Home > Hijackthis Log > HijackThis Log -- Just Housekeeping

HijackThis Log -- Just Housekeeping

Run the scan, enable your A/V and reconnect to the internet. Back to top #7 nasdaq nasdaq Malware Response Team 35,078 posts OFFLINE Gender:Male Location:Montreal, QC. You should remove HijackThis using the Add/Remove Programs list. C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.

Several functions may not work. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run. Completion time: 2008-08-27 19:03:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-28 00:03:45 Pre-Run: 64,074,133,504 bytes free Post-Run: 65,216,114,688 bytes free 125 --- E O F --- 2008-08-20 03:10:56 Back to top #6 WE'RE SURE THAT YOU'LL LOVE US! http://www.bleepingcomputer.com/forums/t/518888/hijackthis-log-please-help-diagnose/

If someone smarter than I would like to investigate the source of the virus/trojan I caught, go to:link removed for safety orlink removed for safety If one clicks on the vodeo, c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [-] 2012-02-08 . It will just give me some additional information about your system.

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? It matches and has not been edited so it's clean. Back to top #8 Croftie Croftie Topic Starter Members 5 posts OFFLINE Local time:10:41 PM Posted 23 November 2011 - 02:54 PM Yeah it was deleted again, so I just I run WinXP.

C:\Documents and Settings\Matt\Application Data\rhc70jj0ea35\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. RE: Nuwar vsarint as Flash update ? his comment is here c:\documents and settings\All Users\Start Menu\Programs\Startup\~Disabled NextPVR Tray.lnk - c:\program files\NPVR\NTray.exe [2011-8-29 26624] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1)

HiJackThis log Part 2 - Nuwar varint (wpx18.cpx) as Flash update ? I'll leave this thread open until tomorrow just in case you have another problem. HKEY_CLASSES_ROOT\CLSID\{63f6a655-a297-46e0-bb86-72bb332b7f19} (Trojan.FakeAlert) -> Quarantined and deleted successfully. JimMoved from an old thread to your own for better attention - MOD 4143Views Tags: none (add) This content has been marked as final.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-0736892-23009) -> Quarantined and deleted successfully. http://www.hijackthis.de/ Using the site is easy and fun. If you wish to scan all of them, select the 'Force scan all domains' option. . Thanks for all your help!

C:\WINDOWS\system32\phc30jj0ea35.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. i haven't noticed anormalies for the moment, he run good. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. C:\Documents and Settings\Matt\Application Data\rhc70jj0ea35\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

Back to top #5 original digga original digga Topic Starter Members 4 posts OFFLINE Gender:Male Location:Riverton Local time:09:11 AM Posted 02 January 2014 - 02:51 PM Hello again.... Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

RSS ALL ARTICLES FEATURES ONLY TRIVIA Search The How-To Geek Forums Have Migrated to Discourse How-To Geek Forums / Windows 7 Trojan r.KJ issues (5 posts) Started 6 years ago Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Quarantined and deleted successfully.

or read our Welcome Guide to learn how to use this site.

They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. Several functions may not work. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log

No input is needed, the scan is running. C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.

Note the space between the ..X and the /U, it needs to be there.NEXTDouble click on adwcleaner.exe to run the tool.Click on Uninstall.Confirm with yes.If there are any logs/tools remaining on C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. After downloading the tool, disconnect from the internet and disable all antivirus protection. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner.

C:\Documents and Settings\Matt\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully. Hi Until someone else pops along. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015 Back to top #22 Spike91 Spike91 Topic Starter Members 15 posts OFFLINE Local time:11:41 PM Posted 24 April 2014 - 02:29 ComboFix is finding a string that if normally found on some malware file.I'm sure it's good. Just paste your complete logfile into the textbox at the bottom of this page.

HiJackThis log - Nuwar varint (wpx18.cpx) as Flash update ? C.Go to -> Run -> copy/paste the following single line command in the runbox & click OK "%userprofile%\desktop\combofix.exe" /killall DO NOT USE your computer for any other purpose while ComboFix is