Home > Hijackthis Log > Hijackthis Log (virtual Bouncer?)

Hijackthis Log (virtual Bouncer?)

Open the folder and run FindIt's.bat and wait for notepad to open a text file. Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra If it has to fix things, be sure to re-boot and rerun AdAware again and repeat this cycle until you get a clean scan. No, create an account now. http://pcialliance.org/hijackthis-log/hijackthis-exe-itself-is-not-opening-cant-able-to-get-the-hijackthis-log-file.html

Here is the HJT log. Let me know the next step..Internet adn startup seems faster so I guess they removed something. Be sure that you also download and install hotfix Q816093, here: http://support.microsoft.com/?kbid=816093 which blocks the exploit upon which this parasite family depends. Here is a logLogfile of HijackThis v1.97.7Scan saved at 12:14:36 AM, on 5/26/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exec:\Program Files\Norton https://www.bleepingcomputer.com/forums/t/15368/derbiz-virtual-bouncer-etc-etc/

Also make sure that the System Files and Folders are showing/visible also. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - Lets try another tool.. This is necessary to ensure you have backups should anything go wrong.then go to add/remove programs and see if there is an entry for WinTools.

Sign Up Now! Register now! Jim Byrd, Jun 24, 2004 #3 Advertisements Show Ignored Content Want to reply to this thread or ask your own question? Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: IC 3.0 - {bba9a1cb-c90a-4912-8f01-dfa51a2b4102} - C:\Program Files\Aladdin Systems\Internet Cleanup\ic3hlpr.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9

Thasnk for the tip. If you're having a computer problem, ask on our forum for advice. All rights reserved.Unauthorized reproduction or linking forbidden without expressed written permission. news O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context

Reboot into Safe Mode.Locate LQFix.bat on your desktop.- Doubleclick on LQFix.bat. It's best to perform CWShredder (and most other malware fixers too) from Safe mode and then reboot. All links to programs are in my signature. Started by xbspaul , Apr 08 2005 10:19 AM This topic is locked 2 replies to this topic #1 xbspaul xbspaul Members 12 posts OFFLINE Local time:05:42 PM Posted 08

Also, when i look at my processes that are running, there is a file called pokapoka62.exe. Once back to normal windows proceed with the next steps.... =============================================== STEP2 Download FindIt's.zip to your desktop: http://forums.net-integration.net/in...post&id=142443 1. I will take a look at it. 05-03-2005, 08:32 AM #10 GeauxTigers Registered Member Join Date: Apr 2005 Posts: 6 OS: XP Everything is great now. The reason is that it may have to remove things which are currently "in use" before it can then clean up others.

In the following, all of these removal tools should be run from Safe mode when possible. check over here PC Review Home Newsgroups > Windows XP > Windows XP Internet Explorer > Home Home Quick Links Search Forums Recent Posts Forums Forums Quick Links Search Forums Recent Posts Articles Articles I ran the symantec repair tool but it ddi not detect it. Make sure to close any open browsers.

Good job. __________________ Please do NOT PM me. It said the file was protected or in use. You will do it at the end in safe mode.Then boot to safe mode.CTL-ALT-DEL and verify the following are not running. http://pcialliance.org/hijackthis-log/hijackthis-log-pls.html Madison Guest Does anyone know how to successfully get rid of Virtual Bouncer once it has attacked a pc???

Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: ewido security suite control - ewido networks - C:\toolbox\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security The log file will be C:\log.txt and bad1.txt **Note** Each tool uses log.txt as it’s output file so make sure you save the entry’s from one tool before running the other Modems' have short term memory [CharterSpectrum] by ssgcallen300.

Post whatever questions you may have in the forum and we will take a look at it when we get to it.

Post whatever questions you may have in the forum and we will take a look at it when we get to it. Now download and run: http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore your search functions if they've been affected (as they probably will have been). Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

See below.

Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure) C:\WINDOWS\System32\psoft1.exe C:\WINDOWS\System32\usrv42a.exe C:\WINDOWS\System32\ljaagy\ymlugskk.exe Check and fix the following in HijackThis The time now is 03:42 PM. -- Mobile_Default -- TSF - v2.0 -- TSF - v1.0 Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of Madison, Jun 24, 2004 #1 Advertisements siljaline Guest "Madison" <> wrote: > Does anyone know how to successfully get rid of Virtual > Bouncer once it has attacked a pc??? http://pcialliance.org/hijackthis-log/hijackthis-log-can-anyone-help.html Once in safe mode… Double click rkfiles.bat It will scan for a while, so please be patient.

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? Here is a HJT Log. Bolger and Nail are still present. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

Thanks again. « bwgo0000cee8.exe entry that keeps returning | Don't know where to begin... » Thread Tools Show Printable Version Download Thread Search this Thread Advanced Search Posting Rules