Over 1 million tech questions and answers.

Hijackthis Log for Analysis - Yahoo email hijacked

Q: Hijackthis Log for Analysis - Yahoo email hijacked

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:49 AM, on 7/7/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Garmin\gStart.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
O4 - Global Startup: Logitech Music Anywhere Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11458 bytes

RELEVANCY SCORE 200
Preferred Solution: Hijackthis Log for Analysis - Yahoo email hijacked

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Hijackthis Log for Analysis - Yahoo email hijacked

Greetings keithohlms and Welcome to the Forums,Please read This Topic pasted at the top of this forum. Please do what it says to do, and post back the requested logs. We'll have a look...suggestions will be based upon the results of those scan logs. Thanks!

Read other 3 answers
RELEVANCY SCORE 66.8

Salutations Forum goers and IT Professionals! I appreciate any help you can supply me with about this issue.

I run a bunch of travel related websites, we have been dealing with spam for a while. Its mostly just a small aggravation, however this morning I found that it can be more than that. An issue was brought to me by my agent. Apparently she discovered a LOT of failed E-mail messages in her inbox this morning. They were not messages that she sent. So I thought she had been hijacked so I ran a hijack this program and have posted the results below. I have not reviewed one of these logs before, but have found that forum dwelling do-gooders can analyze the results for people in need. I would like to be one of those people. If there is somewhere that I can learn to evaluate the results myself I would appreciate a poke in the right direction. Thanks guys. Here is the log, if someone could give it a quick look-see for me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:50 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe ... Read more

Read other answers
RELEVANCY SCORE 64.8

I am currently facing some majorly frustrating issues with my yahoo email. I used to have ATT as my ISP, but I dropped them and just kept the sbcglobal email. Turns out my email has been hijacked and the password changed. Well, I either can't remember the security questions or they have been changed also. I've been up and down and all around with people in India about this and none of them know enough to help me. This jacker is looking at my email and sending bogus spam and I can't get in to change my password or anything. There's sentimental emails in there. No #, no fax, no nothing to get a hold of someone who knows how to verify that I'm me, and that I want my email back. Any thoughts?

A:Yahoo email hijacked

See if any of these suggestions help: http://in.answers.yahoo.com/question...7075315AA9ty8M

Yahoo Help Form: http://help.yahoo.com/l/us/yahoo/security/general.html

Read other 1 answers
RELEVANCY SCORE 64.8

This Monday AM I noticed my yahoo email account was sending spam mail to my entire contact list.The emails appeared in my sent items folder, and had a link to businesslenews15.net/jobs/?alert=86255. I did not click on the link. A few of the people that got the email did.The full header for the email looks fairly legit, except the from IP is in Warsaw, Poland. I am in the US.I checked the login history from yahoo for my account. I did not see anything that looked like it was not me.Here is what I did:+ I changed my yahoo password. (as well as other critical pwds)+ I checked that my password recovery email addresses were not changed.+ I sent a mail to my contacts list telling them to delete the email and not click on the link.+ I deleted all my contacts from yahoo.+ I scanned my home pc using AVAST, Windows Defender and MalwareBytes (quick, then full scans). Nothing significant was found.The home pc mentioned above has been running it's fan a little more than previously over the last month, but performance-wise it seems fine. Whenever the fan goes on, I check the processes running and they all seem to be something I kicked off.I can think of one other PC I logged onto yahoo from since I last changed my pwd 6 months ago, and he ran a scan and found no issues (Norton). Of course, he also clicked the link in the email, so draw your own conclusions about that. He also had his yahoo email hijacked in a similar manner ~1 yr ago, but he changed his pwd and it stopped.Here a... Read more

A:Yahoo email hijacked, not sure how

1. Update MBAM and do a full scan.2. Please visit the Eset online scanner:Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo to the Eset web page to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishClick on copy to clipboard or copy and paste the results here in this topic

Read other 16 answers
RELEVANCY SCORE 64.8

Lately I`ve noticed sometimes, key word being sometimes my Yahoo e-mail seems to get redirected at the sign in. I sign on using the "secure" tab, not sure why, but since spyware, bugs, hacks etc etc getting more frequent, and more ingrained into the net I started doing so. Not sure maybe I had missed it on occasion, but once about a month ago the time between clicking e-mail, and anything happening seemed awful long, and I got to looking at the bar address at the bottom of Firefox, which flickers the different places/names info being loaded. It flashed on something like akami.net for a second, and I thought hmmmm, usually to yahoo I see a lot of Yming, Y something, but had never noted this akami.net. When the page finally loaded it showed it as a broken secure connection. I closed the browser, reopened to Yahoo mail under secure, and it went right there, as it normally would, and without the long delay I`d just had. I`ve noted the same a few times since, and again noted it tonite. A search on Google for Akami.net doesn`t get any hits, I`m not positive if it is Akami, but thats what my minds eye thinks it was. I only saw it on the one occasion, as if it`s opening normally I guess I don`t pay any attention to what is flashing on the bar, but I`ve noted the broken secure link, and assumed was same thing.

Earlier today I had gone through the complete sequence of running Avast, AdAware, Spybot, checked Spyware Blaster, and done a HJT log after checking all of the site... Read more

A:Yahoo email getting Hijacked, but not??

Akamai is a "clearing house" of sorts, for all sorts of programs...almost a file sharing thing. Many legit programs and sites are listed by Akamai, but a multitude of infected programs and files can be found in there, too.

