Home > Hijackthis Log > Hijackthis Log - ALGCHK.EXE

Hijackthis Log - ALGCHK.EXE

Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. Click here to Register a free account now! Click the "Download" button to the right. All rights reserved. http://swapshaker.com/hijackthis-log/win-seven-hijackthis-log.html

It will ask for confimation to delete the file. None of this did any good, as I still had the "worm" attacking me. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. ********************************TRUSTED ZONES******************************** Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select http://www.hijackthis.de/

OriginalFilename : lsass.exe#:6 [svchost.exe] FilePath : C:\XP\system32\ ProcessID : 800 ThreadCreationTime : 4/2/2007 5:06:49 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System Even for an advanced computer user. IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary: We will not send you spam or share

Click OK. · Make sure everything in the white box has a check next to it, then click Next. · It will quarantine what it found and if it asks if Back to top #3 Glam Glam Topic Starter Members 24 posts OFFLINE Gender:Female Location:New Jersey Local time:03:45 PM Posted 22 May 2007 - 06:14 PM Thanks for your help RichieUK. Shall i post another HiJackThis log and a ActiveScan? OriginalFilename : svchost.exe#:35 [wcescomm.exe] FilePath : C:\Program Files\Microsoft ActiveSync\ ProcessID : 2728 ThreadCreationTime : 3-28-2007 1:32:31 AM BasePriority : Normal FileVersion : 3.8.0.5004 ProductVersion : 3.8.5004 ProductName : Microsoft ActiveSync CompanyName

Just paste your complete logfile into the textbox at the bottom of this page. AimeeMarie, Aug 16, 2007 #3 MFDnNC Joined: Sep 7, 2004 Messages: 49,014 Strange, yes go ahead but after running SAS try NoLop again MFDnNC, Aug 16, 2007 #4 AimeeMarie Thread Reboot your computer once all Java components are removed. http://www.geekstogo.com/forum/topic/129268-hijackthis-logi-think-im-affected-but-not-surehelp-please/ If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log · --If you receive an error, "mscomctl.ocx or

successful (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\teller2.chk C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\tsuninst.exe C:\WINDOWS\system32\atmtd.dll.tmp C:\Documents and Settings\LocalService\Application Data\NetMon C:\Program Files\Deskbar C:\Program Files\Common Files\{9070C848-0746-1033-0609-05050609002c} ((((((((((((((((((((((((((((((( Files Created from 2006-08-05 to 2006-09-05 )))))))))))))))))))))))))))))))))) 2006-09-03 20:04 48,190 --a------ C:\WINDOWS\RDFX4.exe This site is completely free -- paid for by advertisers and donations. o It will open in your default text editor (such as Notepad/Wordpad). Click on see report.

  1. Reboot/logoff when prompted.
  2. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources It is imperative that you update your Antivirus software
  3. Location: : C:\Documents and Settings\Ted Gideonse\recent Description : list of recently opened documents MRU List Object Recognized!
  4. Thanks.
  5. OriginalFilename : CTFMON.EXE#:38 [ipodservice.exe] FilePath : C:\Program Files\iPod\bin\ ProcessID : 2920 ThreadCreationTime : 3-28-2007 1:32:35 AM BasePriority : Normal FileVersion : 7.1.1.5 ProductVersion : 7.1.1.5 ProductName : iTunes CompanyName : Apple

Reboot in Safe Mode. https://www.bleepingcomputer.com/forums/t/314335/virus-or-just-too-many-applications/?view=getnextunread Set the program up as follows:Click "Options..." Set the slider to "Standard CleanUp!" Uncheck the following:Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files Click OK Press the I somehow ended up with something that made my Norton AV go off every few seconds saying there was a worm trying to get in that it was blocking. Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download

All rights reserved. his comment is here here's the log files ----------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 9:49:15 AM, on 6/17/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe All rights reserved. OriginalFilename : iTunesHelper.exe#:33 [googledesktop.exe] FilePath : C:\Program Files\Google\Google Desktop Search\ ProcessID : 2668 ThreadCreationTime : 3-28-2007 1:32:29 AM BasePriority : Normal FileVersion : 5.1.703.13372 ProductVersion : 5.1.703.13372 ProductName : Google Desktop

OriginalFilename : svchost.exe#:10 [svchost.exe] FilePath : C:\XP\system32\ ProcessID : 1172 ThreadCreationTime : 4/2/2007 5:06:53 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System Continue to do so until the 'Windows Advanced Options' menu appears. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2007 OriginalFilename : QTTask.exe#:34 [ituneshelper.exe] FilePath : C:\Program Files\iTunes\ ProcessID : 2708 ThreadCreationTime : 4/2/2007 5:07:55 PM http://swapshaker.com/hijackthis-log/hijackthis-log-help-plz.html I think I went delete happy one day a while back..

Annoying Pop-ups On Internet Explorer Started by Glam , May 20 2007 11:03 AM Please log in to reply 9 replies to this topic #1 Glam Glam Members 24 posts OFFLINE Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. I've also installed Avast!

All Rights Reserved.

OriginalFilename : svchost.exe#:8 [svchost.exe] FilePath : C:\XP\System32\ ProcessID : 884 ThreadCreationTime : 3-28-2007 1:31:39 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.Under 'Reports' select 'Automatically generate report after every scan' After the combofix I havent had anything pop up about the worm. Back to top #7 Glam Glam Topic Starter Members 24 posts OFFLINE Gender:Female Location:New Jersey Local time:03:45 PM Posted 26 May 2007 - 12:29 AM I think that the pop-ups

Edited by loophole, 06 September 2006 - 08:48 PM. 0 #7 chaos_dl Posted 09 September 2006 - 11:02 AM chaos_dl New Member Topic Starter Member 7 posts Hi, below is the The file will not be moved.)HKLM\...\Run: [SMΔRT-Protection] => C:\Program Files\Smadav\SMΔRTP.exe [1736704 2017-01-15] (Smadsoft)HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4097136 2016-12-15] (Tonec Inc.)HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableRegistryTools] 1HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: [NoDispSettingsPage] 0HKU\S-1-5-21-3393853819-73074403-155253753-1000\...\Policies\system: This website uses cookies to save your regional preference. Please click here if you are not redirected within a few seconds. navigate here All rights reserved.