Home > Hjt Log > HJT Log - W2K

HJT Log - W2K

Dashboard for XFINITY TV on the X1 Platform Get details on weather, traffic, sports and more all from your XFINITY TV on the X1 Platform Dashboard. Reboot your computer back to normal mode and Reconnect To The Internet Step#17:Scan and Post a New HJT log with other logs Scan again with HijackThis. Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended). Still some work to do yet, couple of files leftover to sort.Please go to: VirusTotalIn the middle of the page you'll find a "Browse" button.Click the "Browse" button and browse to

Then close all other windows and browsers except HijackThis and press fix checked... In your next reply, please post: * the SDFix report.txt Malwarebytes' Anti-Malware log * new HijackThis log taken after the above scan has run Extra Note: If MBAM encounters a file Your logs are clean.Message Edited by CajunTek on 09-17-2007 06:04 AM TANSTAAFL!!I am not a Comcast employee, I am a paying customer just like you!I am an XFINITY Forum Expert and Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - G:\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button:

When it prompts you to update, click the OK button. FT Server""C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE:*:Enabled:Microsoft Office Word""C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune""C:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe"="C:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe:*:Enabled:_aunchPad""C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe:*:Enabled:LaunchPad""C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe"="C:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe:*:Enabled:Collapse! I downloaded it from Google)ComboFix 07-08-04 - "Owner" 2007-08-03 17:37:21.1 [GMT -4:00] - NTFS Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_IPRIP -------\Iprip ((((((((((((((((((((((((( Files Created from 2007-07-03 to Click on this link to see a list of other programs that should be disabled.Reports/logs to post in your next reply:* SUPERAntiSpyware Scan log* ComboFix.txt* rootlog.txt 0 ..Microsoft MVP Consumer Security

DolbyR Regular member Joined: Apr 28, 2004 Messages: 512 Likes Received: 0 Trophy Points: 26 Eli windowsin ladattua rupeaa kaikki ohjelman yksitellen sulkeutumaan ja lopuksi boottaa koneen, epäilin virusta mutta mcafee Could it be corrupt ? Step#2:Show All Hidden Files Very Important Please download and open the following zip file. Register now!

Then close all other windows and browsers except HijackThis and press fix checked. Is this by any chance a false positive? Eli käynnistä hjt, klikkaa do a system scan only ja merkkaa: O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - https://forums.pcpitstop.com/index.php?/topic/155347-w2k-sp3-hangs-during-boot-process-explorerexe-100/ If there is some abnormality detected on your computer HijackThis will save them into a logfile.

Ran HJT on W2K and found suspicious entries: O21 SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62} - (no file) and O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62} - bestreak (no file) These entries were listed in other Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & if you have a popup from any of your protection programs asking if you want to make a change to the registry, say Yes or Accept it Step#14:Fixing With CWShredder CLOSE for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the

After you uncheck these, click on the Save button and close Microsoft AntiSpyware. http://www.theeldergeek.com/forum/index.php?showtopic=25837 Hijacked W2k machine = HJT Logs Started by treycarroll , Mar 18 2005 05:48 PM Please log in to reply 6 replies to this topic #1 treycarroll treycarroll Members 20 posts Mark it as an accepted solution!I am not a Comcast employee.Was your question answered?Mark it as a solution! 0 Kudos Posted by Reckingball ‎09-17-2007 09:03 AM Frequent Visitor Member Since: ‎06-18-2007 I am an XFINITY Forum Expert and I am here to help.We ask that you post publicly so people with similar questions may benefit.Was your question answered?

Look for a service called Remote Procedure Call (RPC) Helper . Chat - http://us.chat1.yimg...t/c381/chat.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{B6C56573-8960-4330-AB6C-F77EC56BD210}: Domain = skynet.be O20 - AppInit_DLLs: C:\WINNT\System32\wmfhotfix.dll O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file) O22 Crunch""C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java 2 Platform Standard Edition binary""C:\\Program Files\\CrackApp\\CrackApp.exe"="C:\\Program Files\\CrackApp\\CrackApp.exe:*:Enabled:CrackApp , All multimedia in one box""C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox""C:\\Program Files\\AIM\\AIM95_c0\\aim.exe"="C:\\Program Files\\AIM\\AIM95_c0\\aim.exe:*:Enabled:AOL Instant Messenger""C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger""C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord""C:\\Program Files\\123Movies2IPOD\\123Movies2IPOD.exe"="C:\\Program Files\\123Movies2IPOD\\123Movies2IPOD.exe:*:Enabled:123 Movies2iPod Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Yahoo!\Installs\ycomp5_1_5_0.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: @msdxmLC.dll,[emailprotected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: (no name) - {a2595f37-48d0-46a1-9b51-478591a97764} - (no

It does not provide an option to clean/disinfect. So I googled it and read that it's a symptom of the sasser worm. Check to make sure it is up-to-date. Download and install SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop.

The first set of instructions follows: We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make. If I click anywhere else when it's starting up then it gets frozen. There is no option to clean/disinfect, however, we need to analyze the information on the report.

In the left pane, click on Real-time Protection.

if it is uncheck it and try again. The Fix: Step#1:Getting Ready Please save these instructions to WordPad so that you have them accessible while following the steps. By continuing to use this site, you are agreeing to our use of cookies. But first...

o Click Open. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Log To obtain the report: Click on: Save Report As (above - red blinking arrow) Next, in the Save as prompt, Save in area, select: Desktop In the File name area, use Thank you for your time!

Copy and paste the bold text below into the address bar of Registrar Lite:(this is making a Registry backup for safety in case of error) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Go to File> Export and Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Yahoo!\Installs\ycomp5_1_5_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Read the instructions about the cookies.

Anyhow, after pressing 'OK' SDFix continued without problems. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Once the license has been accepted, reset to 100%.) Or use Firefox with IE-Tab plugin https://addons.mozil...efox/addon/1419 The program launches and downloads the latest definition files.