Home > Need Help > Need Help Reading HJT Log

Need Help Reading HJT Log

O15 - Unwanted sites in Trusted ZoneWhat it looks like: O15 - Trusted Zone: http://free.aol.comO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.msn.comWhat to do:Most of the time only AOL and Here is the new log as requested. Right click on your Start Button and choose 'Explore' then find and delete the following highlighted folder and files: Folder: C:\Program Files\Common files\updater Files: C:\windows\EDM5pFZX.exe C:\WINDOWS\System32\elpjiqbo.exe C:\WINDOWS\System32\t?skmgr.exe<<--Name must be exact! I ran both and found a number of infections. http://magicnewspaper.com/need-help/need-help-reading-a-hjt-log.html

Are you looking for the solution to your computer problem? Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 chaslang, Jul 13, 2006 #10 plat Private E-2 Ok, I've fixed/deleted those three lines, my computer is still running good so I also refreshed the Restore Points on System Restore. If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it.

You can have HijackThis fix the below non-malware items. Prefix: http://ehttp.cc/?What to do:These are always bad. I will post them belowFRST,txtScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017Ran by Nicole (administrator) on NICOLE (12-02-2017 15:27:30)Running from C:\Users\Nicole\DownloadsLoaded Profiles: UpdatusUser & Nicole (Available Profiles: UpdatusUser Click on "Updates" and then choose "Check for updates".

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017 Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? Login now.

Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit. Here's how: Click My Computer, then C:\ In the menu bar, File->New->Folder. Use the Windows Task Manager (TASKMGR.EXE) to close the process prior to fixing. The second part of the line is the owner of the file at the end, as seen in the file's properties.Note that fixing an O23 item will only stop the service

It is not rocket science, but you should definitely not do it without some expert guidance unless you really know what you are doing.Once you install HijackThis and run it to I will follow all the steps you gave me, and post again when I've completed them. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL What to do:If you don't Now run Ccleaner (installed while running the READ ME FIRST).

Javascript You have disabled Javascript in your browser. This only applies to if using WinXP or WinMe. Loading... Help Home Top RSS Terms and Rules All content Copyright ©2000 - 2015 MajorGeeks.comForum software by XenForo™ ©2010-2016 XenForo Ltd.

The same goes for the 'SearchList' entries. I know for a fact that things are much better than they were when I first posted to PC Pitstop forums. Somehow I got a trojan horse that causes that I can't open certain web sites like facebook etc. Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...fb2637edd031:c6a8619ed12bad38f58557e5bc28b0d9 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - Other than that I'm malware free and I can refresh system restore? Unlike typical anti-spyware software, HijackThis does not use signatures or target any specific programs or URL's to detect and block. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup:

The file will not be moved.)(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Fitbit, Since she is a librarian she does a lot of browsing looking for educational material for the schoolkids and that means that from time to time she will probably pick up link and I believe that's all!

Please try again.

Click the "Scan Now" button. How to start your computer in Safe Mode: http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam Do ALL of what I instructed you to do above. In the last case, have HijackThis fix it.O19 - User style sheet hijackWhat it looks like: O19 - User style sheet: c:\WINDOWS\Java\my.css What to do:In the case of a browser slowdown Learn More.

Click Yes to confirm. or read our Welcome Guide to learn how to use this site. s r.o.) C:\Users\Nicole\Downloads\esetonlinescanner_enu.exe2017-02-11 01:25 - 2017-02-11 01:25 - 00000000 ____D C:\Users\Nicole\AppData\Local\ESET2017-02-09 07:38 - 2017-02-09 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2017-02-09 07:37 - 2016-12-29 07:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe2017-02-09 CLeaning procedures not followed.

Please re-enable javascript to access full functionality. If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. Thread Status: Not open for further replies. TechSpot is a registered trademark.

It is almost guaranteed that some of the items in your HijackThis logs will be legitimate software and removing those items may adversely impact your system or render it completely inoperable. Y kawika's Computers and StuffPost When You Want and Help When You Can..........Y Back to top Back to Solved Malware Logs 1 user(s) are reading this topic 0 members, 1 guests, Being that it's a school computer, run the Clean Up utility that you downloaded earlier and be sure to keep the Hard drive defragged. :)Y Y kawika's Computers and StuffPost When Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted

Just paste your complete logfile into the textbox at the bottom of this page. I have called my credit card company and canceled the card.I ran the ESET Online ScannerThis is what the scan foundC:\Users\Nicole\Downloads\setup (1).exe.54x01ww.partiala variant of MSIL/Adware.PullUpdate.J.gen applicationI ran Security CheckResults of screen317's Ask a question and give support. Restart your computer and post a fresh HijackThis log back on this thread.

At this point I didn't realize I had a virus...the number could have been stolen anywhere.