Home > I Have > I Have Aquired The P2P - Worm Here Is My Hijack This Log

I Have Aquired The P2P - Worm Here Is My Hijack This Log

mail.yahoo.com is at 216.109.127.60 not 216.129.127.60. Doing so could cause changes to the directions I have to give you and prolong the time required. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will move any infected files to the %userprofile%\DoctorWeb\quarantine folder that can't be cured.Next and this is important, from the main Dr.Web CureIt menu (top left), click File and choose save http://custsolutions.net/i-have/i-have-aquired-the-network-monitor-trojan-and-here-is-my-hijack-this-log.php

I wanted to add that Combofix located and deleted 3 majors files which seemed to be the virus: c:\windows\system32\drivers\gaopdxlpxvqbvvtxatgqifsqnrdvykcxsebjey.sys c:\windows\system32\gaopdxxedcigtqidreercswqpobstpitwdtcnc.dll d:\recycler\S-8-4-61-100021364-100004264-100003590-3449.com I was running norton 360, but after reading several reviews Glad I could help. Ad eundum quo no duck ante iit Back to top #23 bundy5000 bundy5000 Topic Starter Members 24 posts OFFLINE Local time:05:09 AM Posted 08 May 2007 - 06:37 PM sry Copy the results with the notepad and copy/paste them back here.

Check My Log Please Started by bundy5000 , Apr 29 2007 05:13 AM Prev Page 2 of 3 1 2 3 Next Please log in to reply 33 replies to this Back to top #10 Jat90 Jat90 Members 1,515 posts OFFLINE Gender:Male Location:United Kingdom Local time:10:09 AM Posted 14 April 2009 - 03:17 AM Hello,The file was quarantined by ComboFix.Congratulations you It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal Post this back here please.

or read our Welcome Guide to learn how to use this site. It would be useful if you had a scan before the problem, then you'd have something to compare against.Have you checked your hosts or lmhosts file? As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Here is my log: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=4004 (20090413) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066

Ad eundum quo no duck ante iit Back to top #29 bundy5000 bundy5000 Topic Starter Members 24 posts OFFLINE Local time:05:09 AM Posted 10 May 2007 - 02:33 AM c:/windows Please reply using the button in the lower right hand corner of your screen. Open this folder and find the correct recent log tht showed that infection. I noticed that the corrupted file is located in the quarantine section of combofix.

The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the al. Refer to the picture below if unsure.Other DeletionsLocate where you saved DDS.exe, right click the file and select Delete.Take a read of this excellent tutorial:Simple and easy ways to keep your Ad eundum quo no duck ante iit Back to top #27 bundy5000 bundy5000 Topic Starter Members 24 posts OFFLINE Local time:05:09 AM Posted 09 May 2007 - 06:59 PM that

Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Only attach them if requested or if they do not fit into the post.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?

I do not get yahoo mail · actions · 2003-Sep-2 8:44 pm · keith2468Premium Memberjoin:2001-02-03Winnipeg, MB

keith2468 to p00ter_nerd Premium Member 2003-Sep-2 8:55 pm to p00ter_nerdThose links take me to Yahoo http://custsolutions.net/i-have/i-think-i-have-a-worm-someone-please-help-me.php Ad eundum quo no duck ante iit Back to top #19 bundy5000 bundy5000 Topic Starter Members 24 posts OFFLINE Local time:05:09 AM Posted 08 May 2007 - 02:03 PM in Here is my Hijackthis log:Running processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Camera Assistant Software for Toshiba\traybar.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Autorun Eater\oldmcdonald.exeC:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Windows\ehome\ehmsas.exeC:\Program I ran NeoTrace also on that IP and came up with 100% no connection.Initiating server query ...Looking up the domain name for IP: 216.129.127.60(The domain name for the specified IP address

keith2468 to p00ter_nerd Premium Member 2003-Sep-3
  • If there is some abnormality detected on your computer HijackThis will save them into a logfile.
  • That could be the root of his problem.Otherwise I agree with you, he could disable the office "baggage" but otherwise nothing is jumping out.... · actions · 2003-Sep-2 8:20 pm ·
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please
  • So is substituting familiar modules with malware modules that have extra functions added.
  • How you doing on the other step? or read our Welcome Guide to learn how to use this site. Back to top #6 plethora330 plethora330 Topic Starter Members 5 posts OFFLINE Local time:05:09 AM Posted 13 April 2009 - 12:17 PM Here is my combofix log file:AV: Norton 360 http://custsolutions.net/i-have/i-have-the-black-worm-virus-need-help-my-hijack-this-log-inside.php Please post this log in your next reply. - Jat90 - If I have not responded to you within 24 hours, then please feel free to send me a message.

    Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Instruction can be found here Double click on ComboFix.exe & follow the prompts. Whatever my issue is it's impairing me from getting on certain sites. · actions · 2003-Sep-2 7:56 pm · keith2468Premium Memberjoin:2001-02-03Winnipeg, MB keith2468 to p00ter_nerd Premium Member 2003-Sep-2 8:01 pm

    You access that function from add/remove programs, select MSIE, and ask it to do a repair.----------------------------Here's a thread on your virus, actually a back-door worm:»www.softwaretipsandtrick ··· did=5281Norton popes up a box

    It's getting worse, HELP!!! With the help of this automatic analyzer you are able to get some additional support. What issues made you want to review your computer here? Back to top #8 plethora330 plethora330 Topic Starter Members 5 posts OFFLINE Local time:05:09 AM Posted 13 April 2009 - 04:43 PM Incredible!!!

    Navigate to your Ad-aware SE folder: C:\Documents and Settings\USER NAME\Application Data\Lavasoft\Ad-Aware\Logs. This will result in fewer programs running when you boot your system, and should improve preformance.If that does not work, you can try the steps mentioned in Slow Computer/browser? If you would run the scan again, but let it tell you it is done before checking the Startup Programs log to post back here. weblink You should also scan your computer with program on a regular basis just as you would an anti virus software.SUPERAntiSpyware You should also scan your computer with the program on a

    Simply download this tool to your desktop and run it. Back to top #22 Jintan Jintan Malware Response Team 531 posts OFFLINE Local time:04:09 AM Posted 08 May 2007 - 05:57 PM I admit I have not seen Ad-Aware in Using the site is easy and fun. Click on Select all drives.

    I'm off to bed.[text was edited by author 2003-09-03 01:57:35] · actions · 2003-Sep-3 1:52 am · Forums → Software and Operating Systems → Security« Dells not patched by default.. I have not tried this on a Vista operating system myself, which I would normally do before offering a repair here, but I have reports from other trained persons that it h??? [???[[email protected]?[?X?[?p?scanning hidden files ...scan completed successfullyhidden files:**************************************************************************.Completion time: 2009-04-13 11:25ComboFix-quarantined-files.txt 2009-04-13 15:24Pre-Run: 125,170,733,056 bytes freePost-Run: 128,912,801,792 bytes free191 --- E O F --- 2009-03-30 20:12Thanks!!! Please re-enable javascript to access full functionality.

    Edited by plethora330, 13 April 2009 - 05:05 PM. Everyone else please start a new topic. - Jat90 - If I have not responded to you within 24 hours, then please feel free to send me a message. Please be patient.Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. We do not want to clean you part-way, only to have the system re-infect itself.

    It can override the IP addresses associated with domain names.You can use SpyBot S&D (advanced interface) to do that.More user friendly tools for spyware detection are:SpyBot»security.kolla.deAd-Aware»www.lavasoftusa.com/Good luck. Please re-enable javascript to access full functionality.