Home > Help > Help - Svchost.exe Virus? HJT Log Included

Help - Svchost.exe Virus? HJT Log Included

Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: MonacoGamma.lnk I can't think of any other info that would be useful to you all, so I'll just attach the logfile and check back soon. There is still hope though. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? check over here

Malwarebytes' Anti-Malware 1.11 Database version: 661 Scan type: Full Scan (C:\|D:\|) Objects scanned: 297096 Time elapsed: 2 hour(s), 31 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Join our site today to ask your question. muppy03, May 10, 2009 #15 Sponsor This thread has been Locked and is not open to further replies. C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe

help please dakhog, May 1, 2009 #7 dakhog Thread Starter Joined: Dec 8, 2008 Messages: 36 starting to feel like i'll have this virus forever dakhog, May 3, 2009 Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogonO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exeO4 - HKLM\..\Run: [TkBellExe] No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMe3e8da5d (Trojan.Agent) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{3d87b50d-542a-45b6-96e9-f03cfaa8c962} (Adware.BHO) -> Quarantined and deleted successfully. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! scanning hidden files ...

Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 Blade81 Blade81 Bleepin' Rocker Malware Response Team 6,465 posts OFFLINE Gender:Male Location:Finland Local time:05:20 PM Logged -Mitch Dolphin (I work for Cyrus now)"Hey everybody, there's a shitcloud comin'! The page will refresh. http://www.bleepingcomputer.com/forums/t/237482/winbluesoft-please-help-hjt-log-file-included/ Several functions may not work.

As I am still in training, everything that I post to you, must be checked by one of the teachers. Mitch, what do you suggest instead of Avira? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. Logged ~Sarah~*100% Certified Honouary Canuck*________________________________________ Port Cockerton:"Maybe if you hadn't spent the whole night sinking space sluts you wouldn't have let down the entire universe yet again!""Copy that.""Solution, Captain Powerful?!""MORE powder

I am so pissed! https://www.cnet.com/forums/discussions/help-i-m-dealing-with-nasty-virus-hijackthis-log-included-294980/ Click here to Register a free account now! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dllO2 - BHO: DriveLetterAccess - O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version

HiJackThis log included! (Read 4211 times) 0 Members and 2 Guests are viewing this topic. check my blog It was her laptop first and I have had to debug this sucker a few times from the crap she downloaded. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. Flag Permalink This was helpful (0) Collapse - My 6-pence worth - Format The PC!

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. It is running extremely slow, beyond slow. Include the address of this thread in your request. this content Instead of Windows loading as normal, a menu should appear.

Forums have been really busy. Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: MonacoGamma.lnk I'm dealing with nasty virus!

Problem with these infections nowadays is, it causes a lot of damage.

I'd like to get this computer running faster. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you My computer is slow---My Blog---Follow me on Twitter.My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!Asking for help I tried to remove them all however Im not so sure i succeeded in doing so.

If someone wants to hold my hand and tell me exactly where to start, that would be great too. I appreciate the help. Infected? have a peek at these guys HKEY_CLASSES_ROOT\CLSID\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.

If you have any questions or are unsure in anyway, please let me know. Spyware, Viruses, & Security forum About This ForumCNET's spyware, viruses, & security forum is the best source for finding the latest news, help, and troubleshooting advice from a community of experts. This post has been flagged and will be reviewed by our staff. I am posting a Hijackthis log, I hope someone can see something on it.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hsd1.fl.comcast.net. I'm dealing with nasty virus! The posting of advertisements, profanity, or personal attacks is prohibited. or read our Welcome Guide to learn how to use this site.

HiJackThis log included! « Reply #10 on: Aug 07, 2010, 07:17 AM » I would get rid of Avira Antivirus, a client had that installed recently and it seemed to be HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully. Save the file to your desktop. I know, I know, I am only a LURKER, but oh well, have a good day.Errare humanum est Flag Permalink This was helpful (0) Collapse - Updating Java by Bugbatter /

I would like some help in figuring out if there are any trojans/viruses still in my computer. Once reported, our moderators will be notified and the post will be reviewed. When you press Save button a notepad will open with the contents of that file. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

If you need this topic reopened, please contact a Staff member. Thank you for helping us maintain CNET's great community.