 dns changer repaired ? - now many bad image errors, dns changer-bad image errors-mbam won't run again |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal > Misplaced HJT Logs  |
 Jun 25 2009, 11:13 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 4 Joined: 25-June 09 Member No.: 345,324  |
I read in most of the forums that your users should run your DDS file, and I did - I have copied and pasted the log at the end of my post for your review. To best re-enact my problems, as best I remember them over the 8 to 10 hours in which they took place: I first encountered a problem yesterday while surfing the net - I suddenly got a fuschia colored dos-looking error screen that required shut off my computer to get out of it. I have McAfee (as offered through my Comcast account), and it runs a full scan each night. I immedaitely rebooted and ran a full scan. McAfee found several files it called trojans, and quarantined them. There were 2 it did not do anything with other than log them: c:\windows\system32\skynetiwxkxhml.dll c:\windows\system32\skynetrksuglwb.dll it identified these files as dllchanger.o trojan files. I went to the McAfee quarantined list and deleted the files it would allow, and then began my research for dns changer trojans and wound up choosing to download Malwarebytes. Ran a full scan, it found 28 items. I started the delete function and I got the same fuschia dos stop screen and the computer shut down. I rebooted and was amazed that it came back up, and the HIJACKING seemed to have been cured, but only after I encountered about 25+/- "bad image errors". I repeatedly also got the message "the application or dll globalroot\systemroot\system32\skynetiwkxhml.dll is not a valid windows image. check against install disk." Each time I run any program or application, it has to give me one or more "bad image errors" and then it will run. BTW: After the malwarebytes deletions and subsequent stop error, I was also got a couple of Microsoft error windows that said I had a Device Driver Error. Because I had not installed or removed any hardware or software other than malwarebytes, I followed it's instruction and checked for windows updates. I did, and it ended up installing IE8, the Security Update 4.0 SP2 and also the MS 2007 SP2. BTW: Somewhere along the line last night I also saw a file on the malware detection screen named "NTOSKRNL-HOOK" and something named "Hatigh". I have a restore point roughly 1 month ago. I don't know if it would help with my problems. I have never restored a computer either! I tried to run Malwarebytes again and it would not run. Think it gave me a runtime error. Deleted it and tried to reinstall, and it wouldn't run. Tried renaming the exe file (saw that in one of the forums). Same runtime error. Would not run. I deleted it again. Have not tried anything else for malware detection or removal. Should I run Regclean or something similar to fix the remaining bad image errors? I hope I have told you most everything that I have experienced - here is my log from your DDS scan: Thanks very much - Honeyb DDS (Ver_09-05-14.01) - NTFSx86 Run by Donna & Ed Thu 06/25/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.191 [GMT -4:00] AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-011C-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\AstSrv.exe C:\WINDOWS\system32\BrmfBAgS.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\PSIService.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe C:\Program Files\hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\USB Disk Win98 Driver\Res.EXE C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\ComcastUI\Universal Installer\uinstaller.exe C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe C:\Program Files\hp\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Donna & Ed\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: N/A: {4d25f926-b9fe-4682-bf72-8ab8210d6d75} - c:\program files\mywaysa\srchasde\1.bin\deSrcAs.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: c:\windows\system32\had73sfdfd.dll: {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - c:\windows\system32\had73sfdfd.dll TB: &Inbox Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\inbox\ctbr.dll TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponBarIE.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Universal Installer] "c:\program files\comcastui\universal installer\uinstaller.exe" /fromrun /starthidden uRun: [Desktop Software] "c:\program files\comcastui\universal installer\uinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden uRun: [Windows System Recover!] c:\docume~1\donna&~1\locals~1\temp\mdm.exe mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe" mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel PhotoDownloader.exe mRun: [USB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXE mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe" mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware 2007\Ad-Watch2007.exe mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2 mRun: [<NO NAME>] mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" dRun: [<NO NAME>] c:\windows\temp\p96sk9.exe dRun: [hsf7husjnfg98gi498aejhiugjkdg4] c:\windows\temp\p96sk9.exe dRun: [Windows System Recover!] c:\windows\temp\winamp.exe StartupFolder: c:\docume~1\donna&~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe uPolicies-explorer: NoFolderOptions = 1 (0x1) uPolicies-system: DisableRegistryTools = 1 (0x1) dPolicies-explorer: NoFolderOptions = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: Inbox Search - tbr:iemenu IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL Trusted Zone: angellearning.com\gvtc Trusted Zone: google.com\mail Trusted Zone: mcafee.com DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - hxxps://www.topproduceronline.com/downloads/msjavx86.exe DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.1.