Over 1 million tech questions and answers.

Desk Top taken over by Unknown hijack

Q: Desk Top taken over by Unknown hijack

I have no idea what i got so I am hoping you guys can help me out as I cant afford to lose the data on the drive.

Thanks in advance

Here is a copy of my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:51:23, on 9/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\C2M\Application Data\Adobe\Player.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [] C:\Documents and Settings\C2M\Application Data\Adobe\Player.exe
O4 - HKUS\S-1-5-21-436374069-688789844-1801674531-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'Tee')
O4 - HKUS\S-1-5-21-436374069-688789844-1801674531-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Tee')
O4 - HKUS\S-1-5-21-436374069-688789844-1801674531-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Tee')
O4 - HKUS\S-1-5-21-436374069-688789844-1801674531-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-436374069-688789844-1801674531-500\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'Administrator')
O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221686082717
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4304D7F-CE30-4B87-8524-7EA733577EFF}: NameServer = 4.2.2.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: fccaYoOF - fccaYoOF.dll (file missing)
O21 - SSODL: rwlfsdmk - {EEAC94D5-9EA8-41CD-89AC-7F905EB32AD4} - C:\WINDOWS\rwlfsdmk.dll (file missing)
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10620 bytes

RELEVANCY SCORE 200
Preferred Solution: Desk Top taken over by Unknown hijack

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Desk Top taken over by Unknown hijack

Read other 16 answers
RELEVANCY SCORE 52.8

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, Intel64 Family 6 Model 142 Stepping 11
Processor Count: 8
RAM: 16271 Mb
Graphics Card: Intel(R) UHD Graphics 620, 1024 Mb
Hard Drives: C: 930 GB (863 GB Free);
Motherboard: HP, 84C1
Antivirus: Windows Defender, Enabled and Updated

After a recent all-day session with HP Tech support who took remote control of my computer, I now have a picture on my desktop that appears when I open my laptop computer. The picture is different each time I open my laptop and gives me the option to change the series of pictures if I don't like the type of pictures it is displaying. When I click in the center of the screen, my login window appears, I enter my password and then my regular windows desktop picture displays along with my program icons. On occasion, when I log in, a bing search bar window appears as shown below.

The initial picture that appears when I open my laptop is not a big issue because I just click in the center to bring up the login window but having to close the Bing window is a nuisance. I assume the picture is somehow tied into the Bing pop up. Is there some way to keep this popup from appearing?
 

Read other answers
RELEVANCY SCORE 48

Logfile of HijackThis v1.99.1
Scan saved at 10:56:16 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BH... Read more

A:Spyware has infected my desk top ! Hijack file attached. Please help!

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.



Please download HijackThis to your desktop..

http://www.trendsecure.com/portal/en...HJTInstall.exe
Alternate link
http://download.bleepingcomputer.com...HJTInstall.exe

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

=============================

Please download SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup proces... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

My printer  has a network of its own.  I would like to know how to connect it to my home Wi-Fi

Read other answers
RELEVANCY SCORE 43.2

Hello,

Today I noticed that IE and Firefox are both having issues with search engines providing the correct search results, but redirecting me to random sites when I click on the weblinks provided by the search engine. I have not expereinced any additional problems thus far aside from the redirection. I was unaware of what caused the problem so I installed and ran Ad-Aware. This program found several issues and I elected to remove those through Ad-Aware. I restarted the computer as directed by Ad-Aware and found the same redirection was still occuring. I began researching the problem in depth and found this site. I have since installed Hijack This and DDS to generate the file log, but have not perfomred any other actions. Can you please help me understand what appears harmful in the file logs and take appropriate actions? Please let me know if I can provide additional information to help. Thank you for your assistance.

James

A:Browser Hijack- hijack name unknown

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 13 answers
RELEVANCY SCORE 41.2

Logfile of HijackThis v1.99.1Scan saved at 9:15:51 PM, on 4/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\mssearchnet.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\Program Files\Dell\Support\Alert\bin\DAMon.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeC:\WINDOWS\System32\hphmon04.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\WINDOWS\SM1BG.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\System32\svchost.exeC:\Program F... Read more

A:Kpl Hijack Log - Unknown

Hi tuck417,
I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 4 answers
RELEVANCY SCORE 41.2

Logfile of HijackThis v1.99.1Scan saved at 18:55:54, on 19/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Al... Read more

A:Hijack This Log - Unknown Pop Ups

Hello,Go to start > controlpanel > software > add/remove programs and uninstall Zone MediaReboot afterwards.After reboot,* Open notepad and copy and paste next in it:if exist %systemdrive%\look.txt del %systemdrive%\look.txtcd\cd %appdata%dir /x >> %systemdrive%\look.txtcd %allusersprofile%\Application Datadir /x >> %systemdrive%\look.txtdir %Windir%\tasks /a:h >> %systemdrive%\look.txtstart notepad %systemdrive%\look.txtSave this as look.bat , choose to save it as *all files and place it on your desktop.This is how the batch must look afterwards: In case you still are unsure how to create a bat file, take a look here with screenshots.Doubleclick look.bat and post the content of the txtfile you get in your next reply together with a new Hijackthislog.Another thing ive noticed...it may not be related but when i open task manager it says i have 60+ processes running, from what ive seen this isnt normal. I do quite a fair bit of downloading, music, movie clips, game files etcThis is normal - the more programs you have open in the background, the more processes will be present in your taskmanager. And as I see from your HijackThislog, you do have a lot of programs running in the background.

