Home > Need Some > Need Some Help With This One HiJack Log Enclosed

Need Some Help With This One HiJack Log Enclosed

Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! When the scan is completed and all files removed, close it.   =*=   I see some remnant of the Look2Me infection. After you uncheck these, click on the Save button and close Microsoft AntiSpyware. Click here to Register a free account now! navigate here

Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:04:04 PM, on 8/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Typically there are two ... Sign In Sign Up Browse Back Browse Forums Calendar Staff Online Users Activity Back Activity All Activity Search www.cybertechhelp.com | home Cyber Tech Help Support Forums > Software Show Ignored Content As Seen On Welcome to Tech Support Guy!

it also suggests starting up ie then going in to the task manager and ending all tasks associated with your name except for explorer and ie and then browse around until Sign in to follow this Followers 0 looking for some help please - log enclosed Started by BillK, December 26, 2005 3 posts in this topic BillK Member New Member Go - http://download.games.yahoo.com/games/clients/y/gt2_x.cabO16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cabO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cabO16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CABO16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {11111111-1111-1111-1111-111111111123}

Posted December 29, 2005 · Report post Hello BillK, welcome to SWI.   Print this topic it will make it easier for you to follow the instructions and complete all of Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: &Yahoo! Be sure to adhere to our posting rules. When done, Combofix will close and a log should open, combofix.txt.

info left over after deleting Weather Bug). Thank you for helping us maintain CNET's great community. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:33:18 AM, on 8/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Download this tool L2mfix from one of these two locations:   http://www.atribune.org/downloads/l2mfix.exe http://www.downloads.subratam.org/l2mfix.exe   Save the file to your desktop and double click l2mfix.exe.

Ok, here is the new log, Combofix did an auto reboot also. or read our Welcome Guide to learn how to use this site. It's always the same sites (the names are graphic so let me know if you need me to post them). Advertisement wmhollywood Thread Starter Joined: Dec 17, 2004 Messages: 1 Logfile of HijackThis v1.99.0 Scan saved at 11:24:18 PM, on 12/16/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00

thanks, YukonMEHere is the link to Eddy's analyzed log:http://hijackthis.de/logfiles/a48e6c8b71b45afcfc4557a8998b082c.html Logged Eddy Avast Evangelist Maybe Bot Posts: 26132 Watching (over?) you Re: Analyzed HijackThis Log - link for help « Reply #1 Join over 733,556 other people just like you! Thread Status: Not open for further replies. No, create an account now.

There is another really excellent forum that handles HijackThis Logs, SpybotSD, etc.It basically is along the lines of spywareinfo. Companion) - http://us.dl1.yimg.com/download.yaho...bio5_1_3_0.cab josh1r View Public Profile Visit josh1r's homepage! Thanks again in advance. The other day my computer came under attack.

Are you looking for the solution to your computer problem? Any help would be much appreciated! Interests:Golf, Pool (Snooker), Enjoying retirement. his comment is here am I missing something? - 3 replies aurora trouble--hijack log - 10 replies Can someone help me with my hijack log? - 5 replies Hijack Log - 17 replies Hijack Log

Stay logged in Sign up now! Copy the contents of that log and paste it into this thread.   IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked Bhakti,After following Bob's suggestions....if you still need advice on the appropriate items to remove from your HijackThis log, post your log to the forums at one of the links below.

I'll give that a try.

carolinalax23 View Public Profile Find all posts by carolinalax23 #10 June 27th, 2004, 05:35 AM josh1r New Member Join Date: Jun 2004 Posts: 4 Quote: Originally Posted by by Grif Thomas Forum moderator / June 2, 2004 2:09 AM PDT In reply to: HijackThis Help: Can someone advise me aswell please!! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R3 - Default URLSearchHook is missing O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\guard.tmp (file missing)   Download CWShredder.exe CoolWebSearch removal tool from this site. by R.

O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html O8 Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cabO16 - DPF: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dllO2 - BHO: &Yahoo! Find all posts by josh1r #6 June 27th, 2004, 02:49 AM carolinalax23 Member Join Date: Jun 2004 Posts: 56 i've deleted it in regular and in safe mode

Proffitt Forum moderator / June 2, 2004 1:06 AM PDT In reply to: HijackThis Help: Can someone advise me aswell please!! Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. I didn't see much in here but then I don't have any experience with this stuff.   Logfile of HijackThis v1.99.1 Scan saved at 10:24:43 AM, on 12/26/2005 Platform: Windows XP Typical Google could start sending up custom JavaScript from JavaScript repository.

If you are still getting that error after reboot, I suggest you uninstall Adaware and reinstall it again.Anyway, let's deal with the malware leftovers first..* Open notepad - don't use any