540.filost.com strikes again

Status
Not open for further replies.
S

SilverLady31

I searched and searched for help with this problem. Finally found you guys...I have already downloaded hijackthis but don't know which files to delete. Please help. Here is the log:
 

Attachments

  • hijackthis.txt
    6.7 KB · Views: 5
First, please follow the instructions in Post #2 here: http://forums.techguy.org/showthread.php?p=3069393

Then Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/U/ UNinstall anything to do with this
/R/ unRegister the xxx.DLL in that line
The text between the dotted lines underneath goes between the dotted lines of that post.
Make sure to follow ALL instructions, and in HJT tick/fix ALL lines!
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
/R/U/ O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
/R/ O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\mllmm.dll
/P/U/ O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
/P/ O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - Global Startup: Event Reminder.lnk = ?
Fix ALL your O16 - DPF: entries
Unless these IP-numbers are from your ISP, fix this O17
O17 - HKLM\System\CCS\Services\Tcpip\..\{E120AC71-64BD-4BDA-A1DB-16B66D385885}: NameServer = 170.76.16.5 167.114.253.3
O20 - Winlogon Notify: mllmm - C:\WINDOWS\System32\mllmm.dll
/R/ O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
...................................................................................................
 
Completed instructions to best of my abilities

It seems to have worked just fine. Just let me run a few things by you for clarification. (1) when trying to unregister some of xxx.dll files witht he regsvr32 /u ...... in the run program, the pop window told me file missing or didn't exist and couldn't run the command (2) do i leave the cleanup, hijackthis, and vundofix.exe on my computer or do I get rid of them too (I'm guessing the first two come in handy in another attack but not sure about the third one (3) do you need a new hijackthis log?

BTW--a million thanks. Even though I had to read and reread some of the instructions, you were very helpful.
 
Gues you did not find mllmm.dll during MY instructions.
The first instructions from techguy should (and did) take care of that.
I left it in just to be sure.

I would keep Cleanup and HJT. Uninstall vundofix, but store the file somewhere you can find it again. Next time (hopefully not) you may not be able to go online to get it again, so it might come in handy one day.

If you want to be sure, by all means post a fresh HJT-log (from Safe Mode).
 
Sure would love to get you to look at the log just to make sure. If anything needs to be taken care of, I really appreciate your assistance.

Again--thanks a million!
 
Just some cosmetics. Run HJT and have it FIX:

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (file missing)

Otherwise your log is clean. Congrats.
 
Status
Not open for further replies.

Similar threads

Noname123
What Smartphone is better
Replies
0
Views
279
Noname123
Noname123
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
479
eriksnyman1
E
hdeveci
Sound comes 1 sec delayed in the beginnig
Replies
2
Views
145
hdeveci
hdeveci

Latest posts

Back