Highjackthis log help

[Tyler W.]

I am not sure if theses processes were essential for the system to
function correctly but I do know I could be right because when I first
install windows I always do a highjackthis log and I select all of them
and I put them in the ignorelist and then I check it periodically and
when new stuff comes up I search for it with sites like
processlibrary.com but it did not come up there and I also google it but
no help there either .
04-HKCU\.. \Run: [Tbsa] "C:\WINDOWS\system32\APPATC~1\dexplore.exe" --ru
-vt yazb
04-HKLM\..\Run: [a0800b2e] rundll32.exe "C:\WINDOWS\system32\slwftbod.dll",b

I still had problems after I delete those entries but I think that did
help some what because after I got rid of them I got phony pop-ups that
say my system is unsecured and that I have not updated by computer yet
and I know it's not windows updates because it was not microsoft.com it
was another website that looked like it but with a different address so
that would be like phishering. but any ways my computer is fine now
since I used VundoFix.exe which gets rid of Vundo viruses and I find it
interesting that highjackthis did not find all of them but I do know
that most anti-virus programs out there do not protect against Vundo
Viruses which the first time I got one was the famous Winfixer 2000
antivirus which I did some research on the net and I found out how to
get rid of it.

 

[Kayman]

I am not sure if theses processes were essential for the system to
function correctly but I do know I could be right because when I first
install windows I always do a highjackthis log and I select all of them
and I put them in the ignorelist and then I check it periodically and
when new stuff comes up I search for it with sites like
processlibrary.com but it did not come up there and I also google it but
no help there either .
04-HKCU\.. \Run: [Tbsa] "C:\WINDOWS\system32\APPATC~1\dexplore.exe" --ru
-vt yazb
04-HKLM\..\Run: [a0800b2e] rundll32.exe "C:\WINDOWS\system32\slwftbod.dll",b

I still had problems after I delete those entries but I think that did
help some what because after I got rid of them I got phony pop-ups that
say my system is unsecured and that I have not updated by computer yet
and I know it's not windows updates because it was not microsoft.com it
was another website that looked like it but with a different address so
that would be like phishering. but any ways my computer is fine now
since I used VundoFix.exe which gets rid of Vundo viruses and I find it
interesting that highjackthis did not find all of them but I do know
that most anti-virus programs out there do not protect against Vundo
Viruses which the first time I got one was the famous Winfixer 2000
antivirus which I did some research on the net and I found out how to
get rid of it.

Nothing will protect you if you don't know what you're doing. In your case,
start from the scratch (flatten your OS), some education concerning basic
do's and dont's and must-do is recommendable.

http://www.elephantboycomputers.com/page2.html

Download and run HijackThis;
(http://aumha.org/downloads/hijackthis.zip)

Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)

Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.

*Note, //registration// *is* required prior to posting a log.
- Not listed in any particular order -

(http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29)
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=hijackthis)
(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)

 

[Allan]

I am not sure if theses processes were essential for the system to
function correctly but I do know I could be right because when I first
install windows I always do a highjackthis log and I select all of them
and I put them in the ignorelist and then I check it periodically and
when new stuff comes up I search for it with sites like
processlibrary.com but it did not come up there and I also google it but
no help there either .
04-HKCU\.. \Run: [Tbsa] "C:\WINDOWS\system32\APPATC~1\dexplore.exe" --ru
-vt yazb
04-HKLM\..\Run: [a0800b2e] rundll32.exe
"C:\WINDOWS\system32\slwftbod.dll",b

I still had problems after I delete those entries but I think that did
help some what because after I got rid of them I got phony pop-ups that
say my system is unsecured and that I have not updated by computer yet
and I know it's not windows updates because it was not microsoft.com it
was another website that looked like it but with a different address so
that would be like phishering. but any ways my computer is fine now
since I used VundoFix.exe which gets rid of Vundo viruses and I find it
interesting that highjackthis did not find all of them but I do know
that most anti-virus programs out there do not protect against Vundo
Viruses which the first time I got one was the famous Winfixer 2000
antivirus which I did some research on the net and I found out how to
get rid of it.