Read other 18 answers
RELEVANCY SCORE 40.8

Hello, I am brand new to this forum so please forgive me if I seem unexperienced, I have been having a nightmare of a time lately with my PC and I have tried numerous things to fix it but I keep coming up short. Here's my issue....I was surfing the internet a few days ago when my Avira antivirus popped up a bunch of times at once to tell me I had contracted some viruses (trojans I believe to be exact). I closed everything down and tried to do a scan with Avira. It wasn't really letting me do anything so I rebooted into Safe Mode. Once in Safe Mode I was able to complete a scan with Avira. It found 4 trojans and successfully got rid of them (1 was downloader.gen, I forget what the other couple were). Anyway, I think I'm fixed at this point so I reboot into Windows and low and behold, my PC starts rebooting on its own every 5-10 minutes and half of my files say "corrupt or data missing" when you click on them. But I was able to get on the internet so I get on and do some research and some scans with Hijack This and Ad-Aware. It turns out I have the Koobface Trojan - so I follow all the procedures through Ad-Aware, Hijack This and manually removing it from msconfig to get rid of it. Fast-Forward... It looks like Koobface is gone and I'm finally fixed. Now all of a sudden, my internet is not working properly. For example, when I google something and I go to click on one of the links it takes me to some random search page or something. Also, as I'm clicking through pages... Read more

A:Unknown Infection - Hijack Log

Hello snakeandcraneWelcome to Welcome to BleepingComputer =====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be ... Read more

Read other 1 answers
RELEVANCY SCORE 40.8

Hi. I think I'm infected with a browser hijack, and have a number of different scans to try to remove it. Since that has not worked, Hopefully you guys can help. Here are the main issues:1) I have 3 web browsers installed: Firefox (3.0.4), K-Meleon (1.5.1) and Internet Explorer 82) Only on Firefox: clicking on links from Google and other search engines redirect me to junk search engines and other useless sites.3) All 3 browsers: Cannot connect to websites of several legitimate anti-spyware companies such as Lavasoft, TrendMicro, AVG, and Kapersky (which is why I didn't include a scan log). I also cannot connect to tech support forums such as this one (I'm posting this from another PC).Thanks for any help you give.log.txtLogfile of random's system information tool 1.04 (written by random/random)Run by Dan at 2008-11-27 18:51:09Microsoft Windows XP Home Edition Service Pack 2System drive C: has 78 GB (40%) free of 194 GBTotal RAM: 2046 MB (66% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:51:14 PM, on 11/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.ex... Read more

A:Unknown browser hijack

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 3 answers
RELEVANCY SCORE 40.8

My friends computer has got some pretty frequent popups and other malware; I tend to think its got a trojan. Ad Aware catches a bunch of stuff, but its not taking care of the root of the problem. Any help would really be appreciated!Logfile of HijackThis v1.99.1Scan saved at 10:46:46 PM, on 7/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\bgsvcgen.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files&... Read more

A:Hijack This Log- Unknown Trojan

Welcome to the BleepingComputer HijackThis Logs and Analysis forum austineric Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.=================Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log.

Read other 3 answers
RELEVANCY SCORE 40.8

I had a problem where I couldn't access paypal, ebay, or amazon. it was a corrupted hosts and hosts.msn with those sites and others set to redirect to 127.0.0.1 I'm not sure if what caused it was gone and I'd like the peace of mind to know that the machine doesn't have anything else on it. there's some pretty shady looking stuff in the logs but I'm not gonna go deleting things willy nilly because quite honestly I have no clue what these things are. I know that myway is something that I could probably get away with deleting as it is known spyware but I'd still rather be on the safe side.below are the hijack this log and the DSS log. enjoy and thanks. I can add the attachment if requested. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:57:33 AM, on 1/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Java&... Read more

A:Hijack this log...infection unknown

anybody?

Read other 4 answers
RELEVANCY SCORE 40.8

Hello. I'm at my wit's end here and am hopeful that I can find some help here. I'm having trouble with my laptop computer. It takes about 10 minutes for the computer to go through the boot-up process. My main issue is with playing music (which is the sole reason I bought this machine). I start music playing and it drags and is very slow. Even scrolling down causes it to drag even more. I've tried everything. I followed all the instructions and ran all the scans indicated in the "preparation" post above and here is my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 5:29:31 PM, on 3/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Comm... Read more

A:Hijack This Log, Unknown Infection

Hi somemorebob,Welcome to Bleeping Computer. Sorry for the delay, this forum is swamped right now.I have examined your log and I don't see any signs of malware. It is clean.A problem like yours can be caused by malware, but there are other possibilities. I suggest you do a quick check of CPU Usage and System Resources.Press <Ctrl>-<Alt>-<Del> to open Task Manager, then click on the Processes tab. Place a check next to Show processes from all users. Scroll down and see if any of the processes is running at a high percentage of CPU usage. On a normal system at idle (no programs open except Task Manager) the System Idle Process should show about 98 percent, meaning nothing else is using the CPU. The next columns to the right, memory usage and peak memory usage, may also show something out of line if one process is using a large amount of memory. If you see anything showing high CPU usage or high Memory usage, make a note of it.Now, click the Performance tab. The key numbers here are in the Commit Charge box -- The Total and Peak figures; and in the Physical Memory box, the Total figure. Make a note of these three numbers. I would like to see them, but I can tell you what I'm looking for: basically, any time the Commit Charge exceeds the total physical memory, Windows is going to have to constantly swap data back and forth between the hard drive and the RAM chips. This is known as thrashing . So, the rule of thumb is, if your Peak Commit Charge is... Read more

