Home > Hijackthis Download > HJT Log Analysis - Lil Help

HJT Log Analysis - Lil Help

Contents

If you want to see normal sizes of the screen shots you can click on them. Logfile of HijackThis v1.97.7 Scan saved at 10:33:50 PM, on 05/05/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe For the 'NameServer' (DNS servers) entries, Google for the IP or IPs and it will be easy to see if they are good or bad.O18 - Extra protocols and protocol hijackersWhat Example Listing O1 - Hosts: 192.168.1.1 www.google.com Files Used: The hosts file is a text file that can be edited by any text editor and is stored by default in the check over here

This tutorial, in addition, to showing how to use HijackThis, will also go into detail about each of the sections and what they actually mean. Worst virus ever! I don't know if this made a difference or not. It is recommended that you reboot into safe mode and delete the offending file. http://www.techsupportforum.com/forums/f100/hjt-log-analysis-lil-help-please-32608.html

Hijackthis Log Analyzer

These are the toolbars that are underneath your navigation bar and menu in Internet Explorer. If you look in your Internet Options for Internet Explorer you will see an Advanced Options tab. Instead for backwards compatibility they use a function called IniFileMapping. By no means is this information extensive enough to cover all decisions, but should help you determine what is legitimate or not.

The time now is 07:53 AM. Some Registry Keys: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page HKCU\Software\Microsoft\Internet Explorer\Main: Start Page HKLM\Software\Microsoft\Internet Explorer\Main: Default_Page_URL HKCU\Software\Microsoft\Internet Explorer\Main: Default_Page_URL HKLM\Software\Microsoft\Internet Explorer\Main: Search Page HKCU\Software\Microsoft\Internet Explorer\Main: Search Page HKCU\Software\Microsoft\Internet See to it that you do not get infected in the first place. Hijackthis Windows 10 Files Used: prefs.js As most spyware and hijackers tend to target Internet Explorer these are usually safe.

Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - Global Startup: Ad-Aware Personal.lnk = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab 11-12-2006,04:09 AM #7 Mr Anybodyxyz View Profile View Hijackthis Download Now click on the Tweak button in that same window. Logged DavidR Avast √úberevangelist Certainly Bot Posts: 76222 No support PMs thanks Re: A little help configuring and explaining HiJackThis ... « Reply #4 on: August 27, 2006, 02:40:39 PM » http://pressf1.pcworld.co.nz/showthread.php?72297-groan-Lil-Help-plz-groan The F1 items are usually very old programs that are safe, so you should find some more info on the filename to see if it's good or bad.

Stay logged in Sign up now! Hijackthis Windows 7 Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabWhat to do:If you don't recognize the name of the object, or the URL it was downloaded from, have HijackThis fix This site is completely free -- paid for by advertisers and donations. If you are the Administrator and it has been enabled without your permission, then have HijackThis fix it.

Hijackthis Download

Please find my keylogger! On Windows NT based systems (Windows 2000, XP, etc) HijackThis will show the entries found in win.ini and system.ini, but Windows NT based systems will not execute the files listed there. Hijackthis Log Analyzer Make sure to work through the fixes in the exact order it is mentioned below. Hijackthis Trend Micro Logged Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/avast!

There are times that the file may be in use even if Internet Explorer is shut down. When you fix these types of entries with HijackThis, HijackThis will attempt to the delete the offending file listed. Unlike typical anti-spyware software, HijackThis does not use signatures or target any specific programs or URL's to detect and block. If you delete the lines, those lines will be deleted from your HOSTS file. Hijackthis Download Windows 7

With this manager you can view your hosts file and delete lines in the file or toggle lines on or off. These entries will be executed when any user logs onto the computer. When using the standalone version you should not run it from your Temporary Internet Files folder as your backup folder will not be saved after you close the program. this content bob3160 Avast √úberevangelist Probably Bot Posts: 32923 56 Years of Happiness Re: A little help configuring and explaining HiJackThis ... « Reply #2 on: August 27, 2006, 03:05:21 AM » Using

Press Submit If you would like to see information about any of the objects listed, you can click once on a listing, and then press the "Info on selected item..." button. How To Use Hijackthis Test your internet connection If this is your first visit, be sure to check out the FAQ by clicking the link above. If it is another entry, you should Google to do some research.

This will make both programs launch when you log in and is a common place for trojans, hijackers, and spyware to launch from.

Note: In the listing below, HKLM stands for HKEY_LOCAL_MACHINE and HKCU stands for HKEY_CURRENT_USER. crazedferret, May 6, 2004 #2 Cookiegal Administrator Malware Specialist Coordinator Joined: Aug 27, 2003 Messages: 105,546 The log sure is loaded with nasty stuff. An example of what one would look like is: R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file) Notice the CLSID, the numbers between the { }, have a _ Hijackthis Portable However, if you really wish to know and you have them time.

When examining O4 entries and trying to determine what they are for you should consult one of the following lists: Bleeping Computer Startup Database Answers that work Greatis Startup Application Database Navigate to the file and click on it once, and then click on the Open button. Join over 733,556 other people just like you! http://cgmguide.com/hijackthis-download/hijack-this-file-analysis-website.php Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it): C:\WINNT\System32\xl.exe C:\WINNT\system32\OhuTT.exe Run a scan in HijackThis.

When cleaning malware from a machine entries in the Add/Remove Programs list invariably get left behind. When you fix these types of entries, HijackThis will not delete the offending file listed. By deleting most ActiveX objects from your computer, you will not have a problem as you can download them again. Use google to see if the files are legitimate.