Hijackthis Log PLEASE HELP

Status
Not open for further replies.
you don't seem to have any firewall showing in your log.you can obtain a free one from zonelabs.
you will need to move hijack this from the desktop. place it in its own folder within docs or programme files. you also need to change it's name eg, 'analyser 1991'. the reason for this is because there are bugs that can hide from it. do this before you do another scan. then post the log


if you don't recognise these , have hijack this fix them

O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab


O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/Mul...ctComboBox.cab
 
Windows XP, SP2 has a firewall. It's not part of IE. Is your system fully updated using the Microsoft Update utility? The updated XP, SP2 firewall is not bad, but as many say, there are better firewalls out there. I'm using Symantec's new (beta) Norton 360. It takes over the firewalls duties. Windows Defender and IE7, and Media Player 11 are part of Windows Vista. Norton 360 is compatible with Windows Vista
 
it would be viable to run a scan for other nasties. CLICK HERE. get firewall HERE

please post your hjt log as an attachment

open hijack this. scan, tick the box that correspond to these entries, then click fix. scan after fix to make sure that they have gone

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3CA77~1\Bar888.dll (file missing) if you have problems deleting Bar888. look here

O20 - Winlogon Notify: windnl32 - windnl32.dll (file missing)

O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange.com/Control/MLXClientUtils.cab


O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange.com/Control/Mul...ctComboBox.cab
 
OK i upgraded to IE7 and the crap still pops up. Its really weird cause some of the pop ups are Yahoo.com and Vonage.com
 
bueller345 said:
OK i upgraded to IE7 and the crap still pops up. Its really weird cause some of the pop ups are Yahoo.com and Vonage.com

You are probably infected with a Trojan downloader virus
 
bueller345 said:
OK i upgraded to IE7 and the crap still pops up. Its really weird cause some of the pop ups are Yahoo.com and Vonage.com

May I suggest Firefox?
 
Bueller345 was complaining about popups, and IE is terrible at blocking popups. That's the only reason I suggested it.

Although, this is probably adware in the computer. I still look down on IE though ;) .
 
IE7 is not terrible... Don't knock somthing you know nothing about! I used Firefox for a time, and I reverted back to IE6
 
Hello and welcome to Techspot.

Your system has the vundo infection. This is quite easy to get rid of, so don`t panic.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok here are the two logs...that took a while. Thanks again for the help. PS i have both IE and Firefox...both with there ups and downs.
 
Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

This is the filepath you need to enter into Vundofix.

C:\WINDOWS\system32\ddayv.dll

Post a fresh HJT log after doing the above.

Regards Howard :)

This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean.

Have HJT fix these inactive entries from normal mode.

O2 - BHO: (no name) - {2B749A6C-09C2-417E-91DD-4C80E957125D} - C:\WINDOWS\system32\ddayv.dll (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Reboot your system.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You need to change the name of HJT to analyzer1991. The whole hijack list must be moved into its own folder within program files. There change its name to analyzer 1991. (The plunger)
 
This is taken from bueller345`s last HJT log.

C:\Program Files\hijackThis\analyser 1991.exe

As you can see, HJT is already running from the correct location and has been renamed.

Regards Howard :)

This thread is for the use of bueller345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back