Read other 2 answers
RELEVANCY SCORE 40.8

some weird stuff happened while i was at work.
came back home and found PC in mess. tried to reboot it to safe mode, but I couldn't do that. every time I tried secure mode boot, I got to listing modules, and then crash at mup.sys.
then i got back into normal boot and tried to see what was going on.
hijackthis was closed right after scan started, same with sysinternals procesXP.
now I have managed to perform a scan and I can start up procesXP as well.
hosts file was loaded with all sorts of things, it had over 4 MB in size
anyway, below is hijack log.
and I could use some help.
I see some weird stuff here, like ShowDeskFix, kynhhw.exe and nuos.exe. I'm pretty sure I never before had any of them.

thank you in advance.
 

Read other answers
RELEVANCY SCORE 40.8

When using any browser on my machine and I miss type a url I am taken to a url that looks like www.misstypedurl for example if I typed asasasasas in the url i will get taken to www.asasasasas.

here is my log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by gary at 9:56:01.50 on 07/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1045 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Emerge Desktop\emergeCore.exe
C:\Program Files\Emerge Desktop\emergeVWM.exe
C:\Program Files\Emerge Desktop\emergeDesktop.exe
C:\Program Files\Emerge Desktop\emergeTasks.exe
C:\Program Files\Emerge Desktop\emergeTray.exe
C:\Program Files\Emerge Desktop\emergeLauncher.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\PROGRA~1\AVG\AVG8... Read more

A:unknown browser hijack

ok reset the tcp/ip stack and that fixed the problem thanks though

Read other 2 answers
RELEVANCY SCORE 40.8

i just got his this morning....my home page changed to "about:blank". I ran hijack this, and mcaffee and did everything i can think of....deleted all the R1's and the only bho that came up on the list..."no name". i cleared the cookies, and temp internet files. i have not gotten the problem resolved. in fact if has fought me just to get to this tech site...

Can you help me?

A:unknown browser hijack

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it in the forum. Do not fix anything in HijackThis since they may be harmless.

Read other 1 answers
RELEVANCY SCORE 40.8

Last week my PC was infected with ave.exe, at the time I was running CA Internet Secuity Suite Plus 2009. I have also scanned with Ad-Aware, Malwarebyte, SuperAntiSpyware and Remove FakeAntivirus to remove this and several other viruses/malware. I now have CA ISSP 2010 installed and I believe ave.exe is removed, but my browser is hijacked. Clicking on links will spawn add sites.I have checked the registry for IE launch to see if IE was spawned by another program and the entry is below and appears clean:[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]@="C:\\Program Files\\Internet Explorer\\iexplore.exe"I am running a clone with Dual Core 2.66, 2GB RAM, WinXP Home SP3IE 8.0.6I have removed IE toolbars (Yahoo) and addins (Active X, Shockwave & Flash) but did not solve the problem.I ran DDS.scr and attached the logsI tried to run GMER 3 times and it locked my PC up when I tried to save the log, it takes my PC about 5 hrs to run the scan. From the comment below it looks like malware taking CPU time. So I have attached a partial log, hope it helps.I have also attached HiJackThis logWhile preparing the logs today on the infected PC and attempting to upload them the CPU maxed out and I rebooted. The resulting quickscan cleaned the following infectionsWin32/Pecoan.AIWin32/Yabector.AI am now uploading the files from a different PC.It has been a few years since I ... Read more

A:Unknown Browser Hijack

Hello WadeHarman Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Looks like you have one of the newer versions of the TDL3 rootkit. We should be able to clean it up with some work.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applicatio... Read more

Read other 14 answers
RELEVANCY SCORE 40.8

Hello everyone, I seem to have a tool bar manifest itself. I would greatly appreciate if someone could please check my log out. I am suspicious of
"pokapoka". Thank you all.

Logfile of HijackThis v1.99.1
Scan saved at 8:47:52 AM, on 9/22/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\csrss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\WINNT\System32\svchost.exe
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\system32\stisvc.exe
F:\WINNT\System32\WBEM\WinMgmt.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\Explorer.EXE
F:\WINNT\SOUNDMAN.EXE
F:\PROGRA~1\NORTON~1\navapw32.exe
F:\Program Files\ahead\InCD\InCD.exe
F:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
F:\Program Files\CASIO\Photo Loader\Plauto.exe
F:\Program Files\MSN\MSNIA\msniasvc.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\WINNT\etb\pokapoka70.exe
F:\Program Files\MSN\MSNCoreFiles\msn.exe
F:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe
F:\WINNT\system32\sys32.pif
F:\Program Files\Internet Explorer\iexplore.exe
F:\Downloads\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,L... Read more

A:Hijack Log - Unknown Tool Bar

B.T.W. , I have run the following,AdAware,SpyBot, CW Shredder, Norton & RAV. Rav found four infections but did not repair, those found seemed to be on my C: drive , which is my "slave drive". Thank You.
 

