| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 92398 | 2008-08-09 01:19:00 | Hijack this | smudge (13752) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 696024 | 2008-08-09 03:49:00 | I didn't install it!! I honestly didn't. I'll click those things you said. That Anti Malware wouldn't install. I'll try again after I've ticked/fixed those entries. |
smudge (13752) | ||
| 696025 | 2008-08-09 03:54:00 | See if malwarebytes installs after you uninstall Vista AV 2008, and tick the entries, use trojan remover, and reboot | Speedy Gonzales (78) | ||
| 696026 | 2008-08-09 03:55:00 | Ok, none of those things are on the HJT scan, I had run TR again before I got a reply and it removed a whole lot of things, latest scan... I'll also try installing that anti malware thingy again now. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:08:10, on 9/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\CCleaner\ccleaner.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = softwarereferral.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll F3 - REG:win.ini: run="C:\Documents and Settings\Owner\Application Data\Adobe\Manager.exe" O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {a1dd0f28-c46b-ece4-c8ee-206a9b366c48} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn\yt.dll O3 - Toolbar: (no name) - {AC5F10A8-46F1-4AC9-9A4F-00AFA5FBD618} - (no file) O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [{d479e967-54d2-a946-42cd-1e7d21df76a4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\eqgqrrgmyxoj.dll" DllStart O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.pcu.co.nz O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - www.update.microsoft.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE1D650-B58F-4CF1-81A1-72D2D9E9BC36}: NameServer = 203.96.152.4,203.96.152.12 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe -- End of file - 5533 bytes |
smudge (13752) | ||
| 696027 | 2008-08-09 04:00:00 | It still won't install, s238.photobucket.com |
smudge (13752) | ||
| 696028 | 2008-08-09 04:01:00 | Tick these entries then tick fixed checked Close browsers O3 - Toolbar: (no name) - {AC5F10A8-46F1-4AC9-9A4F-00AFA5FBD618} - (no file) O4 - HKLM\..\Run: [{d479e967-54d2-a946-42cd-1e7d21df76a4}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\eqgqrrgmyxoj.dll" DllStart O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Then reboot then scan with trojan remover, then select all options under the utilities menu. Then install malwarebytes Are you installing 1.24 of malwarebytes? |
Speedy Gonzales (78) | ||
| 696029 | 2008-08-09 04:09:00 | Ok, anti malware installed. Updated and now scanning... (thank you for this!!) I'll report back here once it's finished. Also, I downloaded the latest version. |
smudge (13752) | ||
| 696030 | 2008-08-09 04:10:00 | Cool :badpc: | Speedy Gonzales (78) | ||
| 696031 | 2008-08-09 04:12:00 | Oh and spybot has been removed :/ Not sure how that happened, i won't install again either. I don't know if it's important or not |
smudge (13752) | ||
| 696032 | 2008-08-09 04:14:00 | Nah malwarebytes is better than Spybot | Speedy Gonzales (78) | ||
| 696033 | 2008-08-09 04:17:00 | but the malware bytes is only a free trial so it will soon expire | smudge (13752) | ||
| 1 2 3 4 | |||||