Home > Hjt Log > HJT Log - Persistent Ads

HJT Log - Persistent Ads

I haven't seen this in my HJT before: O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u THanks again Logfile of HijackThis v1.99.0 Scan saved at 10:54:48 AM, on 2/12/2005 Platform: Windows XP In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Back to top #10 ddeerrff ddeerrff Retired Malware Response Team 2,707 posts OFFLINE Gender:Male Location:Upper Midwest, US Local time:05:54 PM Posted 10 July 2005 - 11:42 AM Open Hijackthis:- Click Location: : S-1-5-21-1004336348-1202660629-452595299-1000\software\nico mak computing\winzip\filemenu Description : winzip recently used archives MRU List Object Recognized! have a peek at these guys

Information concerning wuauclt.exe being only for ME is out of date; a file of that name is now also a component of AutoUpdate features in XP. Derfram ~~~~~~ Back to top #9 water water Topic Starter Members 22 posts OFFLINE Local time:06:54 PM Posted 10 July 2005 - 12:40 AM The Microsoft Malicious Remover scan showed You'll see a list of programs.- Click on Save List...The file "uninstall_list.txt" will be created. Click OK. - Windows Vista and 7: 1.

You will see a list of infected items there. This site is completely free -- paid for by advertisers and donations. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0906361-1733-11df-b635-002186bd6aa0}\ not found.

Location: : S-1-5-21-1004336348-1202660629-452595299-1000\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Just paste your complete logfile into the textbox at the bottom of this page. Logfile of HijackThis v1.99.1 Scan saved at 08:43:41, on 18/06/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe I am about to load it so I can get caught up with that.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22fe9e84-2c7a-11df-abe5-002186bd6aa0}\ not found. Reboot into safe mode, locate sprestrst.exe, right-click on it, and choose "Properties" from the pop-up menu. You may need to reboot, possible even into Safe Mode, to perform the deletion. 0 Discussion Starter daosue 11 Years Ago Thanks for all the help, I think I am pretty I am not sure whether it is helpful but here is the Ad Aware scan result.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Read through the requirements and privacy statement and click on Accept button. 3. Location: : S-1-5-21-1004336348-1202660629-452595299-1000\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Short URL to this thread: https://techguy.org/247033 Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?

I have provided instructions on how to run scan with Ad-aware SE and Spybot S&D in this post. 1) Download, install, update and run a scan with Spybot S&D: Download and BlackICE CompanyName : Internet Security Systems, Inc. Advertisement mbones Thread Starter Joined: Jun 18, 2005 Messages: 2 Good day all, I've followed your advise in other topics and think I've cleaned most problems up. Click "Turn System Restore Off" on the popup window to do this. 8.

All rights reserved. Copy and paste the contents of this file to your next reply. You guys are awesome. :) Logfile of HijackThis v1.99.0 Scan saved at 12:13:57 AM, on 2/8/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe Location: : S-1-5-21-1004336348-1202660629-452595299-1000\software\microsoft\office\9.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized!

Post the log it produces in your next reply. I was browsing around my Windows/System 32 folder and saw sprestrst.exe with an icon like the auto update shield symbol... I just tried the Stinger scan again and it showed the machine is clean. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Login

When scanning by ET Remover, a message saying "C:\WINNT\system32\command.com C:\WINNT\system32\AUTOEXEC.NT The system is not suitable for running MS-DOS and Microsoft Window Applications. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8af265a-0704-11df-b405-002186bd6aa0}\ not found. Finally, the booting time is very long.

Window 2000 Hot Fix).

New critical objects:0 Objects found so far: 46 Performing conditional scans... 遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙 Conditional scan result: 遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙 New critical objects: 0 Objects found so far: 46 下午 09:53:44 Scan Complete Summary Of File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. LegalTrademarks : BlackICE, Internet Security Systems, Inc. C:\Users\Devinder Johal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NCCZPJVX\videoplayback[4] moved successfully.

C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. OriginalFilename : lsass.exe#:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 2-7-2007 12:33:42 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System Click here to join today! Tech Support Guy is completely free -- paid for by advertisers and donations.

Registry entries deleted on Reboot... Is there anything that blocks all of that stuff or do I just have to live with constantly cleaning them off my computer? Edited by ddeerrff, 08 July 2005 - 03:29 PM. Join over 733,556 other people just like you!

R3 - Default URLSearchHook is missing O4 - HKCU\..\Run: [dispex] C:\WINNT\System32\dispex.exe O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe Reboot into safe mode following the instructions here and navigate to and delete the Also, I still have a question about whether I should delete wuauclt.exe since I do not have windows ME and I saw a thread that says that I should not have Jul 19, 2010 #15 davidj23 TS Rookie Topic Starter Posts: 59 Okay all done - I ran the fix but forgot to save the log before the reboot lol - The HijackThis.de Security HijackThis log file analysis HijackThis opens you a possibility to find and fix nasty entries on your computer easier.Therefore it will scan special

Are you looking for the solution to your computer problem? In terms of the system restore, crunchie meant that you should make a new Restore Point, not go back to a previous Restore Point. All rights reserved. Logfile of HijackThis v1.99.1Scan saved at 上午 12:16:33, on 2005/7/8Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Network ICE\BlackICE\blackd.exeC:\Program Files\Ewido\security suite\ewidoctrl.exeC:\Program Files\Ewido\security suite\ewidoguard.exeC:\Program Files\Norton

Please re-enable javascript to access full functionality. However, during the initial phase of the re-start, an error message came out saying that C:\WINNT\System32\Isass.exe terminated unexpectedly with status code 128. Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{28caeff3-0f18-4036-b504-51d73bd81abc} Elitum.ElitebarBHO Object Recognized! OriginalFilename : nvsvc32.exe#:19 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1652 ThreadCreationTime : 2-7-2007 12:33:48 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System

Type : RegData Data : "http://searchmiracle.com/sp.php" Category : Data Miner Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : .DEFAULT\Software\Microsoft\Internet Explorer\Main Value : Search Page Data : "http://searchmiracle.com/sp.php" Possible