Read other 2 answers
RELEVANCY SCORE 40.8

After downloading a torrent file about five day ago, I observed some unusual behavior in m laptop. Soon there were popups, freezes, and I kept getting notifications that my Windows Automatic Update Service doesn't work. Also, my BitDefender Antivirus service has stopped functioning. Any help would be much appreciated. I really don't want to spend a hundred dollars at the PC repair shop. Thanks, thanks, thanks!Deckard's System Scanner v20071014.68Run by Cory Deskins on 2008-06-14 12:57:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --115: 2008-06-14 16:57:41 UTC - RP728 - Deckard's System Scanner Restore Point114: 2008-06-14 00:55:28 UTC - RP727 - Removed Pure Networks Platform113: 2008-06-14 00:54:40 UTC - RP726 - Removed Network Magic112: 2008-06-12 02:41:54 UTC - RP725 - Installed Network Magic111: 2008-06-12 02:41:16 UTC - RP724 - Installed Pure Networks Platform-- First Restore Point -- 1: 2008-07-08 02:19:55 UTC - RP614 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Cory Deskins.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:58:33 PM, on 6/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.60... Read more

A:Unknown Infection. Need Help! Hijack This

Hello cad40324 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addition... Read more

Read other 3 answers
RELEVANCY SCORE 40.8

Hello All!

I have an unknown process running in the background of my PC and it keeps trying to reach the Internet.

The file is in C:/WINDOWS/Prefetch and
is called XMTY0.EXE-0E82BC67.pf

When my firewall catches it, it says it is located in
C:\WINDOWS\system32

C:\WINDOWS\system32\xmty0.exe is what it catches

It also will leave several instances of itself running. I can see them in my Task Manager.

Anyone know anything about this?

Here is my Hijack this log. Can you see something I am missing?

Thanks a lot!
Logfile of HijackThis v1.98.2
Scan saved at 6:29:42 PM, on 3/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MCAFEE~3\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MCAFEE~3\CPD.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\mcafee\SPAMKI~1\spam... Read more

A:Unknown Hijack attempt

Read other 8 answers
RELEVANCY SCORE 40.8

Hey guys,
I'm am all out of ideas, I've been fighting what seems to be a lost cause for the last couple of weeks. 3 computers I manage are now infected but could be more. Whatever it is that has infected these pc's has crippled Norton Antivirus, is invisible to AdAware, invisible to McAffee Antivirus, and has disabled any possible way to install Windows updates. When I go to Windows update website, a blank white screen appears. When updates are attempted to be installed using Windows update manager (little glode in the corner) all security updates come back "failed". When trying to run Norton Antivirus scan it comes back with error, when attempting to run online virus scans such as Trendmicro's Housecall, comes back with Active X control problems, even after I drop security to low as it can go. I've ran multiple boot cds that I have installed virus scans on with current definitions and found nothing. I have been able to install McAffee virus scan and updates but it finds nothing as well. No unusual ports open when giving the netstat -an. I've tried safe mode and multiple tests to no availe. I would have chalked this up as just a pc with problems, but it has spread to 3 computers total with all the same symptoms. I am very desperate, any help that anyone can give would be greatly appreciated and I will return the favor as much as I can.

Thanks in advance.

ci
 

A:Unknown virus/hijack. Please help.

Read other 9 answers
RELEVANCY SCORE 40.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:40:43 AM, on 10/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\LXSUPMON.EXEC:\Program Files\Dell\Support\Alert\bin\DAMon.exeC:\Program Files\QuickTime\qttask.exeC:\Program... Read more

A:Unknown, Help Needed Hijack Log Here

Hello foomangoo,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 40.8

Trying to fix a friend's computer. I am unable to install HJT (or any other potentially useful program), nor can I access any online AV scanners, MS Update and all clicked links hijack.I had to disable all start-up programs in MSConfig to even get this far but I was able to run DDS, below are the results. Any help/guidance would be greatly appreciated.DDS (Ver_09-03-16.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 2/1/2006 6:20:52 PMSystem Uptime: 4/6/2009 9:57:38 PM (1 hours ago)Motherboard: Dell Inc. | | 0WF351Processor: Intel® Pentium® M processor 1.70GHz | Microprocessor | 1695/133mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 33 GiB total, 4.963 GiB free.D: is CDROM ()E: is Removable==== Disabled Device Manager Items ================= System Restore Points ===================RP44: 12/2/2008 9:11:09 PM - System CheckpointRP45: 12/2/2008 9:11:09 PM - System CheckpointRP46: 12/2/2008 9:11:09 PM - System CheckpointRP47: 12/2/2008 9:11:10 PM - System CheckpointRP48: 12/2/2008 9:11:11 PM - Software Distribution Service 3.0RP49: 12/2/2008 9:11:11 PM - System CheckpointRP50: 12/2/2008 9:11:11 PM - System CheckpointRP51: 12/2/2008 9:11:12 PM - System CheckpointRP52: 12/2/2008 9:11:12 PM - System CheckpointRP53: 12/2/2008 9:11:12 PM - Software Distribution Service 3.0RP54: 12/2/2008 9:11:12 PM - System CheckpointRP55: 12/2/2008 9:11:12 PM - Software Distribution Service 3.0RP56: 12/2/2008 9:1... Read more

A:Unknown Hijack/infection

I renamed HJT and was able to get it to execute, below are those logs as well:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:32:23 PM, on 4/7/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\Microsoft Windows OneCare Live\winssnotify... Read more

Read other 3 answers
RELEVANCY SCORE 40.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:29:33 PM, on 4/19/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\DriveIcon\DriveIcon.exeC:\PROGRA~1\... Read more

A:Hijack this log, please help. Unknown infection.

