Home > Hjt Log > HJT Log - Trojan Horses

HJT Log - Trojan Horses

The xpsmoker came from a friend and had the infectionon it. This machine is running XP with Symantec. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Back to top #8 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 10 January 2007 - 01:58 AM Hey,Luke-CNKFirst this item here is it still installed C:\Documents and Settings\E-mail\Application have a peek at these guys

Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. All Rights Reserved. SYMANTEC ENDPOINT PROTECTION Right click on the icon in the taskbar notification area & select "Disable Symantec EndPoint Protection". (Click on this link to see a list of programs that should The fix it utilities was store bought.

They may otherwise interfere with our tools NORTON ANTIVIRUS (by Symantec) Please navigate to the system tray on the bottom right hand corner and look for a sign.right-click it -> chose I am experiencing slow processing with constant pop up whenever I click on an open browser. The screen stays for 2 seconds and then it proceeds to load Windows. Anyways, heres the HJT log - Logfile of HijackThis v1.99.1Scan saved at 3:35:31 PM, on 1/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeO2

NewEgg? w/ HJT log 0 12 Years Ago hi!whenever i connected to the internet, my avg resident shield poped up n said a virus was detected (trojan horse backdoor.dumador.aw) while opening c:\windows\prntsvr.dll The computer then begins to start in Safe Mode.Login on your usual account.If you need further assistance with Safe Mode, see Symantec===========Next, please find and delete the following files/folders (if present):C:\WINDOWS\system32\nyrkpfde.dll<---This Unless you follow the instructions and post the requested log files etc, I can`t help you.

Link 1 Link 2 Link 3 -------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. Here are the logs -Logfile of HijackThis v1.99.1Scan saved at 12:28:05 PM, on 1/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\HJT\HijackThis.exeO2 - BHO: You must rename it before saving it. Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?

Dismiss Notice TechSpot Forums Forums Software Virus and Malware Removal Today's Posts HJT LOG - TrojanHorses Byrainyhands Nov 23, 2007 Can someone please review this HJT log? No Validation is Required. It is good when you're Product Id changed when you reinstall the OS?but still … Slow computer, pop up in web browser 3 replies Help require to clean up my laptop. It's Alive in Wisconsin [CharterSpectrum] by Wiscon53142367.

BLEEPINGCOMPUTER NEEDS YOUR HELP! It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. You can do it from the ... Go to your add/remove programs list and uninstall FunWebProducts MyWebSearch From the information I can find you have a nasty autorun infection.

Jun 29, 2007 Antivirus 2009 Recurring Trojan Horses Problems Nov 16, 2008 my hijackthis file for various trojan horses Sep 22, 2006 HJT log (after SHeur trojan scare) Sep 17, 2007 http://exomatik.net/hjt-log/hjt-log-to-remove-trojan.php As for trying to fix stuff on my own, the only thing I've done is run Ad-Aware SE, AVG Free Edition, Panda Active Scan Pro, and HJT, which I ran in CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Join thousands of tech enthusiasts and participate.

I did forget to extract HJT... It is a simple procedure that will only take a few moments of your time. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on http://exomatik.net/hjt-log/hjt-log-trojan-horse.php First Customer Service Experience Since Charter Buyout [CharterSpectrum] by rebus9632. "TWC is Now Spectrum" [CharterSpectrum] by Russell450611.

Back to top #10 HJThis HJThis Advanced Member Volunteer Security Advisor 4076 posts Posted 10 January 2007 - 09:42 PM Hi,Luke-CNKNice workPlease print out or copy these instructions to Notepad as I will do as instructed, and post an update after... uStart Page = hxxp://www.comcast.net/a/ uInternet Connection Wizard,ShellNext = iexplore IE: &Search - http://edits.mywebse...html?p=ZJfox000 DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\23qqkgpr.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&gbh=1&MyEbay=&guest=1

Several functions may not work.

Click once on the Custom Level button. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged BUT, run a scan with each while in SAFE MODE. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. From within Internet Explorer click on the Tools menu and then click on Options.2. Regards Howard This thread is for the use of rainyhands only. http://exomatik.net/hjt-log/hjt-log-zlob-trojan-and-c-exe.php A case like this could easily cost hundreds of thousands of dollars.

Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\DOCUME~1\KINDAI~1\LOCALS~1\Temp\Rar$EX01.555\DSLite2\DSLite.exe (file missing) O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\DOCUME~1\KINDAI~1\LOCALS~1\Temp\Rar$EX01.555\DSLite2\DSLite.exe (file missing) O16 - DPF: Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Back to top #4 Luke-CNK Luke-CNK Member Members 14 posts Posted 09 January 2007 - 08:01 PM OK, here is my updated HJT log - from a real folder =) Logfile Download Flash_Disinfector.exe by sUBs from >here< or from >here< and save it to your desktop.

Multiple linked Gmail accounts. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. HELP!! My Internet Explorer works again, which is nice because I was using Windows Explorer to get on these forums..

When I try to open the file i recieve the following message: … dell inspiron series 3000 laptop windows 8.1 won't boot 1 reply .... **dilemma**! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! I hardly ever use the USB flash drive.

Attempting to delete C:\WINDOWS\system\blieol.iniC:\WINDOWS\system\blieol.ini Has been deleted!Performing Repairs to the registry.Done!-----------------------------------------------------------------------------------------------------------------------------SDFix: Version 1.57Wed 01/10/2007 - 9:19:19.89Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixSafe ModeService Check: Service Name: File Path:Starting Registry Repairs Restoring Please do not PM me for HJT help, we all benefit from posting on the open board.Want to help others? I fixed the problems of my HJT log in the meanwhile, thanks to my neighbour. Click Apply then OK.Click OK.Firefox (In case you also have Firefox installed)Open Firefox and go to Tools -> Options.Click Privacy in the menu on the left side of the Options window.Click

Inc. - C:\WINDOWS\system32\YPCSER~1.EXEHELP!!! Double click on Combo-Fix.exe & follow the prompts. It says it heals it, but it's not working. If after reading the above, you wish to clean your system, do the following.