Home > Hjt Log > HJT Log File - Friend's Ty

HJT Log File - Friend's Ty

Not real concerned what Spybot found......unless after you let it delete and it continues to find the same thing. If you wish to show your appreciation, then you may donate to help keep us online. C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSxfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. Apologies for not replying earlier (I've been crazy busy).

Did we mention that it's free. Want to help others? If this is not your thread please start a New Topic. Several functions may not work. this page

It is a simple procedure that will only take a few moments of your time. I asm in Upstate NY. For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe Theres no antivirus on this computer?...or that wont install either?

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search PCWorld Home Forum Today's Posts FAQ Calendar Community Groups Albums Member List Forum Actions Mark Forums Read Quick Links View Forum Leaders Who's Online What's New? Avast Evangelists.Use NoScript, a limited user account and a virtual machine and be safe(r)! Completion time: 2009-02-04 0:23:47 ComboFix-quarantined-files.txt 2009-02-04 00:23:26 Pre-Run: 320,028,545,024 bytes free Post-Run: 320,272,777,216 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point. I attempted exactly what you suggested but lsass.exe could not be found. Go to My Computer->Tools->Folder Options->View tab:Under the Hidden files and folders heading: Select - Show hidden files and folders. read review Rather, HijackThis looks for the tricks and methods used by malware to infect your system and redirect your browser.Not everything that shows up in the HijackThis logs is bad stuff and

Please re-enable javascript to access full functionality. Have HijackThis fix them.O14 - 'Reset Web Settings' hijackWhat it looks like: O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.comWhat to do:If the URL is not the provider of your computer or your ISP, have It's free. oxymoronism: came back with a 17% of possibly being infected with a virus and one of the scanners said it had a trojan downloader which is my problem Navigation [0] Message

If you wish to show your appreciation, then you may donate to help keep us online. click Double click l2mfix.bat Select option #1 for Run Find Log by typing 1 and then pressing enter. Note the space between the x and the /u, it needs to be there.Example below If you should receive an error message trying to run the above command, do the following This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

Download Hijack This! Please do not PM me for HJT help, we all benefit from posting on the open board.Want to help others? Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy How You are correct about the PC not having anti virus.

  1. Since it appears the rootkit might be under control now try to install AVG again.
  2. Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.
  3. below is the hjt for a good friend...it's off his computer.
  4. The help you receive here is free.
  5. Join the ClassRoom and learn how.
  6. AVG is still flagging Trojan Horses.
  7. anyway, here's his hjt log.

mobile security Lisandro Avast team Certainly Bot Posts: 66809 Re: hijackthis log analyzer « Reply #13 on: March 26, 2007, 12:43:09 AM » Strange that the HiJackThis does not 'discover' the To start viewing messages, select the forum that you want to visit from the selection below. If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. Ignore it 2.

Advanced Search Forum PressF1 Hijackthis log How fast is your internet? The log looks good. Very few legitimate programs use it (Norton CleanSweep uses APITRAP.DLL), most often it is used by trojans or agressive browser hijackers.In case of a 'hidden' DLL loading from this Registry value

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy


uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride =;*.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f010.mail.lycos.co.uk/app/uploader/FileUploader.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector Please allow ComboFix to install, if needed, Windows Recovery Console. Please do not PM me for HJT help, we all benefit from posting on the open board.Want to help others? Secure My Computer: A Layered Approach Strong passwords: How to create and use them Free Antivirus-AntiSpyware-Firewall Software Slow Computer May Not Be Malware Related, Help!

You must be very accurate, and keep to the prescribed routines,polonus Logged Cybersecurity is more of an attitude than anything else. I forgot to mention that I am unable to change the homepage. free 12.3.2280/ Outpost Firewall Pro9.3/ Firefox 50.1.0, uBlock Origin, RequestPolicy/ MailWasher Pro7.8.0/ DropMyRights/ MalwareBytes AntiMalware Premium 2.2.0/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! Logged polonus Avast √úberevangelist Maybe Bot Posts: 28493 malware fighter Re: hijackthis log analyzer « Reply #2 on: March 25, 2007, 09:48:24 PM » Halio avatar2005,Tools like FreeFixer, and the one

mauserme Massive Poster Posts: 2475 Re: hijackthis log analyzer « Reply #14 on: March 26, 2007, 01:25:24 AM » HijackThis does show the actual path. In the last case, have HijackThis fix it.O19 - User style sheet hijackWhat it looks like: O19 - User style sheet: c:\WINDOWS\Java\my.css What to do:In the case of a browser slowdown it'll be almost a week before i can get back over here again to do the homework you assign!as ALWAYS, guys...ty SOOO much!Logfile of HijackThis v1.99.1Scan saved at 11:42:58 PM, on Any bad links or emails that are not from the original poster will be deleted without response.

That is what we mean by checking and don't take everything as gospel, they to advise scanning with and AV if you are suspicious, etc.There is also a means of adding The one in the system32 folder is the "legit" one. I believe that I may have to go into the safemode or regedit. But if the installation path is not the default, or at least not something the online analyzer expects, it gets reported as possibly nasty or unknown or whatever.

For the 'NameServer' (DNS servers) entries, Google for the IP or IPs and it will be easy to see if they are good or bad.O18 - Extra protocols and protocol hijackersWhat Tick these and select fix checked: O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe hpsysdrv O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: Here are the logs: l2mfix Log: IM me for the .doc (it is saved as an image of some sorts, really screwy) HijackThis: Code: Logfile of HijackThis v1.99.1 Scan saved at