WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Hijackthis Log
Started by
Amebeo
, Dec 31 2004 03:24 PM
This topic is locked
185 replies to this topic
#76
Amebeo
-
- Authentic Member
-
- 228 posts
Authentic Member
Posted 16 January 2005 - 04:41 PM
Register to Remove
#77
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 16 January 2005 - 04:59 PM
If you need to delete them again, do this right after you close regedit:
Note: This will remove all previous Restore Points
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer, turn it back on.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.
Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK
Note: This will remove all previous Restore Points
Turn off System Restore:
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer, turn it back on.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.
Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to 
for the help you received.
Proud graduate of TC/WTT Classroom
#78
Amebeo
-
- Authentic Member
-
- 228 posts
Authentic Member
Posted 16 January 2005 - 05:17 PM
Panda found no viruses either.
#79
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 16 January 2005 - 05:21 PM
Try my last post to see if they stay gone.
Where are they listed in the registry?
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#80
Amebeo
-
- Authentic Member
-
- 228 posts
Authentic Member
Posted 16 January 2005 - 09:31 PM
Yes, I found them using regedit again.
Also my system restore has been off for weeks. maybe longer.
since "they" say to remove some viruses you have to turn it off.
I turned it off a long time ago and never turned it back on.
Maybe a month or so ago. I have a bad since of time. Is it bad to have it off?
And if I just delete them and reboot and turn system restore on again will that work?
#81
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 16 January 2005 - 09:42 PM
Yes you should have System Restore On..
Restart your computer in Safe Mode.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
Now run regedit and delete those.
Also while in regedit, look for this sp.html If you find it, let me know where it's at,
Lets see if that works.
Restart your computer in Safe Mode.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
Now run regedit and delete those.
Also while in regedit, look for this sp.html If you find it, let me know where it's at,
Lets see if that works.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#82
Amebeo
-
- Authentic Member
-
- 228 posts
Authentic Member
Posted 17 January 2005 - 11:22 AM
no sp.html file was found.
I did find, however, a few wkssvr.exe and navmgrd.exe files and deleted them all.
I then rebooted (not in safe mode) and looked in regedit again, and low and behold there they were. so I deleted and searched again immediately after.
found this
HKey_USERS>S-1-5-21-602162358-2111687655-854245398-1003>Software>Resplendence sp>Registrar Lite>Settings in that file lots of files listed. the only one I saw that had navmgrd.exe in it was ComboBoxSearchTaxt.........navmgrd.exe Wild Tangent.
At reboot they came back again.
#83
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 January 2005 - 11:39 AM
I don't think we've done this one. They has to be a hidden / trigger file somewhere
Please download rem.zip from here
http://forums.skads....type=post&id=83
unzip the files to C:\Windows\system32
Restart your computer in Safe Mode.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
Now run the Rem.bat file.
If it produces a log.txt file please copy/paste it here along with a new HijackThis log after a normal reboot.
Please download rem.zip from here
http://forums.skads....type=post&id=83
unzip the files to C:\Windows\system32
Restart your computer in Safe Mode.
Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
Now run the Rem.bat file.
If it produces a log.txt file please copy/paste it here along with a new HijackThis log after a normal reboot.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#84
Amebeo
-
- Authentic Member
-
- 228 posts
Authentic Member
Posted 17 January 2005 - 11:45 AM
Explain... Not sure how you mean
[QUOTE]unzip the files to C:\Windows\system32
I downloaded to my desktop and did not yet unzip. I'll be back in about 5 hours.
If I'm lucky work carries over frequently.
[QUOTE]unzip the files to C:\Windows\system32
I downloaded to my desktop and did not yet unzip. I'll be back in about 5 hours.
If I'm lucky work carries over frequently.
#85
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 January 2005 - 11:49 AM
When you double click the rem.zip, you can tell it where to unzip them to.
unzip the files to C:\Windows\system32
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
Register to Remove
#86
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 January 2005 - 12:05 PM
I might have found it:
Do this please:
Also, be sure that all windows are closed. Click on START-> RUN. Copy paste the following as it is and click OK.
regsvr32.exe /U njofc.dll
You should get a message that it has been uninstalled succesfully.
copy/paste" a new log file into this thread.
Do this please:
Also, be sure that all windows are closed. Click on START-> RUN. Copy paste the following as it is and click OK.
regsvr32.exe /U njofc.dll
You should get a message that it has been uninstalled succesfully.
copy/paste" a new log file into this thread.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#87
Amebeo
-
- Authentic Member
-
- 228 posts
Authentic Member
Posted 17 January 2005 - 04:49 PM
I deleted that file a week ago or so remember? I think... will do again
#88
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 January 2005 - 04:53 PM
Let me know if You get a message that it has been uninstalled succesfully
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
#89
Amebeo
-
- Authentic Member
-
- 228 posts
Authentic Member
Posted 17 January 2005 - 04:55 PM
Well, I got a message anyway...
LoadLibrary("njofc.dll) failed - The Specified module could not be found.
#90
LDTate
-
- Root Admin
-
- 57,211 posts
Grand Poobah
Posted 17 January 2005 - 04:56 PM
"copy/paste" a new log file into this thread.
The forum is run by volunteers who donate their time and expertise.
Want to help others? Join the ClassRoom and learn how.
Logs will be closed if you haven't replied within 3 days
If you would like to for the help you received.
Proud graduate of TC/WTT Classroom
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
