Home > Hijackthis Log > Help Deciphering Hijackthis Log

Help Deciphering Hijackthis Log


Back to top #7 dgosling dgosling SuperMember Authentic Member 2,499 posts Posted 03 August 2004 - 01:45 PM another question: Which version of Norton do you have? I will be on vacation beginning Thursday, therefore, I will only have access to the internet until tomorrow, so I'm hoping we can resolve this. Use the Windows Task Manager (TASKMGR.EXE) to close the process prior to fixing. Edit the shell= line so that it looks like this: shell=progman.exe 5. have a peek at these guys

REBOOT to finish removing what it has found and clear memory. 9. Thanks in advance. thank you L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\guard.tmp" Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{C3B2B2AF-E11C-4EC5-A9AC-6189992758D8} GigexAgent-SpeedDelivery Object recognized! try this

Hijackthis Log Analyzer

Reference file loaded: Reference Number : 01R334 24.07.2004 Internal build : 268 File location : C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\reflist.ref Total size : 1316091 Bytes Signature data size : 1295051 Bytes Reference data Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : TypeLib\{AA66EECD-028D-4B11-8A9E-6287235644B0} istbar Object recognized! In his role managing the content for a site that has over 600,000 page views per month and a weekly newsletter with 25,000 subscribers, Tony has learned how to talk to See Online Analysis Of Suspicious Files for further discussion.Signature AnalysisBefore online component analysis, we would commonly use online databases to identify the bad stuff.

You may have to use several posts as it is may be too long to fit in one Just keep posting making sure that you don't miss anything and try not Other things that show up are either not confirmed safe yet, or are hijacked (i.e. Only OnFlow adds a plugin here that you don't want (.ofb).O13 - IE DefaultPrefix hijackWhat it looks like: O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?O13 - WWW. F2 - Reg:system.ini: Userinit= Javascript You have disabled Javascript in your browser.

Always fix this item, or have CWShredder repair it automatically.O2 - Browser Helper ObjectsWhat it looks like:O2 - BHO: Yahoo! Type : RegValue Data : Category : Malware Comment : "398349873" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Welcome Value : 398349873 Registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New objects : 84 Objects found Remove your Windows Me Startup disk, and then restart your computer. This Site Type : RegValue Data : c:\windows\downloaded program files\gigexagent.dll Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINDOWS\Downloaded Program Files\gigexagent.dll Redhotnetworks Object recognized!

Rescan with HijackThis and post a new log here.Click here to download FindQoologic-Narrator.Save it to your Desktop then extract the files from the zip into their own folder called FindQoologic. Lspfix site. Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{0982868C-47F0-4EFB-A664-C7B0B1015808} ClientMan Object recognized! To download the current version of HijackThis, you can visit the official site at Trend Micro.Here is an overview of the HijackThis log entries which you can use to jump to

Hijackthis Download

Spyware removal software such as Adaware or Spybot S&D do a good job of detecting and removing most spyware programs, but some spyware and browser hijackers are too insidious for even http://pressf1.pcworld.co.nz/archive/index.php/t-124261.html?s=eb1ca81e6cc4d6f6aa8aecf7e94f97ab Fortunately, I am accessing the computer from work right now and am really hoping you will post before I go home. Hijackthis Log Analyzer I've managed to "show" the icons that were hidden but not sure if all is OK. Hijackthis Windows 10 Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : SOFTWARE\ClickSpring ClientMan Object recognized!

Type : File Data : ieservice.dll Category : Malware Comment : Object : c:\windows\all users\application data\ieservice\ FileSize : 111 KB Copyright : : Created on : 7/9/2004 1:04:43 AM Last accessed More about the author At the command prompt, type edit c:\windows\system.ini, and then press ENTER. 4. When in doubt, copy the entire path and module name (highlight and Ctrl-C, don't type by hand), and research the copied entry in one or more of the Startup Items Lists Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware window. 4. Trend Micro Hijackthis

Please try again. When your computer restarts, Program Manager should start. Treat with care.O23 - NT ServicesWhat it looks like: O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exeWhat to do:This is the listing of non-Microsoft services. check my blog You will need a boot disk which you can download from http://www.bootdisk.comhttp://support.micro...spx?kbid=279736To start the System Restore tool when you cannot start your Windows Me-based computer normally or in Safe mode, you

Please take a moment to look at my log and let me know if you find anything. Hijackthis Portable HijackThis uses a whitelist of several very common SSODL items, so whenever an item is displayed in the log it is unknown and possibly malicious. Type : RegValue Data : Category : Malware Comment : "msmc" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows\CurrentVersion\Run Value : msmc CoolWebSearch Object recognized!

Download 'Ad-Aware' from the link at the bottom of this post. 2.

Type : RegValue Data : Category : Malware Comment : "c0948273" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Welcome Value : c0948273 Win32.Backdoor.Jeem Object recognized! Close browser/s first I would uninstall Systemcare too. Should you see an URL you don't recognize as your homepage or search page, have HijackThis fix it.O1 - Hostsfile redirectionsWhat it looks like:O1 - Hosts: auto.search.msn.comO1 - Hosts: Mctadmin Thanks in adavance!

Mine is in C:\Program Files\Lavasoft\AdAware 6\logs. Click here Back to top #5 younglife younglife Topic Starter Members 11 posts OFFLINE Local time:12:07 AM Posted 04 September 2005 - 07:42 PM Hey... The service needs to be deleted from the Registry manually or with another tool. news CompanyName : Sony Corporation FileDescription : VAServ Application InternalName : VAServ OriginalFilename : VAServ.EXE ProductName : VAIO Action Setup Created on : 1/5/2001 8:46:43 PM Last accessed : 8/1/2004 7:00:00 AM