Home > Hijackthis Log > Hijackthis Log File Help + Error Codes On XP

Hijackthis Log File Help + Error Codes On XP

I actually already have Malwarebytes installed on the infected notebook but since the onset on Antispyware XP, I am unable to update Malwarebytes. Install Manager Yahoo! Please refer to our Privacy Policy or Contact Us for more details You seem to have CSS turned off. Run the scan, enable your A/V and reconnect to the internet. his comment is here

Please try again. Please don't fill out this field. Error Code 0x8009001a. Click here to join today!

Posted 02/01/2014 the_greenknight 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 HiJackThis is very good at what it does - providing a log of Experts who know what to look for can then help you analyze the log data and advise you on which items to remove and which ones to leave alone. Invalid email address.

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Several trojan hijackers use a homemade service in adittion to other startups to reinstall themselves. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:10, on 12/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site.

Items listed at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad are loaded by Explorer when Windows starts. Any help you can provide would be greatly appreciated.GMER 1.0.15.15011 [p2fr6pgw.exe] - http://www.gmer.netRootkit scan 2009-08-02 14:11:30Windows 5.1.2600 Service Pack 3---- System - GMER 1.0.15 ----Code 86AE110E ZwEnumerateKeyCode 86AE6D96 ZwFlushInstructionCacheCode 86AE04ED IofCallDriverCode Spyware removal software such as Adaware or Spybot S&D do a good job of detecting and removing most spyware programs, but some spyware and browser hijackers are too insidious for even Click here to Register a free account now!

However, since only Coolwebsearch does this, it's better to use CWShredder to fix it.O20 - AppInit_DLLs Registry value autorunWhat it looks like: O20 - AppInit_DLLs: msconfd.dll What to do:This Registry value In the BHO List, 'X' means spyware and 'L' means safe.O3 - IE toolbarsWhat it looks like: O3 - Toolbar: &Yahoo! The list should be the same as the one you see in the Msconfig utility of Windows XP. Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If

Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htmO8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htmWhat to do:If you don't recognize the name of the why not try these out Please re-enable javascript to access full functionality. TechSpot Account Sign up for free, it takes 30 seconds. Ran HijackThis, but don't know which items to fix.

It is almost guaranteed that some of the items in your HijackThis logs will be legitimate software and removing those items may adversely impact your system or render it completely inoperable. http://pcialliance.org/hijackthis-log/hijackthis-exe-itself-is-not-opening-cant-able-to-get-the-hijackthis-log-file.html In fact, quite the opposite. Please don't fill out this field. Isn't enough the bloody civil war we're going through?

or fix the 04 Gobal Startups line that I have included below.. Since most networks now have standardized on using the TCP/IP protocol, this shouldn't be a problem if its removed. MY DDS LOG: . weblink HiJackThis Web Site Features Lists the contents of key areas of the Registry and hard driveGenerate reports and presents them in an organized fashionDoes not target specific programs and URLsDetects only

Sonic Update Manager Sound Blaster Audigy 2 ZS SoundMAX TurboTax Deluxe 2005 TurboTax ItsDeductible 2005 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office Outlook 2007 (KB969907) Update for Size of the spool file in bytes: 65536. Network operations on this system may be disrupted as a result. 07/11/2011 10:11:27 AM, error: Print [6161] - The document Microsoft Word - Document2 owned by Owner failed to print on

This is why it doesn't show up in EVERY hijackthis log file.

Its usually installed for the IPX/SPX protocol that is rarely used anymore. So you can always have HijackThis fix this.O12 - IE pluginsWhat it looks like: O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllWhat to do:Most Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Guidelines Staff Online Users Members More Activity All Activity My Activity Streams Unread Content Content I Started Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Kaspersky Anti-Virus NDIS Miniport Device ID: ROOT\KL_KLIM5MP\0004 Manufacturer: Kaspersky Lab Name: 1394 Net Adapter - Kaspersky Anti-Virus NDIS Miniport PNP Device ID: ROOT\KL_KLIM5MP\0004 Service: klim5 . ====

Please don't fill out this field. When you have done that, delete the copy of hijackthis that you have on your desktop.When you have done this, run hijackthis again and with all other browsers and windows closed Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Stay with the topic until I tell you that your system check over here A Hijackthis log will show NWPROVAU.DLL in this way O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll In the Windows registry, the nwprovau.dll file will show up in the following registry

I can only access my xp in safe mode under Julie(which I am administrator)..I had x-bf who helped reistall who seems unavailable to with that amin. They may otherwise interfere with our tools. There is still one when the computer starts though:Runner ErrorCould not load the target dll ("C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\BackWeb.dll", error code 126)Here's the HijackThis log:Logfile of HijackThis v1.98.0Scan saved at 1:39:04 PM, Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...