Nothing will protect you if you don't know what you're doing. In your
case,
start from the scratch (flatten your OS), some education concerning basic
do's and dont's and must-do is recommendable.

http://www.elephantboycomputers.com/page2.html

Download and run HijackThis;
(http://aumha.org/downloads/hijackthis.zip)

Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)

Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.

*Note, //registration// *is* required prior to posting a log.
- Not listed in any particular order -

(http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29)
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=hijackthis)
(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)

....
I believe that Wilder's Security Forum listed above no longer accepts
unsolicited HijackThis logs as stated on their website.
....

 

[Kayman]

I am not sure if theses processes were essential for the system to
function correctly but I do know I could be right because when I first
install windows I always do a highjackthis log and I select all of them
and I put them in the ignorelist and then I check it periodically and
when new stuff comes up I search for it with sites like
processlibrary.com but it did not come up there and I also google it but
no help there either .
04-HKCU\.. \Run: [Tbsa] "C:\WINDOWS\system32\APPATC~1\dexplore.exe" --ru
-vt yazb
04-HKLM\..\Run: [a0800b2e] rundll32.exe "C:\WINDOWS\system32\slwftbod.dll",b

I still had problems after I delete those entries but I think that did
help some what because after I got rid of them I got phony pop-ups that
say my system is unsecured and that I have not updated by computer yet
and I know it's not windows updates because it was not microsoft.com it
was another website that looked like it but with a different address so
that would be like phishering. but any ways my computer is fine now
since I used VundoFix.exe which gets rid of Vundo viruses and I find it
interesting that highjackthis did not find all of them but I do know
that most anti-virus programs out there do not protect against Vundo
Viruses which the first time I got one was the famous Winfixer 2000
antivirus which I did some research on the net and I found out how to
get rid of it.

Nothing will protect you if you don't know what you're doing. In your case,
start from the scratch (flatten your OS), some education concerning basic
do's and dont's and must-do is recommendable.

http://www.elephantboycomputers.com/page2.html

Download and run HijackThis;
(http://aumha.org/downloads/hijackthis.zip)

Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)

Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.

*Note, //registration// *is* required prior to posting a log.
- Not listed in any particular order -

(http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29)
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=hijackthis)
(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)

 

[Tyler W.]

I am not sure if theses processes were essential for the system to
function correctly but I do know I could be right because when I first
install windows I always do a highjackthis log and I select all of them
and I put them in the ignorelist and then I check it periodically and
when new stuff comes up I search for it with sites like
processlibrary.com but it did not come up there and I also google it but
no help there either .
04-HKCU\.. \Run: [Tbsa] "C:\WINDOWS\system32\APPATC~1\dexplore.exe" --ru
-vt yazb
04-HKLM\..\Run: [a0800b2e] rundll32.exe "C:\WINDOWS\system32\slwftbod.dll",b

I still had problems after I delete those entries but I think that did
help some what because after I got rid of them I got phony pop-ups that
say my system is unsecured and that I have not updated by computer yet
and I know it's not windows updates because it was not microsoft.com it
was another website that looked like it but with a different address so
that would be like phishering. but any ways my computer is fine now
since I used VundoFix.exe which gets rid of Vundo viruses and I find it
interesting that highjackthis did not find all of them but I do know
that most anti-virus programs out there do not protect against Vundo
Viruses which the first time I got one was the famous Winfixer 2000
antivirus which I did some research on the net and I found out how to
get rid of it.

Nothing will protect you if you don't know what you're doing. In your case,
start from the scratch (flatten your OS), some education concerning basic
do's and dont's and must-do is recommendable.

http://www.elephantboycomputers.com/page2.html

Download and run HijackThis;
(http://aumha.org/downloads/hijackthis.zip)

Read this Tutorial *before* first use;
(http://www.bleepingcomputer.com/forums/index.php?showtutorial=42)

Once done > run HijackThis > save a scan log and post it to /any/ of the
following (expert) forums for analysis.

