TechSpot

Hijackthis Log PLEASE HELP

By bueller345
Jan 25, 2007
Topic Status:
Not open for further replies.
  1. I keep getting pop ups and I really need help here is the hijackthis log. Thanks!
     
  2. tomrca

    tomrca TS Rookie Posts: 1,051

    you don't seem to have any firewall showing in your log.you can obtain a free one from zonelabs.
    you will need to move hijack this from the desktop. place it in its own folder within docs or programme files. you also need to change it's name eg, 'analyser 1991'. the reason for this is because there are bugs that can hide from it. do this before you do another scan. then post the log


    if you don't recognise these , have hijack this fix them

    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab


    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/Mul...ctComboBox.cab
     
  3. bueller345

    bueller345 TS Rookie Topic Starter

  4. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,866   +165

    Windows XP, SP2 has a firewall. It's not part of IE. Is your system fully updated using the Microsoft Update utility? The updated XP, SP2 firewall is not bad, but as many say, there are better firewalls out there. I'm using Symantec's new (beta) Norton 360. It takes over the firewalls duties. Windows Defender and IE7, and Media Player 11 are part of Windows Vista. Norton 360 is compatible with Windows Vista
     
  5. tomrca

    tomrca TS Rookie Posts: 1,051

    it would be viable to run a scan for other nasties. CLICK HERE. get firewall HERE

    please post your hjt log as an attachment

    open hijack this. scan, tick the box that correspond to these entries, then click fix. scan after fix to make sure that they have gone

    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3CA77~1\Bar888.dll (file missing) if you have problems deleting Bar888. look here

    O20 - Winlogon Notify: windnl32 - windnl32.dll (file missing)

    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab


    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/Mul...ctComboBox.cab
     
  6. bueller345

    bueller345 TS Rookie Topic Starter

    I check the ones you listed and fixed them. Here is the new log attached.
     
  7. bueller345

    bueller345 TS Rookie Topic Starter

    OK i upgraded to IE7 and the crap still pops up. Its really weird cause some of the pop ups are Yahoo.com and Vonage.com
     
  8. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,866   +165

    You are probably infected with a Trojan downloader virus
     
  9. cfitzarl

    cfitzarl TechSpot Chancellor Posts: 2,520   +9

    May I suggest Firefox?
     
  10. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,866   +165

    \

    There's no need for Firefox here... all the addon's are not worth it
     
  11. cfitzarl

    cfitzarl TechSpot Chancellor Posts: 2,520   +9

    Bueller345 was complaining about popups, and IE is terrible at blocking popups. That's the only reason I suggested it.

    Although, this is probably adware in the computer. I still look down on IE though ;) .
     
     
  12. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,866   +165

    IE7 is not terrible... Don't knock somthing you know nothing about! I used Firefox for a time, and I reverted back to IE6
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system has the vundo infection. This is quite easy to get rid of, so don`t panic.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. bueller345

    bueller345 TS Rookie Topic Starter

    Ok here are the two logs...that took a while. Thanks again for the help. PS i have both IE and Firefox...both with there ups and downs.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the filepath you need to enter into Vundofix.

    C:\WINDOWS\system32\ddayv.dll

    Post a fresh HJT log after doing the above.

    Regards Howard :)

    This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. bueller345

    bueller345 TS Rookie Topic Starter

    OK that seemed to have worked (knock on wood) here is the new log.
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    Have HJT fix these inactive entries from normal mode.

    O2 - BHO: (no name) - {2B749A6C-09C2-417E-91DD-4C80E957125D} - C:\WINDOWS\system32\ddayv.dll (file missing)

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    Reboot your system.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. spotter2300

    spotter2300 TS Rookie

    You need to change the name of HJT to analyzer1991. The whole hijack list must be moved into its own folder within program files. There change its name to analyzer 1991. (The plunger)
     
  19. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    This is taken from bueller345`s last HJT log.

    C:\Program Files\hijackThis\analyser 1991.exe

    As you can see, HJT is already running from the correct location and has been renamed.

    Regards Howard :)

    This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.