Home > Hjt Log > Hjt Log -- Need Help Deciphering :)

Hjt Log -- Need Help Deciphering :)

Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swin32.sdwin32.1 AdLogix Object recognized! Getting Help On Usenet - And Believing What You're... If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers.

Back to top #7 fcjr007 fcjr007 New Member Authentic Member 5 posts Posted 20 September 2004 - 10:01 PM Thanks again for all of your help Back to top #8 ChrisRLG Edited by dgosling, 23 August 2004 - 10:27 AM. Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : Interface\{E9D8697E-BEA9-4170-84F3-509AD2A11951} AdRotator Object recognized! A valid, working link to the closed topic is required along with the user name used.

CDiag ("Comprehensive Diagnosis") Source Setting Up A WiFi LAN? Type : RegValue Data : c:\windows\downloaded program files\gigexagent.dll Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINDOWS\Downloaded Program Files\gigexagent.dll Redhotnetworks Object recognized! I created the disk, but unfortunately, my floppy disk drive is not working (if money wasn't an issue, I would just get a new computer!) Anyway, I left for vacation without Type : RegValue Data : Category : Data Miner Comment : "Counter" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Windows Value : Counter Favoriteman Object recognized!

Then wait for me to post back with instructions. Type : File Data : videox.dll Category : Malware Comment : Object : c:\windows\downloaded program files\ FileSize : 196 KB FileVersion : 1, 0, 0, 6 ProductVersion : 1, 0, 0, Back to top Advertisements Register to Remove #2 Micah_6:8 Micah_6:8 Evilware Emancipator Authentic Member 10,060 posts Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware! Only OnFlow adds a plugin here that you don't want (.ofb).O13 - IE DefaultPrefix hijackWhat it looks like: O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?O13 - WWW.

Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : urllauncher.urllaunchercontrol.1 AdRotator Object recognized! The help you receive here is free. So far only CWS.Smartfinder uses it. the CLSID has been changed) by spyware.

Is it AV or one of the combined products? Please post the Ad-Aware log file and we will go from there. Alyluna Logfile of HijackThis v1.98.0 Scan saved at 9:01:59 PM, on 7/30/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\vb and vba program settings\addestroyer AdLogix Object recognized!

The OS at work is Windows 2000. REBOOT to finish removing what it has found and clear memory. 9. There are several web sites which will submit any actual suspicious file for examination to a dozen different scanning engines, including both heuristic and signature analysis. Show Ignored Content As Seen On Welcome to Tech Support Guy!

Close ALL windows except Spybot SD 5. No, create an account now. If you wish to show your appreciation, then you may donate to help keep us online. Type : RegKey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : sep.band Lycos Sidesearch Object recognized!

Type : RegKey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{0BA1C6EB-D062-4E37-9DB5-B07743276324} ClientMan Object recognized! Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Dominoes - http://download.games.yahoo.com/games/clients/y/dot4_x.cab O16 - DPF: Yahoo! He created a 10-part Computer Security 101 Class which has had thousands of participants since its creation and continues to gain in popularity through word of mouth.

Items listed at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad are loaded by Explorer when Windows starts. Let it boot into windows in Safe Mode and then 2. But the spreading of the bad stuff can be severely restricted, if we use the web for good - and that's the upside.Component analysis.Signature databases.Log analysis.Component AnalysisThe absolutely most reliable way

One of the best places to go is the official HijackThis forums at SpywareInfo.

Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Back to top #5 didom didom Members 1,389 posts OFFLINE Gender:Male Local time:12:53 AM Posted 10 March 2005 - 09:37 AM Hi chauz85, your log looks great!Now that you are Type : RegKey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{0000607d-d204-42c7-8e46-216055bf9918} VX2 Object recognized! Next, 'Check for Updates' by clicking on the 'world globe' second from the right at the top of your Ad-Aware window. 4.

It's 100% free. Join over 733,556 other people just like you! Type : RegKey Data : Category : Malware Comment : c:\windows\all users\application data\ieservice\ieservice.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{9E992732-295F-4987-8BE3-16FAC1639198} FastFind Object recognized! Have HijackThis fix them.O14 - 'Reset Web Settings' hijackWhat it looks like: O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.comWhat to do:If the URL is not the provider of your computer or your ISP, have

PCWorld Home Forum Today's Posts FAQ Calendar Community Groups Albums Member List Forum Actions Mark Forums Read Quick Links View Forum Leaders Who's Online What's New? Please copy and paste it here in this thread. I am not sure if the newer Norton AV disks are bootable but it is possible. Click ‘Start’ *Choose:'Perform Full System Scan' *DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. 7.

Type : RegValue Data : c:\windows\downloaded program files\videox.dll Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINDOWS\Downloaded Program Files\videox.dll Deep registry scan result : ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ New Download HijackThis into this folder. CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!! However, some of the settings will need to be changed before your first scan 2.Close ALL windows except Ad-Aware SE 3.

Click on 'Start' and choose 'custom scan' for a full scan. 7. Quarantine anything that it finds and SAVE the log file. 8. It's your computer, and you need to be able to run HJT conveniently.Start HijackThis.Hit the "Config..." button, and make sure that "Make backups..." is checked, before running.