Home > Please Help > Please Help Analyse My HijackThis.log

Please Help Analyse My HijackThis.log

Legal Policies and Privacy Sign inCancel You have been logged out. Username or email: I've forgotten my password Forum Password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Community Forum Please enter a valid email address. Required *This form is an automated system. http://photoshoprockstars.com/please-help/please-help-with-nasty-trojan-how-do-i-get-hijackthis.html

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). In HijackThis 1.99.1 or higher, the button 'Delete NT Service' in the Misc Tools section can be used for this. For the 'NameServer' (DNS servers) entries, Google for the IP or IPs and it will be easy to see if they are good or bad.O18 - Extra protocols and protocol hijackersWhat Join thousands of tech enthusiasts and participate.

iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: avast! What was the problem with this solution? Aug 6, 2007 #3 (You must log in or sign up to reply here.) Show Ignored Content Topic Status: Not open for further replies. Using HijackThis is a lot like editing the Windows Registry yourself.

HijackThis.de Security HijackThis log file analysis HijackThis opens you a possibility to find and fix nasty entries on your computer easier.Therefore I've got a problem with my laptop, norton antivirus has a popup which detects a 'bloodhound.wp32.ep' virus. Rather, HijackThis looks for the tricks and methods used by malware to infect your system and redirect your browser.Not everything that shows up in the HijackThis logs is bad stuff and O5 - IE Options not visible in Control PanelWhat it looks like: O5 - control.ini: inetcpl.cpl=noWhat to do:Unless you or your system administrator have knowingly hidden the icon from Control Panel,

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Save ComboFix.exe to your DesktopFamiliarize yourself with ComboFix before running it:http://www.bleepingc...to-use-combofixDisable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) my company Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users.

About CNET Privacy Policy Ad Choice Terms of Use Mobile User Agreement Help Center Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Let it scan your system for files to remove. The HijackThis web site also has a comprehensive listing of sites and forums that can help you out. Yes, my password is: Forgot your password?

No, create an account now. https://www.lifewire.com/how-to-analyze-hijackthis-logs-2487503 Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Please click Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If In the Toolbar List, 'X' means spyware and 'L' means safe.

Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Treat with care.O23 - NT ServicesWhat it looks like: O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exeWhat to do:This is the listing of non-Microsoft services. If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it. Click "Yes" at the Delete on Reboot prompt.

A confirmation dialog box will be shown before clearing the information.Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. So you can always have HijackThis fix this.O12 - IE pluginsWhat it looks like: O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllWhat to do:Most The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad. The second part of the line is the owner of the file at the end, as seen in the file's properties.Note that fixing an O23 item will only stop the service

It's subscription is due and I plan on replacing it with Sygate Personal Firewall (last version before being bought out) and Avast or something free. I'll take the advice when I get home tonight. Once reported, our moderators will be notified and the post will be reviewed.

Check out the forums and get free advice from the experts.

Required The image(s) in the solution article did not display properly. Please don't post your own virus/spyware problems in this thread. HijackThis is a free tool that quickly scans your computer to find settings that may have been changed by spyware, malware or any other unwanted programs. It was originally developed by Merijn Bellekom, a student in The Netherlands.

The list should be the same as the one you see in the Msconfig utility of Windows XP. Download HiJackThis v2.0.4 Download the Latest version of HiJackThis, direct from our servers. by Grif Thomas Forum moderator / April 6, 2009 1:38 PM PDT In reply to: Please help me to analyse my hijackthis log In order to get your Hijackthis log interpreted, I am not sure.My system information is: Windows XP Service Pack 3, I have a HP laptop.Do you think maybe a system restore would help?Please let me know what you think.I

Confirm you want to merge it with the registry.*Click Here to download Killbox by Option^Explicit.*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL What to do:If you don't Run the HijackThis Tool. hmm...

Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Skype add-on You'll find discussions about fixing problems with computer hardware, computer software, Windows, viruses, security, as well as networks and the Internet.Real-Time ActivityMy Tracked DiscussionsFAQsPoliciesModerators General discussion Please help me to analyse VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: InCD Helper (InCDsrv) Very few legitimate programs use it (Norton CleanSweep uses APITRAP.DLL), most often it is used by trojans or agressive browser hijackers.In case of a 'hidden' DLL loading from this Registry value

HijackThis uses a whitelist of several very common SSODL items, so whenever an item is displayed in the log it is unknown and possibly malicious. Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now If you didn't add the listed domain to the Trusted Zone yourself, have HijackThis fix it.O16 - ActiveX Objects (aka Downloaded Program Files)What it looks like: O16 - DPF: Yahoo! Please try again now or at a later time.

I would advise you to rename the executable then run a scan and paste a log again. Unlike typical anti-spyware software, HijackThis does not use signatures or target any specific programs or URL's to detect and block. We apologize for the delay; our helpers have been very busy.If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the