Home > Hijackthis Log > HiJackThis Log: 10/16/04

HiJackThis Log: 10/16/04

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum. Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8188CU Wireless LAN 802.11n USB 2.0 Network Adapter Device ID: USB\VID_0BDA&PID_8176\00E04C000001 Manufacturer: Realtek Semiconductor Corp. Yes, my password is: Forgot your password? Logfile of HijackThis v1.99.1 Scan saved at 5:36:55 AM, on 8/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe http://pcialliance.org/hijackthis-log/hijackthis-exe-itself-is-not-opening-cant-able-to-get-the-hijackthis-log-file.html

It has done this 1 time(s). To start viewing messages, select the forum that you want to visit from the selection below. Never run more than one scan at a time. This new program that magically appeared would perform scans like it was a real AV program and come up with all kinds of infections. http://forums.afterdawn.com/threads/aproposfix-log-and-hijackthis-log.574090/

scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2007-12-11 16:45:19 - machine was rebooted.2007-11-26 20:01:52 --- E O F --- Back to top #10 HJThis HJThis Advanced Member Volunteer Security Advisor Request blocked. Forum Today's Posts FAQ Calendar Forum Actions Mark Forums Read Quick Links View Forum Leaders What's New? Dismiss Notice TechSpot Forums Forums Software Virus and Malware Removal Today's Posts My Hijackthis log - what is thevirus?

Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exeO4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exeO4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exeO8 - Extra context menu Close any open browsers.2. Gogo Die Hijacker DieMember ofALLIANCE OF SECURITY ANALYSIS PROFESSIONALSSince 2004Warning My killer dog at work.QUOTEIMPORTANT - Before Posting a HijackThis LogInstructions - on creating a HijackThis Log Back to top #5 If i opened the program, it opened up "Antivirus .net".

VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Intel PROSet/Wireless Event I can't forget Supersparks, Fink, and Welshjim. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of have a peek here Please follow these steps to remove older version Java components and update. *Download the latest version of Java(TM) SE Runtime Environment 6u2. *Scroll down to where it says "The J2SE Runtime

Click the "Scan" button to start scan. To everyone else who contributes around here, keep it up! Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader 9.4.3 Adobe Reader X (10.1.2) Advanced SystemCare 4 I can't forget Supersparks, Fink, and Welshjim.

The following error occurred: The operation was canceled by the user. . http://spywarehammer.com/completed-malware-and-rootkit-removal-topics/(resolved)-google-is-redirecting-my-searches-here-is-the-hijack-this-log/10/?wap2 I have listed both the startup.txt and the new hijacklog below.Thank you--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Reader_sl""hkey"="HKLM""command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"""inimapping"="0"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APVXDWIN]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="APVXDWIN""hkey"="HKLM""command"="\"C:\\Program Files\\Panda Security\\Panda Antivirus 2008\\APVXDWIN.EXE\" /s""inimapping"="0"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpWirelessAssistant]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="HPWAMain""hkey"="HKLM""command"="%ProgramFiles%\\Hewlett-Packard\\HP Wireless Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 10/13/2009 7:52:02 PM System Uptime: 1/29/2012 3:04:51 PM (2 hours ago) . Just paste your complete logfile into the textbox at the bottom of this page.

I close my topics if you have not replied in 5 days. this content then run a Full System scan. New Signature Version: Previous Signature Version: 1.117.2744.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Finished!

On completion of the scan click "Save log", save it to your desktop and post in your next reply. I have attached both the adaware log (adaware_log.txt) and the hijackthis log (hijackthis.log). A log file should appear. weblink If you're stuck, or you're not sure about certain step, always ask before doing anything else.

NOTE. FF - ProfilePath - c:\documents and settings\mendy\application data\mozilla\firefox\profiles\86m4pdg4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z095&partner_id=667&product_id=636&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110706&user_guid=EDAB5EE3083340EB9B31232733CE99E3&machine_id=63db75a3ae1d330b36ac61611f9c874c&browser=FF&os=win&os_version=5.1-x86-SP3 FF - prefs.js: keyword.URL - Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318} Description: PCI Simple Communications Controller Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&5855BE9&0&10F0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&5855BE9&0&10F0 Service: . ==== System Restore Points =================== .

I also need you to remove/uninstall the Ver of Hijack-This you have now and install this one here.

Please, observe following rules: Read all of my instructions very carefully. Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2A560CB4-605F-FFB0-D386-2159F7D6C675}@najccdbkbbogpbeliejdogenjadn 0x69 0x61 0x6F 0x6E ... ---- Files - GMER 1.0.15 ---- File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes ---- EOF - GMER 1.0.15 ---- Special Thanks to Buffalo, Sky, Crunchie, and New Signature Version: Previous Signature Version: 1.117.2744.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...4.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine I also did the error-checking thing in my local disk C: hardrive, but it didnt solve the problem.

scanning hidden autostart entries ...scanning hidden files ... Pager]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="YAHOOM~1""hkey"="HKCU""command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet""inimapping"="0"Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SnagIt 7.lnk""backup"="C:\\WINDOWS\\pss\\SnagIt 7.lnkCommon Startup""location"="Common Startup""command"="C:\\PROGRA~1\\TECHSM~1\\SNAGIT~1\\SnagIt32.exe ""item"="SnagIt 7"--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:04:57 When i first logged into my admin account, i would get the message, "rundll32 is infected, would you like to run your antivirus program?" I noticed a new icon in my check over here New Signature Version: Previous Signature Version: 1.119.477.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:

RP847: 1/23/2012 11:17:15 AM - System Checkpoint RP848: 1/23/2012 5:22:04 PM - Removed Vegas Movie Studio HD Platinum 11.0 RP849: 1/23/2012 5:24:10 PM - Removed Camtasia Studio 6 RP850: 1/23/2012 6:13:20 In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. I can't forget Supersparks, Fink, and Welshjim.