Home > Please Look > Please Look At My HJT

Please Look At My HJT

Member Posts: 25 help please look « on: October 10, 2008, 04:13:49 AM » I'm getting random web sites popping up on computer. Click here to join today! It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.For more information about Spyware, the tools available, and other informative material, including information on This will create a folder named WinPFind on your desktop.

You really should read these carefully.Good luck, and thanks for coming to our forums for help with your security and malware issues. AVGAS log attached. then let us know if there is any improvement. __________________ PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE. Join over 733,556 other people just like you!

Please post one from normal mode. Cookiegal, Jan 9, 2007 #3 sailorman Thread Starter Joined: Sep 12, 2004 Messages: 38 They are too long to embed in the message so I will attach them. O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: TrayMin230.lnk = ? Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15027 bytes Michelle888 View Public Profile Send a private message to Michelle888 Find all posts by Michelle888 #2 30-08-10, 10:01

The IP address being used is Tech Support Guy is completely free -- paid for by advertisers and donations. TechSpot is a registered trademark. ltdanman44 Jr.

AV: Panda Antivirus 2008 v3.01.00 (Panda Security) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Thread Tools Search this Thread 05-04-2008, 05:44 AM #1 aadam Registered Member Join Date: Apr 2008 Posts: 8 OS: win xp sp2 I have spyware or malware as I I am an XFINITY Forum Expert and I am here to help.We ask that you post publicly so people with similar questions may benefit.Was your question answered? http://forum.webuser.co.uk/showthread.php?t=71277 Dec 20, 2006 Add New Comment You need to be a member to leave a comment.

ComboFix 08-05-08.1 - test 2008-05-09 22:03:47.1 - NTFSx86 Running from: C:\Documents and Settings\test\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\test\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Absolute Poker Accessing and setup of a Wireless Gateway Find everything you need to know about setting up your wireless gateway. This is a non-essential process. -click on start > run type msconfig press ok Click on the Startup tab Look for the entry MotiveSB Uncheck it if found click on save

  • Reboot your computer normally, start HijackThis and perform a new scan.
  • how boutMBAMSpybot andSAS?post the logsMBAM update put a check mark nest to all baddies and click REMOVE SELECTEDSpybot and SAS update -Clean and Quarantine edit out cookies when you post logswe
  • Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast!

my adwatch monitoring goes off about 15 times a minute and all of the items flag AVGAS as the source. visit I can see Avast but not F-Secure. Event Record #/Type67050 / Error Event Submitted/Written: 04/27/2008 10:56:24 AM Event ID/Source: 7023 / Service Control Manager Event Description: The SKAN ECR Communications Service service terminated with the following error: %%183 For some reason when I saw O4 - HKLM\..\Run: [Byte Tool Tons Mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\Admin Long.exeI thought to myself that don't belong there.....the same with

Zbknie Close control panel. Avast Evangelists.Use NoScript, a limited user account and a virtual machine and be safe(r)! Please continue as follows: Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you use, or plan on using, additional spyware/malware detection and/or removal programs, please check the following two Items.

I suggest running it weekly. Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Yahoo! If you're not already familiar with forums, watch our Welcome Guide to get started. If you need anything just let me know.

Logfile of HijackThis v1.99.1Scan saved at 9:21:08 PM, on 7/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\ewido anti-spyware 4.0\guard.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\system32\00THotkey.exeC:\WINDOWS\system32\TPSMain.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\Program Any suggestions Thanks Michelle888 Michelle888 View Public Profile Send a private message to Michelle888 Find all posts by Michelle888 #5 08-09-10, 19:49 bricat Global Moderator Join Date: Jun Here are combofix log and new HJTlog.

Cookiegal, Jan 12, 2007 #14 Sponsor This thread has been Locked and is not open to further replies.

Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? A logfile will be created that records all actions that The Avenger performed. Oct 3, 2007 Is there a way to easily post my log from HJT? causing problems somewhere.

HJT was able to remove the smitfraud virus...I was reading about it on wiki, and found out a friend wanted to watch a movie on a website and installed thier "software" Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Music & Audio Video & Photo Hardware Tablets, smartphones and e-readers Computer components and accessories Other Hardware All Other Technical Help Topics O4 - HKCU\..\Run: [BoltMove] C:\DOCUME~1\LtDan\APPLIC~1\DEFAUL~1\MathCash.exe Nasty (2.06 / 5.00)Because of the second find, I propose you download SmitfraudFix: http://siri.urz.free.fr/Fix/SmitfraudFix.exeDownload Smitfraudfix (first save, then unpack all files).

it looks clean, and of course my post clean up canned speech as well.. You can obtain more information here: MS Baseline Analyzer Adjust your security settings for ActiveX:Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options)Press 'default level', I certainly put Avast anti-virus on my comp but don't know anything about F-Secure.