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://support.rexplorer.net/iftw_install//iftwclix.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxps://www.topproduceronline.com/Downloads/arview2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {A78856A6-334B-43AF-96F5-58574005910D} - hxxp://v.s0.gc.sj.ipixmedia.com/code/Einstaller.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxps://employeelogin.ugtic.com/viewer/activeXViewer/activexviewer.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\inbox\ctbr.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: c:\windows\system32\had73sfdfd.dll: {b2c7b2a1-00f3-42bd-f434-00aaba2c8952} - c:\windows\system32\had73sfdfd.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-5 201320] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-5-5 359248] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-5-5 144704] R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-5-5 695624] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-5 79304] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-5 35240] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-5 40488] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?] S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2005-8-4 2944] S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2005-8-4 3168] S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2005-8-4 39552] S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-8-4 61440] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-5 33832] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-10-27 394192] =============== Created Last 30 ================ 2009-06-25 01:54 <DIR> --dsh--- c:\documents and settings\donna & ed\PrivacIE 2009-06-25 01:50 <DIR> --dsh--- c:\documents and settings\donna & ed\IETldCache 2009-06-25 01:28 102,912 -------- c:\windows\system32\dllcache\iecompat.dll 2009-06-25 01:28 <DIR> --d----- c:\windows\ie8updates 2009-06-25 01:27 12,800 -------- c:\windows\system32\dllcache\xpshims.dll 2009-06-25 01:27 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll 2009-06-25 01:24 <DIR> -cd-h--- c:\windows\ie8 2009-06-24 23:43 <DIR> --d----- c:\docume~1\donna&~1\applic~1\Malwarebytes 2009-06-24 23:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-22 17:43 15,000 -------- c:\windows\system32\had73sfdfd.dll ==================== Find3M ==================== 2009-06-23 20:07 10,022 a--sh--- c:\windows\system32\KGyGaAvL.sys 2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll 2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll 2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll 2009-04-30 17:22 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll 2009-04-30 17:22 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll 2009-04-30 17:22 1,207,808 -------- c:\windows\system32\dllcache\urlmon.dll 2009-04-30 17:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll 2009-04-30 17:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll 2009-04-30 07:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-04-29 00:55 133,120 a------- c:\windows\system32\dllcache\extmgr.dll 2009-04-28 05:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-17 08:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys 2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2009-04-15 10:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll 2008-12-19 18:19 61,224 a------- c:\documents and settings\donna & ed\GoToAssistDownloadHelper.exe 2007-06-01 20:52 88 ---shr-- c:\windows\system32\C975AF2B1F.sys 2007-04-27 16:18 211,850,272 a--sh--- c:\windows\system32\drivers\fidbox.dat 2007-04-27 16:18 506,912 a--sh--- c:\windows\system32\drivers\fidbox2.dat ============= FINISH: 11:26:08.45 =============== |
 |
 
|
|
Jun 25 2009, 11:58 AM
Post
#2
|
|
 Computer Masochist Group: Moderator Posts: 22,909 Joined: 27-January 07 From: Cleveland, Ohio Member No.: 108,618 |
I'm sorry, but you need to repost you log.
I have moved your Topic that included a HijackThis/DDS log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis/DDS logs analysis. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not. We understand that dealing with malware issues and getting help can be frustrating but improperly posting a log usually happens if you missed the directions we provide to those who require malware removal assistance. Prior to posting a log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you can't perform a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Prep Guide to post a new log. Please do not post any more logs to this topic as it just a placeholder to be used to help you post the information in the proper way and in the proper forum. Going forward, HijackThis logs should only be posted in the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal in order to make it easier for our helpers to respond to your topic The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new DDS/HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff -------------------- Mark
 why won't my laptop work? Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits Become a BleepingComputer fan: Facebook and Twitter |
|
|
|
|
Jun 25 2009, 09:42 PM
Post
#3
|
|
 OBleepin Investigator Group: Moderator Posts: 17,419 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150 |
Hello
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean. Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible To avoid confusion, I am closing this topic. Good luck with your log. The BC Staff -------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 7th November 2009 - 06:07 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.