Home > Hjt Log > HJT Log @ A Friend's Laptop.

HJT Log @ A Friend's Laptop.

HumanMage, Dec 30, 2007 #3 (You must log in or sign up to reply here.) Show Ignored Content Share This Page Tweet Your name or email address: Do you already have Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started zx10guy replied Jan 16, 2017 at 10:18 AM 4 Word Story continued (#6) cwwozniak replied Jan 16, 2017 at 10:10 AM Loading... NOTE1.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2077543 uInternet Connection Wizard,ShellNext = hxxp://google/ IE: Add to Windows &Live Favorites - Welcome to Windows Live IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html Completion time: 2010-08-07 02:02:28 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-06 22:02 Pre-Run: 29,085,483,008 bytes free Post-Run: 31,231,082,496 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons Advertisements do not imply our endorsement of that product or service. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

where is daugher? Board index All times are UTC-07:00 Delete all board cookies Members The team Contact us Powered by phpBB Forum Software © phpBB Limited Jump to content Resolved Malware Removal I suggest you remove it.

Advanced Search Forum PressF1 HJT Log for Speedy How fast is your internet? System config summary appended.The Task Manager has suspicious numbers. That can happen if you run HijackThis from a Limited Account, but it won't affect HijackThis' ability to give us a log. It is known to be intrusive, but there is some possibility that it is now being used by those companies to give them info about your habits.

Have a look here under Removal Instructions- download and run the Removal Tool.click hereIt will be okay to copy the HJT Log to another computer, as long as that's all that Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here. Powered by vBulletin Version 4.2.2 Copyright © 2017 vBulletin Solutions, Inc. have a peek at these guys Make sure all other windows are closed and to let it run uninterrupted. * Under the Custom Scan box paste this in: netsvcs drivers32 /all %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\system32\*.wt %systemroot%\system32\*.ruy %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll

Stay logged in Sign up now! Posts 3,205 HJT Log for Speedy I am cleaning up a friend's laptop, ASUS Win VISTA 1GB RAM. HJT log @ a friend's laptop. If Combofix asks you to install Recovery Console, please allow it.

It has a buttload of error messages on startup and IE refuses to work. https://www.bleepingcomputer.com/forums/t/73738/friends-laptop-plagued-by-viruses/ Do NOT use the computer while GMER is running! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Advertisement reneirwolf878 Thread Starter Joined: Feb 17, 2002 Messages: 562 His laptop has been acting up for a really long time.

If so, it's a legitimate file I did get several messages like "denied access to host file" and "modMain_checkother1item()", which I didn't know what that meant..Click to expand... Thats a big relief off my shoulders haha...I'll be sure to tell him to keep an eye on what he views on the internet...Thanks very much for your help Ceewi, its HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully. Yes, my password is: Forgot your password?

Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmUninstall List:1. All rights reserved. IDG Communications TeMerc Internet Countermeasures Adware, malware, spyware and hijacker discussion, help and information Skip to content Quick links Members The team FAQ Login Register Board index Tons of Adware and Viruses rcoops72, Jul 19, 2016, in forum: Virus & Other Malware Removal Replies: 24 Views: 1,127 dvk01 Jul 26, 2016 Thread Status: Not open for further replies. To start viewing messages, select the forum that you want to visit from the selection below.

HumanMage, Dec 29, 2007 #1 ceewi1 VIP Member Messages: 5,427 HumanMage said: ↑ I could only find one thing that raised my eye, and that was this process "crss.exe" I looked Copying message to... broni, Jul 31, 2010 #7 ThuG_PoeT Established Techie7 Member Re: [Active] my friend's laptop has a virus (hijackthis log + Uninstall Manager list ComboFix 10-08-05.06 - elsadig.eltahir 08/07/2010 1:25.1.2 - x86

All Rights Reserved.

Please install it and then reboot your computer. Thanks! broni, Aug 8, 2010 #9 ThuG_PoeT Established Techie7 Member Re: [Active] my friend's laptop has a virus (hijackthis log + Uninstall Manager list OTL logfile created on: 8/8/2010 11:22:37 PM - Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem?

Tech Reviews Tech News Tech How To Best Tech Reviews Tech Buying Advice Laptop Reviews PC Reviews Printer Reviews Smartphone Reviews Tablet Reviews Wearables Reviews Storage Reviews Antivirus Reviews Latest Deals That may cause it to stall** Make sure, you re-enable your security programs, when you're done with Combofix. Share this post Link to post Share on other sites This topic is now closed to further replies. Under Main choose: Select All Click the Empty Selected button.

or read our Welcome Guide to learn how to use this site. These are saved in the same location as OTL. Are you looking for the solution to your computer problem? Please, do not select the "Show all" checkbox during the scan.

No, create an account now. Join our site today to ask your question. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\amva (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\documents and settings\elsadig.eltahir\Recent\Thumbs.db c:\documents and settings\New Folder (2)\LOCKv105.exe c:\documents and settings\New Folder (2)\RABAH KHALID CV. .doc c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\mg.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KAVSYS -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. My Website!"The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy." - Martin Luther