Home > Hijackthis Log > Hijackthis Log - Lots Of "01 - Hosts"

Hijackthis Log - Lots Of "01 - Hosts"

If there's anything someone could tell me to do without seeing my fat-*censored* log, that would be truly excellent. Also, I saw on the adaware thing (it keeps being reborn), 'winn32.trojandownloader.small.aly' .I'll copy my hijackthis log, but it's going to take a few minutes._Tuesday Raptor: You should do the following:1. Next, please reboot your computer in SafeMode by doing the following: 1. com 01 - Hosts: 127.0.0.55 tomcoyote. weblink

Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when If it is not listed, follow these instructions:· From a computer that has Internet access, click on the following link:http://www.new.net/s...install6_90.exe.· Download and save uninstall6_90.exe to the Desktop.· Go to the Desktop Choose Merge from the popup menu and answer Yes or Ok to any further prompts.Step #4Run CWShredderDouble-click on CWShredder.exe.Click "Fix ->" and click "OK" at the prompt.CWShredder will scan and clean It appears that everything looks good. https://www.bleepingcomputer.com/forums/t/253899/infection-finally-got-a-log/?view=getnextunread

Proud member of ASAP since 2005 The help you receive here is free. Not sure if I did this right, but here's what was in the report. It takes a few minutes to run all the script.When the tool finishes, the zoek-results.log is opened in Notepad.The log is also found on the systemdrive, normally C:\If a reboot is Backing Up: C:\WINDOWS\system32\qCsf.dll 1 file(s) copied.

Back to top #13 Daemon Daemon Security Expert Retired Staff 3,350 posts Posted 08 February 2005 - 02:22 AM Open Internet Options via the IE Tools menu, and go to the I don't recommend Kazaa because it install a lot of junk with it, see here for more info: http://p2p.malwarere....com/index.htmlSo you beteer uninstall it. * Download Dr.Web CureIt to the desktop:ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exeDoubleclick the Please use them so that others may benefit from your questions and the responses you receive.OldTimer Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are org 01 - Hosts: 127.0.0.7 computercops.us 01 - Hosts: 127.0.0.8 ct7support.

Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Please post a fresh Hijack This log, kaspersky scan report Antispyware.log so that we can check if your system is clean. Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT http://www.techsupportforum.com/forums/f284/hijackthis-log-lots-of-01-hosts-66993.html Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Tech

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O2 I looked for the New.Net and it was NOT listed under ADD?REMOVE. C:\Documents and Settings\Tra\Desktop\l2mfix System Rebooted! Make sure that they are all there.Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files.

If it is run from Temporary folders the backups and HijackThis itself could be accidentally deleted if the Temporary folders are cleaned. This process used to be called "MSTDC.exe" before it was called "servies.exe". When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. Select safe mode and press Enter3.

Please proceed withthe follwoing steps in order.Step #1Run On-line virus scansPlease run at least 2 of the following on-line virus scans:Trend Micro HousecallBitDefender On-Line Virus ScanPanda ActiveScanMake sure that you choose http://intracom2008.com/hijackthis-log/hijackthis-log-regarding-w32-alcra-b.html deleting: C:\WINDOWS\system32\svlunirl.dll Successfully Deleted: C:\WINDOWS\system32\svlunirl.dll deleting: C:\WINDOWS\system32\wbdsp.dll Successfully Deleted: C:\WINDOWS\system32\wbdsp.dll deleting: C:\WINDOWS\system32\wfigest.dll Successfully Deleted: C:\WINDOWS\system32\wfigest.dll deleting: C:\WINDOWS\system32\guu32.dll Successfully Deleted: C:\WINDOWS\system32\guu32.dll deleting: C:\WINDOWS\system32\wan87em.dll Successfully Deleted: C:\WINDOWS\system32\wan87em.dll deleting: C:\WINDOWS\system32\sqimeng.dll Successfully Deleted: C:\WINDOWS\system32\sqimeng.dll deleting: It is critical to have both a firewall and an anti-virus application and to keep them updated.To keep your operating system up to date visit Microsoft Windows Updatemonthly. Then press enter on your keyboard to boot into Safe Mode Doubleclick WinPFind.exeClick on Configure Scan Options.

