Home > Need Help > Need Help With Hijacker - Posted Deckard's System Scanner & HijackThis Logs

Need Help With Hijacker - Posted Deckard's System Scanner & HijackThis Logs

Click the "OK" button after you get the notification that the scan has finished and close the program. 6. I just ran a Deckards System scanner a few minutes ago, and there are weird looking registry entries, like "Cracks for Quake" which I never put on here, and random other I have quoted your last post, & my reply to each of your questions is in BLUE Quote ... to sanitize hot link URLS above Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 jawyllie82 jawyllie82 Topic Starter Members 6 posts OFFLINE Gender:Female this contact form

I click on it and nothing happens. This is caused by files or registry entries being deleted,including temporary files being deleted automatically. Everyone else please begin a New Topic. I love Finland, Finnish metal, and kind Finnish people who help me with this stinkin' computer .) SDFix: Version 1.191 Run by Dickinsons on Wed 06/11/2008 at 02:56 PMMicrosoft Windows XP

Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: &Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - Everyone else please begin a New Topic. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Please use "Reply to this topic" -button while replying. Back to top #11 Grimalkin Grimalkin Member Members 13 posts Posted 14 June 2008 - 02:38 PM Thanks, Blade81. Grimalkin, over & out Back to top #14 Blade81 Blade81 Advanced Member Volunteer Security Advisor 6582 posts Posted 14 June 2008 - 03:20 PM Since this issue appears to be resolved This includes downloaded programs.

HKEY_CLASSES_ROOT\CLSID\{1d723bc7-690a-4dc2-901a-68d977fef6bc} (Trojan.Vundo.H) -> No action taken. They are://ads.aedgency.com/ebay/007/?&SID=N03QUSI2Z-FCqRSL1AYC&login=672125&mediaid_prefix=005&asked_billing_id=2&time=312e3230362e31//fp.pc-on-internet.com/sws/021/?al2=1&alfl2=1&nums=N03QUSI2Z-FCC1QqhABG&login=672125&mediaid_prefix=005&asked_billing_id=2&time=312e3230362e31].I've also included an attachment of the logfile inserted bleowLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:25:23 AM, on 2/21/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\W MPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken. http://www.spywareinfoforum.com/topic/111109-hijack-this-log-dss/ Member Posts: 58 Re: Win32.mIRC.62 need help :( « Reply #42 on: April 08, 2007, 09:20:09 PM » Is Hijack This enough or do I need ComboFix two Logged mauserme Massive

Member Posts: 58 Re: Win32.mIRC.62 need help :( « Reply #38 on: April 08, 2007, 08:26:37 PM » Ok thanx very much for the info Tomorrow I'll run a check with No need to take your computer in anywhere for repair you may want to consider starting a thread in another security forum, we normally tell posters to stick to one forum, Back to top #5 Yourhighness Yourhighness The BSG Malware Fighter Malware Response Team 7,943 posts OFFLINE Gender:Male Location:Hamburg Local time:10:43 PM Posted 08 March 2008 - 03:16 AM Hi Jane,For Make sure the following are checked: - Running processes - Windows Registry - Local Hard Drives 4.

I'll run it in safe mode if I still have no log and hopefully can get back to you tonight with that info. http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=26971&start=15 When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. TomDraco View Public Profile Find all posts by TomDraco #4 August 18th, 2008, 02:02 AM Jintan Malware Removal Team Advisor Join Date: Dec 2004 Posts: 51,189 That scan To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken. address, so that is some progress. Another forum advised someone (back in 2005?) to download SP2, which should solve the install problem! Under Additional Scans click Select All.

If you do it remember to keep machine disconnected from the network until you have firewall running. D: is Fixed (NTFS) - 69.79 GiB total, 2.16 GiB free. For now go ahead with the Malwarebytes step, but go ahead and do that in Safe Mode. http://intracom2008.com/need-help/need-help-removing-trojan-logs-attached.html Sorry for the questions, but my computer is hijacked and it really sucks. -Rael I think both Clark76 & myself have answered that ...

hijack this log (dss) Started by bee993, Jan 05 2008 05:13 PM This topic is locked 6 replies to this topic #1 bee993 bee993 Member Full Member 4 posts Posted 05 I downloaded and performed the DSS scans; the Main and Extra text files appeared, but subsequently the PC froze up. I'm not trying to force you into anything.EDIT: Not Kaspersky but Ikarus.

In that OTScanIt folder click the OTScanIt.exe to open the scan display.

Click on Start>Run and type, or copy and paste:- %temp%\sarscan.log then press Enter. 7. C:\WINDOWS\system32\xsdvbo.dll (Trojan.Vundo) -> No action taken. TomDraco View Public Profile Find all posts by TomDraco #8 August 19th, 2008, 02:36 AM Jintan Malware Removal Team Advisor Join Date: Dec 2004 Posts: 51,189 Try this I tried to run ComboFix again last night, the computer kept restarting every time I ran it, and it got really late so I'll have to check for the txt file

I can't get my poor Dell updated until this is resolved. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. I use Ad-Aware SE plus edition. his comment is here Register now!

The other problem is that I can't open anything in the Control Panel, it comes up with this message: C:\WINDOWS\system32\rundll.32.exe Application not found I'm worried about this. scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.C:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Dell AIO Printer A940\dlbabmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2008-07-31 8:26:40 - machine was rebootedComboFix-quarantined-files.txt 2008-07-31 12:26:34Pre-Run: 11,794,128,896 SEO by vBSEO 3.5.2 Avast community forum Home Help Search Login Register Avast WEBforum » viruses and worms » viruses and worms (Moderators: Pavel, Maxx_original, misak) » Win32.mIRC.62 need help Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm**************************************************************************catchme 0.3.1361 W2K/XP/Vista

Don't make any other changes at this time, then click the Run Scan button at the top left. Posts 14,022 Points 2335 HI This program MMall.exe is always opening on startup (two or three of them). DO NOT select Recovery Console as we don't need it. I'll just say all scanners are capable of false positives.But if you're not comfortable with it and you don't see suspicious activity any longer then don't worry about it.

Finally, I think I have a spyware problem and I need help. Symantec now is not picking up any viruses but the computer is still definitely infected. I uninstalled it, reinstalled it.......nothing. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dllO3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dllO3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dllO3 - Toolbar: &Google -

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! I won't call Kaspersky bad but you've already expressed your opinion of it. posted by Rael No, I haven't gotten any help, but I did a search on ComboFix and many people said that there were imbedded programs that were detrimental to the health HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxoog -> No action taken.