Home > Hjt Log > HJT Log Help -- HSA CWS

HJT Log Help -- HSA CWS

Now Ad-Aware scans come up with an all clear. Please click here if you are not redirected within a few seconds. It isn't actually cleaning anything new... If this service is stopped, this computer will be unable to read smart cards.

If this service is stopped, these functions will be unavailable. I think your are miles ahead of me! Javacool's SpywareBlaster has a huge database of malicious ActiveX objects that can be used for looking up CLSIDs. (Right-click the list to use the Find function.) O17 - Lop.com domain hijacksWhat Kindest regards and I look forward to continued dialog with yourself and Budfred.

ATF Cleaner... Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button. I couldn't have cleaned all of that without your help! 0 Buckeye_Sam Columbus, Ohio May 2005 edited May 2005 Now that you are clean, please follow these simple steps in order If this service is disabled, any services that explicitly depend on it will fail to start.TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcsLOAD_ORDER_GROUP :

HijackThis... If the service is stopped, programs that use administrative alerts will not receive them. Sign In Sign In Remember me Not recommended on shared computers Sign in anonymously Sign In Forgot your password? I didn't mention before that when I first experienced problems with this HSA I couldn't run Housecall.

So I followed your outline (sans copying off the log) but when I got back to the reboot in normal mode it was obvious that I was still in the spell. Any thoughts? -- Scan 1 -------- About:Buster Version 2.0 Attempted Clean Of Temp folder. Caveat Emptor.... Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

To stop service, turn off System Restore from the System Restore tab in My Computer->PropertiesTYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcsLOAD_ORDER_GROUP : TAG If this service is stopped, performance information will not be collected. Removed! : C:\WINNT\apiza32.exe Removed! : C:\WINNT\estri.dat Removed! : C:\WINNT\gdenv.dll Removed! : C:\WINNT\javait32.exe Removed! : C:\WINNT\jspybf.dat Removed! : C:\WINNT\sdkcy.exe Removed! : C:\WINNT\system32\fkztt.dat Removed! : C:\WINNT\system32\ienu32.exe Removed! : C:\WINNT\system32\sysbp32.exe Removed! : C:\WINNT\system32\winhd.exe Attempted If not, create one.

MS MVP 2006 and ASAP member since 2004... Windows said this was a critical process and wouldn't let me stop it manually. Things looked good, so I took the big leap and connected to the Internet. O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

Will really appreciate anyone's help. Thanks. I do see that Aboutbuster keeps removing that one line. If this service is disabled, any services that explicitly depend on it will fail to start.TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilterLOAD_ORDER_GROUP :

HJT Log Help -- HSA CWS Started by Samamy , Nov 29 2004 05:36 PM This topic is locked 2 replies to this topic #1 Samamy Samamy Members 8 posts OFFLINE If this service is disabled, any services that explicitly depend on it will fail to start.TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 3 DEMAND_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\msiexec.exe /VLOAD_ORDER_GROUP : TAG Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Jump to A Short-Media community © 2003–2017.

Other things that show up are either not confirmed safe yet, or are hijacked (i.e. It may automatically run twice, but I would run it twice to be sure and copy the report it generates to post back here... Reply With Quote 08-02-2004,09:48 PM #15 Budfred View Profile View Forum Posts View Blog Entries View Articles Amateur Master GeekModerator Join Date Jul 2002 Location Minn Posts 17,373 You can certainly

Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hssbw.dll/sp.html#77035R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1

If this service is disabled, any services that explicitly depend on it will fail to start.TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 4 DISABLEDERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcsLOAD_ORDER_GROUP : O7 - Regedit access restricted by AdministratorWhat it looks like:O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1What to do:Always have HijackThis fix this, unless your system administrator has put this restriction into place.O8 - Extra It did not find anything. 3. If you see a problem, download the updated HJT before generating a new log so you get all the latest detections...

Share this post Link to post Share on other sites therock247uk    Advanced Member Moderators 236 posts Location: UK Interests: Killing Malware. I then ran HijackThis and fixed the two items that you suggested, Budfred. Icrontic › All Discussions › Spyware & Virus Removal Talk to Us Twitter @icrontic Facebook Page IRC Channel Steam Group The 5¢ Tour About Us Our Epic History Team Fortress 2 Caveat Emptor....

This will ensure your computer has always the latest security updates available installed on your computer. Done! Post in the forum... But the pattern is the same and you may be able to determine the correct files to remove.

CTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Reboot your computer to go back to normal mode and post a new hijackthis log and the log from About Buster. 0 OptionsEdit mtbgeek May 2005 edited May 2005 Buckeye_Sam, I If this service is disabled, any services that explicitly depend on it will fail to start.TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_STARTERROR_CONTROL : 1 NORMALBINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcsLOAD_ORDER_GROUP : Say hello!

They both found some stuff. Repeats on clicking 'Close'.