Home > Hjt Log > Hjt Log Here.please Help Me Finish This

Hjt Log Here.please Help Me Finish This

There is no reason why you should not understand what it is you are fixing when people examine your logs and tell you what to do. Facebook Google+ Twitter YouTube Subscribe to TechSpot RSS Get our weekly newsletter Search TechSpot Trending Hardware The Web Culture Mobile Gaming Apple Microsoft Google Reviews Graphics Laptops Smartphones CPUs Storage Cases New.net Application or New.net Domains If neither is listed, download and run this tool. Please follow these steps to remove the HSA from your computer.

The problem arises if a malware changes the default zone type of a particular protocol. Combofix log.2. Done! 0 Buckeye_Sam Columbus, Ohio Apr 2005 edited Apr 2005 If you are still having problems, please post a new hijackthis log. 0 OptionsEdit jimmymo5 Apr 2005 edited Apr 2005 Ok, Post a fresh HJT log and let us know how your system is running.

It will find a new reference-file. If what you see seems confusing and daunting to you, then click on the Save Log button, designated by the red arrow, and save the log to your computer somewhere you ComboFix may reboot your machine. Example Listing F1 - win.ini: load=bad.pif F1 - win.ini: run=evil.pif Files Used: c:\windows\win.ini Any programs listed after the run= or load= will load when Windows starts.

Someone please take a look at my logs and help me out if possible! Once you restore an item that is listed in this screen, upon scanning again with HijackThis, the entries will show up again. CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). If you had any problems with the steps outlined above, please let us know what they were.

If this occurs, reboot into safe mode and delete it then. RunOnceEx key: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx The Policies\Explorer\Run keys are used by network administrator's to set a group policy settings that has a program automatically launch when a user, or all users, logs O20 Section AppInit_DLLs This section corresponds to files being loaded through the AppInit_DLLs Registry value and the Winlogon Notify Subkeys The AppInit_DLLs registry value contains a list of dlls that will O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - This entry corresponds to a program started by the All Users Startup Folder located at C:\Documents and Settings\All

When a user, or all users, logs on to the computer each of the values under the Run key is executed and the corresponding programs are launched. Do NOT take any action on any "<--- ROOKIT" entries Please copy and paste the report into your Post.To post in your next reply:1. If you ever see any domains or IP addresses listed here you should generally remove it unless it is a recognizable URL such as one your company uses. Whenever I double click the install for Mbam, the hourglass appears for a moment, disappears and then nothing follows.

C:\System Volume Information\_restore{988E9517-1A95-4954-92A0-C7EEB4403369}\RP6\A0001091.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully. And also see TonyKlein's good advice So how did I get infected in the first place? Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computerGoogle Toolbar <= Get the free google toolbar to help stop pop Jan 25, 2007 #4 howard_hopkinso TS Rookie Posts: 24,177 +19 Your computer has a Lop infection.

Then ........ If you add an IP address to a security zone, Windows will create a subkey starting with Ranges1 and designate that subkey as the one that will contain all IP addresses HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Protect (Rootkit.Agent) -> Quarantined and deleted successfully. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" .

If you feel they are not, you can have them fixed. By deleting most ActiveX objects from your computer, you will not have a problem as you can download them again. When you find it, double-click on it. Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ Example Listing O13 - WWW.

There were some programs that acted as valid shell replacements, but they are generally no longer used. Otherwise, if you downloaded the installer, navigate to the location where it was saved and double-click on the HiJackThis.msi file in order to start the installation of HijackThis. Make sure the following settings are made and on -------"ON=GREEN" From main window :Click "Start" then " Activate in-depth scan" then......

The R1/R0, 02, 04, and 023 lines that I indicated are bad.

Please run Hijack This, copy the log and post it here, using the New Reply feature, so I will be notified. Thanks again for all your help and thank you PCPITSTOP for your great site!!! Jan 26, 2007 #6 neowing TS Booster Topic Starter Posts: 288 I followed instruction and I attached files. --------------------- View attachment 13016 View attachment 13017 Jan 26, 2007 #7 howard_hopkinso If the configuration setting Make backups before fixing items is checked, HijackThis will make a backup of any entries that you fix in a directory called backups that resides in the

The contents of the ComboFix Package has been compromised. Instructions on how to do this can be found here: How to see hidden files in Windows Run Hijackthis again, click scan, and Put a checkmark next to each of these. Here is my log from tonight Logfile of HijackThis v1.97.7 Scan saved at 12:48:17 AM, on 5/16/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\system32\drivers\protect.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

It is NOT SAFE to continue! Now click "Apply to all folders" Click "Apply" then "OK" Step 6 Next, go to Start->Run and type "Services.msc" (without quotes) then hit Ok Scroll down and find the service called brandon BCS, May 16, 2004 #14 Flrman1 Joined: Jul 26, 2002 Messages: 46,329 You're Welcome! It is possible to disable the seeing of a control in the Control Panel by adding an entry into the file called control.ini which is stored, for Windows XP at least,

Please post back in the next day or so and let us know if everything is still OK. Click on the View tab and make sure that "Show hidden files and folders" is checked. I can't believe it is finally gone. click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Press Yes or No depending on your choice. Please don`t post your own virus/spyware problems in this thread.