Home > Hijackthis Log > 2 Things In Add/remove + Hijackthis Log Help Please

2 Things In Add/remove + Hijackthis Log Help Please

Contents

ThanksRob.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:26:36, on 21/04/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exeC:\Program It has 180 in it, so I suppose it has to do with 180Search. Example Listings: F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe F2 - REG:system.ini: Shell=explorer.exe beta.exe Registry Keys: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell The Shell registry value is equivalent to the function of The same goes for the 'SearchList' entries. click site

Thanks Rebecca dbrisendine Guru Norton Fighter25 Reg: 06-Oct-2008 Posts: 5,302 Solutions: 76 Kudos: 1,435 Kudos0 Re: Please help. Startup Registry Keys: O4 entries that utilize registry keys will start with the abbreviated registry key in the entry listing. O3 Section This section corresponds to Internet Explorer toolbars. If you want to see normal sizes of the screen shots you can click on them.

Hijackthis Log File Analyzer

Logged Microsoft MVP - Consumer Security - 2006 to 2008[/b] Prince Serendip ASAP Members Jr. At the end of the document we have included some basic ways to interpret the information in these log files. msn is also not required. Posted: 03-Jul-2009 | 1:26PM • Permalink Hi.

Unlike the RunServices keys, when a program is launched from the RunServicesOnce key its entry will be removed from the Registry so it does not run again on subsequent logons. Its a program that I don't want so I'm just going to uninstall my printer.Do you have any tips on how to "tune" my laptop so it runs faster. In the BHO List, 'X' means spyware and 'L' means safe.O3 - IE toolbarsWhat it looks like: O3 - Toolbar: &Yahoo! Hijackthis Tutorial Below is a list of these section names and their explanations.

Posted: 02-Jul-2009 | 11:42AM • Permalink Could you please download, install, and update Malwarebytes.  Run a full scan and post the results here using the attachment link below the post button. Self Protection;c:\windows\system32\drivers\aswSP.sys [03/04/2008 14:34 114768]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/04/2008 14:34 20560]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/01/2010 21:37 135664].Contents of the 'Scheduled Tasks' folder2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 20:37]2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 Win10 x64; Proud graduate of GeeksToGo rebeccagornall Contributor4 Reg: 02-Jul-2009 Posts: 18 Solutions: 0 Kudos: 2 Kudos0 Re: Please help. https://www.lifewire.com/how-to-analyze-hijackthis-logs-2487503 Exit out, reboot.re: Offline files: It is not supported in XP Home Edition.

O15 - Unwanted sites in Trusted ZoneWhat it looks like: O15 - Trusted Zone: http://free.aol.comO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.msn.comWhat to do:Most of the time only AOL and Tfc Bleeping Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Let us know the results.   Yogesh delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos0 Re: Please help. There is one known site that does change these settings, and that is Lop.com which is discussed here.

Is Hijackthis Safe

You can always delete the new account, so don't worry about creating a new one. More about the author Prefix: http://ehttp.cc/? Hijackthis Log File Analyzer Please leave the CLSID , CFBFAE00-17A6-11D0-99CB-00C04FD64497, as it is the valid default one. Hijackthis Help Posted: 04-Jul-2009 | 1:23AM • Permalink DBRISENDINE - thanks, I have jujst done that, but nothings changed.

Domain hacks are when the Hijacker changes the DNS servers on your machine to point to their own server, where they can direct you to any site they want. get redirected here Click Start. When you enter such an address, the browser will attempt to figure out the correct protocol on its own, and if it fails to do so, will use the UrlSearchHook listed Try to open Add/Remove normally. Autoruns Bleeping Computer

All Activity Home Malware Removal Help Malware Removal for Windows Resolved Malware Removal Logs Help- HiJackThis Log Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Simple experiment: Go into the User Accounts and set a password for your account. So, if anything goes wrong you can restore it.Best regardsMore yet in a moment. navigate to this website Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If

Posted: 09-Jul-2009 | 4:11AM • Permalink Hello, I have done that. Adwcleaner Download Bleeping HijackThis introduced, in version 1.98.2, a method to have Windows delete the file as it boots up, before the file has the chance to load. Use google to see if the files are legitimate.

Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find.

delphinium Norton Fighter25 Reg: 21-Nov-2008 Posts: 9,821 Solutions: 187 Kudos: 3,007 Kudos0 Re: Please help. These entries are stored in the prefs.js files stored in different places under the C:\Documents and Settings\YourUserName\Application Data folder. If it is another entry, you should Google to do some research. Hijackthis Download I have posted another HijackThis Log too incase its of any use.

This continues on for each protocol and security zone setting combination. I cant open certain websites or use pay for things on the internet. All submitted content is subject to our Terms of Use. my review here Flag Permalink This was helpful (0) Collapse - That file is a registry merge file by Slikkster / February 19, 2009 4:34 AM PST In reply to: Msconfig won't open The

I cant open certain websites or use pay for things on the internet. Like the system.ini file, the win.ini file is typically only used in Windows ME and below. I cant open certain websites or use pay for things on the internet. Share this post Link to post Share on other sites Maniac    Forum Deity Experts 22,799 posts Location: Bulgaria, EU ID: 8   Posted October 27, 2010 Here you go:http://www.microsoft.com/windowsxp/using/s...mproveperf.mspxSome suggestions

Download it and replace your current one in the \windows\system32 folder. Many users understandably like to have a clean Add/Remove Programs list and have difficulty removing these errant entries. HijackThis will delete the shortcuts found in these entries, but not the file they are pointing to. There was something odd in your hijackthis log, now that I think about it.

You should have the user reboot into safe mode and manually delete the offending file. I cant open certain websites or use pay for things on the internet. The CLSID in the listing refer to registry entries that contain information about the Browser Helper Objects or Toolbars. Make sure Offline Files are NOT enabled/checked.