Home > Hjt Log > HJT Log - Need Help - Wtta.exe

HJT Log - Need Help - Wtta.exe

THanks a lot! ------------------------------------------- Logfile of HijackThis v1.97.7 Scan saved at 9:52:43 PM, on 12/17/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe You need to be using Internet Explorer to go to the site though. Similar Threads - Hijack need help In Progress Vosteran Chrome Hijack Help welkermike, Jan 13, 2017 at 8:45 PM, in forum: Virus & Other Malware Removal Replies: 1 Views: 89 dvk01 Please could you precisely follow the instructions provided by RealBlackStuff here, and then post a fresh HJT log as a txt attachment in this thread, and then we can all look

Put your HijackThis.exe there, and run it from there in the future _ _ _ _ _Run HijackThis, click on "Scan" and check the boxes next to all these items:O2 - You WOULD NOT want your backups there ( Sub-Folders of Temporary folders are also TEMPORARY FOLDERS). Janet McKenneyMSLN Circuit Rider Programhttp://circrider.msln.net/ Back to top #4 mslncircuitrider mslncircuitrider Member New Member 4 posts Posted 14 February 2005 - 10:43 AM Thanks for all your help. Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: http://www.techsupportforum.com/forums/f284/hjt-log-need-help-wtta-exe-49461.html

Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & When all OK, switch System Restore back on. Login now. Choose Copy from the menu.

Cookiegal, Dec 4, 2004 #12 Sponsor This thread has been Locked and is not open to further replies. Click here to Register a free account now! still getting single pop-ups...mostly loadingwebsite.com, lately also dirtyhippo.com, etc, random. Click here Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 0 user(s) are reading this topic 0 members, 0 guests, 0 anonymous users Reply to quoted postsClear

Back to top #3 miekiemoes miekiemoes Malware Killer Dog Malware Response Team 19,420 posts OFFLINE Gender:Female Location:Belgium Local time:05:14 PM Posted 29 May 2005 - 08:21 AM Due to the I ran a virus check and Norton found it, but was unable to delete it. Go to Start > Run, enter %temp% and then click Edit > Select All. https://www.bleepingcomputer.com/forums/t/36950/i-need-help/ Well, this time ad-aware only found 18 files so it's looking much much better.

Could not find an Open Process Manager in HiJackThis. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump Below is my HJT log ... Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab O16 - DPF: Yahoo!

They collect information about you and your usage. Thanks for all the help. - Jacque jacqanderson, Dec 4, 2004 #9 Cookiegal Administrator Malware Specialist Coordinator Joined: Aug 27, 2003 Messages: 105,542 No but do empty them on a First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files. Switch System restore OFF.

No, create an account now. Check the following entries (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/ R1 - and make sure you have all of Microsoft security updates then reboot & Run Sybot S&D After installing, first press Online, press search for updates, then tick the updates it finds, SmitFraudFix v2.144 Scan done at 21:28:27.31, Sun 02/25/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode

Please re-enable javascript to access full functionality. It is very important that you get all of the critical updates for your Operating System and Internet Explorer. When you have rebooted, please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If Please download Adaware SE and install it if you don't have it already.

Please re-enable javascript to access full functionality. You had HijackThis version 1.99.1 earlier but this one is version 1.97.7? Open Hijack This and click on Scan.

Just click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do its thing. _______________________________________________________________________ Boot back into Windows now.

Beside "Startup Type" in the dropdown menu select "Disabled". Right click and choose "Properties". I would suggest that you read this entire thread... Click Apply, and then click OK.

I keep getting a warning from Norton that wtta.exe is trying to access a DNS server. Jun 13, 2005 #3 tdeg TS Rookie Posts: 119 I've had good luck with the beta scan on Trendmicro, it seems to pick up most of the spyware and remove it. Here is my new HJT log: Logfile of HijackThis v1.97.7 Scan saved at 10:10:16 PM, on 4/17/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: Try and IE repair: Click Start > Settings > Control Panel, then double-click Add/Remove Programs On the Install/Uninstall tab, doubleclick "Microsoft Internet Explorer 6 SP1 and Internet Tools", click the Repair

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 In Windows Explorer, turn on "show all files and folders, including hidden and system".

Join the community here. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dllO2 - BHO: CNavExtBho Class We use data about you for a number of purposes explained in the links below. AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help!

Register now! Back to top #3 mslncircuitrider mslncircuitrider Member New Member 4 posts Posted 07 January 2005 - 04:00 PM Hello mslncircuitrider,You are running HiJackThis on a temporary folder. This will patch numerous security holes in IE and Windows. Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads

This will take a short while, let it do its thing.When asked to reboot system select NoClose CleanUpRestart Normal and have the PC Scanned here: Panda Active ScanYou will need to Join our site today to ask your question. i accdentally typed the file c:/windows/csrvs.exe int RUN instead of searchso now its running again on my pc but luckily my firewall is blocking its acces to the network but i Several functions may not work.

http://www.javacoolsoftware.com/spywareblaster.html Read here to see how to tighten your security: http://forums.techguy.org/t208517.html Delete your temporary files: In safe mode go to the C:\Windows\Temp folder. Edited by ryukava, 15 February 2005 - 04:19 AM. Jan 1, 2006 Inundated with pop ups.