*Note, //registration// *is* required prior to posting a log.
- Not listed in any particular order -

(http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29)
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=hijackthis)
(http://aumha.net/viewforum.php?f=30)
(http://forums.spywareinfo.com/index.php?&showforum=18)
(http://www.spywarewarrior.com/viewforum.php?f=5)
(http://www.bleepingcomputer.com/forums/forum22.html)
(http://www.dslreports.com/forum/cleanup)
(http://forum.malwareremoval.com/viewforum.php?f=11)
(http://www.cybertechhelp.com/forums/forumdisplay.php?f=25)
(http://www.atribune.org/forums/index.php?showforum=9)
(http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html)
(http://forums.spywareinfo.com/index.php?showforum=18)
(http://www.techmonkeys.co.uk/forums/viewforum.php?f=8)
(http://forum.networktechs.com/forumdisplay.php?f=130)
(http://forums.maddoktor2.com/index.php?showforum=17)
(http://forums.spywaretimes.com/index.php?showforum=2)
(http://www.bluetack.co.uk/forums/index.php?showforum=172)
(http://forums.techguy.org/f54-s.html)
(http://forums.tomcoyote.org/index.php?showforum=27)
(http://forums.subratam.org/index.php?showforum=7)
(http://www.5starsupport.com/ipboard/index.php?showforum=18)
(http://www.malwarebytes.org/forums/index.php?showforum=7)
(http://www.wilderssecurity.com/forumdisplay.php?f=26)
(http://makephpbb.com/phpbb/viewforum.php?f=2)
(http://forums.techguy.org/54-security/)
(http://forums.security-central.us/forumdisplay.php?f=13)
(http://castlecops.com/forum67.html)
(http://gladiator-antivirus.com/forum/index.php?showforum=170)

Do you know of any usenet groups where you can post highjackthis logs?

 

[Weatherlawyer]

Do you know of any usenet groups where you can post highjackthis logs?

There is nothing to stop you posting anything to any unmoderated
Usenet group. But there is a reciprocal nothing to protect you from
others replying with anything in their posts back.

The above links to moderated forums are probably intended as places to
place your HjT logs. They will have no limit of fellow posters all
eager to help you.

Before doing anything more though get SpywareBlaster, CWShredder,
SmitFraudFix, a decent third party firewall such as Zone Alarm or some-
such, some decent spyware adbusters such as SpyBot and AdAware and a
registry protector such as WinPatrol.

Run the scanners in Safe Mode then update them and try again. Malware
will tend to stop you updating. Then you want an AntiVirus such as
AVG.

I have recommended freeware but there is nothing to stop you donating
to any of them.

Then you can run the HjT and send a log to the forum of your choice.

 

[Tyler W.]

There is nothing to stop you posting anything to any unmoderated
Usenet group. But there is a reciprocal nothing to protect you from
others replying with anything in their posts back.

The above links to moderated forums are probably intended as places to
place your HjT logs. They will have no limit of fellow posters all
eager to help you.

Before doing anything more though get SpywareBlaster, CWShredder,
SmitFraudFix, a decent third party firewall such as Zone Alarm or some-
such, some decent spyware adbusters such as SpyBot and AdAware and a
registry protector such as WinPatrol.

Run the scanners in Safe Mode then update them and try again. Malware
will tend to stop you updating. Then you want an AntiVirus such as
AVG.

I have recommended freeware but there is nothing to stop you donating
to any of them.

