Help with HJT Log
- Thread starter JonM
- Start date
- Status
After you post a new log perform the below the I will lookat the new log but in the mean time do this
Please download theKillbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\DMYDM.EXE
C:\WINDOWS\system32\{C7B3E5F5-B83A-4064-B9E2-F54324B8DCAA}.exe
C:\WINDOWS\system32\{A40C413C-3F46-4EC4-9A02-EAB2B210FAF5}.exe
C:\WINDOWS\system32\dmsjh.exe
C:\WINDOWS\system32\cmsip.exe
C:\WINDOWS\SYSTEM32\DMXJK.EXE
C:\WINDOWS\SYSTEM32\{BB11475D-5FEB-4BAB-A1CA-3F123CC79B90}.exe
C:\WINDOWS\SYSTEM32\{42B968F5-75D2-4161-B3CE-83E4261A7F75}.exe
C:\WINDOWS\SYSTEM32\{7D4AAE3D-AE55-A5E5-B7D6-SFA28C4DFF13}.exe
C:\WINDOWS\SYSTEM32\{CB3FEF41-5C53-4842-94EE-0E05CFOA338}.exe
C:\WINDOWS\SYSTEM32\{B0A75FCB-8CDC-40DA-A33F-DFE180672BD4}.exe
C:\WINDOWS\SYSTEM32\{299c9982-5b5d-414b-993d-f9be56468567}.exe
C:\WINDOWS\SYSTEM32\{22DD10EE-510D-4414-A2B2-824FF29079C2}.exe
C:\WINDOWS\system32\eslfn.exe
Once this is done, post a new log so I can see the differences in the two
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually
Please download theKillbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\DMYDM.EXE
C:\WINDOWS\system32\{C7B3E5F5-B83A-4064-B9E2-F54324B8DCAA}.exe
C:\WINDOWS\system32\{A40C413C-3F46-4EC4-9A02-EAB2B210FAF5}.exe
C:\WINDOWS\system32\dmsjh.exe
C:\WINDOWS\system32\cmsip.exe
C:\WINDOWS\SYSTEM32\DMXJK.EXE
C:\WINDOWS\SYSTEM32\{BB11475D-5FEB-4BAB-A1CA-3F123CC79B90}.exe
C:\WINDOWS\SYSTEM32\{42B968F5-75D2-4161-B3CE-83E4261A7F75}.exe
C:\WINDOWS\SYSTEM32\{7D4AAE3D-AE55-A5E5-B7D6-SFA28C4DFF13}.exe
C:\WINDOWS\SYSTEM32\{CB3FEF41-5C53-4842-94EE-0E05CFOA338}.exe
C:\WINDOWS\SYSTEM32\{B0A75FCB-8CDC-40DA-A33F-DFE180672BD4}.exe
C:\WINDOWS\SYSTEM32\{299c9982-5b5d-414b-993d-f9be56468567}.exe
C:\WINDOWS\SYSTEM32\{22DD10EE-510D-4414-A2B2-824FF29079C2}.exe
C:\WINDOWS\system32\eslfn.exe
Once this is done, post a new log so I can see the differences in the two
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually
OK One sec....
New log
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jrimd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmirj.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSVRA.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSVRA.EXE 51,243 2006-06-13
C:\WINDOWS\SYSTEM32\DMCRK.EXE 44,115 2004-08-04
C:\WINDOWS\SYSTEM32\DMIRJ.EXE 44,115 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
New log
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jrimd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmirj.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSVRA.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSVRA.EXE 51,243 2006-06-13
C:\WINDOWS\SYSTEM32\DMCRK.EXE 44,115 2004-08-04
C:\WINDOWS\SYSTEM32\DMIRJ.EXE 44,115 2004-08-04
Other suspects
Directory of C:\WINDOWS\system32
It says this kill box repair is not compatible with my anti virus? Crapppy System Hog Norton
Plus the instructions are a bit confusing. I went to the Kill box clicked all files and tried to paste them into the box and it only showed the one file(first on the list) it wouldnt let me drop down to see any of the other files you asked me to delete???Is this normal?
I didnt get to anything after that
And which logs New and old do you want me to post? The Fixwareout the one is above thats newest
Plus the instructions are a bit confusing. I went to the Kill box clicked all files and tried to paste them into the box and it only showed the one file(first on the list) it wouldnt let me drop down to see any of the other files you asked me to delete???Is this normal?
I didnt get to anything after that
And which logs New and old do you want me to post? The Fixwareout the one is above thats newest
- Status
