Home > Hijackthis Log > HiJackThis Log File- Need Help Removing Unnecessary Stuff!

HiJackThis Log File- Need Help Removing Unnecessary Stuff!

With this manager you can view your hosts file and delete lines in the file or toggle lines on or off. If a user is not logged on at the time of the scan, their user key will not be loaded, and therefore HijackThis will not list their autoruns. Unless it is there for a specific known reason, like the administrator set that policy or Spybot - S&D put the restriction in place, you can have HijackThis fix it. ThanksRob.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:26:36, on 21/04/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exeC:\Program his comment is here

cedricrDec 22, 2011, 6:55 AM nikorr said: Can u run Belarc and post the log info? Check the boxes next to all the entries listed below.   R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm O2 - BHO: (no name) - {E7F17045-08CB-E5BB-F847-78E4FB49F39F} Instead, you must delete these manually afterwards, usually by having the user first reboot into safe mode. I did run the windows updates and one them was indeed the Malicious Removal Tool.The version of Ad-ware is the free version not the paid version. https://forums.techguy.org/threads/hijackthis-log-file-need-help-removing-unnecessary-stuff.740363/page-2

Back to top #4 TheShooter93 TheShooter93 Cody Malware Response Team 4,790 posts OFFLINE Gender:Male Location:Orlando, Florida Local time:06:57 PM Posted 01 August 2013 - 10:02 AM Hello alihassan, It's Registry Keys: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Example Listing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavShExt.dll There is an excellent list of known CSLIDs associated with Browser Helper Objects Sorry, there was a problem flagging this post. I personally recommend Zone Alarm as my firewall of choice.   The following is a list of tools and utilities that I like to suggest to people.

How to restore items mistakenly deleted HijackThis comes with a backup and restore procedure in the event that you erroneously remove an entry that is actually legitimate. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.Please go here then click on: Select the option YES, I accept the HijackThis will delete the shortcuts found in these entries, but not the file they are pointing to. Spyware and Hijackers can use LSPs to see all traffic being transported over your Internet connection.

When you fix these types of entries, HijackThis will not delete the offending file listed. JackNaylorPEDec 21, 2011, 2:23 PM google is your friendcan identify all your processes at liutilitieshttp://www.liutilities.com/windows-process/ctfmon-exe/ cedricrDec 22, 2011, 4:28 AM hello all,first of all i want to thank all of you You should use extreme caution when deleting these objects if it is removed without properly fixing the gap in the chain, you can have loss of Internet access. dig this While you are waiting, might I suggest that you uninstall Limewire, it's a great source for viruses and malware, not to mention, mainly used to illegally download copyrighted materials.

It is also possible to list other programs that will launch as Windows loads in the same Shell = line, such as Shell=explorer.exe badprogram.exe. When you fix these types of entries with HijackThis, HijackThis will attempt to the delete the offending file listed. When consulting the list, using the CLSID which is the number between the curly brackets in the listing. Spybot can generally fix these but make sure you get the latest version as the older ones had problems.

Spyware Terminator (ST) includes real-time protection and it has ClamAV but ST is not advertised nor considered as anti-virus program. http://www.spywareinfoforum.com/topic/74685-hijackthis-logfile/ O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - This entry corresponds to a program started by the All Users Startup Folder located at C:\Documents and Settings\All http://www.belarc.com/free_download.htmlEverything will be listed and maybe we can speed things up. When you fix these types of entries, HijackThis will not delete the offending file listed.

Some Registry Keys: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page HKCU\Software\Microsoft\Internet Explorer\Main: Start Page HKLM\Software\Microsoft\Internet Explorer\Main: Default_Page_URL HKCU\Software\Microsoft\Internet Explorer\Main: Default_Page_URL HKLM\Software\Microsoft\Internet Explorer\Main: Search Page HKCU\Software\Microsoft\Internet Explorer\Main: Search Page HKCU\Software\Microsoft\Internet http://pcialliance.org/hijackthis-log/hijackthis-log-need-help-removing-viruses.html Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions registry key. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\Updates4\iTouch\iTouch.exe O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [nwiz] nwiz.exe O15 Section This section corresponds to sites or IP addresses in the Internet Explorer Trusted Zone and Protocol Defaults.

If you still require help, could you post a new hijackthis log for review? Below is a list of these section names and their explanations. Smartphone and mobile technology are rapidly taking over the spot that PCs have filled for a long time. http://pcialliance.org/hijackthis-log/hijackthis-log-and-stuff.html Figure 7.

nikorrDec 21, 2011, 1:38 PM Also post link to the PC, so we can see the HW stuff and how much RAM do u have? The standalone application allows you to save and run HijackThis.exe from any folder you wish, while the installer will install HijackThis in a specific location and create desktop shortcuts to that C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program

When you enter such an address, the browser will attempt to figure out the correct protocol on its own, and if it fails to do so, will use the UrlSearchHook listed

Ce tutoriel est aussi traduit en français ici. Starting Screen of Hijack This You should first click on the Config button, which is designated by the blue arrow in Figure 2, and confirm that your settings match those These objects are stored in C:\windows\Downloaded Program Files. This line will make both programs start when Windows loads.

Example Listing O1 - Hosts: www.google.com Files Used: The hosts file is a text file that can be edited by any text editor and is stored by default in the This tutorial is also available in German. Those numbers in the beginning are the user's SID, or security identifier, and is a number that is unique to each user on your computer. check over here Preview post Submit post Cancel post You are reporting the following post: Spybot and Windows security Center alerts This post has been flagged and will be reviewed by our staff.