomed to using "forums" so please let me apologize in advance for any procedural mis-steps I will most probably make.

For example, when I try adjust the Date/Time I am informed that there are '...restrictions in effect on this computer. Gogo Die Hijacker DieMember ofALLIANCE OF SECURITY ANALYSIS PROFESSIONALSSince 2004Warning My killer dog at work.QUOTEIMPORTANT - Before Posting a HijackThis LogInstructions - on creating a HijackThis Log Back to top #5 If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. All rights reserved.

Will let you know what happens. news silo018 Born Posts: 2 3+ Months Ago Hi Board, thank god I found this forum is all I can say! anyways see if you can run this tool.Please download Deckard's System Scanner (DSS) to your Desktop.[*]Close all applications and windows.[*]Double-click on DSS.exe to run it, and follow the prompts.[*]The scan may Worm Mobler A ?

with options Y/N. So WHY did it keep on announcing the worm, WHY did the worm "disappear", and WHY is the puter now running so slowly?? Gogo Die Hijacker DieMember ofALLIANCE OF SECURITY ANALYSIS PROFESSIONALSSince 2004Warning My killer dog at work.QUOTEIMPORTANT - Before Posting a HijackThis LogInstructions - on creating a HijackThis Log Back to top #10 http://splodgy.org/hijackthis-log/hijackthis-log-please-let-me-know-what-i-m-to-do-next.php EXE O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 -

Discussion in 'Windows XP' started by matrim, Jan 19, 2007. bricat View Public Profile Send a private message to bricat Find all posts by bricat #10 02-06-08, 22:54 annalindsay Newbie Join Date: May 2008 Posts: 8 Re: HijackThis Can not seem to run registry cleaners correctly either, when I try to fix problem.

Contacts About Web User Contact Us Advertising Info Top 10 Website - HitWise 2008 Follow Web User on Twitter Join the Web User Facebook group Watch the Web User Youtube channel

Here is my HiJackThis log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:48:46 PM, on 12/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil When the scan is complete, two text files will open - Main.txt and Extra.txtExtra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. annalindsay View Public Profile Send a private message to annalindsay Visit annalindsay's homepage!

Does this mean that my system is now sparkly clean from EVERYthing potentially nasty?? Re., the log: I notice that the penultimate line of it has something to do with Symantec... there is nothing from Symantec on this PC any more...? http://splodgy.org/hijackthis-log/hijackthis-log-for-my-pc.php It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.

It is important that you reply to this thread. I've run quite a few virus/spyware scans using Zone alarm and McAfee. This is the lastest hijackthis logRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor\pctsSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Spyware Doctor\pctsTray.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\system32\bcd2kcpan.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Exo Adult\ExoAdult.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Find all posts by annalindsay #4 30-05-08, 00:44 annalindsay Newbie Join Date: May 2008 Posts: 8 Re: HijackThis log (where's the worm?) (baffled) Puter still running extraordinarily SLOWLY

I downloaded the two programs you mentioned to my desktop and disabled AVast. Only after downloading the tools above not before.Run* Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)* Reboot into Safe Mode: ( Here are some related websites:" which bear no relation to anything... :-S I tried again today but same story... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:52:46 PM, on 12/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\repair\aol.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Hopefully it will not return. The action says, "Reboot Required - Partial" 8 infections. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use

Advertisement matrim Thread Starter Joined: Dec 28, 2004 Messages: 197 My comp isn't running the way it should be. Yet today there've been NO pop-ups, no warnings, no sign of it... Back to top #4 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 13 December 2007 - 03:44 AM Hi.Santamaria That's ok just move on if you can't get it. I've carefully & attentively read all those warnings about one false step and am now duly & truly terrified that I will make the problem worse by not having a clue

Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt ) Navigation [0] Message Index Go to full version HijackThis.de Security Preview this book » What people are saying-Write a reviewWe haven't found any reviews in the usual places.ContentsACKNOWLEDGMENTS PREVENTING IDENTITY THEFT FIREWALLS VIRUSES SPYWARE Other editions - View allThe Symantec Guide Attached Files Ad_Aware_20071212_18_47_17.log 62.47KB 265 downloads Back to top #2 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 13 December 2007 - 03:03 AM Hello.Santamaria & WelcomeDownload SDFix and Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO:

Back to top #9 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 13 December 2007 - 06:14 AM Hi.Santamaria Yes do so please. Soooo... Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to if you CAN help, would you give any instructions in REALLY basic steps?