TechSpot

540.filost.com strikes again

By SilverLady31
Nov 4, 2005
  1. I searched and searched for help with this problem. Finally found you guys...I have already downloaded hijackthis but don't know which files to delete. Please help. Here is the log:
     

    Attached Files:

  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    First, please follow the instructions in Post #2 here: http://forums.techguy.org/showthread.php?p=3069393

    Then Read: Only use these HJT-instructions when asked!
    /P/ Process needs to be stopped
    /U/ UNinstall anything to do with this
    /R/ unRegister the xxx.DLL in that line
    The text between the dotted lines underneath goes between the dotted lines of that post.
    Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
    ...................................................................................................
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    /R/U/ O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    /R/ O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\mllmm.dll
    /P/U/ O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
    /P/ O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
    O4 - Global Startup: Event Reminder.lnk = ?
    Fix ALL your O16 - DPF: entries
    Unless these IP-numbers are from your ISP, fix this O17
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E120AC71-64BD-4BDA-A1DB-16B66D385885}: NameServer = 170.76.16.5 167.114.253.3
    O20 - Winlogon Notify: mllmm - C:\WINDOWS\System32\mllmm.dll
    /R/ O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
    ...................................................................................................
     
  3. SilverLady31

    SilverLady31 TS Rookie Topic Starter

    Completed instructions to best of my abilities

    It seems to have worked just fine. Just let me run a few things by you for clarification. (1) when trying to unregister some of xxx.dll files witht he regsvr32 /u ...... in the run program, the pop window told me file missing or didn't exist and couldn't run the command (2) do i leave the cleanup, hijackthis, and vundofix.exe on my computer or do I get rid of them too (I'm guessing the first two come in handy in another attack but not sure about the third one (3) do you need a new hijackthis log?

    BTW--a million thanks. Even though I had to read and reread some of the instructions, you were very helpful.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Gues you did not find mllmm.dll during MY instructions.
    The first instructions from techguy should (and did) take care of that.
    I left it in just to be sure.

    I would keep Cleanup and HJT. Uninstall vundofix, but store the file somewhere you can find it again. Next time (hopefully not) you may not be able to go online to get it again, so it might come in handy one day.

    If you want to be sure, by all means post a fresh HJT-log (from Safe Mode).
     
  5. SilverLady31

    SilverLady31 TS Rookie Topic Starter

    Sure would love to get you to look at the log just to make sure. If anything needs to be taken care of, I really appreciate your assistance.

    Again--thanks a million!
     
  6. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Just some cosmetics. Run HJT and have it FIX:

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (file missing)

    Otherwise your log is clean. Congrats.
     
  7. SilverLady31

    SilverLady31 TS Rookie Topic Starter

    Will do. Once again...many, many thanks! You rock.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...