Hello! My name is Sam and I will be helping you. Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Read other 12 answers
RELEVANCY SCORE 40.8

I have a rather nasty infection on one of Windows XP SP3 machines. My problem started out as an internet search link hijack, being taken to random sites when clicking links provided by search providers such as Google, Yahoo etc. I was using IE 7 and while I was trying to fix the problem I upgraded to IE 8. IE 8 now crashes about 75% of the time when clicking in the search bar. Google is default search provider, but I cannot remove it as default.

I tried installing MalwareBytes (and other spyware removal software) but the program is blocked from running. I had to rename the setup program to get it to run but no such luck renaming the executable. I was not able to use System Restore as that was blocked as well (pressing Next to start the restore does nothing). Doing this stuff in Safe Mode does not help. I ran AntiVir and AVG scans (as anti-virus software is all I can get to run). I removed some things (UACd.sys, TR/Crypt.ZPACK.gen) but problem still remains.

I was about to just wipe the C: partition and reinstall XP etc., but thought I would post here. Attached are the DDS logs. I'd appreciate any help you can give.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Lewis Karl at 21:42:09.40 on Sun 06/14/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2455 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *disabled* {990F9400... Read more

A:Unknown search hijack

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 9 answers
RELEVANCY SCORE 40.8

1. In responding to searches in google, Browser is re-directed to various other sites. Web pages clicked in goolgle may not load.
2. Spybot does not execute.
3. System restore does not work.
4. Followed instructions in myantispyware.com to remove dns changer, but do not see the following trojans in driverlist under non- plug and play like instructions would indicate I would see: TDSS, seneka, gaopdxserv, or msqpdxserv.
5. Downloaded malawarebytes anti-malware to desktop, but it will not execute.
6. Ran free version of Preevx 3.0 and 7 infections identified. Typical file name is uacngrqlyttmlgnkivl.dll in C:windows\system32\
DDS (Ver_09-05-14.01) - NTFSx86
Run by Don's at 16:36:31.10 on Fri 05/15/2009
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = hxxp://www.qfind.net/
mStart Page = msnbc.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McBrwHelper Class: {227b8aa8-daf2-4892-bd1d-73f568bcb24e} - c:\progra~1\mcafee.com\mps\mcbrhlpr.dll
BHO: McAfee Privacy Service Popup B... Read more

A:Unknown Browser Hijack Bug

Hello dond1, If you still need help then Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt

Read other 1 answers
RELEVANCY SCORE 40.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:47:07 PM, on 2/16/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\cchservice.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Windows Media Player\WMPNetwk.exeC:\WINDOW... Read more

A:Infection: Unknown [HiJack This Log]

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 40.8

Hi,

I'm having a problem with unknown up/downloads, where I have no known processes but my connection is still active. Like the post here:

http://forums.techguy.org/malware-removal-hijackthis-logs/502419-unknown-uploads.html
I've run my AV software and it came up empty.
Here is my hijack this log, please give me an idea what I can do to kill this nastiness...

Thanks
Dranak Six-OO-Six

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:02, on 18/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe... Read more

Read other answers
RELEVANCY SCORE 40.8

I've run scans from:Antivir - CleanMalwarebytes - CleanSuperAntispyware - CleanHowever, here's my Hijack This log. I've highlighted in BOLD items that I don't recognize.What are these and are they harmful? Thanks for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:16:45 PM, on 1/28/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Windows\sttray.exeC:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exeC:\Program Files\NoteBurner\VTBurnerGUI.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU�... Read more

A:Unknown Enteries in Hijack This

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 10 answers
RELEVANCY SCORE 40.8

I'm running XP. Last thursday, my PC began experiencing a myriad of problems:

- Website hijacking
- memory and HDD slowdown

When I attempted to run SuperAntiSpyware, it would not run. I was able to start it up with the alternate start, but it only found a handful of tracking cookies.
I then attempted to run MalwareBytes AntiMalware and it would not load. I've attempted several re-installs, but it will not load.

Over the weekend 2 days ago, it began showing DNS errors and now I am unable to log on to my network unless I am in safemode. I attempted to run a MS restore, for dates up to a month ago, but like the MBAM, it will not load/run/restart the computer.

I have a HJT log that I ran earlier today, and am out of options now. I was able to remove a Vundo and a variant of it a couple of months ago, but I am clueless with this one.

A:Unknown virus/hijack

You may have to download this program to another computer and transfer it to your computer via flash drive. Install RootRepealClick here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop. Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.Click RootRepeal.exe to open the scanner. Click the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check the following items: DriversFilesProcessesSSDTStealth ObjectsHidden ServicesClick OKScan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report. Name the log RootRepeal.txt and save it to your Documents folder - (Default folder). Paste the log into your next reply.

Read other 21 answers
RELEVANCY SCORE 40.8

Hi. My browser was being hijacked (urls being redirected) and pop up ads for various companies (legit ones) were popping up constantly. I ran a full scan with the following: Ad-Aware, Spybot S&D, Anti-Malware, and NOD32 and none of them were able to pick anything up. Frustrated, I downloaded and ran ComboFix already so if you need me to post the log from that, I can. I have noticed that the pop ups and hijacking have stopped but I am not sure if it removed everything. If someone can please help me figure out whether my system is now completely clean, that'd be great.

The DDS and RootRepeal logs pasted below are from AFTER I ran ComboFix so please let me know if there's any further actions I need to take. I have not made any further changes as a result of the DDS/RR logs.

