Home > I Need > I Need Help Analyzing My HJT Log.

I Need Help Analyzing My HJT Log.

help me analyze what files to remove from my log file Mar 8, 2008 Can someone analyze my HJT log? Loading... Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Need Help On Analyzing My Hijackthis Log Started by mycheladam , Jul 20 2008 10:01 AM This topic is locked 5 replies to this topic #1 mycheladam mycheladam Members 4 posts

o It will open in your default text editor (such as Notepad/Wordpad). All Rights Reserved. OverTallman replied Feb 11, 2017 at 4:09 AM CHKDSK Found Bad Sectors... In fact, quite the opposite.

Style Default Style Contact Us Help Home Top RSS Terms and Rules Copyright © TechGuy, Inc. O5 - IE Options not visible in Control PanelWhat it looks like: O5 - control.ini: inetcpl.cpl=noWhat to do:Unless you or your system administrator have knowingly hidden the icon from Control Panel, Ghazaly Shaaban\Cookies\md.

  1. Back to top #4 Buckeye_Sam Buckeye_Sam Malware Expert Members 17,382 posts OFFLINE Gender:Male Location:Pickerington, Ohio Local time:04:49 AM Posted 30 March 2008 - 06:14 PM I think we fix you
  2. Rather, HijackThis looks for the tricks and methods used by malware to infect your system and redirect your browser.Not everything that shows up in the HijackThis logs is bad stuff and
  3. Thank Youthis is the HJT result:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:19 PM, on 7/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\csrss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\system32\nvsvc32.exeD:\WINDOWS\System32\alg.exeD:\WINDOWS\Explorer.EXED:\Program Files\VIA\RAID\raid_tool.exeD:\WINDOWS\SOUNDMAN.EXED:\WINDOWS\system32\RUNDLL32.EXED:\Program
  4. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged
  5. Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 00:02 68856]"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 18:43 95536]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LaunchApp"="launchapp" []"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29
  6. If you didn't add the listed domain to the Trusted Zone yourself, have HijackThis fix it.O16 - ActiveX Objects (aka Downloaded Program Files)What it looks like: O16 - DPF: Yahoo!
  7. A menu should come up where you will be given the option to enter Safe Mode.
  8. Treat with care.O23 - NT ServicesWhat it looks like: O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exeWhat to do:This is the listing of non-Microsoft services.

Facebook Google+ Twitter YouTube Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones CPUs Storage Cases Please be patient while it scans your computer. ยท After the scan is complete a summary box will appear. Other things that show up are either not confirmed safe yet, or are hijacked (i.e. Use the Windows Task Manager (TASKMGR.EXE) to close the process prior to fixing.

Click the System Restore tab. Database Statistics Bad Entries: 190,982 Unnecessary: 119,579 Good Entries: 147,839

From Twitter Follow Us Get in touch [email protected] Contact Form HiJackThisCo RSS Twitter Facebook LinkedIn © 2011 Activity Labs. If theres no updates thats a good thing,not bad.Check about once a week. Article Which Apps Will Help Keep Your Personal Computer Safe?

The known baddies are 'cn' (CommonName), 'ayb' (Lop.com) and 'relatedlinks' (Huntbar), you should have HijackThis fix those. Please continue to check this forum post in order to ensure we get your system completely clean. Contact Us Terms of Service Privacy Policy Sitemap I definitely fell asleep waiting last night!

Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India How To Analyze HijackThis Logs Search the site GO Web & Search Safety & O7 - Regedit access restricted by AdministratorWhat it looks like:O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1What to do:Always have HijackThis fix this, unless your system administrator has put this restriction into place.O8 - Extra Thanx a lot for replying.. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan.

scanning hidden autostart entries ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run HPUsageTracking = C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe "C:\Program Files\Hewlett-Packard\HP UT\"??????????????????????????????????? o Click Preferences. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! after i rebooted my pc the problem still persists.

Type a description for your new restore point. Thanx! riona said: ↑ i go to window update but there's no more update to download for my window. Any recommendations and advice will be highly appreciated.

Please thank your helpers and there will always be help here when you need it!======================================================== Back to top #3 pullah pullah Topic Starter Members 11 posts OFFLINE Local time:05:49 PM Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL What to do:If you don't A new window will open...click the Check Now button.

Windows Update (6300-NGSRP-TMR521A-SMG-542PH-3180) .

Stay logged in Sign up now! Very few legitimate programs use it (Norton CleanSweep uses APITRAP.DLL), most often it is used by trojans or agressive browser hijackers.In case of a 'hidden' DLL loading from this Registry value Join the community here. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo!

Post the contents of the ActiveScan report Cheeseball81, Jul 23, 2007 #2 abasham Thread Starter Joined: Jul 23, 2007 Messages: 5 After the download, the ActiveX bar appears again. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program. Spyware removal software such as Adaware or Spybot S&D do a good job of detecting and removing most spyware programs, but some spyware and browser hijackers are too insidious for even Advertisement abasham Thread Starter Joined: Jul 23, 2007 Messages: 5 Thanks in advance for your help!

If you're not already familiar with forums, watch our Welcome Guide to get started. or read our Welcome Guide to learn how to use this site. Please enter a valid email address. JiminSA replied Feb 11, 2017 at 4:28 AM Playing guitar RT replied Feb 11, 2017 at 4:24 AM Amd a8 7600 or fx 6300 with...

Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabWhat to do:If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix Dec 17, 2008 Please help analyze HijackThis log Apr 17, 2009 Can someone please help me with my HJT log? If it's not on the list and the name seems a random string of characters and the file is in the 'Application Data' folder (like the last one in the examples Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:04:26 PM, on 7/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe Discussion in 'Virus & Other Malware Removal' started by abasham, Jul 23, 2007. Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dllO2 - And here is the combofix log:ComboFix 08-03-30.1 - Saifullah Md Ghazaly 2008-03-30 18:08:02.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.482 [GMT 8:00]Running from: C:\Documents and Settings\Saifullah Md Ghazaly\Desktop\ComboFix.exe * Created a

Short URL to this thread: https://techguy.org/599689 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account? With the help of this automatic analyzer you are able to get some additional support. scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-04-01 10:32:35ComboFix-quarantined-files.txt 2008-04-01 02:32:33ComboFix2.txt 2008-03-31 11:36:46ComboFix3.txt 2008-03-30 10:12:07Pre-Run: 34,484,781,056 bytes freePost-Run: 34,472,767,488 bytes free.2008-03-29 04:04:07 --- E O F --- After rebooting, i