Home > Hijack This > Hijack This Log (Problem With Trojan)

Hijack This Log (Problem With Trojan)

Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Hijackthis Log. Please do not PM me asking for support.Please be courteous, polite, and say thank you.Please post the final results, good or bad. The first Panda Activescan showed 2 viruses, but it got rid of them without me doing anything else. http://pcialliance.org/hijack-this/hijack-this-log-think-its-a-trojan.html

A Short-Media community © 2003–2017. My friends computer is back to running good again. I have had several people to use it so far and it is safe to use. O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu his comment is here

Here is the new hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:12:51, on 8/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Microsoft Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: &Yahoo! HeathacatLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:52:17 PM, on 10/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime

All Rights Reserved. Flrman1, May 16, 2004 #13 Sponsor This thread has been Locked and is not open to further replies. The tool that I want to use is in the trial stages so the author has asked me not to make it public yet so I'll have to pm the link The time now is 02:58 PM. -- Mobile_Default -- TSF - v2.0 -- TSF - v1.0 Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of

Tech Support Guy is completely free -- paid for by advertisers and donations. Flrman1, May 16, 2004 #7 Faye39 Thread Starter Joined: Jul 9, 2003 Messages: 13 hijack this log Logfile of HijackThis v1.97.7 Scan saved at 4:07:05 PM, on 5/16/2004 Platform: Windows XP Appreciate your help. https://www.windowsbbs.com/threads/trojan-problems-hijackthis-log.50675/ There are currently no users on-line.

Run dllfix again and this time when you get to the prompt like this: Enter full name and hit Enter C:\Windows\System32\ Enter this file name and hit enter: NIP.DLL Flrman1, A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Read the TonyKlein's good advice: So how did I Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: Nick Aracde Toolbar - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - C:\PROGRA~1\NICKAR~1\NICKAR~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

Back to top #9 lusitano lusitano Portuguese Malware Fighter Members 1,443 posts OFFLINE Gender:Male Location:Portugal Local time:08:58 PM Posted 22 August 2008 - 04:58 AM Hello,Please double-click on "OTMoveit2.exe"Navigate to https://forums.techguy.org/threads/trojan-problem-hijackthis-log.229721/ I was asked to post my HijackThis! It also says C:/Programfiles/MicrosoftOffice/Office10/Startup/pdfmaker.dot Here’s my hijack this log Log file of HijackThis v1.97.7 Scan saved at 10:07:53 AM, on 5/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 This should get you started. 0 BobbyDigi ?

Thank You ! weblink d l l pΠp Faye39, May 16, 2004 #5 Faye39 Thread Starter Joined: Jul 9, 2003 Messages: 13 output --==***@@@ FIND-ALL' VERSION 4 5/16 @@@***==-- *System Info: Microsoft Windows We like to know! Say hello!

This file was way too big. BÓçwl ü    Tm^š;Ä:! Thanks!!! -heathacat Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 1 user(s) are reading this topic 0 members, 1 guests, 0 anonymous users Reply to quoted postsClear navigate here If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

If you are asked to reboot the machine choose Yes. ================================== Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm Please advise. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files View New Content Members Forums More Lavasoft Support Forums → Archived Topics

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Bio-Protection fingerprint solution\PwdBank.exe O9 - Extra 'Tools' menuitem: Quick-Launching

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing. Trojan Problem, Hijackthis Log Discussion in 'Virus & Other Malware Removal' started by Faye39, May 16, 2004. Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: (NI) ALLOW Read BUILTIN\Users (IO) ALLOW Read BUILTIN\Users (NI) ALLOW Read BUILTIN\Power Users (IO) ALLOW Read BUILTIN\Power Users (NI) ALLOW Full access BUILTIN\Administrators

A box will pop up asking you if you wish to fix the selected items. IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: scriptproxy - Joe Zeh Inactive Malware Help Topics 1 04-24-2005 07:40 PM xads / xlime problem - hijackthis log Adaware and Spybot seem to do the trick for pretty much everything except for http://pcialliance.org/hijack-this/hijack-this-log-trojan-stubby-a.html Quick Links HelpWithWindows.com RoseCitySoftware.com Recommended Links Menu Log in or Sign up Search Search titles only Posted by Member: Separate names with a comma.

I am not allowed to block them, I can only close the window and it then pops open again later. I have had a lot of people recommend AVG over the years. I followed the 5 steps and am posting Deckard Scan Log here. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Back to top #6 lusitano lusitano Portuguese Malware Fighter Members 1,443 posts OFFLINE Gender:Male Location:Portugal Local time:08:58 PM Posted 21 August 2008 - 06:46 AM Hello,1. Please make sure that Register now! Back to top #4 lusitano lusitano Portuguese Malware Fighter Members 1,443 posts OFFLINE Gender:Male Location:Portugal Local time:08:58 PM Posted 20 August 2008 - 04:25 AM Hi,Please re-open HiJackThis and choose

BÓçwl Œ      {^š;Äc! The removal procedures are quite complex. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Yahoo!

e x e  x( ëš;ÄZCø Dç   h‹û  x p ? àA @÷? `2 À1 4Y ŒF ˜ ˜ @% `% @%  Å ‰ rè; n ìŽ The other suggestions will come with time but will nto help resolve your current issues. 0 midga "There's so much hot dog in Rome" ~digi (> ^.(> O_o)> Icrontian Apr 2012 Steve R Jones Donate WindowsBBS Forums > Security > Malware and Virus Removal > Malware and Virus Removal Archive > Style Default Contact Us Help Home Top RSS Terms and Rules Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

Messenger (HKLM) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller For full access please Register. IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: scriptproxy - Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO:

Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exeO4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [strapl] C:\WINDOWS\system32\xkjwxsha.exeO4 - Startup: Microsoft Office Groove.lnk