Then you can run the HjT and send a log to the forum of your choice.

you really do not need a firewall if you are behind a NAT router because
your router has a firewall which is a lot better than a software
firewall because software firewalls such as windows firewall block
unwanted traffic after it has actually arrived at your computer whereas
the NAT router blocks it before it reaches your computer. if you do not
believe then read this
http://ask-leo.com/so_do_i_need_sp2s_windows_firewall_or_not.html
I do not use virus protection software because it can be vary unreliable
and most anti-virus software out there does not protect you against
Vundo Trojans such as winfixer.
I found this interesting but in wikipedia any body can write what ever
they want to write there but
it says that it exploits a vulnerability in sun java 1.4 and earlier
version which I do not doubt it is false but I have the latest version
of Java and I uninstall all the older versions on my computer and plus I
up date every thing on my computer including the graphics card(s) but I
down graded the graphics driver because the newer versions had some
drivers errors because when I would turn of my computer the dlls did not
unload which when it does that you get the pop up that says ending so
and so program.
well I am not getting wanted icons on my desktop any more well even if
it did not I could stop the unwanted programs from contacting it's
website which I found out was onlineemedia.com through tcpview so I
could put that address in my host file so then it can not contact it
about host file Hosts file - Wikipedia, the free encyclopedia
<http://en.wikipedia.org/wiki/Hosts_file>
Blocking Unwanted Parasites with a Hosts File
<http://mvps.org/winhelp2002/hosts.htm>
how I got it was by installing a program I got from bittorrent I know
this because as soon as I install it windows defender told me I had
unwanted process's on my computer but after I removed them it did not
stop them so then I used Sysinternals utilities, hijackthis, and
vundofix to find and get rid of the unwanted programs and yes I booted
into safe mode to do that.
also I have a question about safe boot if I where not able to get rid of
a unwanted program could you take your files off from your hard drive in
safe boot cause I have done it before but I was just wondering if that
would corrupt my data by doing that?

sorry about my grammar but just because I may have bad grammar and
writing skills does not mean I do not know any thing about computers.

 

[PA Bear]

By a gentleman's agreement, we do not deal with HijackThis logs in public
newsgroups (primarily due to privacy issues).

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.org/

I am not sure if theses processes were essential for the system to
function correctly but I do know I could be right because when I first
install windows I always do a highjackthis log and I select all of them
and I put them in the ignorelist and then I check it periodically and
when new stuff comes up I search for it with sites like
processlibrary.com but it did not come up there and I also google it but
no help there either .
04-HKCU\.. \Run: [Tbsa] "C:\WINDOWS\system32\APPATC~1\dexplore.exe" --ru
-vt yazb
04-HKLM\..\Run: [a0800b2e] rundll32.exe
"C:\WINDOWS\system32\slwftbod.dll",b

I still had problems after I delete those entries but I think that did
help some what because after I got rid of them I got phony pop-ups that
say my system is unsecured and that I have not updated by computer yet
and I know it's not windows updates because it was not microsoft.com it
was another website that looked like it but with a different address so
that would be like phishering. but any ways my computer is fine now
since I used VundoFix.exe which gets rid of Vundo viruses and I find it
interesting that highjackthis did not find all of them but I do know
that most anti-virus programs out there do not protect against Vundo
Viruses which the first time I got one was the famous Winfixer 2000
antivirus which I did some research on the net and I found out how to
get rid of it.

 

[HeyBub]

you really do not need a firewall if you are behind a NAT router
because your router has a firewall which is a lot better than a
software firewall because software firewalls such as windows firewall
block unwanted traffic after it has actually arrived at your computer
whereas the NAT router blocks it before it reaches your computer. if
you do not believe then read this
http://ask-leo.com/so_do_i_need_sp2s_windows_firewall_or_not.html
I do not use virus protection software because it can be vary
unreliable and most anti-virus software out there does not protect
you against Vundo Trojans such as winfixer.
[...]


sorry about my grammar but just because I may have bad grammar and
writing skills does not mean I do not know any thing about computers.

Heh! You sound like exactly the kind of user Microsoft had in mind as they
were developing Vista.