Thank you.

---------------------------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Toast at 18:08:34.46 on 2009/12/20
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.932.81.1033.18.2014.1390 [GMT -5:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sygate Personal Firewall Pro *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Windows\System32 ... Read more

A:Browser hijack and pop ups, cause unknown

Hi, I'm just wondering if anyone has taken a look yet? It would be much appreciated. Thank you!===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump"... Read more

Read other 3 answers
RELEVANCY SCORE 40.8

I am attempting to fix my girlfriend's terrible POS netbook. Some kinda crappy low end Toshiba.Anyway, the problem are as follow:Ads appearing in browser as popup (Browser hijack). Slow boot, slow performance. IRQL BSOD and Paged File in Non Paged Area BSOD.I first attempted to use adaware and malware bytes followed by a system restore followed by purchasing and using Spy Sweeper w/antivirus from Webroot, which I use on my PC. I've also run chkdsk /f somewhere in there. Result is performance has improved but I am still seeing popups, webroot is still catching the computer attempting to access IPs, and I still saw a BSOD (but the text was garbled so I am not sure what it was).It may be that the ram is bad and this thing has had the hijacker for ages and the ram going bad is what made her bring it to me, but I have my doubts and suspect its still got something causing the two BSODs through putting too much strain on the already too low ram.Here's the Hijack This Log... You guys are my last hope before I turn to the age old reformat option.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:54:41 AM, on 4/25/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16722)Boot mode: NormalRunning processes:C:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exeC:\windows\Explorer.exeC:\windows\system32�... Read more

A:Unknown broser Hijack and More

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 24 answers
RELEVANCY SCORE 40.8

I can't think of anything else to run - I have run Malwarebytes, SuperAntispyware, Spybot Search and Destroy, Adaware and others. If someone would be so generous as to help my out, I would really appreciate it!

Thanks for your time!

Michaela

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:28:25 PM, on 2/25/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\msteiner.BPS\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\msteiner.BPS\Downloads\HijackThis.exe
C:\Users\msteiner.BPS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\msteiner.BPS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=... Read more

A:Unknown Infection: Have Hijack This log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 19 answers
RELEVANCY SCORE 40.8

Hi,I have some pretty bad virus activity on my computer. There are about a dozen instances of internet explorer open shown in the task manager even though none are visible on the screen. Also there are re-directs when clicking on links in Google. I have run adaware and Norton antivirus and it did not help.I am posting my Hijackthis log. If anyone can help me I would greatly appreciate it.Thanks,DinoLogfile of Trend Micro HijackThis v2.0.4Scan saved at 11:16:15 AM, on 8/16/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18943)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exeC:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\TpShocks.exeC:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXEC:\Windows\System32\rundll32.exeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Lenovo\AwayTask\AwaySch.EXEC:\Program Files\Lenovo\Client Security Solution\cssauth.exeC:\Program Files\Think... Read more

A:Hijack this log - Unknown Infections

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 40.8

ok well the jist of it is that when i open mozilla firefox the homepage "http://www.google.co.uk/firefox?client=firefox-a&rls=org.mozilla:en-GB:official" does not work due to a redirect loop that i cant sort out. Then when i go onto google (or any search engine) and search something and click on a result it opens in a new tab, sometimes with the correct page, othertimes redirecting me to somewhere else via this site "www.123bounce.com" the same happens in internet explorer except opens in new windows not tabs. i ran hijack this on safemode and let it work, helped for a while but still opened things in new tabs but didnt redirect me and still had this loop on my homepage and now is starting to redirect my google searches again. here is a copy of a hijack this log i have just done, any help would be much appreciated as i can't find anything about this on the internet. Also when i go on windows updater it goes to "http://windowsupdate.microsoft.com/" but just shows a google page. Have just noticed that there is no "do you mean....?" when i mispell something in a google searchLogfile of Trend Micro HijackThis v2.0.2Scan saved at 09:45:35, on 07/06/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16830)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Inte... Read more

A:Unknown Browser Hijack

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 40.8

Hello everyone. My name is Destry, I am a new member but have utilized the info on the forums here for several years, now I have a problem that I am having trouble solving.I am working on a friends laptop,OS: Windows XP Home SP 3Machine: Dell Inspiron E1505Antivirus: Avast Home Free and Microsoft Security EssentialsHe told me the machine was running slow.When I tried to open IE a duplicate shortcut was created on the desktop.Chrome wouldn't open, and Firefox would Google search but any links off the initial search results were redirected to improper pages. First the sites would contain the original search criteria but offer to search with a website with the word "Snow" in it.I went to Add/remove programs and got rid of all toolbars and BHO updaters and helpers that I could find such as; "I want this", "Freeze.com", "Hotbar", and several others that I can't remember.Install Shield update manager shows up in the system tray but seems to be disabled.Avast never alarmed on anything but MSE caught a program that had set itself up in Java, it gave the option to remove the item, and would say "Action successful" then would detect it again in 30 to 60 seconds,I used avast "Boot time scan" found for objects and removed them but none of them were set up in Java runntime environment.I then uninstallled all Java related products and ran a full system scan with both Avast and MSE. "no infected files"I uninstalle... Read more

