Home > Solved Hjt > [Solved] HJT LOG Incredifind

[Solved] HJT LOG Incredifind

Last edited by LJ07; 13th October 2004 at 07:33. If you see these you can have HijackThis fix it. Please re-enable javascript to access full functionality. Every line on the Scan List for HijackThis starts with a section name. Check This Out

O17 Section This section corresponds to Lop.com Domain Hacks. JonnyMac View Public Profile Find More Posts by JonnyMac 12th October 2004, 22:44 #10 siebe83 Forum King Join Date: Feb 2004 Posts: 9,224 I found some info on The funny thing is, it's different every time. I assure you my bark is worse than my bite. https://forums.pcpitstop.com/index.php?/topic/68494-solvedhijacked/

I got a reply to my other post: http://forums.spywar...topic=25055&hl=and I followed the instructions there and added a couple of things else that I found. This allows the Hijacker to take control of certain ways your computer sends and receives information. Back to top #4 firekracker firekracker slow burn...short fuse Anti-Spyware Brigade 7,646 posts Gender:Female Posted 09 October 2004 - 10:17 PM i've also got 'incredifind' in my Programs folder....but not listed Press Yes or No depending on your choice.

Yumblie View Public Profile Find all posts by Yumblie #6 10-18-2004, 10:19 PM Fear Itself ɯǝlqoɹd ɐ ǝʌɐɥ ǝʍ 'uoʇsnoɥ Charter Member Join Date: Apr 1999 Location: Flavortown ADS Spy was designed to help in removing these types of files. Nucia Security Forums - Dutch Anti-Malware Support Back to top #3 jbow jbow Member Helper Trainee 30 posts Posted 10 September 2004 - 03:55 PM OK, I did all you said. The funny thing is, it's different every time.

O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe - This entry corresponds to a value located under the HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run key. You have ignored my request not to PM me and you have fully answered my specs questions, so this is where I leave. Even for an advanced computer user. http://tweaks.com/forum/topic/11655/incredifind-ampgt-cannot-find-servrampgtsmtp-blk/ Register now!

There are times that the file may be in use even if Internet Explorer is shut down. In order to find out what entries are nasty and what are installed by the user, you need some background information.A logfile is not so easy to analyze. Logfile of HijackThis v1.98.2 Scan saved at 10:01:01 PM, on 10/09/04 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe Examples and their descriptions can be seen below.

If you need to remove this file, it is recommended that you reboot into safe mode and delete the file there. If you expect any help, answer all of JonnyMac's questions when you reply back in this thread again. For F1 entries you should google the entries found here to determine if they are legitimate programs. It is important to note that fixing these entries does not seem to delete either the Registry entry or the file associated with it.

That's okay, dude. his comment is here If you see CommonName in the listing you can safely remove it. This will also benefit others who may have a similar question or problem. Then attach the HjT log with your next reply.

F2 entries are displayed when there is a value that is not whitelisted, or considered safe, in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under the values Shell and Userinit. Also, take a look at this thread for help > can't load SKINS Don't email or PM me concerning Winamp. As of now there are no known malware that causes this, but we may see differently now that HJT is enumerating this key. this contact form Example Listing O10 - Broken Internet access because of LSP provider 'spsublsp.dll' missing Many Virus Scanners are starting to scan for Viruses, Trojans, etc at the Winsock level.

I'll do it and i'll let you know how it turns out. You will now be asked if you would like to reboot your computer to delete the file. CPU: Pentium III 800mhz RAM: 194mb Soundcard: Yamaha audio Video Card: nVidia geforce 4 4000mx Windows OS: Microsoft Windows Millenium Edition Direct X:9.0 Do you have any third party Winamp plug-ins?

When working on HijackThis logs it is not advised to use HijackThis to fix entries in a person's log when the user has multiple accounts logged in.

The name of the Registry value is nwiz and when the entry is started it will launch the nwiz.exe /install command. Those numbers in the beginning are the user's SID, or security identifier, and is a number that is unique to each user on your computer. If you see UserInit=userinit.exe (notice no comma) that is still ok, so you should leave it alone. The load= statement was used to load drivers for your hardware.

O15 Section This section corresponds to sites or IP addresses in the Internet Explorer Trusted Zone and Protocol Defaults. I'm now trying to find some clue from the thread see i can fix it by my own or not. Don't say "Get a new browser" because I've stuck with IE this long and I'm afraid of change. http://webadapt.org/solved-hjt/solved-hjt-log.php You should see a screen similar to Figure 8 below.

peri View Public Profile Find all posts by peri #11 10-19-2004, 11:57 AM Number Charter Member Join Date: Apr 2002 Location: Chicago Posts: 2,210 Run HijackThis and post How to restore items mistakenly deleted HijackThis comes with a backup and restore procedure in the event that you erroneously remove an entry that is actually legitimate. The log file should now be opened in your Notepad. O4 Section This section corresponds to certain registry keys and startup folders that are used to automatically start an application when Windows starts.

Section Name Description R0, R1, R2, R3 Internet Explorer Start/Search pages URLs F0, F1, F2,F3 Auto loading programs N1, N2, N3, N4 Netscape/Mozilla Start/Search pages URLs O1 Hosts file redirection O2 When domains are added as a Trusted Site or Restricted they are assigned a value to signify that. He had post the problem and the title is "can't load SKINS". Please try the request again.

Registry Keys: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Example Listing O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Antivirus\NavShExt.dll There is an excellent list of known CSLIDs associated with Browser Helper Objects However, FlashGet from the HjT log caught my eye.