Home > Solved Hijack > Solved: Hijack This Log-please Please Help

Solved: Hijack This Log-please Please Help

Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13D56D7E-F77B-4C3F-91FC-B5A42B371588} - C:\Program Files\wp4wblj0\wp4wblj0.dll O2 - BHO: Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Type a description for your new restore point. If you need it reopened for this same issue then please PM me. http://visu3d.com/solved-hijack/solved-hijack-log-please-help-with.html

Don't click on it! I scanned the system with installed norton (the scan still works), with Symantec on-line scan, with TrojanHunter, with Spybot, with McAfee Stinger and found nothing. That's what the forums are here for. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1C08FB55-8DAA-41CC-BB5C-1172373ADEC8} - C:\Program Files\wp4wblj0\wp4wblj0.dll O2 - BHO: additional hints

It could hve been an infection that started it (many do try and disable anti-virus programs and firewalls) or it could have started with Norton. Back to top #8 OldTimer OldTimer Malware Expert Members 11,092 posts OFFLINE Gender:Male Location:North Carolina Local time:08:43 AM Posted 05 August 2005 - 08:46 AM Hi Marco-63. Move HijackThis into this folder. When I clicked on this link....http://survey.otxresearch.com/Preloader.dll......and then run, the ewido comes up and says something about a TrojanDownloader.OTXLoader.

  1. Choose Clean and put a checkmark in the checkbox for Perform action on all infections and click the Ok button to continue the scan.When the scan is complete close ewido and
  2. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.
  3. It is free.
  4. Something like "After trojan/spyware cleanup".
  5. I noticed that the system icon didn't work so I started the safe mode (F8) and disabled the system recovery mode.

If I don't hear back within 24 hours I'll assume that it is fine to close this topic. The issue does appear to lie with Norton if it cannot be uninstalled. Checking the Windows folder for system and hidden files within the last 60 days... 02/08/2005 19.43.54 54156 C:\WINDOWS\QTFont.qfn 31/07/2005 20.22.32 0 C:\WINDOWS\LastGood\INF\enavweb.inf 31/07/2005 20.22.32 0 C:\WINDOWS\LastGood\INF\enavweb.PNF 12/07/2005 22.31.20 0 C:\WINDOWS\LastGood\INF\q903235.inf 12/07/2005 Any help is appreciated.

Marco Back to top #14 OldTimer OldTimer Malware Expert Members 11,092 posts OFFLINE Gender:Male Location:North Carolina Local time:08:43 AM Posted 17 August 2005 - 08:07 AM You're very welcome Marco-63. Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! I'm glad that we could help. exe" /RANDOM O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DU Meter] D:\Programmi\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [CallControl 4.5] C:\PROGRAMMI\FAXTALK COMMUNICATOR\FTCtrl32.exe /autoload

GeekBuddy is a remote support service for Comodo and is quite safe and should be left to run at start-up if you have Comodo installed, (which it is - running at Get all of these and/or verify you have the current versions SpywareBlaster 3.4 http://majorgeeks.com/download2859.html SpyBot V1.4 http://www.majorgeeks.com/download2471.html AdAware SE 1.06 http://www.majorgeeks.com/download506.html MS AntiSpy - http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en (XP and W2K only) DL them Click Yes to create a default host file.   Video Tutorial Rate this Solution Did this article help you? Everything seems to be running fine.

Back to top #2 Nirvana Nirvana Member Trusted Malware Techs 188 posts Location:Milton Keynes, U.K. coffee_40, Oct 18, 2005 #7 MFDnNC Joined: Sep 7, 2004 Messages: 49,014 At the beginning of a restart/boot start - at the first black screens - tapping F8 at least every OT I do not respond to PM's requesting help. The system remains as before: firewall disabled, system control panel blocked.I deleted the entries in registry (under MSConfig\Services, ControlSet001\Services, ControlSet003\Services and CurrentControlSet\Services), but some entries can not be deleted: ControlSet001\Enum\Root\LEGACY_xxx, ControlSet003\\Enum\Root\LEGACY_xxx

Please use them so that others may benefit from your questions and the responses you receive.OldTimer Back to top #11 Marco-63 Marco-63 Topic Starter Members 8 posts OFFLINE Local time:07:43 http://visu3d.com/solved-hijack/solved-hijack-please.html Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. Since Norton has been uninstalled is BlackICE still disabled?Cheers.OTHi OldTimer.After Norton uninstallation, BlackIce was still disabled.I did that:- started XP in safe mode, run msconfig and disabled all the services but Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy MyBB MyBB

Yes, my password is: Forgot your password? GeekBuddy is typically added when you install other free software that had bundled into installation of another download and can be bundled with the installers from Cnet, Softonic or other similar Close An error (403 Forbidden) has occurred in response to this request. check over here Yes No Thanks for your feedback.

The solution is hard to understand and follow. If you're not already familiar with forums, watch our Welcome Guide to get started. Checking %System% folder...

Several functions may not work.

You can try the sfc /scannow but I doubt that it will resolve any problems. Here is my hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 20.38.52, on 29/07/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe Here are the instructions of Configuring Windows XP to clean boot.After that I restarted the Pc normally and suddenly appeared some odd services (like c:\system32\AVCQY.exe). Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Avast Products >

To see product information, please login again. How do I download and use Trend Micro HijackThis? After having disabled system recovery the icon appears in normal mode but hangs up when I access to the update section. http://visu3d.com/solved-hijack/solved-hijack-this-help-please.html O4 - Global Startup: Quicken Scheduled Updates.lnk = D:\Programmi\Quicken\bagent.exe O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: + Offline &Explorer: Download the link

Test the firewall and see if it is now working properly. Anybody can ask, anybody can answer. I'm going crazy because I can not understand what's going on. The WinPFind log is clean also.

In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button. This is the free version I'm refering to. OT I do not respond to PM's requesting help. SpywareBlaster and SpywareGuard are by JavaCool and both are free programs.

How can I found out where is the virus in order to definitely kill it? OT I do not respond to PM's requesting help. Follow steps 1 to 3 again, then uncheck Turn off System Restore tab. The issue that you are encountering cuold be cause by a faulty Norton update.

If not, then uninstall that also. It is clean.Let's try a different scan and see what it shows us.Download WinPFind.zip and unzip the contents to the C:\ folder.Start in Safe Mode Using the F8 method:Restart the computer.As You have to look deeper than the analysis, using google for the file names, etc. Another odd thing: I can not uninstall Norton and can nto upgrade Blackice, but i can update virus definition with intelligent updater.

If you don't use Comodo, you may have installed GeekBuddy without your knowledge. Thread Status: Not open for further replies. A complete system scan with Kaspersky did not show presence of viruses. MFDnNC, Oct 19, 2005 #10 coffee_40 Thread Starter Joined: Aug 21, 2005 Messages: 50 HI again, I don't know if it is fixed.

Please use them so that others may benefit from your questions and the responses you receive.OldTimer Back to top #9 Marco-63 Marco-63 Topic Starter Members 8 posts OFFLINE Local time:07:43 Did you want me to post the logs again or not. Thanks for the help.