Home > Can Someone > Can Someone Please Help Analyze My HJT Log?

Can Someone Please Help Analyze My HJT Log?

Hope someone can help me. TechSpot Account Sign up for free, it takes 30 seconds. It was originally developed by Merijn Bellekom, a student in The Netherlands. To see product information, please login again. this contact form

Join our site today to ask your question. Can someone please analysis it for me. Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above. Should you see an URL you don't recognize as your homepage or search page, have HijackThis fix it.O1 - Hostsfile redirectionsWhat it looks like:O1 - Hosts: 216.177.73.139 auto.search.msn.comO1 - Hosts: 216.177.73.139 http://www.bleepingcomputer.com/forums/t/19484/can-someone-please-help-analyze-my-hjt-log/

Loading... If it's not on the list and the name seems a random string of characters and the file is in the 'Application Data' folder (like the last one in the examples Main Sections Technology News Reviews Features Product Finder Downloads Drivers Community TechSpot Forums Today's Posts Ask a Question News & Comments Useful Resources Best of the Best Must Reads Trending Now

O15 - Unwanted sites in Trusted ZoneWhat it looks like: O15 - Trusted Zone: http://free.aol.comO15 - Trusted Zone: *.coolwebsearch.comO15 - Trusted Zone: *.msn.comWhat to do:Most of the time only AOL and Please note that many features won't work unless you enable it. Unlike typical anti-spyware software, HijackThis does not use signatures or target any specific programs or URL's to detect and block. Thanks!Logfile of HijackThis v1.99.1Scan saved at 9:40:38 PM, on 5/22/2005Platform: Windows 2000 SP2 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT2\System32\smss.exeC:\WINNT2\system32\winlogon.exeC:\WINNT2\system32\services.exeC:\WINNT2\system32\lsass.exeC:\WINNT2\system32\svchost.exeC:\WINNT2\system32\spoolsv.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeC:\WINNT2\System32\CTSvcCDA.exeC:\WINNT2\System32\svchost.exeC:\WINNT2\system32\drivers\KodakCCS.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exeC:\WINNT2\system32\regsvc.exeC:\WINNT2\system32\MSTask.exeC:\WINNT2\System32\ScsiAccess.EXEC:\Program Files\CA\eTrust EZ

All rights reserved. Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do. No, create an account now. Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo!

One of the best places to go is the official HijackThis forums at SpywareInfo. The same goes for the 'SearchList' entries. If you didn't add the listed domain to the Trusted Zone yourself, have HijackThis fix it.O16 - ActiveX Objects (aka Downloaded Program Files)What it looks like: O16 - DPF: Yahoo! It comes up with a message saying that there are viruises and spyware in the system, and gives false links to Spybot and Adware sites.

For the 'NameServer' (DNS servers) entries, Google for the IP or IPs and it will be easy to see if they are good or bad.O18 - Extra protocols and protocol hijackersWhat http://www.techspot.com/community/topics/can-someone-please-analysis-my-hjt-log-file.76863/ Just try going to Windows update and view your Updates as it says,you might not need them all so read the details. :rolleyes:Click to expand... Your system is infected with at least one trojan. C:\WINDOWS\System32\SMSSU.EXE C:\WINDOWS\System32\Tmntsrv32.EXE C:\WINDOWS\System32\Tmntsrv32.EXE C:\WINDOWS\System32\SMSSU.EXE C:\WINDOWS\System32\Tmntsrv32.EXE O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll O4 - HKCU\..\Run: [SMSSU] C:\WINDOWS\System32\SMSSU.EXE O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32.EXE ...................................................................................................

Other things that show up are either not confirmed safe yet, or are hijacked (i.e. weblink Have HijackThis fix them.O14 - 'Reset Web Settings' hijackWhat it looks like: O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.comWhat to do:If the URL is not the provider of your computer or your ISP, have Also, let me know the results of the AVG Antirootkit scan. i go to window update but there's no more update to download for my window.

For the R3 items, always fix them unless it mentions a program you recognize, like Copernic.F0, F1, F2, F3 - Autoloading programs from INI filesWhat it looks like:F0 - system.ini: Shell=Explorer.exe Feedback Home & Home Office Support Business Support TrendMicro.com TrendMicro.com For Home For Small Business For Enterprise and Midsize Business Security Report Why TrendMicro TRENDMICRO.COM Home and Home OfficeSupport Home Home Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLLO2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLLWhat to do:If navigate here how?

Article Malware 101: Understanding the Secret Digital War of the Internet Article 4 Tips for Preventing Browser Hijacking Article How To Configure The Windows XP Firewall Article Wireshark Network Protocol Analyzer The full name is usually important-sounding, like 'Network Security Service', 'Workstation Logon Service' or 'Remote Procedure Call Helper', but the internal name (between brackets) is a string of garbage, like 'Ort'. Experts who know what to look for can then help you analyze the log data and advise you on which items to remove and which ones to leave alone.

If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box.

Back to top #3 OldTimer OldTimer Malware Expert Members 11,092 posts OFFLINE Gender:Male Location:North Carolina Posted 23 May 2005 - 04:24 PM Hello emfish and welcome to the BC fourms. TechSpot Account Sign up for free, it takes 30 seconds. Dismiss Notice TechSpot Forums Forums Software Virus and Malware Removal Today's Posts Can someone please analysis my HJT Logfile. When done, from between the dotted lines, delete the highlighted bold files.

PATCH CODE : AS3-CTRKEA-SR. Reboot your computer normally, start HijackThis and perform a new scan. Service & Support HijackThis.de Supportforum Deutsch | English Forospyware.com (Spanish) www.forospyware.com Malwarecrypt.com www.malwarecrypt.com Computerhilfen www.computerhilfen.com Log file Show the visitors ratings © 2004 - 2017 his comment is here Login now.

In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Jun 17, 2005 Can someone analyze this HJT LOG Dec 17, 2008 Analyze my log, please! If we have ever helped you in the past, please consider helping us. HijackThis uses a whitelist of several very common SSODL items, so whenever an item is displayed in the log it is unknown and possibly malicious.

Am getting the message on windows startup..Please help!!