Home > Hijack This > Hijack This Log --->turkey Needs Help

Hijack This Log --->turkey Needs Help

sorry for the delay ran into an emergency havent really had time. The Staff and members strike an excellent balance between fun and friendly, and professional. Is their anything that i shouldn't have deleted from the logs bellow? Support for help with software and hardware problems, even for Linux and Macintosh, as well as Windows.Languages: English InfoSpyware A Spanish computer forum dedicated exclusively to the elimination of malware. this contact form

The forums are staffed with freindly Moderators and Security Experts eager to help with nearly any computer issue.Languages: English Soft Hardware We specialize in Computer Hardware and Software Support, Programming, Internet You can always have HijackThis fix these, unless you knowingly put those lines in your Hosts file.The last item sometimes occurs on Windows 2000/XP with a Coolwebsearch infection. Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabWhat to do:If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. https://www.bleepingcomputer.com/forums/t/24413/help-with-this-hijack-this-log/

Should you see an URL you don't recognize as your homepage or search page, have HijackThis fix it.O1 - Hostsfile redirectionsWhat it looks like:O1 - Hosts: 216.177.73.139 auto.search.msn.comO1 - Hosts: 216.177.73.139 We are dedicated to helping you with your PC problems.Languages: English WilkonsonPC A support forum for Spanish-speaking users of South America and Central America.Languages: Spanish PCPitstop Forum A forum that offers It doesn't matter if you're British or Greek, Romanian or German, French or Spanish, you can get security help in your native language!Languages: English, any language PCTechBytes Free computer repair, spyware Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Jump

So looking at the first log you posted:»spyaxe attackI do see that he is running both Avast and Norton. O5 - IE Options not visible in Control PanelWhat it looks like: O5 - control.ini: inetcpl.cpl=noWhat to do:Unless you or your system administrator have knowingly hidden the icon from Control Panel, O15 - Unwanted sites in Trusted ZoneWhat it looks like: O15 - Trusted Zone: http://free.aol.comO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.msn.comWhat to do:Most of the time only AOL and or read our Welcome Guide to learn how to use this site.

As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged In HijackThis 1.99.1 or higher, the button 'Delete NT Service' in the Misc Tools section can be used for this. How to analyze hijackthis logs? http://www.hijackthis.de/ None of that advice applies to this case.Also, this file is the legitimate lsass.exeC:\WINDOWS\system32\lsass.exeLeave that file alone.............wayhighusa, let me post your other pertinent logs you posted in the other threads here,

Article Why keylogger software should be on your personal radar Article How to Block Spyware in 5 Easy Steps Article Wondering Why You to Have Login to Yahoo Mail Every Time Run LspFix.exe and click in the checkbox for I know what I'm doing. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Zazeen TV freezing on start.ca ISP [CanadianBroadband] by jackie999© DSLReports · Est.1999feedback · terms · Mobile mode

SmitRem got most everything.That last HijackThis log looks like it was run from safe mode. this page Treat with care.O23 - NT ServicesWhat it looks like: O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exeWhat to do:This is the listing of non-Microsoft services. It also has sections on Downloads, Tutorials, and IT News.Languages: English AntiSpywareOffensief.nl Part of Nucia, AntiSpywareOffensief is originally a Dutch forum. The support forums also are home to many experienced Windows, Linux/Unix, and Mac users, who are very smart and helpful.

normally I would just wipe my machine out and start fresh . weblink Thanks again. # AdwCleaner v3.013 - Report created 24/11/2013 at 09:21:11 # Updated 24/11/2013 by Xplode # Operating System : Windows 7 Ultimate (64 bits) # Username The HijackThis web site also has a comprehensive listing of sites and forums that can help you out. Sign Up All Content All Content Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Search More Malwarebytes.com Malwarebytes

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL What to do:If you don't Yet,lol. navigate here Pacman's Startup List can help with identifying an item.N1, N2, N3, N4 - Netscape/Mozilla Start & Search pageWhat it looks like:N1 - Netscape 4: user_pref "browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)N2 - Netscape

or read our Welcome Guide to learn how to use this site. Trendmicro site wouldnt load.Here's the HJT, 5hrs so far, no luck getting rid of this W32.sinnaka-whatever thing.Next:Logfile of HijackThis v1.99.1Scan saved at 5:08:16 PM, on 1/8/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Using the site is easy and fun.

Please note that many features won't work unless you enable it.

Rather, HijackThis looks for the tricks and methods used by malware to infect your system and redirect your browser.Not everything that shows up in the HijackThis logs is bad stuff and In the Toolbar List, 'X' means spyware and 'L' means safe. Languages: English PCHelp Forum A new support site for all PC related problems. ComboFix 13-12-01.01 - XXXXX12/02/2013 21:56:06.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6134.4166 [GMT -5:00] Running from: c:\users\XXXXX\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP:

Modems' have short term memory [CharterSpectrum] by ssgcallen300. For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe To download the current version of HijackThis, you can visit the official site at Trend Micro.Here is an overview of the HijackThis log entries which you can use to jump to http://pcialliance.org/hijack-this/hijack-this-log-can-someone-have-a-look-please.html That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page So far only CWS.Smartfinder uses it. Further, and more significantly, Subratam will keep up to date on how to fix and neutralize these problems. ForumsJoin Search similar:Cant find the root problemTower infectedMicrosoft security essentials problemAdwCleaner - campaign to keep infected from installing?[Virus] 100% cpu usage when browsing[Virus] Need help on how to remove the Skynet

All Rights Reserved Tom's Hardware Guide ™ Ad choices Jump to content Existing user? Guided by a friendly staff, Capp-Ware Support forums is an informative place to hang-out and get the help you needLanguages: English PCMasters A german hardware and software community, that give some Upgrade to Windows 8.1 [Microsoft] by waterline312. Unlike typical anti-spyware software, HijackThis does not use signatures or target any specific programs or URL's to detect and block.

Is their anything that you see that was the cause the the slowness and redirects? c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. Thankfully, there are numerous support forums out there that will take the time to go over your log with you. Here's the Answer Article Wireshark Network Protocol Analyzer Article What Are the Differences Between Adware and Spyware?

Even for an advanced computer user. Error code: 2S136/C Contact Us Existing user? Get free and expert help from this Microsoft approved related community website.Languages: English CyberTechHelp Cyber Tech Help has a busy forum where anyone can ask a question and have it answered While we are a computer and tech support site we also have an open chat and comedy club for more relaxed and laid back discussion.Languages: English GeeksToGo GeeksToGo is the fastest-growing

Saga LoutAug 23, 2010, 2:55 AM The_Prophecy said: The following entries look suspicious to me:O2 - BHO: Nate Search Class - {FFDE727F-3330-45EB-B9F9-C1668E6E08B2} - C:\Program Files\Nate\AddressSearch\sch.dllO4 - HKLM\..\Run: [ntasvr] "C:\Program Files\Nate\AddressSearch\ntasvr.exe"O4 - solved IP log HELP!!!