What are these on my HJT log?
- Thread starter Kazi
- Start date
- Status
Bobbye
Posts: 16,313 +36
No, you did not tell me you 'played around with Autoruns'. You told me about some desktop "thingy" which is showing as an 024 entry. But there is no danger from that file anymore as the entry in the log shows that it is missing.
The following is the only removal that has worked:
Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.
Now run HijackThis and if the entry is still there check it and fix it. Reboot and it should be gone. Please let me know.
The following is the only removal that has worked:
Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.
Now run HijackThis and if the entry is still there check it and fix it. Reboot and it should be gone. Please let me know.
Bobbye
Posts: 16,313 +36
Please run Malwarebytes. See instructions in Post #16.
Also run SuperAntispyware:
SuperAntiSpyware Home Edition Free Version
* Please download SuperAntiSpyware from http://www.superantispyware.com/
* Launch SuperAntiSpyware and click on 'Check for updates'.
* Wait for the updates to be installed
* On the main screen click on 'Scan your computer'.
* Check: 'Perform Complete Scan then Click 'Next' to start the scan.
* Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
* Make sure everything found has a checkmark next to it,then press 'Next'.
* Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your reply
After completing both of these programs, run HijackThis. Post all three logs.
Also run SuperAntispyware:
SuperAntiSpyware Home Edition Free Version
* Please download SuperAntiSpyware from http://www.superantispyware.com/
* Launch SuperAntiSpyware and click on 'Check for updates'.
* Wait for the updates to be installed
* On the main screen click on 'Scan your computer'.
* Check: 'Perform Complete Scan then Click 'Next' to start the scan.
* Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
* Make sure everything found has a checkmark next to it,then press 'Next'.
* Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Attach the notepad file here on your reply
After completing both of these programs, run HijackThis. Post all three logs.
Bobbye
Posts: 16,313 +36
You started this thread 9 days ago, with no log until now, so I have nothing to compare. MBAM and SAS show you clean. The HijackThis log is basically clean except for:
Review ask.com here:
You have many unnecessary startups. I notice multiple Warcraft Tools. What, if any problems are you having now> If none, we'll remove the cleaning tools and old restore points:
-----------------------------------------------------------------------
*OTCleanit! by Oldtimer*
* Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
Clear System Restore points:
* This is a good time to clear your existing system restore points and establish a new clean restore point:
o Go to Start > All Programs > Accessories > System Tools > System Restore
o Select Create a restore point, and OK it.
o Next, go to Start > Run and type in cleanmgr
o Select the More options tab
o Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
ZoneAlarm Spy Blocker Toolbar, now installed as an optional with Zonealarm. Uses the Ask.com searchengine. Ask.com is not a good BHO to have on your computer
Review ask.com here:
Advise stop the process, uninstall in Add/Remove Programs.
You have many unnecessary startups. I notice multiple Warcraft Tools. What, if any problems are you having now> If none, we'll remove the cleaning tools and old restore points:
-----------------------------------------------------------------------
*OTCleanit! by Oldtimer*
* Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
Clear System Restore points:
* This is a good time to clear your existing system restore points and establish a new clean restore point:
o Go to Start > All Programs > Accessories > System Tools > System Restore
o Select Create a restore point, and OK it.
o Next, go to Start > Run and type in cleanmgr
o Select the More options tab
o Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
I did olt but when i did cleanmgr thingy but there was no more options or system restore, only my drives. i'm sorry for saying this but my question was wether the protocol hijack stuff was bad or not. I seem to not have any problems because i couldn't watch youtube vids in ie because the flash player wasn't installed
Bobbye
Posts: 16,313 +36
I understand what you started this thread with. However, without going through all the logs, the question was out of context and couldn't be answered.
Try deleting the restore points this way:
Set a new one first: All Programs> Accessories> System Tools> System Restore> check 'create a new restore point'> Next> let it complete.
Now go to the Control Panel> System> System Restore tab> CHECK 'turn off System Restore"> Apply> OK> Reboot.
The old restore points will be gone. Go back in and UNCHECK 'turn off System Restore'> Apply> OK.
As far as I can see, your logs showed you clean.
Try deleting the restore points this way:
Set a new one first: All Programs> Accessories> System Tools> System Restore> check 'create a new restore point'> Next> let it complete.
Now go to the Control Panel> System> System Restore tab> CHECK 'turn off System Restore"> Apply> OK> Reboot.
The old restore points will be gone. Go back in and UNCHECK 'turn off System Restore'> Apply> OK.
As far as I can see, your logs showed you clean.
Bobbye
Posts: 16,313 +36
If you would like to check each of the 018 entries, copy the CLSID, paste it in the box on this site and click on the first letter of the process shown: http://www.castlecops.com/o18et-i.html
Here are some of them:
Protocol {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} L tv msvidctl.dll Item taken from whitelist of HijackThis
Protocol {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} L wia wiascr.dll Item taken from whitelist of HijackThis
Protocol {9D148291-B9C8-11D0-A4CC-0000F80149F6} L its, ms-its itss.dll Items taken from whitelist of HijackThis
Protocol {5C135180-9973-46D9-ABF4-148267CBB8BF} L lid msvidctl.dll Item taken from whitelist of HijackThis
If you are uncomfortable with what we did, you are free to post your question again and let someone else help you.
Your question was: "what are these". The definition of the 018 entries in HijackThis is: "extra protocols and protocol hijackers". The dewscription goes on to sat: "only a few hijackers show up here. The known baddies are "cn" (CommonName), 'ayb (Lop.com and 'related links' (Huntbar)I am asked to verify my installation. Other things that show up are either not confirned safe yet or are hijacked.(the CLSID has been changed by spyware)
I didn't find any indication of hijackers.
Here are some of them:
Protocol {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} L tv msvidctl.dll Item taken from whitelist of HijackThis
Protocol {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} L wia wiascr.dll Item taken from whitelist of HijackThis
Protocol {9D148291-B9C8-11D0-A4CC-0000F80149F6} L its, ms-its itss.dll Items taken from whitelist of HijackThis
Protocol {5C135180-9973-46D9-ABF4-148267CBB8BF} L lid msvidctl.dll Item taken from whitelist of HijackThis
If you are uncomfortable with what we did, you are free to post your question again and let someone else help you.
Your question was: "what are these". The definition of the 018 entries in HijackThis is: "extra protocols and protocol hijackers". The dewscription goes on to sat: "only a few hijackers show up here. The known baddies are "cn" (CommonName), 'ayb (Lop.com and 'related links' (Huntbar)I am asked to verify my installation. Other things that show up are either not confirned safe yet or are hijacked.(the CLSID has been changed by spyware)
I didn't find any indication of hijackers.
- Status
Latest posts
-
Nintendo DMCA lawyers shut down everything Mario on Garry's Mod- VariableSpike replied
