Home > Help > Help - Please Review HJT Log

Help - Please Review HJT Log

You then restart, and turn System Restore back on, and create a new Restore Point. dammit View Public Profile Find all posts by dammit #11 May 24th, 2004, 03:58 PM sweetpea1994 Member Join Date: Apr 2004 Location: Ohio Posts: 44 Here is my O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://www.ritzpix.com/upload/WebUploadClient.cab KarenBBLBTJM, Mar 3, 2005 #3 Byteman Gone but Never Forgotten Joined: Jan 24, 2002 Messages: 17,742 Hi, Since it will take awhile

Click here to join today! SpywareGuard can prevent the changes you are making some too...I guess you have seen it pop up and ask if you would like to allow/block changes...and I guess you picked the Go to Tools > Folder Options. as the Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.http://cleanup.stevengould.org/Then reboot to let it clean out what it found.Download Windows

That was quite a haul Housecall did for you. Time to look for a new tech guy - anyone work in Houston out there? O4 - HKLM\..\Run: [ziT] C:\documents and settings\maupin.11\local settings\temp\ziT.exe O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Umpu.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2221e82...ip/RdxIE601.cab Reboot into Safe Mode.....( tap F8 key during reboot, until Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.

No, create an account now. Here are the steps: First, click on Start, go to Programs, then System Tools, and click on System Restore. When I stop it throught the task manager - there are always two copies, spysweeper comes up and says it will try and start next time windows starts. Everything else int he start up menu is check - I had forgotten I did that - following instructions from wherever I figured out how to get ME into safe mode

Attached Files: hijackthis.txt File size: 7.3 KB Views: 8 Oct 8, 2005 #1 Spike TS Evangelist Posts: 2,168 You may want to download LSPFix beforehand, but... Then, hit the Config button, then "Back" to get back to the main screen, and then use the "Delete a file upon reboot" button, and in the "Enter a file to Typically there are two ... why not find out more Join the community here, it only takes a minute.

Is there anything else I can try to fix this? Let me know if the one you have will or will not run...that is sometimes a symptom of malware! 3. Any help would be appreciated. Dismiss Notice TechSpot Forums Forums Software Virus and Malware Removal Today's Posts Please review this HJTlog ByFarmer Ted Oct 8, 2005 Thanks a lot in advance!

Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users. You can de-select the CDROM drive and floppy drive, if you do not want to scan any disks.... Try the following... Let me know if you can get downloads, there will be some to get I am sure. 4.

Even when I couldn't even see it in the folder with all hidden files viewable. download and run LSPFix from http://cexx.org/lspfix.htm 1. Check 'I know what I'm doing'. 3. I fixed everything you asked when I ran HJT again.

Pager] 1O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\RAUL GONZALEZ\Application Data\amee.exeO4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccessO4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dllO4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1O4 - HKCU\..\Run: [msnmsgr] For information on the program click here.We ask that you post publicly so people with similar questions may benefit from the conversation.Was your question answered? Make sure you can see Hidden files and Folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html Run a search for then delete the files and Folders: in bold if they still exist. The time now is 03:08 PM.

c:\program files\bonjour\mdnsnsp.dll - remove directory in bold C:\WINDOWS\system32\ssqrr.dll C:\Program Files\Bonjour\mDNSResponder.exe - remove directory in bold C:\WINDOWS\system32\ps2.exe turn system restore back on and reboot. Login now. I don't know if this is of interest but that pruttct was very hard to ditch.

I gather that PRUTSCTis part of EGR2?

When an online scan finds nothing, (besides items in Restore) or antispyware programs report only tracking cookies, you can be fairly sure things are OK... What we checked: Microsoft known security vulnerabilities. Forums DaniWeb IT Discussion Community Join Log In Read Answer Ask Hardware and Software Programming Digital Media Community Center Hardware and Software Information Security Please review HJT log, unable to update O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ssqrr.dll 20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll Also, with that ps2.bat, is your keyboard a hewlett packard one?

I still get pop ups whenever I replug in my ethernet connection. If none, I can point you to some good ones that are free to try or keep, let me know. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: SSVHelper Most of the nasties I mentioned the first time around seem to have gone from your HJT file, although I note that you didn't fix ALL 016 entries (because I forgot

I ran HJT again, and it seems that most of what I tried to fix came back. Logfile of HijackThis v1.97.7 Scan saved at 9:25:00 AM, on 5/24/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam That link has another to go to ME's Restore directions, just hit that and read about turning off Restore temporarily to remove infected Restore Points, then do it. If it detects the same files as Norton did, then there may be a problem,but I doubt it will.

Click on the View tab and make sure that "Show hidden files and folders" is checked. I will reboot and scan tonight when I get home.