Home > Possibly Infected > Possibly Infected HJT Log

Possibly Infected HJT Log

Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program I'll definitely perform the necessary scans and post up any new information here. c:\documents and settings\xp\Application Data\Desktopicon c:\documents and settings\xp\Application Data\Desktopicon\config.ini . ((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 ))))))))))))))))))))))))))))))) . 2009-11-11 23:16 . 2009-11-11 23:16 d w- c:\program files\iPod 2009-11-11 23:16 . 2009-11-11 This helps to avoid confusion and ensure the member gets the required expert assistance they need to resolve their problem. navigate here

Self Protection;c:\windows\system32\drivers\aswSP.sys [7/13/2009 12:42 AM 114768] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7/2/2009 4:36 PM 270888] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 3:54 AM 66600] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/13/2009 12:42 AM 20560] R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe Thus, sometimes it takes several efforts with different, the same or more powerful tools to do the job. Here are my MBAM log, Combofix Log, and new HJT log...thanks: Malwarebytes' Anti-Malware 1.41 Database version: 3156 Windows 5.1.2600 Service Pack 3 11/12/2009 5:00:28 PM mbam-log-2009-11-12 (17-00-28).txt Scan type: Quick Scan Powered with <3 from Vanilla & WordPress. https://www.bleepingcomputer.com/forums/t/413016/possibly-infected-hjt-log/

When prompted, please select: Allow. Any files you deleted in safe mode afterwards.4. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. I did as you said in your first reply but when I booted into safe mode, my Internet would NOT work, so I just rebooted and did it that way. Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:29 AM, on 4/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Register now!

You may have to disable the real-time protection components of your anti-virus in order to complete a scan. Thanks for helping clean my computer of infections...everything looks good now. 0 chiaz Nov 2009 edited Nov 2009 You're welcome. Here are the entries, and thanks again: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 S4 0167561246573756mcinstcleanup;McAfee Application Installer Cleanup (0167561246573756);c:\docume~1\xp\LOCALS~1\Temp\016756~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\xp\LOCALS~1\Temp\016756~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S4 Edited by Wingman, 09 June 2013 - 07:23 AM.

Several functions may not work. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Guidelines For Malware Removal And Log Analysis Forum Started by Alatar1 , Sep 28 2005 04:29 PM This topic is locked 2 replies to this topic #1 Alatar1 Alatar1 Asst. We achieve RTOs (recovery time objectives) as low as 15 seconds. 30 Day Free Trial Question has a verified solution.

scanning hidden autostart entries ... Thanks for your cooperation. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe c:\program files\Apoint2K\Apntex.exe

Here is my updated HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:37:20 PM, on 10/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot http://ircdhelp.org/possibly-infected/possibly-infected-with-js-obfuscator-h.php Get 1:1 Help Now Advertise Here Enjoyed your answer? VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Again, thanks for the help EDIT: Do I have to keep the registry file on my desktop?

We try to be as accommodating as possible but unlike larger help sites, that have a larger staff available, we are not equipped to handle as many requests for help. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection. Completion time: 2009-11-12 17:28 ComboFix-quarantined-files.txt 2009-11-12 22:28 Pre-Run: 85,126,975,488 bytes free Post-Run: 85,102,133,248 bytes free Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4 - - End Of File - - 23BC02B33482AA42CFC3A9EC844569D3 Logfile of Trend his comment is here The malware may leave so many remnants behind that security tools cannot find them.

The before part is important. or read our Welcome Guide to learn how to use this site. It's time to remove ComboFix.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Web Development HTML Web Languages and Standards Scripting Languages CSS Advertise Here 843 members asked questions and received personalized solutions in the past 7 days. uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents Thanks for the help. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List

We achieve RTOs (recovery time objectives) as low as 15 seconds. 30 Day Free Trial LVL 66 Overall: Level 66 Windows XP 49 Anti-Virus Apps 13 Anti-Spyware 7 Message Expert Thanks 0 Message Author Comment by:kevindompig ID: 241407212009-04-14 After completing a scan with MalwareBytes, it detected and removed three items, I've added the log down below. Please continue to respond until I give you the "All Clear". (Just because you can't see a problem doesn't mean it isn't there) Please download Malwarebytes' Anti-Malware by clicking the link weblink Ask a question and give support.

Be sure to check for and download any definition updates prior to performing a scan.Malwarebytes Anti-Malware: How to scan and remove malware from your computerSUPERAntiSpyware: How to use to scan and Several functions may not work. Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK. Go to to Start > Run Type in box combofix /u Note: the space between the X and the /u Press Enter.

Thanks Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:41:15 PM, on 8/4/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe I posted the HijackThis log to review any possible infections, if any. Back to top #3 jedi jedi aequam memento rebus in arduis servare mentem Retired Staff 15,830 posts Posted 23 December 2008 - 04:35 AM Due to the lack of feedback this Using the site is easy and fun.

JediKarp 29.06.2010 02:22 More notifications6/28/2010 6:13:29 PM Password protected C:\Users\Karpman\Desktop\rt 7 lite_win7_x64.msi/disk1.cab/servper.dat Windows Explorer 6/28/2010 6:19:15 PM Password protected C:\WINDOWS\servper.dat Windows® installer i uninstalled the application until i can get a Can I delete it or move it to another folder?