Home > Please Help > Please Help Me And Look At My Highjackthis Log

Please Help Me And Look At My Highjackthis Log

Thanks! Mark it as an accepted solution!I am not a Comcast employee. Download AnVir Task Manager [/url]. Put your HijackThis.exe there, and double click to run it.

Friday, January 29, 2010 4:17 PM Reply | Quote 0 Sign in to vote I am having problems finding these things. Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLLO2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLLO2 - BHO: Starware - my advice would be to boot into safe mode with networking, then download and run at least two of these tools, letting them clean anything they find. They even have a Gator converter to convert all your Gator data to Roboform. https://www.bleepingcomputer.com/forums/t/14000/can-you-please-help-me-with-my-hijackthis-log/

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.htmlO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} I think I now know where I went wrong before it was my fault as I suspected I deleted the wrong files when I went into safe mode -- this time I also cannot find these entries in the registry usingregedit from the run box. I also cannot find these entries in the registry usingregedit from the run box.

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.htmlO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Could you maybe copy and paste the entries from my HijackThis logthat I should delete?Maybe that way I could find them easier. However I don't see anything in your log..

curlylad 22:17 06 May 05 Firstly I am now back up and running and no problems so far. Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\MSN Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\MSN Messenger\MSMSGS.EXEO14 - IERESET.INF: Of course you would do that before removing GatorO4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXEO4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exeO9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htmO9 - https://www.cnet.com/forums/discussions/please-help-me-to-analyse-my-hijackthis-log-337994/ Uninstall NewDotNet (New.Net) from Add/Remove ProgramsIf there is no uninstall program listed then do the following:Go to http://www.newdotnet.com/removal.html ; scroll down to Procedure 4 and follow the removal instructions.If you can

p;3 22:10 05 May 05 can u remember what you did to get it originally "uninfected"?and am following :)what can u run on it? If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.Would you like to participate? Sorry for the offtopic. I have posted my new log could you please have a look at it to see what I have done wrong and advise me how I can put back my original

then see what it look's like after curlylad 23:50 05 May 05 OK , I started to follow your link then it all went pair shaped as it said the Thanks again! 0 Kudos All Forum Topics Previous Topic Next Topic Popular Help Articles Set up your remote control Use this tool to find the codes of your devices and to So when all was said and done I did system recovery to when this thing was brand new, luckily I did NOT lose ONE file. You could also Run SFC /SCANNOW with XP cd in comp.

You said in your first post that you had already ran malwarebytes and possibly some other scanners, with malwarebytes finding over 125 items, most of those could have very well been Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\MSN Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\MSN Messenger\MSMSGS.EXEO9 - Extra Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLLO3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\PROGRAM FILES\STARWARE\BIN\STARWARE.DLLO3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\PROGRAM FILES\CLEANMYPC POPUP BLOCKER\CLEANBAR.DLLO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

Privacy Policy Contact Us Back to Top Malwarebytes Community Software by Invision Power Services, Inc. × Existing user? Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 13171 bytes Discussion is locked Flag Permalink You are posting a reply to: Please help me to analyse my hijackthis log The posting of Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.htmlO8 - Extra context menu item: RoboForm Always make sure you run HijackThis from the permanent folder.

Sorry, there was a problem flagging this post. Mark it as an accepted solution!I am not a Comcast employee.Was your question answered?Mark it as a solution! 0 Kudos Posted by CajunTek ‎07-03-2005 08:18 PM Security Expert View All Member Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Software Updater (gusvc) -

Register now!

Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200UB\WATCH.exeO4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXEO4 - Startup: Microsoft Find Fast.lnk Nothing is listed in there that match any of the entries you are saying to delete.Maybe I am not looking the right way or in the right spot?? This type of software, known as a Layered Service Provider or LSP, typically handles low-level Internet-related tasks, and data is passed through a chain of these programs on its way to Microsoft Customer Support Microsoft Community Forums TechCenter   Sign in United States (English) Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Indonesia (Bahasa)Italia (Italiano)România (Română)Türkiye (Türkçe)Россия (Русский)ישראל (עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣

Updater (YahooAUService) - Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200UB\WATCH.exeO4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Classic 2.0\Ereg\REMIND32.EXEO4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Startup: Office Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. I had to use my tab key or arrow keys.

You said in your first post that you had already ran malwarebytes and possibly some other scanners, with malwarebytes finding over 125 items, most of those could have very well been Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\MSN Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\MSN Messenger\MSMSGS.EXEO9 - Extra Please try again now or at a later time. Several functions may not work.

All rights reserved.Newsletter|Contact Us|Privacy Statement|Terms of Use|Trademarks|Site Feedback But I am not sure if I have virus's or anything nasty on my pc - if someone could be so kind as to inform me what my log means that Once in Device Manager, click "View" in the upper left, select "show hidden devices/drivers".3. To create a permanent folder: Click My Computer, then C:\ In the menu bar, File->New->Folder.

Back to top #3 lady_leila lady_leila Topic Starter Members 7 posts OFFLINE Local time:02:40 AM Posted 22 March 2005 - 04:15 AM Thank you so much, I really do appreciate Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started I physically deleted SecurityTool from both my start menu and desktop previouslybut could locate them using the run box today. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes

by Grif Thomas Forum moderator / April 6, 2009 1:38 PM PDT In reply to: Please help me to analyse my hijackthis log In order to get your Hijackthis log interpreted, Are you having problems? So VoG , Nellie2 if you're out there I could do with some help. I can't see any sign of malware.

Book your tickets now and visit Synology. For information on the program click here.We ask that you post publicly so people with similar questions may benefit from the conversation.Was your question answered? Mark it as an accepted solution!I am not a Comcast employee.Was your question answered?Mark it as a solution! 0 Kudos Posted by milosmomma ‎07-03-2005 08:28 PM Regular Contributor View All Member Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 -

I physically deleted SecurityTool from both my start menu and desktop previouslybut could locate them using the run box today.