A:Unknown hijack of all browsers

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 40.8

Yesterday morning I went to only two websites for research on a play I am producing:www.bobdicksaon.com/splurge/splurge-paul.htm and www.bobdicksason.com/images/paul-tmp.jpg. At this site Kapersky warned me that IE was being changed. Not understanding the implications, I said OK. Then I shut down my computer. When I rebooted later that evening, IE would not open any webpages in the IE browser. My homepage address appears in the address bar in IE however all I can get is this message: Internet Explorer cannot display web page. I have XP Media Edition and am using IE 7. There is an internet connection and I am able to send and receive email via MS Outlook. Kapersky is the anti-virus software that I use. I ran Super Anti Spyware which found cookies and an old program deleted years ago. I also ran Ad aware and Spybot to no avail. I made sure that the Microsoft firewall is up. You guys had just helped my husband figure out the problem with his computer so he suggested I try this forum. He said that you guys really rock. I would appreciate any and all assistance to help with this serious problem. Below is the DSS main file followed by the extra.txt file.Many many thanks in advance for helping me to figure out this pesky problem. Best regards,JulieDeckard's System Scanner v20071014.68Run by Julie Condy Johns on 2008-06-12 07:26:37Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore ---------------... Read more

A:Unknown Hijack Of Ie 7 Browser

Problem solved! Sort of. I turned off the Kaspersky firewall and the Window firewall took charge. And IE7 works fine, now. So whatever got changed, downloaded or what, it affected Kaspersky firewall. I'm not too impressed with Kaspersky so I'm fine with the Windows firewall.

I wonder why no one wanted to help me?

Read other 3 answers
RELEVANCY SCORE 40.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:55:52 PM, on 1/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\NetMeeting\smss.exeC:\Program Files\NetMeeting\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\ALCXMNTR.EXEC:\WINDOWS\system32\ig... Read more

A:HIJACK THIS LOG - INFECTION UNKNOWN

Hi viciousvenus and welcome to Bleeping Computer.I apologize for the delay in response to your thread. We get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please perform the following:Download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFi... Read more

Read other 1 answers
RELEVANCY SCORE 40.8

Trying to fix college daughter's computer. Both IE and Firefox being hijacked. Was able to run spybot, superantispyware and did some cleaning. See DDS log below and attached.DDS (Ver_09-01-07.01) - NTFSx86 Run by Laura Simpson at 14:27:52.48 on Sun 01/11/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.392 [GMT -6:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VirusScan\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\... Read more

A:Unknown hijack and other mal/spyware

Howdy, my name is Hoov, and I will be helping you with your dilemma. Sorry it took so long to get you help.Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread. Here is what I am asking you to do during the repair of your computer*Tell me everything that you have done, if anything, to try and fix this problem.*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it. *Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try. *Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.Now onto trying to fix your computer. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow th... Read more

Read other 3 answers
RELEVANCY SCORE 40.4

When using any browser on my machine and I miss type a url I am taken to a url that looks like www.misstypedurl for example if I typed asasasasas in the url i will get taken to www.asasasasas.Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:55:43 PM, on 2/5/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WNDWS\System32\smss.exeC:\WNDWS\system32\winlogon.exeC:\WNDWS\system32\services.exeC:\WNDWS\system32\lsass.exeC:\WNDWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WNDWS\System32\svchost.exeC:\WNDWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WNDWS\System32\svchost.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\P... Read more

A:Unknown Browser Hijack In Play

Welcome to the BleepingComputer HijackThis Logs and Analysis forum BloodCoderMy name is Richie and i'll be helping you to fix your problems.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 1 answers
RELEVANCY SCORE 40.4

This is a unknown startup entry that I just noticed today. Show's up in Ccleaner so it's not like it's hidden or something.O4 - HKLM\..\Run: [Jcodokupuge] rundll32.exe "C:\Users\HOME\AppData\Local\urecuhuhoneniqe.dll",StartupA simple google search did not find anything, and Microsoft Security Essentials did not turn up anything.Has a very odd name.Also, says Date Modified is 11/10/2010Could it have anything to do with this???http://www.bleepingcomputer.com/forums/topic390593.htmlAlso: Here is a virustotal scanhttps://www.virustotal.com/file-scan/report.html?id=c581f9e144fddc4ed1783016866c144496bafd6df0fafb2ce97f2523f0c7464d-1302876707P.S As a side-note, it cannot be disabled with Ccleaner, it just un-disables itself.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:56:10 AM, on 4/15/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\PeerBlock\peerblock.exeC:\Program Files\CCleaner\ccleaner.exeC:\Users\HOME\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.comR0 - H... Read more

A:Hijack This Log - unknown startup entry

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 2 answers
RELEVANCY SCORE 40.4

* Trend Micro HijackThis v2.0.2 *
See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Intern... Read more

A:Unknown Virus-hijack Results..help!

