Home > Hijackthis Log > HiJackThis Log. Help Desperately Needed !

HiJackThis Log. Help Desperately Needed !

Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files View New Content Members Forums More Lavasoft Support Forums → Archived Topics or read our Welcome Guide to learn how to use this site. C:\System Volume Information\_restore{6B9B532E-55D5-4D10-AADB-09B0A5908CD6}\RP74\A0029687.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined). Please be patient.Once scanned, copy and paste the results in your next reply as well. http://osuweb.net/hijackthis-log/help-needed-with-this-hijackthis-log.php

this is good news. Desperately need help with HijackThis log Started by marsenaul , Jan 06 2005 07:30 AM Please log in to reply 3 replies to this topic #1 marsenaul marsenaul Members 3 posts Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -HO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Bron-Spizaetus] "C:\WINDOWS\ShellNew\sempalong.exe"O4 - HKLM\..\Run: [SsAAD.exe] I later learned that it leads to some vietnamese dating site or whatever. (Whenever I try to click on the link, IE doesnt want to open the site.)Anyway, here is what http://www.bleepingcomputer.com/forums/t/8261/desperately-need-help-with-hijackthis-log/

It's really bugging me and I've tried everything I can think of, running virus scans updating drivers but so far no luck. Tutorial Run on a regular basis Update all these programs regularly Make sure you update all the programs I have listed regularly. Thanks again. Several functions may not work.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. Every time I scan it. This can patch many of the security holes through which attackers can gain access to your computer. Now I really dont know what to do.

To make a permanent folder,Go to Start>Double-click the My Computer icon. This is a 30 day trial of the program.Once you have downloaded AVG anti-spyware, locate the icon on the your desk top and double-click it to launch the set up program. Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) It should have this icon next to it: Select it and click Remove. http://www.hijackthis.de/ Start a new thread instead and someone will help you asap.Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} Pager]C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quietR1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sysR2 SetupNT;SetupNT;C:\WINDOWS\system32\SetupNT.sysS1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sysS3 NTSIM;NTSIM;\??\C:\WINDOWS\System32\ntsim.sysS4 wfxsvc;WinFax PRO;C:\WINDOWS\System32\WFXSVC.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{222e9cb1-523e-11dc-96fb-001a70aeda30}]AutoRun\command- G:\explore\Command- WScript.exe .\imgkulot.vbsopen\Command- WScript.exe .\imgkulot.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23ddcb14-50ba-11dc-96f5-001a70aeda30}]AutoRun\command- G:\explore\Command- WScript.exe .\imgkulot.vbsopen\Command- WScript.exe .\imgkulot.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b9d1620-4aa0-11dc-96d4-000ae6891af8}]AutoRun\command- G:\explore\Command- WScript.exe .\imgkulot.vbsopen\Command- WScript.exe .\imgkulot.vbs[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a86c3cd0-6acb-11db-bf8d-000ae6891af8}]AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NETSVCS.EXEé_†™\command- NETSVCS.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8bd0f10-5e1b-11dc-80a0-001a70aeda30}]AutoRun\command- G:\explore\Command- WScript.exe .\imgkulot.vbsopen\Command- WScript.exe As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged C:\System Volume Information\_restore{6B9B532E-55D5-4D10-AADB-09B0A5908CD6}\RP51\A0024226.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined).

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! Get More Information C:\System Volume Information\_restore{6B9B532E-55D5-4D10-AADB-09B0A5908CD6}\RP85\A0032087.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined). If you are asked to reboot the machine choose Yes.. Lawrence Abrams Don't let BleepingComputer be silenced.

C:\System Volume Information\_restore{6B9B532E-55D5-4D10-AADB-09B0A5908CD6}\RP74\A0029809.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined). news Here is the smitfraud logfile... Start->Control Panel->System, System Restore. Advertisements do not imply our endorsement of that product or service.

Please take the time to read this article with suggestions and information on 'Safe Computing Practices.' So how did I get infected in the first place. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllF2 - REG:system.ini: Shell=Explorer.exe scvshosts.exeF2 - REG:system.ini: UserInit=userinit.exe,imgkulot.batO2 - BHO: &Yahoo! Join the ClassRoom and learn how.MS - MVP Consumer Security 2009 - 2016 Back to top #3 fionnghaile fionnghaile New Member Members 4 posts Posted 26 December 2006 - 09:52 AM have a peek at these guys AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help!

C:\System Volume Information\_restore{6B9B532E-55D5-4D10-AADB-09B0A5908CD6}\RP74\A0029840.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined). C:\System Volume Information\_restore{6B9B532E-55D5-4D10-AADB-09B0A5908CD6}\RP44\A0018196.exe -> Adware.Malwarewipe : Cleaned with backup (quarantined). Now if you are still having problems, let me know and I will help you.

My computer is slow!---My Blog---Follow me on Twitter.Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.DO NOT

Also it says my HijackThis Log was too long to post. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - C:\System Volume Information\_restore{6B9B532E-55D5-4D10-AADB-09B0A5908CD6}\RP85\A0032060.exe -> Downloader.Zlob.agu : Cleaned with backup (quarantined). Adaware, as is becoming a trend lately, closed down graciously again.Anyway here is my new Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:29:31 AM, on 9/26/2007Platform: Windows XP SP2

I have already ran an Ad-Aware SE and spybot search and destroy AND i have sohpos and AVG but none appear to be getting to the problem. Go to Start > Control Panel double-click on the Software icon > add/remove programs. SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll End ...The AVG Scan --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:00:27 27/12/2006 + Scan result: HKU\S-1-5-21-842925246-920026266-854245398-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D869742A-E5D2-4624-96C7-AAE26170665E} -> Adware.HQVideoCodec : Cleaned http://osuweb.net/hijackthis-log/help-with-this-hijackthis-log.php Back to top #8 DamienWolf DamienWolf Member Members 11 posts Posted 26 September 2007 - 05:16 AM Yay!

Below I have included a number of recommendations to protect your computer in order to prevent future malware infections. This applies only to the original topic starter. There is something called troj.zlob and a hqvideocodec 4.0(which when i tried to remove manually via control panel wouldn't let me). Several functions may not work.

Back to top #5 miekiemoes miekiemoes Malware Killer Dog Volunteer Security Advisor 4092 posts Posted 25 September 2007 - 05:24 PM I put it on my desktop and double-clicked it and Back to top #6 DamienWolf DamienWolf Member Members 11 posts Posted 25 September 2007 - 08:32 PM Hi again...Uhm, I've followed what you said by the letter. This may take a bit. Fionnghaile.

My computer is slow---My Blog---Follow me on Twitter.My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!Asking for help