Home > Highjack This > Highjack This Log (worm Problem)

Highjack This Log (worm Problem)

Save the log file and post it here. If not, see this page for manual removal. After you've clicked once to start it, do NOT attempt to do anything else on the computer while it's running. Click "OK".Place a checkmark next to items you wish to remove/quarantine and Click "Next".A notification will appear that "Quarantine and Removal is Complete". Check This Out

Click OK* Make sure everything in the white box has a check next to it, then click Next* It will quarantine what it found and if it asks if you want Please thank your helpers and there will always be help here when you need it!======================================================== Back to top #5 BreoXelkythe BreoXelkythe Topic Starter Members 3 posts OFFLINE Local time:04:31 PM Not sure what changed between your last log and now. LoginContact Search Members Ozzu Gallery Ozzu RSS Feeds FAQ The team Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar http://www.ozzu.com/mswindows-forum/hijack-this-log-worm-problem-t32287.html

Choose "Perform Complete Scan" and click "Next".When done, a Scan Summary will appear with potentially harmful items that were detected. My Recycler folder did not regenerate from the reboot. Reboot.

It will be helpful for the next person who reads this thread. Advertisements do not imply our endorsement of that product or service. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot. ndex.phtml Run Hijack This, scan and check the following items. (don't fix yet): R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R3 - URLSearchHook: (no name)

ch/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com O2 Norton is identifying 12 files that are "Adware threats," but can't do anything about them for some reason. Could this "grow" back into a problem (I'm sure that one will make some of you laugh). http://www.bleepingcomputer.com/forums/t/83819/wormtrojan-problem/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...

You should 'not' have any open browsers when you are following the procedures below. That you asked about NETSTATT.EXE coming back is not laughable. Sign in to follow this Followers 2 Go To Topic Listing Resolved Malware Removal Logs Recently Browsing 0 members No registered users viewing this page. Run the scan, enable your A/V and reconnect to the internet.

Be assured, any links I give are safe.7. http://www.computerhope.com/forum/index.php?topic=127101.0;wap2 If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. It's easier that way. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

If you're not already familiar with forums, watch our Welcome Guide to get started. his comment is here There is no reason for you to keep it, if you delete it everything will work fine but your ISP will not be able to "monitor" your performance. C:\WINNT\system32\arrtvi.dll is a Adware threat. C:\Documents and Settings\Barry\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! http://windowsupdate.microsoft.com/ Keep your Anti-Virus program up-to-date. Worm/trojan Problem Started by aalberini , Mar 06 2007 01:46 PM Please log in to reply 1 reply to this topic #1 aalberini aalberini Members 1 posts OFFLINE Local time:04:31 this contact form Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

Download and install Windows Defender from this link: Link . Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Hit enter to continue.

If I don't respond within 30 minutes, it means my medication hasn't kicked in yet and I'm down with a migraine, I should be back on within 18 hours.

I will be working on your Malware issues. In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll O3 - Toolbar: Embarq Toolbar - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - C:\PROGRA~1\EMBARQ~2\EMBARQ~1.DLL O3 - Toolbar: CenturyLink Toolbar - HijackThis Log Attached Please follow this process in order to remove the entries flagged as dangerous: 1.

The fixes are specific to your problem and should only be used for this issue on this machine.3. Click File/New Task, choose browse and navigate to the location where you saved Hijackthis. Do NOT run any of them yet. **WARNING!!!: Do not run ComboFix or Gmer unless you have plenty of experience with them and have used them multiple times previously, or someone http://pcialliance.org/highjack-this/highjack-this.html ch/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com R3

Curt3000 Born Posts: 4 3+ Months Ago Thanks for your continued help Jim. Click 'OK'. Check "Show hidden files and folders" Uncheck "Hide protected Operating System files" Click OK Delete the following file: C:\WINNT\System32\NETSTATT.EXE Clear Temporary Folders\Files and Internet Files Go to start > run Enter: Select: Delete on Reboot then Click on the All Files button.Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged I will be helping you out with your particular problem on your computer. 1. Make sure to close any open browsers. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide -

Open "My Computer", Open your C: drive. utside.cab I notice in previous postings you ask for system restore to be at least temporarily disabled. Include the address of this thread in your request. Advertisement Barry619 Thread Starter Joined: Jul 10, 2007 Messages: 3 Hi, for the past few days now i've been having problems with my PC, i think i've sorted some, but no

ComboFix can cause you to not being able to bootup again.** ComboFix ATFCleaner TFC ERUNT Mbam Gmer CCleaner Save my entire post to a text file and save it to your Curt3000 Born Posts: 4 3+ Months Ago I think I have it all done. Click Yes at the Delete on Reboot prompt.