Post Your HijackThis logs here

[G10]

Cool Hi Jack This For Dummies

Computer running slow? Something just not feel right? Problems with pop-ups?

Well your in luck! We're here to help ya fix whats ailing ya!

How to use Hi Jack This

1. Download HJT - I have a Mirror download available HERE

2. Unzip HiJackThis - If you don't have winzip or winrar Download it HERE

3. Do a system scan and save a logfile - This is the first option at the very top of the page that opens (see screen shot below)

4. Start a new thread with HJT in the title - (and attach your logfile as an attachment) * Your log file is the notepad file that opens up simply go to file ==> Save As (blablabla.txt) then use the forums attach a file / manage attachments feature to attach your logfile to your new thread. (New threads make it easier to handle each problem separately and expedite the procedure time)

5. Wait for a response from someone here that has an IT background or understands HJT well! Never delete anything unless YOU feel safe doing so!

Tutorial kindly supplied by neo1seo

Thanks dude -

Please keep in mind that if you are posting HiJackThis logs, you must post them as attachments (so that they are not crawled by the SE's)and not just 'cut & paste' them -

[Sketch]

I'll be the first to post my log.

I have no idea what it means, but I don't think I have anything wrong with my machine ATM.

[Zap]

You can remove the following entries since the files are missing anyway...
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)


And, you can remove the following entry if you don't use quick time a lot...
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


You have a lot of stuff loading at boot time, but nothing I could see that was dangerous. (Unless you count Windows)


And, I would suggest all future posts should go in their own thread. If you are posting a hijackthis log for the first time here, please start a new thread so that each spyware event is self contained.

[Sketch]

Done got rid of those, as well as the real player start up thing. Goddamn I hate Real Player it just takes over it should be counted as spyware!

[edit]
Sorry, I think I miss read both posts (ccole and G10) I should have made a new topic, I thought G10 was asking people to post their HijackThis log in this thread.

Sorry Guys.
[/edit]

[DOS]

If you mess with the options, Real Player's not that bad. I use it to play my music actually, you can set it up to go straight to your music when you launch it and get rid of those things that pop up from it.

[Sketch]

I still prefer Winamp and Windows Media Player, I only use Real Player to play Real Player Files. It's just one of those programs I have never really liked, I hate it when you install a program and it just steals all your file extensions and that's what Real does.

[G10]

I am not too hot on the 'HijackThis' side of things so I have also posted mine up to see if any improvements can be made

[Zap]

Clean as a whistle, my friend.

You might want to get rid of this...
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
It is a "something" that points to nothing.

You can get rid of this too if you don't use Quicktime a lot...
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


And, if you don't use MSN Messenger and really don't want it, I have a utility that kills it.

[G10]

Thanks dude -

I appreciate your advice.

[intruth]

Great Thread and idea the other HijackThis forums are over loaded...

This will help alot of people who need to post their HijackThis log to get a faster responce...I should have thought of this 1st... lol Nice Job as a Super Moderator G10...

[G10]

Thanks intruth but there were a whole lot of people who made this happen.

We got people like ccole1968 & joecoolfreak who I take my hat off to as they have some great I.T. knowledge and without members like that we wouldn't be able to make the "Computers & Internet" subforum work.

JS for taking the gamble, creating this subforum and allowing us techies the chance to do our stuff.

You got a point about the other HijackThis forums being overloaded and once people realise that it is also being done here, that should bring them over

Very early days still and we hope to bring in more stuff here

[Zap]

I got knowledge??? Hmmm. News to me!

[NeO]

G10

I usually only like to see two BHO's on my log files... and those are Google & Adobe (And Adobe is only there cause every time I have to open a .pdf I get hassles if I've deleted it )

Of course that's just my personal prefrence... *knock on wood* I've yet to have a problem with a single pop up or virus in 5+ yrs

Here's something fun that will make everyone want to run a hijack this log file right after visiting the site (I guarantee that it's clean!) Check it out LOL... anyone not running SP2?

NeO

[Michael Allison]

Please have a look and see if there's anything that needs attention.

Thanks!

[NeO]

Pretty clean Michael...

You have some missing files that when deleted should speed you up a bit

IMO all of these can go:

Quote:

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Also your SunJava needs to be updated Should be on version JRE 1.5.0_06 instead of _02

nothing big but should help things out a bit... you did mention that your pc was running a little slow? what kind of RAM are you using? and did you recently put a new proggy on your system?

NeO

[John Scott]

I don't know if running Norton did anything, but not getting the browser hijacks ATM.

[NeO]

Ok John... you have a ton of start up running... which will take a bit to figure all out but to start with I want you to get rid of these... anything else Ccole will probably find before I wake up

Quote:

Originally Posted by please remove

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll (file missing)
*not sure about this one but I don't like the look of it -C:\WINDOWS\System32\TCtrlIOHook.exe hook is a bad file name...
don't like this one either... O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
don't like this one either... O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
Garbage definately delete these...

For right now... I'd guess that you could get rid of all of those... Ccole needs to look at it and I'll do a bit more research tomorrow... I have meetings for most of the day so may be right when your getting back on

I can tell you this much I'm a hellovaLot betta than Norton

Now all your base are belong to us!

Just re run the HJT... this time only do a system scan... and click the boxes that I've posted to you... click "fix scanned" and do a quick restart run it once more... double check they are gone... and ya should be good to go...

Aight I'm off like a dirty prom dress!

Night M8's

NeO

[John Scott]

Thanks, Neo!

[John Scott]

Huh. It has occurred to me that I really don't know how to get rid of them.

[Zap]

Quote:

Originally Posted by JohnScott

Huh. It has occurred to me that I really don't know how to get rid of them.

Just run the HJT scan again and put a check mark in the box on the left of each line. Once you have all of NeO's suggestions checked, there is a "Fix Checked" button below. Click it and it will remove the items checked. (It may ask you to confirm a couple of the removals, just say Yes)

Then you can do another scan and post the new log here. I'll go over it.