Home > Solved Another > [Solved] Another HJT Log

[Solved] Another HJT Log

Report • #22 Johnw August 30, 2015 at 17:21:28 Here is how a USER got a lot of the problems, no AV would have prevented USER error. The computer seems to have stopped freezing, but I still can't update and can't access security related websites. i have no idea what that is and i dont need it... HKEY_CLASSES_ROOT\CLSID\{748d6ea8-cd59-4682-91e7-af92f4f2d40e} (Trojan.Vundo) -> Delete on reboot.

Her HJT log is attached. This site is completely free -- paid for by advertisers and donations. Similar Threads - [Solved] Another In Progress Need help...Yet another slow computer zekithemeeky, Mar 14, 2016, in forum: Virus & Other Malware Removal Replies: 53 Views: 2,326 capnkrunch Mar 22, 2016 I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not

Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.Thanks. Go to any Malware forum & no matter what AV they have installed, they got infected.As you can see from your logs, you had a lot of stuff installed, that you Please re-enable javascript to access full functionality.

If you need more time, please let me know by posting in this topic so that your topic will not be closed. Back to top #3 suebaby41 suebaby41 W.A.M. (Women Everyone else please begin a New Topic. Viewpoint is also bundled with Adobe Atmosphere and hardware manufacturers pre-install some of these applications.Personally I wouldn't have it on my system, that is a choice for the user, but in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. Computing.Net and Purch hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy. You don't stop laughing when you get old; you get old when you stop laughing.A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)Malware Removal University Masters GraduateJoin The Fight Please post the contents of log.txt.

CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Jump to Three cheers for avast! free 12.3.2280/ Outpost Firewall Pro9.3/ Firefox 51.0.1, uBlock Origin, RequestPolicy/ MailWasher Pro7.8.0/ DropMyRights/ MalwareBytes AntiMalware Premium 2.2.0/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast!

Avast Evangelists.Use NoScript, a limited user account and a virtual machine and be safe(r)! try this By keeping this program you will most likely get infected again in the future and by helping you it will be kind of wasting our time. Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dllO2 - BHO: Yahoo! Register now!

Back to top #6 ken545 ken545 Advanced Member Trusted Malware Techs 300 posts Gender:Male Location:Florida's Spacecoast Posted 04 August 2008 - 05:07 PM Yes you can get rid of the 024 Report • #20 Johnw August 25, 2015 at 14:55:21 "so hopefully this time I have completed everything correctly"Perfect.Copy & Paste the text in Blue below & save it into Notepad on Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdcyqp -> Quarantined and deleted successfully. Tell me what else I can do, and what I'm doing wrong (but don't bother telling me to quit WoW, that advice will be ignored!).message edited by t5b0s5 Report • #12

I have been happily alt-tabbing out of WoW for years. Copy & Paste the contents of the log in your next post please. That may cause it to stall.NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.***It's strongly recommended to have the Recovery Console installed before doing any malware Operating Systems ▼ Windows 10 Windows 8 Windows 7 Windows XP See More...

Reboot when finished.Exclude Step 2 ( Malwarebytes scan ) logs are large, upload them using Zippy. Then the answer is to REBOOT the machine, and all will be corrected.Can't Install an Antivirus - Windows Security Center still detects previous AV are almost ready to start ComboFix, but No more click, click during an install, you have to read after each click.WARNING: CNET downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic &

The list is not all inclusive.

Report • #19 t5b0s5 August 25, 2015 at 07:41:36 OK, so hopefully this time I have completed everything correctly. It might appear to have stopped at times or flash the screen but sit tight until it has finished.MalwareBytes: Download button top right - not anything else on the page)Install and I am following with another boot time scan to see if anything else has crawled out of the woodwork.VirusTotal didn't have anything scary to say about c:\windows\system32\nwprovau.dll.DavidR, thanks for the HOSTS C:\WINDOWS\system32\urqPHxUO.dll (Trojan.Vundo) -> Delete on reboot.

So I'm printing instructions, following links, reading information....but it's past my bedtime now, and I'll be at work tomorrow. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuns32 (Dialer) -> Quarantined and deleted successfully. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged check over here I still have the virus background and popups.

Logfile of HijackThis v1.97.7 Scan saved at 6:30:24 PM, on 4/1/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe If your network is not running something I suggest the IT people get something installed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ddc0aa97-8a8f-48d3-8301-bd9c1ba2ca9a} (Trojan.Vundo) -> Delete on reboot. Quarantine anything it finds.

http://www.infoworld...ID-theft_1.html Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use. Surprised? Double click on RSIT.exe to run RSIT. Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.

Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b3a78e1-84e1-4782-bdec-63107b9f51fc} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. I was unable to scan with SAS even in safe mode, but I managed to install and scan with a recent copy of MBAM (in safe mode), which I had on Will run both Farbar and ComboFix properly and zip both logs to Zippyshare.

She will be switching ASAP. « Last Edit: October 26, 2008, 03:50:28 PM by t l s » Logged Pentium Dual-Core 2.5 GHz, 250GB HDD, 2 GB RAM, WinXP Pro It is always the same 0x0000003b stop code. Logged DavidR Avast √úberevangelist Certainly Bot Posts: 76371 No support PMs thanks Re: please help with malware infestation, hjt log « Reply #12 on: October 22, 2008, 01:58:01 PM » Quote When the scan is complete, click OK, then Show Results to view the results.

The scan may take some time to finish,so please be patient. Advertisement Camlee98 Thread Starter Joined: Mar 21, 2004 Messages: 184 Hey guys I'm working on cleaning up my Father in-laws computer he is a bit of a freeware HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc18gj0enf7 (Rogue.Multiple) -> Quarantined and deleted successfully.

© Copyright 2017 All rights reserved.