Home > Trojan > Trojan - Here Is An Hijackthis Log

Trojan - Here Is An Hijackthis Log

Instead, open a new thread in our security and the web forum. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLLO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [FeCPY] "C:\Program Files\Common Files\Java\fecpy.exe"O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\dana\LOCALS~1\Temp\27.exe\27.exe"O4 - HKLM\..\Run: [Messenger Tech Support Guy is completely free -- paid for by advertisers and donations. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO13 - WWW. Check This Out

Check the Online Hijackthis Analyzer if you are unsure before deleting. Facebook Twitter YouTube Instagram Hardware Unboxed Google+ Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones I was just coming back to post that while the PC seems to be running fairly quick, I'm still having a problem with web sites not showing up right away. O7 - Regedit access restricted by Administrator What it looks like: O7 - HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, DisableRegedit=1 What to do: Always have HijackThis fix this.

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEO9 - Extra 'Tools' menuitem: Yahoo! What do I need to do with the log an dhow do repair the problems?Confused....lisbon1 * Trend Micro HijackThis v2.0.4 *See bottom for version history.The different sections of hijacking possibilities o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

  1. I've gone through the steps in your post, but the messages still appear.
  2. Other than the above your HJT log is clean.
  3. No, create an account now.
  4. Here's Hijackthis log...
  5. Sep 20, 2006 #8 ThorH TS Rookie Topic Starter Ok, thanks.

Here are the logs>Malware:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4210Windows 6.1.7600Internet Explorer 8.0.7600.163856/17/2010 2:01:45 PMmbam-log-2010-06-17 (14-01-45).txtScan type: Quick scanObjects scanned: 132503Time elapsed: 13 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Sasquatch, Jun 6, 2004 #3 Flrman1 Joined: Jul 26, 2002 Messages: 46,329 Click here to download CWShredder. O18 - Extra protocols and protocol hijackers What it looks like: O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:PROGRA~1\COMMON~1\MSIETS\msielink.dll O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} O18 - Protocol hijack: http - You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean

When I first connect to the internet, a full page from this virus program website comes up, instead of my home page. Launch TDS-3 and click on "System Testing" then "Full System Scan" and the scan will begin. Thanks! Your system may take longer than usual to load; this is normal.

The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump N1, N2, N3, N4 - Netscape/Mozilla Start & Search page N1 - Change in prefs.js of Netscape 4.x N2 - Change in prefs.js of Netscape 6 N3 - Change in prefs.js

Already have an account? The automatic update only works with the registered version which costs $49. Click start/run and type services.msc into the run box and press the enter key. o Click Preferences.

Now click "Apply to all folders" Click "Apply" then "OK" Now find and delete: The C:\WINDOWS\rupj.exe file Flrman1, Jun 6, 2004 #6 Sasquatch Thread Starter Joined: Dec 2, 2002 Messages: his comment is here As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged They cost nothing but they are worth so much. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! The tool will now check if wininet.dll is infected. What to do: These are always bad. http://gsdclb.org/trojan/trojan-cannot-run-hijackthis-properly.php I was to take out the 017 files in HiJack, but when I did the new scan, no 017 files were there to delete.

Check the Online Hijackthis Analyzer if you are unsure before deleting. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXEO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Microsoft AntiSpyware Please don`t post your own virus/spyware problems in this thread.

Die Datenbank der Online-Analyse wird nicht mehr gepflegt.

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLLO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)O3 - Toolbar: &Yahoo! Regards Howard Sep 18, 2006 #6 ThorH TS Rookie Topic Starter Terminating and disabling Messenger finally worked, thanks! Logfile of HijackThis v1.97.7 Scan saved at 12:09:05 PM, on 6/6/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe Open the scandump.txt file and copy and paste it's contents here.

Prefix: http://O21 - SSODL: Explorer Protocol - {9D581DA5-426E-4A5A-9D3C-C6C10049D4FF} - C:\WINDOWS\system32\atikuota.dllO23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe (file missing)O23 - Service: Hardware Clock Driver (hwclock) - Unknown If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. SmitFraud attacks usually hide here. navigate here For some odd reason, some of my son's downloaded game programs on the desktop have disappeared.

Lawrence AbramsFollow us on Twitter!Follow us on FacebookCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!Simple and easy ways to keep your It wasn't like this before the repairs. In the last 3 days there were 1 new threads and 1 reply posts. Click here to Register a free account now!

etaf replied Mar 7, 2017 at 11:36 PM Playing guitar ekim68 replied Mar 7, 2017 at 11:32 PM A-Z Animals poochee replied Mar 7, 2017 at 11:26 PM A-Z different places O3 - IE toolbars What it looks like: O3 - Toolbar: &Yahoo! Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot Click proceed to save your settings. Thanks for your help!

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HJT log.Note:If Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys What it looks like: O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Best regards Thor Hello again, I went through the extended list, but unfortunately I still receive the alerts when using my Firefox browser.

This site is completely free -- paid for by advertisers and donations. Thanks. O5 - IE Options not visible in Control Panel What it looks like: O5 - control.ini: inetcpl.cpl=no What to do: Unless you've knowingly hidden the icon from Control Panel, have HijackThis If it's not on the list and the name seems a random string of characters and the file is somewhere in a folder named 'Application Data', it's definitely bad, and you

I've pasted a fresh Hijackthis log. When trying to get on the internet, my web browser takes way too long. Once the scan completes a textbox will open - copy/paste those contents here for review please. One of Merijn's programs, Hijackthis, is an essential utility to help find and remove spyware, viruses, worms, trojans and other pests.

Trojan Virus, can't zap it. Thanks.