Home > Please Help > Please Help (L2M Virus) And Hijackthis Log

Please Help (L2M Virus) And Hijackthis Log

If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.Trevuren 0 #8 Mantose Posted Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, How do you make a permanent folder:   Click My Computer, then C:\ and then on Program Files. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 Also, click here: http://forums.techguy.org/attachment.php?attachmentid=46183 to download Find It NT-2K-XP.zip. Finally, run Find.bat again. After a reboot, your desktop and icons will appear, then disappear (this is normal).

Please Wait! If you're not already familiar with forums, watch our Welcome Guide to get started. iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Please check these now in HJT O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2V2aW4gVG8\command.exe (file missing) Also, your IE is out of date, use Windows Update to fix

Click OK When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. C:\WINDOWS\system32\trpmonui.dllAttempting to delete infected files...Attempting to delete: C:\WINDOWS\system32\h4l20e3oeh.dllC:\WINDOWS\system32\h4l20e3oeh.dll Deleted successfully!Attempting to delete: C:\WINDOWS\system32\enpql1751.dllC:\WINDOWS\system32\enpql1751.dll Deleted successfully!Attempting to delete: C:\WINDOWS\system32\h4l20e3oeh.dllC:\WINDOWS\system32\h4l20e3oeh.dll Deleted successfully!Attempting to delete: C:\WINDOWS\system32\nyrsde.dllC:\WINDOWS\system32\nyrsde.dll Deleted successfully!Attempting to delete: C:\WINDOWS\system32\swell32.dllC:\WINDOWS\system32\swell32.dll Deleted successfully!Attempting to C:\WINDOWS\system32\h4l20e3oeh.dllInfected! In the menu bar, File->New->Folder.

Check the "Hide protected operating system files (recommended)" option. Total of file sizes: 233,729 bytes 228.25 K ********************************************************************************** Directory Listing of system files: Volume in drive C has no label. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged https://www.bleepingcomputer.com/forums/t/28032/hijackthis-log-please-help-diagnose/?view=getlastpost Check out the forums and get free advice from the experts.

Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{BDD4057D-0359-40FC-9CE0-EA24B1624ABC}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{BDD4057D-0359-40FC-9CE0-EA24B1624ABC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{BDD4057D-0359-40FC-9CE0-EA24B1624ABC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{BDD4057D-0359-40FC-9CE0-EA24B1624ABC}\InprocServer32] @="C:\\WINDOWS\\system32\\siellstyle.dll" "ThreadingModel"="Apartment" Running From: C:\Documents and Settings\Jimmy1\Desktop\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 [emailprotected] Killing PID 1156 'explorer.exe' Killing PID 1156 'explorer.exe' Error 0x5 : Copy the contents of that log and paste it into this thread.

All rights reserved. https://www.daniweb.com/hardware-and-software/information-security/threads/52205/hellllppp-please-hijack-log-inside Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

If you need it re-opened just PM me or one of the other moderators and we'll open it for you. 0 This discussion has been closed. C:\WINDOWS\system32\en48l1hu1.dll Infected!

Now restart your computer. http://magicnewspaper.com/please-help/please-help-with-my-hijackthis-log.html It will then ask if you want to reboot now. Turn your computer back on. davehc replied Feb 22, 2017 at 2:23 AM Black screen theborg replied Feb 22, 2017 at 2:15 AM Wireless Router Modem or Wifi...

When the command window first opens, it will say "File not found". Share this post Link to post Share on other sites This topic is now closed to further replies. Volume Serial Number is 2814-AF59 Directory of C:\WINNT\System32 03/11/2005 07:27p

dllcache 0 File(s) 0 bytes 1 Dir(s) 25,454,542,848 bytes free ------- Hidden Files in System32 Directory ------- Volume in drive Click on the View tab and make sure that "Show hidden files and folders" is checked.

With out these you are leaving the backdoor open.I strongly recommend installing the following applications:Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. Put a check next to Run this program as a task.

Scroll down until you find the service.

Check to see if your recycle bin is functioning properly. Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. Double click on the fix.reg file to enter into the registry. Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: AVSync Manager (AvSynMgr)

We want to stop and disable an added service (023)To stop a service and set to 'disabled' Go to Start > Run and type in Services.msc then click OK Click the The command completed successfully. Double-click Look2Me-Destroyer.exe to run it. http://magicnewspaper.com/please-help/please-help-with-hijackthis.html Jump to content FacebookTwitter Geeks to Go Forum Security Virus, Spyware, Malware Removal Welcome to Geeks to Go - Register now for FREE Geeks To Go is a helpful hub, where

Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.IMPORTANT: Do NOT run any other files in the l2mfix folder unless you