Home > Hijackthis Log > Hijackthis Log Analysis - I'm At A Loss

Hijackthis Log Analysis - I'm At A Loss

Contents

Try either disabling the realtime monitors of your other security programs when scanning. Do this. I really don't care about losing data or having to reinstall programs. Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cabO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - http://exomatik.net/hijackthis-log/hijackthis-log-i-m-completely-at-a-loss.php

If nothing has changed in 3 hours, is there any point to letting it continue? also i can't seem to change my starting page in explorer it's always blank and showinga page called "Search for..."after doing all sorts of scanning downloading both anti-trojans, online scans and I am read the posts on a daily basis and would also like to step in and help with the elementary beginning parts, but I haven't figured out if Adaware/spybot etc Free Antivirus Internet Security Avast for Business Free Mac Security Free Mobile Security for Android About Us Avast recommends using the FREE Chrome™ internet browser.

Hijackthis Log Analyzer

Call it the good log or something. I am an aspiring Flrman Foot Soldier. I'd just like to get the computer back to internet browsing and such with fast speed, and get my money's worth from my cable connection. Click here Back to top #37 edwilson edwilson Topic Starter Members 47 posts OFFLINE Gender:Male Location:Knoxville, TN Local time:07:05 PM Posted 09 June 2006 - 06:08 PM Log looks good,

Please consider donating to help me continue with the fight against malware. Sadly I do not yet possess that ability. I'm really not sure how practical or feasible that is but, had I seen something like that my first trip in I would have saved you guys a few extra steps Hijackthis Windows 10 I'm now going to complete the rest of the instructions and will post the logs. --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 2:02:55 PM, 5/15/2006 + Report-Checksum: 5D7C7F05

In otherwords, two levels of assistance. Click here Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #17 edwilson edwilson Topic Starter Members 47 posts OFFLINE Gender:Male Location:Knoxville, TN Local time:07:05 This time it stalled again on the same file: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790Ran RootkitRevealer (updated to v1.71)Found 27 discrepancies. I have posted in more then one site also but I go back to all sites and let them know what is going on.

I am all for the people that want to help doing some of the preliminary work. Hijackthis Download Windows 7 At the bottom is says "Now scanning......" I kept the machine running all night but it kept saying this message.... Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cabO16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.nugs.net/dev/dlControl.CABO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} Ad-aware and Spybot will take care of quite of few entries automatic.

Hijackthis Download

Give the people who are tested and proven knowledgable a title unde their name, that way members and guests will know that these people have been "certified" by TSG to help. Hijackthis Log Analysis - I'm At A Loss Started by edwilson , Feb 06 2006 12:25 PM Prev Page 2 of 3 1 2 3 Next This topic is locked 37 Hijackthis Log Analyzer Check the box next to each "target family" you wish to remove, then click Next, then OK.3) If that does not work, cancel before the scan reaches the point of stalling Hijackthis Windows 7 Click here to Register a free account now!

Please be patient and donn't "bump" your post, as logs are read from oldest to newest.Regards,SpikeBack to this issue after long time away. http://exomatik.net/hijackthis-log/hijackthis-log-analysis-11-26.php Look for the *New Topic* Button near the top right when viewing the forums. While saving it I got the following error and when I opened the txt file it was blank. It may mean we have to concentrate our efforts in a "HijackThis" specific forum. $teve, Jul 19, 2004 #1 Sponsor dai Joined: Mar 6, 2003 Messages: 11,198 most of Hijackthis Trend Micro

Thread Status: Not open for further replies. Nite Owl, Jul 19, 2004 #11 foxfire Joined: Jan 14, 2003 Messages: 292 Infidel Kast & Fidelista are absolutely correct. 1. Sorry about that, could you please update the instructions for this log:Logfile of HijackThis v1.99.1Scan saved at 5:41:04 PM, on 2/8/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running this content Please note that many features won't work unless you enable it.

I also noticed its size was 0 kb. How To Use Hijackthis I would advise anyone that wants to help get the thread started like that to PM someone who can finish the job rather than just leaving the thread unfinished. Whether one needs to scan Dell's PC Restore partition is a separate question.Thanks to all who helped.

Here's my hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 3:55:13 PM, on 1/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exec:\program files\mcafee.com\vso\mcvsshld.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\WINDOWS\system32\svchost.exec:\program files\mcafee.com\agent\mcagent.exeC:\Program Files\Pure

Sometimes having your AV active while scanning with another security program can cause conflicts as the realtime protection will kick in on each file that Ad-Aware touches to examine, so both Not sure what the heck happened the first time I tried it, but anyway, here are the results:Avenger log: Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser I can then have a solved thread at each site. Hijackthis Portable Click here Back to top Prev Page 3 of 3 1 2 3 Back to Virus, Trojan, Spyware, and Malware Removal Logs 3 user(s) are reading this topic 0 members, 3

Select the process and click Process > Suspend.Then open HijackThis, click Config > Misc Tools > Delete a file on reboot... Logfile of HijackThis v1.99.1Scan saved at 2:30:21 PM, on 2/9/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\ewido anti-malware\ewidoctrl.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\System32\hkcmd.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Please consider donating to help me continue with the fight against malware. have a peek at these guys If we have ever helped you in the past, please consider helping us.

Extract it from the zip file to your desktop - the program creates and names the new folder to house the files. Have I helped you? I was surprised it was there instaid of the Security forum: http://forums.techguy.org/t157045.html Really good advice and many problems can be eliminated right from the start if folks followed that and some No objects found.

I'm wildly speculating since I'm past logic.Best,M Back to top #8 LS CalamityJane LS CalamityJane Former Lavasoft Staff Members 8814 posts Posted 29 January 2007 - 08:22 PM Disabled PUPs in This log file will be located at C:\avenger.txt The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. We need more HJT log analysers. 2.The current batch of LEARNER ANALYSERS require a structured form of guidance both in analysis path & the whereabouts of the TOOLS & INFORMATION is

CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). I have some adware called 'The Best Offers', that I haven't been able to get rid of, which gives me quite a few popups. I tried to run SpySweeper, and I let it work at a creeping pace for about 18 hours, then it just froze and stopped altogether. Please confirm that you haven't rebooted since posting the log above.

Click here Back to top #23 Daemon Daemon Security Expert Members 1,446 posts OFFLINE Gender:Male Location:UK Local time:11:05 PM Posted 03 March 2006 - 03:27 AM As this problem has But thats not what I want. My computer is still running fine, I just wanted to post those results and see if there were any other bad entries in the HJT log. If you are not this user, running this script could damage your systemRegistry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40623E66-6632-B92E-52FA-C47B8259279F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42847572-2F73-FD6E-F55E-7DA6BCB9A99D} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D5086FD-B70A-A21D-970A-511772E1A75C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AEC0D087-CA0B-D7B9-0EE4-BFCC513BFC71} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93674FC-5119-8EBA-A174-F9BA8737F9AD}

I did find info that might be useful to others about the partition and utility at http://www.goodells.net/dellrestore/.Following the freeze on F:\, I reran a scan on C:\ only and it went it doesn't appear to have changed. It is important that you haven't rebooted since you posted the above. A pop up or a "Before you post" checklist would be great...

We'll clean you up manually and take it from there. Back to top #38 Daemon Daemon Security Expert Members 1,446 posts OFFLINE Gender:Male Location:UK Local time:11:05 PM Posted 09 June 2006 - 07:16 PM You're welcome - glad to help Joined: Jul 1, 2004 Messages: 175 I have become addicted to this site since my first experience.