Home > Solved My > [Solved] My Brother's Hijack This! Log

[Solved] My Brother's Hijack This! Log

Click back to the "Scan" tab and then click on Complete System Scan. Find the following files/folders and delete them (don't worry if they are already gone):C:\WINDOWS\isrvs\sysupd.dll C:\WINDOWS\isrvs\desktop.exe C:\WINDOWS\isrvs\ffisearch.exe C:\WINDOWS\isrvs\mfiltis.dll Next, let's clean up the temporary folders:* Click Start * Point to Programs * Reboot your computer normally, start HijackThis and perform a new scan. I'll be back though. have a peek here

OT Back to top #6 JasGreg JasGreg New Member Members 7 posts Posted 21 March 2005 - 07:02 PM Logfile of HijackThis v1.99.1 Scan saved at 7:01:35 PM, on 3/21/2005 Platform: He is getting some sort of popup "freesites" I think he said. God bless! Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...1881262771&id=0 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...1881262771&id=0 http://www.tomsguide.com/answers/id-2649195/virus-hijackthis-log-enclosed.html

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Jump to Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cabO16 - DPF: Where can I get Avast anti-spyware? Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINDOWS\System32\rsyncmon.dll O2 - BHO: ohb - {22B720C7-5FA6-40A8-9F8F-8584BF669690} - C:\WINDOWS\System32\trgen.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3}

Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O8 - Extra context menu item: &Yahoo! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' Yes, my password is: Forgot your password?

lanevo12 5.12.2007 18:23 QUOTE(Don Pelotas @ 4.12.2007 14:39) Next time when you plan on doing a format anyway, then please don't waste volunteers time here in the forum. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored. lanevo12 5.12.2007 20:21 QUOTE(Don Pelotas @ 5.12.2007 19:17) If you get infected immediately after a format reinstall of windows and subsequently have updated it to latest spec and with Kaspersky installed Other > Viruses and worms Help!

See: http://forum.kaspersky.com/index.php?showtopic=21869Hi, I also try scan in safe mode. From there on you only install software you're sure of and not something you got via P2P for example.Do you also use messengers and receive files via this?not so often use From there on you only install software you're sure of and not something you got via P2P for example.Do you also use messengers and receive files via this? I am posting one more log because I want to be certain everything is gone.

I couldn't even restore my system cos all restore points had been deleted! Place a check against each of the following:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.comR3 - It could be a number of things. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4

Actually my brother took control of the situation (he's much better at computers than I am-esp virus and such). navigate here Info on HOW to post a HijackThis log is at :www.bleepingcomputer.com/tutorials/tutorial94.html ;of course, skip "Steps 1 - 3" . Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes Step #2 XP Delete files - We need to make sure all hidden files are showing so please:* Click Start. * Open My Computer. * Select the Tools menu and click

all patches, all hotfixes, all service packs?could you check your memory using memtest86+ and report if you get any errors: http://www.memtest.org/have found something after i format againpop up by kaspersky and Advertisements do not imply our endorsement of that product or service. Don Pelotas 5.12.2007 20:37 QUOTE(lanevo12 @ 5.12.2007 17:21) In house network..others pc are ok..my pc are fine before this..I mean is ok for quite long time and forgot how I get Check This Out When finished, it will produce a log.

lanevo12 3.12.2007 16:06 ComboFix 07-12-02.6 - Vii 2007-12-03 19:47:56.1 - NTFSx86Running from: C:\Documents and Settings\Vii\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Vii\Application Data\macromedia\Flash Player\#SharedObjects\WQCCCYUV\www.inter-focus.cnC:\Documents and Settings\Vii\Application Data\macromedia\Flash Player\#SharedObjects\WQCCCYUV\www.inter-focus.cn\IFFLASHAD_PLAYER.solC:\Documents and Settings\Vii\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cnC:\Documents and Double click combofix.exe & follow the prompts.3. Navigate to the saved file and double-click the installer, HJTsetup.exe.HijackThis will be installed on your computer at C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop

We have spyware blaster running, immunized with spybot, and are running the MS anit-spyware beta.

is windows fully up to date? DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS SOME OF THE FILES ARE LEGITIMATE AND VITAL TO THE FUNCTION OF YOUR COMPUTER OT Back I think that would help. Post your new log file back here using the New Reply button and I will review it when it comes in.

Please proceed with the following steps in order. also the same.The virus try to inject other tronjan to my pc . Let's do this again. http://webadapt.org/solved-my/solved-my-hijack-this-log.php www.popupcop.com It allows you to open a blocked popup in a new window if it is something you really want to see.

Step #5 OK. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.------------------------* Start Ewido...Click on the Scanner tab at the top. While I am not an expert with HJ This I was able to get him cleaned up I think. All rights reserved.

Spiritsongs: :) Hi Sister In The Lord : You have what is usually called a "Hijacker" and it would be best if you had the help of an Show Ignored Content As Seen On Welcome to Tech Support Guy! is windows fully up to date? In that case, download the script ( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder).

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes