Home > Hijackthis Log > HijackThis Log (UltimateCleaner)

HijackThis Log (UltimateCleaner)

Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... OriginalFilename : ccApp.exe#:9 [orderreminder.exe] FilePath : C:\Program Files\Hewlett-Packard\OrderReminder\ ProcessID : 3280 ThreadCreationTime : 5-30-2007 10:59:54 PM BasePriority : Normal#:10 [vaultware.exe] FilePath : C:\PROGRA~1\RDT\VAULTW~1\ ProcessID : 3312 ThreadCreationTime : 5-30-2007 10:59:55 PM Short URL to this thread: https://techguy.org/654084 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? If you are not sure, if a line in Hijackthis is a problem, reboot in normal mode and use the Online HiJackthis Scanner to see if the file is a threat. weblink

Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe O9 - Extra button: That may cause it to stall __________________ 08-09-2007, 03:23 PM #3 pittfan624 Registered Member Join Date: Aug 2007 Posts: 5 OS: WinXP ComboFix 07-08-10 - "Joe" 2007-08-09 16:54:30.1 Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu

Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - Startup: .protected O4 - Global Startup: .protected O4 - Global Startup: Adobe Reader Speed Look for the *New Topic* Button near the top right when viewing the forums.

Logfile of HijackThis v1.99.1 Scan saved at 6:40:16 PM, on Thread Tools Search this Thread 08-08-2007, 08:35 PM #1 pittfan624 Registered Member Join Date: Aug 2007 Posts: Here in the forums, replies are posted to topics only. Download the latest version of Java Runtime Environment (JRE)2. No, create an account now.

Do not delete anything with Hijackthis unless you are absolutely sure what the file is and what it does. All rights reserved. SmitRem by NoahdFear - Tool to remove Spyaxe and related infections SmitFraudFix - Tool to remove most SmitFraud infections MalwareBytes Anti-Malware - tool to remove Rogue applications and much more (highly OriginalFilename : NOTEPAD.EXE#:19 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1132 ThreadCreationTime : 6-11-2007 5:58:11 PM BasePriority : Normal FileVersion : ProductVersion : SE 106 ProductName : Lavasoft

Type : RegValue Data : TAC Rating : 3 Category : Misc Comment : "{10f0c2a9-8e38-43e1-204d-45524c494e20}" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\shell extensions\approved Value : {10f0c2a9-8e38-43e1-204d-45524c494e20}Registry Scan result:»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»New critical objects: 1Objects found The Troj.Zlob.AN infection is characterized by a changed desktop wallpaper that looks similar to the one shown below. I downloaded combofix, and smitfraudfix, but the stupid ultimate cleaner comes back everytime. Make sure that wordwrap is uncheckedScan once more with Hijackthis to make a fresh log and post it back here please.

FileDescription : Citrix ICA Client PNAgent (Win32) InternalName : PNAGENT LegalCopyright : Copyright © 1990-2004 Citrix Systems, Inc. This site is completely free -- paid for by advertisers and donations. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Register now!

Removal Procedure 1) Download the programs above to your desktop, extracting and install them. 2) Open SmitFraudFix, and choose option 4 to check for updates and download any updates, then quit have a peek at these guys You can visit my page for other Essential Tools to Use in Removing Spyware, Adware, Trojans, and Viruses Congratulations! All rights reserved. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime

Thanks Back to top #2 LS CalamityJane LS CalamityJane Former Lavasoft Staff Members 8814 posts Posted 28 March 2007 - 01:22 AM Hi ,Apologies for the late reply, we've been quite OriginalFilename : PNAGENT.EXE#:14 [wisptis.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3192 ThreadCreationTime : 5-31-2007 3:19:47 PM BasePriority : High FileVersion : 1.0.2201.0 (xpsp1.020820-1800) ProductVersion : 1.0.2201.0 ProductName : Microsoft® Windows® Operating System Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes check over here Be sure you install it to a folder on your hard drive, usually C:\HJT.

Someone out there, help? Back to top #3 johnamac johnamac Topic Starter Members 3 posts OFFLINE Local time:06:52 PM Posted 13 August 2007 - 04:32 PM Thankyou RitchieUk for your assistabce on thisHere is For a Tutorial on using SmitRem click here 5) After SmitRem has finished, open SmitFraudFix and choose tosearch (option 1) and clean (option 2) and run a full system scan to

Back to top #5 johnamac johnamac Topic Starter Members 3 posts OFFLINE Local time:06:52 PM Posted 20 August 2007 - 06:45 PM my computer is behaving very well now thanks

Any help would be greatly appreciated. OriginalFilename : CTFMON.EXE#:12 [acrotray.exe] FilePath : C:\Program Files\Adobe\Acrobat 6.0\Distillr\ ProcessID : 3468 ThreadCreationTime : 5-30-2007 10:59:57 PM BasePriority : Normal FileVersion : ProductVersion : ProductName : AcroTray - Adobe FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright © 2003 CyberLink Corp. Logfile of HijackThis v1.99.1 Scan saved at 3:16:48 PM, on 11/20/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Windows

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:34:39 AM, on 10/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll O2 Location: : C:\Documents and Settings\USER1\recent Description : list of recently opened documents MRU List Object Recognized! http://wcsonline.org/hijackthis-log/hijackthis-log-many-pop-ups-please-help.html Started by sschall , Mar 21 2007 05:28 PM Please log in to reply 4 replies to this topic #1 sschall sschall Newbie Members 2 posts Posted 21 March 2007 -

I scrolled through the log, and I can't find any fake ActiveX video files in there (disguised as ultimate cleaner) so does that mean I'm free and clear? Register now! Tech Support Forum Security Center Virus/Trojan/Spyware Help General Computer Security Computer Security News Microsoft Support BSOD, Crashes And Hangs Windows 10 Support Windows 8, 8.1 Support Windows 7, Vista Support Windows Run both the Registry Scanner and the File Analyzer until nothing else is found. 8) Run Hijackthis and Remove any leftover issues.