Home > Hijackthis Log > HijackThis Log: Locked Wallpaper

HijackThis Log: Locked Wallpaper

checking for PSGuard.com keyPSGuard.com key not present!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~msvol.tlbncompat.tlbhp***.tmp ~~~ Icons in System32 ~~~ ~~~ Windows Anyway, if you really want your bunny , yes please, install it again. :D AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! C:\ In the box labeled "Enter the file to search" Enter the file rfjxkq Now click on the "Find" button Once the utility has found the files click on "Export" This HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. http://resolutemediagroup.com/hijackthis-log/hijackthis-log-help.html

Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Creative Audio Studio V2.8] C:\WINDOWS\unimontr.exe O4 - HKCU\..\Run: [wkrf] C:\Program Files\Common Files\wkrf\wkrfm.exe O4 - HKCU\..\Run: [ISMModule6] "C:\Program Files\ISM\ISMModule6.exe" O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe" O4 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe, O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{376efd74-7aa4-44a4-9e39-e374ed3139a9} (Trojan.Vundo) -> Quarantined and deleted successfully. my comp keeps shutting down randomly, high temp? read the full info here

scanning hidden files ... Please download FileFind from Atribune:http://www.atribune.org/downloads/FileFind.zip Unzip the file and save it to your desktop. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Place a check against each of the following if still present:O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp8E5A.tmpO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)O4 - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seneka (Trojan.TDSS) -> Quarantined and deleted successfully. AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Now that all is well again, can I delete the little file you just had me make, or does that have to stay on the desktop forever and ever? Join the ClassRoom and learn how. Tech Support Guy is completely free -- paid for by advertisers and donations. o It will open in your default text editor (such as Notepad/Wordpad).

Also please describe how your computer behaves at the moment. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:17:44 AM, on 2/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version!

Is this what you wanted to see? browse this site As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Several functions may not work. or read our Welcome Guide to learn how to use this site.

but I don't want to stare at it forever. http://resolutemediagroup.com/hijackthis-log/help-me-pls-hijackthis-log.html AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! Will take a look at the HijackThis log a little later. Page 1 of 2 1 2 Next > Advertisement berkeleychick Thread Starter Joined: Jul 7, 2007 Messages: 24 Ok My computer is a disaster.

I forgot to update it and for that reason it didn't find anything suspicious. Might want to post the header of the MBA-M log too. 0 Discussion Starter Vict 7 Years Ago Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ni.gscns (Trojan.Agent) -> Quarantined and deleted successfully. Back to top #5 Sonachu Sonachu Topic Starter Members 5 posts OFFLINE Local time:03:02 AM Posted 31 October 2005 - 10:56 AM Deleted the five files. check over here I have no idea what your last post means. 0 Discussion Starter Vict 7 Years Ago Yes, its working fine now thank you very much.

Follow the same procedure for the other. Edited by FZWG, 28 December 2005 - 06:30 PM. Edited by FZWG, 28 December 2005 - 02:40 AM.

Join 91113 other members!

Join the ClassRoom and learn how. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 miekiemoes miekiemoes Malware Killer Dog Malware Response Team 19,420 posts OFFLINE Gender:Female Location:Belgium Local time:10:02 Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab Thank you.

Here is the Hijackthis Log and Startuplist Log: Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:43:59 AM, on 2/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet One last thing. Proud graduate of TC/WTT Classroom Back to top Related Topics Back to Virus, Spyware & Malware Removal · Next Unread Topic → 0 user(s) are reading this topic 0 http://resolutemediagroup.com/hijackthis-log/need-help-with-my-hijackthis-log.html C:\3.tmp C:\5.tmp C:\d.bat C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\All Users\Application Data.\salesmonitor C:\Documents and Settings\jamal\Application Data\WinTouch C:\Documents and Settings\jamal\Application Data\WinTouch\config.cfg.001069c420a399b8fa7af921a835162f C:\Documents and Settings\jamal\Application Data\WinTouch\config.cfg.d9bacd987c58773e5e85a075cef6fe2c C:\Documents and Settings\jamal\err.log

Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\Mixer.exe C:\Program Files\Vista Drive Icon\DrvIcon.exe HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xdvkiaaf (Rootkit.Agent) -> Quarantined and deleted successfully. Heres a log file from hijackthis. Sign In Use Facebook Use Twitter Need an account?

If the operation above completed successfully, there is a backup of the Registry key in C:\, just in case we need it. Click here to join today! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. Back to top #6 miekiemoes miekiemoes Malware Killer Dog Malware Response Team 19,420 posts OFFLINE Gender:Female Location:Belgium Local time:10:02 AM Posted 31 October 2005 - 12:00 PM Hi,Good things are