Home > Hijackthis Log > HijackThis Log: Unknown Infection

HijackThis Log: Unknown Infection

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:45:43 PM, on 12/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe Note: Installing a secondary browser without making it the default browser will NOT change any settings in your current default browser. http://softsystechnologies.com/hijackthis-log/hijackthis-log-infection-unknown.html

Prefix: http://ehttp.cc/?What to do:These are always bad. Please note that all the programs listed below are completely free of charge. [Anti-virus] AVG Anti-virus Free Edition by Grisoft [Anti-spyware] Ad-Aware Free Edition by Lavasoft [Anti-spyware] AVG Anti-Spyware by Grisoft The full name is usually important-sounding, like 'Network Security Service', 'Workstation Logon Service' or 'Remote Procedure Call Helper', but the internal name (between brackets) is a string of garbage, like 'Ort'. Do not attempt to fix any of the results reported by HijackThis, unless you know what you are doing.

Yes, my password is: Forgot your password? Online Malware Scanners For a comprehensive list of online malware scanners, please visit our Online Malware Scanners page. Click here to Register a free account now! Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop

Rather, HijackThis looks for the tricks and methods used by malware to infect your system and redirect your browser.Not everything that shows up in the HijackThis logs is bad stuff and Remember to select No when Opera asks you to make it your default browser. O5 - IE Options not visible in Control PanelWhat it looks like: O5 - control.ini: inetcpl.cpl=noWhat to do:Unless you or your system administrator have knowingly hidden the icon from Control Panel, Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes

Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: &Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\wbebm3ew.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}============= SERVICES / DRIVERS ===============R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-23 64288]R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-18 73728]R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 1375992]R2 Then click the word active to change it to inactive.You will need to also update AVG Anti-Spyware 7.5 to the latest definition files. Stay logged in Sign up now!

Attempting to delete C:\WINDOWS\SYSTEM32\yayxxxu.dllC:\WINDOWS\SYSTEM32\yayxxxu.dll Has been deleted!Performing Repairs to the registry.Done!and here's the latest HJT logLogfile of HijackThis v1.99.1Scan saved at 6:48:42 PM, on 4/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet New and unknown viruses and spyware are stubborn and difficult to remove from a computer system. A case like this could easily cost hundreds of thousands of dollars. Please download The Avenger by Swandog46 to your Desktop.Click on Avenger.zip to open the fileExtract avenger.exe to your desktop (How to extract (decompress) zipped or compressed files, help in the link

Simply click on this button, option or link and follow the instructions or prompts on your screen to update the software. Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If Do not attempt to install the software at this time, we only need you to download the setup files for each application at the moment. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Loading... navigate here Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter. Well, the system tray icon reporting that I have been infected is now gone!

or read our Welcome Guide to learn how to use this site. Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump Check This Out Click here to join today!

Once you have updated all your anti-malware programs, please do a complete system scan with each program, one at a time. Pacman's Startup List can help with identifying an item.N1, N2, N3, N4 - Netscape/Mozilla Start & Search pageWhat it looks like:N1 - Netscape 4: user_pref "browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)N2 - Netscape Save the file to your desktop and name it CFScript.txt Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

or read our Welcome Guide to learn how to use this site.

Step 2: Download our recommended anti-virus and anti-spyware software Below are links to the latest versions of the software you will need to disinfect your computer. The HijackThis log is intended for unknown infections that you are unable to detect or remove after using all the removal methods available to your disposal. Learn More. Visit our Malware Removal Forums page for more information.

However there are a couple of specialised malware removal tools that are updated on a regular basis, making them highly effective against specific infections. For the 'NameServer' (DNS servers) entries, Google for the IP or IPs and it will be easy to see if they are good or bad.O18 - Extra protocols and protocol hijackersWhat Advertisement Recent Posts Computer slow on internet but... this contact form Also, my computer likes to log directly into the administrators account, which is mine also btw, instead of going to the login screen of my normal day-to-day account.

Also my computer logs straight into the admin account, which is mine, instead of my normal account. Attached Files: hijackthis.log File size: 5.1 KB Views: 3 CrashZero, Aug 25, 2005 #12 chaslang MajorGeeks Admin - Master Malware Expert Staff Member Do you know if the below line is Right click on the file and check to see if the read only attribute is checked. Are you looking for the solution to your computer problem?

Thank you for all your help! :] Malwarebytes' Anti-Malware 1.32 Database version: 1629 Windows 6.0.6000 1/7/2009 4:34:15 PM mbam-log-2009-01-07 (16-34-15).txt Scan type: Quick Scan Objects scanned: 61040 Time elapsed: 7 minute(s), The known baddies are 'cn' (CommonName), 'ayb' (Lop.com) and 'relatedlinks' (Huntbar), you should have HijackThis fix those. Could that affect the trouble shooting that I need to do? It was originally developed by Merijn Bellekom, a student in The Netherlands.

Step 2: Run HijackThis Open the file named HijackThis.exe either by double clicking on it from the location where you saved it, or by clicking on Open on the Downloads box Microsoft MVP - Windows Security Back to top #3 Overthesound Overthesound Topic Starter Members 2 posts OFFLINE Local time:06:22 PM Posted 07 January 2009 - 04:36 PM No malicious items Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.