Reboot and let me know. Using the site is easy and fun. Please re-enable javascript to access full functionality. check over here Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0527.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra

Anybody can ask, anybody can answer. If an update is available then download and install it. My photoblog: http://meandalvis.blogspot.com Last edited by Alvis; 10-14-06 at 09:05 AM. 10-14-06, 09:08 AM #4 matome DVD Talk Legend Join Date: Oct 1999 Location: NY Posts: 12,304

dll /ai msearch.

When he tries to open IE, he gets tons of pop-ups and the machine effectively stalls. Regards, Nyasu Back to top #13 Nyasu Nyasu Topic Starter Members 9 posts ONLINE Local time:10:02 PM Posted Today, 01:09 PM Hi, Here are the log files that you Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when thanx Logfile of HijackThis v1.99.1 Scan saved at 3:07:57 AM, on 3/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program

cab 016 - DPF: t9600F64D-755F-11D4-A47F-0001023E6D5A1 (shutterfl y pi cture upload pl ugi n) - http://web1.shutterfly.com/downl oads/upl oader. Reboot your computer normally, start HijackThis and perform a new scan. If it is run from inside a compressed file then the backups are not created at all.Please open My ComputerDouble-click on Local Disk (C:)Click on the File menu, point to New this content Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Come join us in the Class Room and learn how. If you wish to show your appreciation, then you may donate to help keep us online. Regards alba __________________ Retired member of Member of UNITE Go raibh maith agat « horrible malware | 680130.net issues » Thread Tools Show Printable Version Download Thread Search this Ran by Administrator (administrator) on WIN-COD93430P79 (15-01-2017 23:42:44) Edited by Jo*, Yesterday, 06:28 PM.

com 01 - Hosts: 127.0.0.44 spyguard. Want to help others? Here is what is I found in the Explorer Folder:START - ACCESSORIES - PROGRAM FILES - INTERNET EXPLORER: CONNECTION WIZARD FOLDER:lcwconn.dlllcwconn1.exelcwconn2.exelcwdl.dlllcwhelp.dlllcwip.dunlcwoobe.exelcwres.dlllcwmind.exelcwtutor.exelcwutil.dlllcwx25a.dunlcwx25b.dunlcwx25c.dunlnetwiz.exelsingup.exeMsicw.ispMSN.ispPhone.icePhone.verState.icwTrialoc.adllThe other folder listed in START - ACCESSORIES - PROGRAM FILES Just be sure there are no conflicts.

Back to top #11 KMorris KMorris Member Members 11 posts Posted 29 April 2007 - 04:53 PM Removed WhenUSave in HJT. Back to top #3 KMorris KMorris Member Members 11 posts Posted 28 April 2007 - 01:17 PM Delete repeated post. Shift-Delete works but the .tmp files comes back instantly. I will post the log files again when I get back from work.

net 01 - Hosts: 127.0.0.32 no-spybot.com 01 - Hosts: 127.0.0.33 onlinepcfix.com 01 - Hosts: 127.0.0.34 pchell.com 01 - Hosts: 127.0.0.35 pestpatrol.com 01 - HostS: 127.0.0.36 safer-networki ng. Please print these directions and then proceed with the following steps in order.Step #1Open Notepad and copy/paste the text in the quotebox below into the new document:REGEDIT4[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\battck][-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\battck][-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\battck][-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Styles][-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Styles][-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Styles][-HKEY_USERS\S-1-5-21-583907252-162531612-839522115-1003\Software\Microsoft\Internet Explorer\Styles][-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Backing Up: C:\WINDOWS\system32\hr8o05l3e.dll 1 file(s) copied.

Close ALL windows except Ad-Aware SE. Sign In Create Account Body Background skin color theme reset What the Tech Search Advanced Search section: Google This topic Forums Members Help Files Downloads Unreplied Topics View New Content Look for a log called C:\log.txt - post the contents here. Backing Up: C:\WINDOWS\system32\svlunirl.dll 1 file(s) copied.

Back to top #15 Daemon Daemon Security Expert Retired Staff 3,350 posts Posted 10 February 2005 - 02:25 AM Download this file to your desktop.