Home > Help On > Help On HiJack This Log - Analysis Explorer.exe

Help On HiJack This Log - Analysis Explorer.exe

Click on Restore MS Hosts File to restore your Hosts file to its default condition. In the Toolbar List, 'X' means spyware and 'L' means safe. Click on Make ReadOnly to secure it against further infection. Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Logfile of HijackThis v1.99.1Scan saved at 3:41:48 PM, on 11/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\brsvc01a.exeC:\WINDOWS\System32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\carpserv.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Roxio\Easy CD Continue Reading Up Next Up Next Article Malware 101: Understanding the Secret Digital War of the Internet Up Next Article How To Configure The Windows XP Firewall Up Next List How Restart your computer into safe mode now. Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quietO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exeO4 - Global Startup: Image Transfer.lnk = ?O4 - Global Startup: Quicken Scheduled Updates.lnk = https://forums.techguy.org/threads/help-on-hijack-this-log-analysis-explorer-exe.405343/

For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe You may also... log.txt

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). May 16, 2009 #2 Dazed78 TS Rookie Topic Starter Info requested by kritius - hosts file corrupted Attached are the two log files that you requested. For the 'NameServer' (DNS servers) entries, Google for the IP or IPs and it will be easy to see if they are good or bad.O18 - Extra protocols and protocol hijackersWhat

Here's the Answer More From Us Article Best Free Spyware/Adware Detection and Removal Tools Article Stop Spyware from Infecting Your Computer Article What Is A BHO (Browser Helper Object)? If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. https://www.bleepingcomputer.com/forums/t/57943/need-help-with-hijackthis-log-analysis/ Log in or Sign up Tech Support Guy Home Forums > Operating Systems > Windows XP > Computer problem?

it would be very much appreciated. So you can always have HijackThis fix this.O12 - IE pluginsWhat it looks like: O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllWhat to do:Most Similar Threads - Help HiJack analysis Solved Upgrading Windows XP to Windows 7 - Help Please? This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

If the name or URL contains words like 'dialer', 'casino', 'free_plugin' etc, definitely fix it. http://www.hijackthis.de/ With the help of this automatic analyzer you are able to get some additional support. Click the View tab.Uncheck "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Uncheck "Hide protected operating system files." Click Apply, and In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze.

If you didn't add the listed domain to the Trusted Zone yourself, have HijackThis fix it.O16 - ActiveX Objects (aka Downloaded Program Files)What it looks like: O16 - DPF: Yahoo! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. It is almost guaranteed that some of the items in your HijackThis logs will be legitimate software and removing those items may adversely impact your system or render it completely inoperable. Please re-enable javascript to access full functionality.

In the last case, have HijackThis fix it.O19 - User style sheet hijackWhat it looks like: O19 - User style sheet: c:\WINDOWS\Java\my.css What to do:In the case of a browser slowdown Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 In addition, if someone has any experience in removing the Relavant Website malware and would like to pass on their recommendations, that would be greatly appreciated. Help W/ Hijackthis Log Analysis -.net Framework Service Started by utgal05 , Nov 11 2005 05:00 PM This topic is locked 2 replies to this topic #1 utgal05 utgal05 Members 1

Spyware removal software such as Adaware or Spybot S&D do a good job of detecting and removing most spyware programs, but some spyware and browser hijackers are too insidious for even Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? Derfram ~~~~~~ Back to top Back to Virus, Trojan, Spyware, and Malware Removal Logs 1 user(s) are reading this topic 0 members, 1 guests, 0 anonymous users Reply to quoted postsClear

It was originally developed by Merijn Bellekom, a student in The Netherlands.

Allow the ActiveX download if necessary. This applies only to the original topic starter. Show Ignored Content As Seen On Welcome to Tech Support Guy! Please open this log in Notepad and post its contents in your next reply.

When it's finished it will reboot your machine to finish the cleaning process. Logfile of HijackThis v1.99.1 Scan saved at 11:27:20 AM, on 10/7/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe Logged For generic computer (not avast) problems, you can also visit my forum for help: http://www.jacobytech.net/forum Print Pages: [1] Go Up « previous next » Avast WEBforum » Avast Products » Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast!

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Experts who know what to look for can then help you analyze the log data and advise you on which items to remove and which ones to leave alone.