Home > Hjt > HJT - Seanster_Hog

HJT - Seanster_Hog

It will quickly clean the rest and will make a copy of t Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Std. Help us fight Enigma Software's lawsuit! (Click on the above link to learn more) Become a BleepingComputer fan: FacebookFollow us on Twitter! Back to top #10 ColdinCbus ColdinCbus Members 312 posts OFFLINE Local time:07:38 PM Posted 04 July 2004 - 09:41 PM Can you post the contents of Win.txt too.

Then click on Edit and then Click on Copy.Create a reply to this post, and right click in message area and select paste to paste the log into the post.Someone will Follow the prompts to install the program. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). A directory like c:\hijackthis.

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {4F0C952D-3403-4937-82B0-60C8A04DB6CF} - (no file)O2 - BHO: (no name) - There are things that show up in HJT in my user accont that do not show up in the admin account. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Without a firewall your computer is succeptible to being hacked and taken over.

Back to top #6 Grinler Grinler Lawrence Abrams Admin 42,756 posts ONLINE Gender:Male Location:USA Local time:06:38 PM Posted 04 July 2004 - 05:44 PM I want to try something. Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear BleepingComputer.com Hang with us on LockerDomeCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector Simple and easy ways to keep your computer safe and secure on the Internet

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec I have ran HJT numerous times in safe mode and ran the pandasoft scan and did the S&D scan, but to no avail.Here is my HJT log:Logfile of HijackThis v1.97.7Scan saved Hang with us on LockerDomeCircle BleepingComputer on Google+!How to detect vulnerable programs using Secunia Personal Software Inspector Simple and easy ways to keep your computer safe and secure on the Internet Back to top #3 seanster_hog seanster_hog Topic Starter Members 16 posts OFFLINE Local time:07:38 PM Posted 10 August 2004 - 06:55 AM Here is the log from "Get Active Services":

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {E39773CF-14EE-44D6-93CA-CF1ED4B44F9A} Put a checkmark next to each of these entries and press the fix button when ready:WORKSTATION NETLOGON SERVICE: O?rtȲ$C:\WINDOWS\system32\netml.exe /sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\otvtx.dll/sp.html#96676R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {E39773CF-14EE-44D6-93CA-CF1ED4B44F9A} CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).

Have not seen one for a little while.Here is the Admin Account HJT log:____________________________________________Logfile of HijackThis v1.98.0Scan saved at 1:25:03 PM, on 7/3/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cabO16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.149/code/iPIX-ImageWell-ipix.cabO21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - (no file)And here is my user account info:_______________________________________________________Logfile of HijackThis v1.98.0Scan Generated Tue, 24 Jan 2017 23:38:04 GMT by s_hp87 (squid/3.5.23) ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://0.0.0.8/ Connection The system returned: (22) Invalid argument The remote host or network may be down.

Back to top #7 Grinler Grinler Lawrence Abrams Admin 42,756 posts ONLINE Gender:Male Location:USA Local time:06:38 PM Posted 04 July 2004 - 06:03 PM No you are not missing something. Using the site is easy and fun. if it is uncheck it and try again.Step 5:Copy the contents of the Quote Box below to Notepad.Name the file as fix.regChange the Save as Type to All FilesSave this file Check if the address is correct.

C:\WINDOWS\System32\D3DNB.DLL +++ File read error \\?\C:\WINDOWS\System32\D3DNB.DLL +++ File read error (*2*) ........ **File C:\FINDnFIX\LIST.TXT D3DNB.DLL Can't Open! (*3*) ........ C:\WINDOWS\SYSTEM32\ d3dnb.dll Sat Jun 19 2004 9:50:00p A...R 57,344 56.00 K nticdm~1.dll Thu Jun 3 2004 9:11:30p ...HR 1,024 1.00 K 2 items found: 2 files (1 H/S), 0 directories. DO NOT fix any entries unless you understand what you are doing.To see a tutorial on using HijackThis you can click on the link below:HijackThis - Using HijackThis to Remove Spyware, Fixing enties with Hijackthis may leave behind unwanted files on your computer if the previous step was not done first.Create a directory on your hardrive to save HijackThis.exe.

Sniffing.......... Simply using a Firewall in its default configuration can lower your risk greatly. Open the Files2 folder.

This will restore the original deleted Hosts file.

TransmissionRetryTimeoutvk  '   USERProcessHandleQuota0 h    X   vk    AppInit_DLLsdisk ______________________________________ Once again... Double click on the that service and click stop and then set the startup to disabled.Step 2:Press control-alt-delete to get into the task manager and end the follow processes if they Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

ERROR Std.

When it is finished, open the FindnFix folder. Please continue with the next step.Step 2:It is important that you run Spybot and Adaware before you proceed with this step. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that VS_FIXEDFILEINFO: Signature: feef04bd Struc Ver: 00010000 FileVer: 00050001:0a280000 (5.1:2600.0) ProdVer: 00050001:0a280000 (5.1:2600.0) FlagMask: 0000003f Flags: 00000000 OS: 00040004 NT Win32 FileType: 00000001 App SubType: 00000000 FileDate: 00000000:00000000 Dir 'junkxxx' was created

A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Please check for the existence of this file by going to to Merijn Files control.exe and examine where the file should be for your operating system. Please try the request again.