Home > Solved Hjt > Solved: HJT Log - Look2Me And Probably Others

Solved: HJT Log - Look2Me And Probably Others

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = Don't install or uninstall software during the cleanup unless you are told to do so. The final clamwin run produced these results: -------------------------------------- Scan started: Mon Jul 3 21:27:45 2006 C:\Program Files\outlook\outlook.exe: Removed C:\Program Files\outlook\p.zip: Removed C:\Program Files\outlook\v.tmp: Removed C:\WINDOWS\system32\ausmsext.dll: Removed C:\WINDOWS\system32\cgbcatex.dll: Removed ERROR: Can't open HKU\S-1-5-21-796845957-2139871995-839522115-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).

Step3:Scan with Malwarebytes Antimalware: Please download Malwarebytes Anti-Malware to your desktop. C:\WINDOWS\system32\lssc.exe -> Backdoor.SdBot.avd : Cleaned with backup (quarantined). This service may not function properly. Backing Up: C:\WINDOWS\system32\__delete_on_reboot__suprv.dll 1 file(s) copied.

Double click on AdwCleaner.exe to run the tool. C:\Documents and Settings\lee\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Edited by olgun52, 28 February 2017 - 03:18 PM.

  1. I should also note that restarting after running adaware does not help because adaware fails to open upon restarting and thus doesn't take care of anything.
  2. C:\Documents and Settings\lee\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned.
  3. L.
  4. Events cannot be delivered through this filter until the problem is corrected.
  5. Error: (02/27/2017 08:24:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not

Volume Serial Number is 08D1-6AB7 Directory of C:\WINDOWS\System32 06/29/2006 09:38 AM

.. 06/29/2006 09:38 AM . 06/29/2006 09:32 AM 235,192 guard.tmp 06/29/2006 02:00 AM 233,952 hrls0537e.dll 06/27/2006 12:22 PM If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. I have not gotten a popup since i finished step 2 of the l2mfix.bat Also, i ran a adware s&d which came up with only tracking cookies. post another log and the l2me logClick to expand...

Each time they claim to remove them but the files have returned by the next scan. Please open as administrator the computer. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\648FV5UD\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined). https://www.bleepingcomputer.com/forums/t/50604/hijack-this-log/?view=getnextunread Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory After updating spybot hit the immunize button. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Back to top #2 Scottmotiger Scottmotiger Member Members 27 posts Posted 07 July 2006 - 08:23 AM I have also run hijackthis which encountered an error and was unable to fix

C:\drsmartload46a46p.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined). C:\WINDOWS\system32\c2002cdmgf0a2.dll -> Adware.Look2Me : Cleaned with backup (quarantined). Please use sxstrace.exe for detailed diagnosis. Secondly, I'm not sure why that is, but I don't think its to do with System Restore. ===== Let me know if I can help you with anything else or if

Backing Up: C:\WINDOWS\system32\prrfnet.dll 1 file(s) copied. C:\Program Files\Common Files\{3012298A-07D4-2057-0128-03040907002c}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). ::Report end Does this mean its ok now please ??? Events cannot be delivered through this filter until the problem is corrected. Back to top #6 LS CalamityJane LS CalamityJane Former Lavasoft Staff Members 8814 posts Posted 08 July 2006 - 03:04 PM One of the infections was Look2me which is known to

Please Wait! Did I find a new nasty, and if so, I hope it's not named after you or me. Backing Up: C:\WINDOWS\system32\fbsperf.dll 1 file(s) copied. After a reboot, your desktop and icons will appear, then disappear (this is normal).

The fix tool here will fix those and then we'll see what is left. Which is.. Error: (02/27/2017 08:23:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkWeb.dll".

Thanks!

Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\648FV5UD\drsmartload45a[1].exe -> Downloader.VB.alt : Cleaned with backup (quarantined). Ensure your external and/or USB drives are inserted during always the scan.

I had to unplug my computer to turn it off. I Googled it, too, and didn't find anything except some links to a program of the same name that didn't apply to this one. Please use sxstrace.exe for detailed diagnosis. Wait for the prompt to restart the computer to appear, then click on Yes.

C:\WINDOWS\system32\lssas.exe.mwt -> Dropper.Paradrop.a : Cleaned with backup (quarantined). If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed. C:\WINDOWS\system32\m6po0g73e6.dll -> Adware.Look2Me : Cleaned with backup (quarantined). Volume Serial Number is D032-4548 Directory of C:\WINDOWS\System32 07/21/2005 01:51 PM 417,792 ujandlg.dll 07/21/2005 01:30 PM 417,792 prrfnet.dll 07/21/2005 10:27 AM 417,792 guard.tmp 06/23/2005 09:34 PM

dllcache 08/19/2004 03:35 PM

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Temporary Internet Files\Content.IE5\EUL2CXGN\kybrdff_16[2].exe -> Downloader.VB.amb : Cleaned with backup (quarantined). Thanks! Your desktop and icons will disappear (this is normal). nothing.

Shut down your protection software now to avoid potential conflicts. You have a lot of very difficult to remove infections going on there and some of them require a special tool.If you still are having problems, please post a "HijackThis" log I have downloaded CCleaner and will run it in Safe Mode as soon as you say it's okay since the instructions above say not to run it and then to run My computer is useless with this thing on it -- I can't do anything while closing 30 pop ups per minute.

Here's the HJT, ran on a fresh reboot with antivirus and spyware doodads disabled: Logfile of HijackThis v1.99.1 Scan saved at 3:33:37 PM, on 7/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) Run the tool by double-clicking it. Post the contents of JRT.txt into your next message. C:\Documents and Settings\lee.LEESINC-PW0E952\Local Settings\Temporary Internet Files\Content.IE5\MPBWL83Q\wallpap[1].exe -> Hijacker.Small.jf : Cleaned with backup (quarantined).

Date: 2017-02-03 22:58:48.234 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Santos\AppData\Local\Temp\gkernel.sys because file hash could not be found on the system. Do not start a new topic As my first language is not English, please do not use slang or idioms. C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\648FV5UD\abcd[1].txt/drxvp.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).