Home > Help With > Help With Dad's HJT Log

Help With Dad's HJT Log

Click Create and you're done. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. Go here and do an online virus scan. In the services window find Remote Procedure Call (RPC) Helper.

Click here to join today! Chess [http://download.games.yahoo.com/games/clients/y/ct1_x.cab] {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} [http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?] C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab] {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} [http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab] {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab] {A17E30C4-A9BA-11D4-8673-60DB54C10000} [http://download.yahoo.com/dl/installs/ymail/ymmapi.dll] {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab] {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab] {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab] **** Windows Services **** [Alerter] %SystemRoot%\System32\svchost.exe -k LocalService [ALG] %SystemRoot%\System32\alg.exe Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. On the Scanner tab: Select "Perform Full Scan" then click on the Scan button.

All rights reserved. Now click "Apply to all folders" Click "Apply" then "OK" ______________________________________________________________________ Sign off the internet and remain offline until this procedure is complete. Jump to content Resolved Malware Removal Logs Existing user?

Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! If an update is found, the program will automatically update itself. DO NOT OPEN ANYTHING ELSE! If any threats were found they will appear in the report6.

Press on "Accept". Download it to the desktop and have it ready to run later. ____________________________________________________________________ Click here to download AboutBuster created by Rubber Ducky. O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab O23 - Service: Symantec Event Manager - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password https://forums.pcpitstop.com/index.php?/topic/93179-dads-hjt-log/ Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1

Double-click on mbam-setup.exe to install the application. Topic Tools #1 October 13th, 2004, 10:43 AM Pyrastilia Member Join Date: Aug 2004 Posts: 87 My Dad's HJT log Hello again guys My Dad's computer is being All were delete by the online software (I hope). If you have an older version, click on Exit Spybot S&D Resident Second step, For both new and older versions : Open Spybot S&D Click Mode, choose Advanced Mode Go to

Check Turn off System Restore. MBAM may "make changes to your registry" as part of its disinfection routine. These are the legitimate services. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools'

Beside "Startup Type" in the dropdown menu select "Disabled". So here it is: I found some programs that didnt belong in a previous scan but I can't seem to make a good call on the others. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in the appropriate forum.

Access by right click on My Computer and choose manage. The scan will begin and "Scan in progress" will show at the top. Flrman1, Feb 12, 2005 #6 Scottyo Thread Starter Joined: Feb 5, 2005 Messages: 45 After about 4 hours over the phone, we have cleaned up the PC considerably. Logfile of HijackThis v1.99.1 Scan saved at 10:55:59 PM, on 6/20/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe

Click Apply then OK. ________________________________________________________________________ Next run aboutbuster. In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button. Register now!

Also from CERThttp://www.us-cert.gov/current/archive/200...07/archive.html Updates Available for Multiple Vulnerabilities in Adobe Productsadded December 7, 2006Adobe has released updates to address vulnerabilities in Adobe Download Manager, Adobe Reader, and Adobe Acrobat 7.

Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. These things can take time and many procedures.It would be so much faster and easier if he would join and respond to this thread himself. Click here to download cwsserviceremove.zip and unzip it to your desktop and have it ready to run later. ___________________________________________________________________________ Click here to download CWShredder. On the General tab under "Temporary Internet Files" Click "Delete Files".

I followed your instructions and we are back up to speed.Apart from this bit... "Copy and paste the contents of that report in your next reply and exit MBAM." 0 Vino Is it dial-up or broadband connection?Let's get rid of these with HJTO9 - Extra button: (no name) - Software - (no file)O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - Then have him do the You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Go here and download SDHelper.dll.

Flrman1, Feb 14, 2005 #8 Sponsor This thread has been Locked and is not open to further replies. At the main page. but Due to a lack of response, this topic is now closed.. Run CWShredder and AboutBuster again.

He can still use AOL mail even if he gets another provider, they have made that free. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders" Next click on My Computer. Regardless if prompted to restart the computer or not, please do so immediately.

I ran CWShredder, Ace Utilities, Bazooka just for neatness' sake aswell before the HJT log was taken. See if control.exe is present in C:\windows\system32 If control.exe isn't there, go here, and download control.exe per the instructions at the site. Please temporarily disable such programs or permit them to allow the changes.It has been a while since you posted your log, if you still want help could you please post a Please re-enable javascript to access full functionality.

The w*auclt.exe (The filename found is "wuaclt.exe" c:/windows/system32 c:/windows/servicepackfiles/i386 c:/windows/SoftwareDistribution/Download/9ded4eee34a35fced0033d3e152a36e0e Logfile of HijackThis v1.99.0 Scan saved at 6:00:00 PM, on 2/14/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 Your gift will be most appreciated.Thank you! Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy www.cybertechhelp.com | I followed your instructions and we are back up to speed. 0 Back to top #4 Vino Rosso Vino Rosso Senior TEG Forum Member Visiting Security Colleague 697 posts Posted 19

Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' Let us know how you are running.