Hijack This Logfile (i followed all instructions)

Ross Neptune · May 4, 2006

I have followed all the steps, but computer is still jacked. The name of the trojan that bitdefender found was dropper.small.mt, but it couldn't erase it. also, when i ran ewido it found something called bho_se.106032 and bho_se.106048 but halfway through the scan my browser shut down. i attempted the scan a few more times w/the same luck. also, Mcafee found trojan.generic.downloader.v for the 2nd time (1st time was about 6 months ago) and supposidly got rid of it. i feel i'm running out of time. please and THANK YOU for your help!

Major Attitude · May 4, 2006

Looks like aMyWay hijack, theres a couple below you can remove, 2 I am not sure of. If your running the scans from safe mode, and online, it should not shut down.

Since you have a Dell, follow their instructions first:
http://forums.us.dell.com/supportforums/board/message?board.id=si_virus&message.id=42328

And make sure these are gone, and we can see where your at:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

Ross Neptune · May 4, 2006

i started the steps, but there was no program entitled "MyWay" in the Add/Remove program. there WAS a program entitled "2 Squared" that i don't think should be on my computer. have you heard of that? should i remove it? s hould i delete the entries you named previously even though i can't complete the dell instructions first? thank you!

Ross Neptune · May 4, 2006

oh, and i was running the scan from "safe mode with networking". i don't know why it was shutting things down when i ran ewido, but it was. i'll try again today just to see...

Ross Neptune · May 4, 2006

I went ahead and deleted those 2 that you mentioned (the MyWay ones). I also deleted "2 Squared" since I googled and could tell I never added that program and it looked a bit suspicious. please let me know what to do next. and thanks a ton!

Major Attitude · May 4, 2006

Typically, when there is nothing marked MYWay, or whatever your looking for, you simply continue through the other steps. It is important that system restore is off and your scanning from safe mode.

Major Attitude · May 4, 2006

You need to post the logs as an attachment please next time, hopefully there isnt a next time

Not sure, if this is your internet provider, leave it be:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000

These can be removed, harmless:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

Unsure, make a Hijack This backup and delete it:
O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} -

I dont see much else, what symptoms are you experiencing?

Log in or Sign up

Hijack This Logfile (i followed all instructions)

Ross Neptune Private E-2

Attached Files:

New Text Document.txt

Major Attitude Co-Owner MajorGeeks.Com Staff Member

Ross Neptune Private E-2

Ross Neptune Private E-2

Ross Neptune Private E-2

Attached Files:

HJT.txt

Major Attitude Co-Owner MajorGeeks.Com Staff Member

Major Attitude Co-Owner MajorGeeks.Com Staff Member

Log in or Sign up

Hijack This Logfile (i followed all instructions)

Ross Neptune Private E-2

Attached Files:

New Text Document.txt

Major Attitude Co-Owner MajorGeeks.Com Staff Member

Ross Neptune Private E-2

Ross Neptune Private E-2

Ross Neptune Private E-2

Attached Files:

HJT.txt

Major Attitude Co-Owner MajorGeeks.Com Staff Member

Major Attitude Co-Owner MajorGeeks.Com Staff Member

Useful Searches