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
I apologise for the delay you have experienced, but as you may have noticed our HijackThis Team is very busy at the moment.
If you still require assistance, please reply with a new HijackThis log, then we'll get started.
Thanks,
Charles

Read other 2 answers
RELEVANCY SCORE 40.4

I'm trying to help a friend with a nasty infection and I've exhausted everything in my bag of tricks.I've tried several spyware removal programs (e.g. spybot and adaware), the computer has a full version of McAfee with all the bells and whistles and its turned up nothing. I've also tried to scan in safe mode. Still not clearing it.I installed LogMeIn myself on purpose so I can fix this remotely, that's not an attack or point of infection.At one point, I would have multiple copies of iexplore.exe showing in the taskmgr, but only one window and one tab actively open. If I tried to kill off the second instance of iexplore.exe it would re-launch... sometimes i'd end up with dozens of copies of iexplore.exe running. I also had rundll.exe running several times... looks like they might have been related.The hijack also applies to firefox (though firefox doesn't show multiple instances running, it does appear to spawn iexplore.exe)I went through and renamed all copies of the iexplore.exe file on the computer to .exq. That seems to have helped (the hijack still happens, but not the duplication). I ended up renaming the one in c:\program files\internet explorer to .exe again to run explorer: still hijacked, but i'm not getting multiple instances at the moment).I'm not sure if any of the above info helps. This is a bad attack and I'm hovering on the edge of my abilities (and sanity!) here. Can anyone give me any assistance?DDS (Ver... Read more

A:Unknown browser hijack infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 40.4

Hello and thanks in advance for the help. I avast, spybot and adaware + spywareblaster regularly. I just added and ran bitdefender and winpatrol. So far there are no obvious problems. My computer however is running slower and the relativlely new optical mouse freezes up momentarily. I just relpace my old mouse for the same reason (the new one worked great for about a month) now it's having the same problem and getting progressively worse. Anway here's my logfile:Logfile of HijackThis v1.99.1Scan saved at 8:56:31 PM, on 3/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exeC:\WINDOWS\system32\CTHELPER.EXEC:... Read more

A:Hijack Logfile - Unknown Malware?

Hello and welcome to the forum. Your HJT log is clean, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:http://boards.cexx.org/viewtopic.php?t=957http://russelltexas.com/malware/allclear.htm http://forum.malwareremoval.com/viewtopic.php?t=14http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/http://cybercoyote.org/security/not-admin.shtml There are a variety of reason why a mouse can fail, you did not mention the specifics of the product, so all I know is it a Logitech. If it is cordless, this information may help:http://support.microsoft.com/default.aspx?...3Ben-us%3B73344http://www.logitech.com/index.cfm?countryid=1&languageid=1http://logitech-en-amr.custhelp.com/cgi-bi...y.php?c=AU&l=ENhttp://www.informit.com/articles/article.a...1&seqNum=7&rl=1http://www.techtutorials.net/tutorials/har..._problems.shtmlHope this helpsThanks...pskelleyBleepingComputer

Read other 1 answers
RELEVANCY SCORE 40.4

Definite Google search hijack in Opera -- first 20-30 results are all spam/redirects. However, Google search in IE is unaffected! I'm running Opera 9.63 and IE5 under Win2k. I also ran Malwarebytes and it didn't find anything after doing a thorough scan. Thanks for reading my post. Here are my DDS results:
DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 22:41:08.24 on Wed 2009-01-28
Internet Explorer: 5.00.3315.1000

============== Pseudo HJT Report ===============

mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [IMONTRAY] c:\program files\intel\intel® active monitor\imontray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [tsnp2std] c:\winnt\tsnp2std.exe
mRun: [snp2std] c:\winnt\vsnp2std.exe
mRun: [Share-to-Web Namespace Daemon] c:\program fil... Read more

A:Unknown Google search hijack

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 40.4

Thanks in advance for the help. A friend of mine brought me his laptop because it has a virus. I have tried SpyBot, Malwarebytes and AVG. All came back with results, reported them clean and the problem still exists. Please help me...you're my only hope. I am unable to go to links from search engines as it takes me to other pages and then pops up a window saying that the computer is infected. I also can't connect to windows update (I get a message saying the network can't connect to that site).Browser hijack, not sure which virus I have, Malwarebytes, Spybot and AVG all report different viruses and they all report that they have "fixed" the problem but I still have it. I am unable to connect to windows update, clicking on links from search engines leads me to random sites and I get the popup that YOUR COMPUTER IS INFECTED! This is happening in my buddy's laptop, he had ZoneAlarm antivirus running so I installed AVG and it found stuff that ZA didn't, but the problem remains. In fact, I tried posting this on his computer but when I hit POST it gave me the same error when I try to connect to Microsoft Update (no connection to the internet, but there is in fact a connection). Here is the log:DDS (Ver_10-03-17.01) - NTFSx86 Run by mike at 11:54:18.14 on Sun 05/16/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.155 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updat... Read more

A:Browser Hijack, unknown virus

No clue why I double posted... Wasn't intentional. I think the first one may have actually posted from the laptop when I thought it hadn't. Sorry about the confusion.

Read other 27 answers
RELEVANCY SCORE 40.4

Hi,recently I have developed a very annoying browser search hijack. When using Firefox I am redirected to a scrambled URL (that cannot be loaded) when I do a Google search and click on a result. Eg if I search for "Mozilla Firefox" in Google and click on the first result I am directed to hxxp://newserversearch.com/?q=mozilla+firefoxWhen using Internet Explorer the correct URL is displayed but the page cannot load on the first attempt. If I click refresh it does load.I have run AVG free, Avast, Spybot Search and Destroy and Adaware but none have returned anything, so I would be very grateful for some help.DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 23:46:17.67 on 03/02/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.963 [GMT 0:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exesvchost.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:\Program Files\Cobian Backup 9\cbService.exeC:\Progra... Read more

A:Unknown browser search hijack

Hi Booshank BathWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.I see you have P2P software ( Limewire, BitTorrent, uTorrent etc? ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.References for the risk of these programs are here, and here.I would strongly recommend that you uninstall them, I'm looking over your logs now. Will be back ASAP.Thanksmaranatha

Read other 6 answers