So, Akamai, in and of itself, is not suggestive of a problem. In fact, it could conceivably be a link for one of the ads on your Yahoo home page, as they do that sort of hosting business, as well.

If your tools show nothing, and your HJT log is unchanged, then the overwhealming probability is that nothing significant is afoot. That being said, there are so many new baddies out there right now, that the tools, and even HJT, can't see, that if you continue to have problems, you might want to consider taking a deeper look. We could help you with that.

Read other 12 answers
RELEVANCY SCORE 64.8

My Yahoo email addresses were hijacked. It sent different web links to different people. I went in and deleted all of my contacts, but don't want to change email addresses if I don't have to.

Here is a Hijackthis Log if anyone sees something unusual.

Thanks.

Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
65.55.37.104 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable
Giving up on 65.55.37.104.

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 80931 invoked by uid 60001); 1 Feb 2011 15:28:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1296574096; bh=Z0qiIjIkJ+A7FS4ce4e6dfnQByaeDxaf6LeGr+lrXJ4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=Thy367DadNy7GpIHa1ME6jCmSbB5kSvs9L9kXQkkYB7qb5oWqBwIQZLzz1HUoS61S89hZJ6y0a+0gbw6H9/tCu2kblwDNV++9Wb7Om5DFEzp4SOAWrLCjxxdcrSAG+qdkCHKiVjTgHlF75eVm/gBvrZMfMr1rXV5kw1Bx0777xc=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=WMt6gb0rPmuEt7wHpm/uW3hYTzzjAVTW/bwV3BGEynJvNY4FcjSTPFXVRDRQTWwkuUgeznxEm6MLUWy89wRypGAJ+ndVoABxAcid24j+Kpuwunm1Ljn... Read more

A:Yahoo Email Hijacked

Hello, you did not include an HJT log. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.You can also include your HJT log.Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 64

Hi there. My friend recommended your site.

My Yahoo email appears to be hijacked. All my friends are telling me they are getting weird emails from 'me' with various attachments that are links to online pharmacies, usually for Viagra.. etc. Also, all my sent emails are gone! I have looked over some of the other forum posts with similar problems, and it appears some scans are in order.

I have Avast antivirus and CyberDefender. They don't seem to find anything that has stopped the problem. I really don't want to delete this email account because i've had it a really long time now, but i'm worried my computer security is at risk. I am running Vista 64-bit on a Sony Vaio (pretty new).
Thank you in advance.

A:yahoo email hijacked! is this malware?

Looks like I forgot to follow instructions. Ok. Here is what happened when I followed your preparation guide. Nothing seems to be happening as described in the guide. but I did my best....1- DDS file download link didn't work. Didn't get that log. I get following message:File not foundFirefox can't find the file at http://download.bleepingcomputer.com/sUBs/dds.scr. * Check the file name for capitalization or other typing errors. * Check to see if the file was moved, renamed or deleted.

2- Gmer options for scan weren't as described in the preparation guide. All option boxes were greyed out except last three: 'Services', 'Registry', and 'Files'. 'C:\' drive was selected as was 'ADS'. 'Show All' was also greyed out. I did a scan with those options.That log ark.txt is attachedWell, now i don't see an option to attach a file. So i'll just post it here too.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-06 07:54:56Windows 6.0.6001 Service Pack 1Running: gmer.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcd035 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d3be9a Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f... Read more

Read other 2 answers
RELEVANCY SCORE 63.2

Wondering if anyone had this happen-last week an email account I had not had virtually disappeared. I have 2 other yahoo names and they are fine. Naturally, I can only seem to get form letters back from yahooletechs. Does someone know if there is a program going around that can boot people or delete their accounts?
 

Read other answers
RELEVANCY SCORE 61.2

My wife was given a computer that seemed good but i am not sure if it was infected with trojans and spyware i thrn tried and used a usb onto 2 of the laptops and seems i got same thing on all 3 i am using a desktop at present since i do not feel safe on the other ones .  After  weeks of using our computer, she suddenly wasn't able to sign into hotmail or Skype.  Her password had been changed as well as mine  Then as we tried to reset the password we discovered her email address had been deleted.  She had just accessed and used her email the day before.  Her information was definitely stolen and I feel it was probably logged while using our computer.  The reason i suspect is my wife and I have noticed many pop-ups, especially when using Google Chrome and redirects     I had attempted to download a VPN browser software  and it was free of spyware/malware.  But in my haste, I downloaded and installed the software from a location that I am sure had spyware/malware software attached and now i am using windows 8 on this pc and get a constant dial up window at certain times and all programs are running slow many are crashing and more think backdoor trojans etc.  so now,  please we beg, please, help!...

A:Hotmail ,Yahoo ,Facebook,Skype and email username/password hijacked

Hello frankp747 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 38 answers
RELEVANCY SCORE 56

Yahoo Messenger 9 version 9.0.0.2034, yahoo.co.in e-mail, Yahoo answers, etc. do not run/open on my PC. On attempting to log into Messenger 9 I get an error message: “Please click Try Again to re-enter your ID and password. If you have forgotten you ID or password, click Sign-in Problems”.

Earlier they would open only if they were the first programs I switched on when I would start my PC else I would get an error message “Messenger encountered a connection problem. Please check the network connection and then click "Try Again" (81003004)”.

My computer system: AMD 64 3200+ 2.01Ghz, 1 GB RAM, 80 GB HDD, Windows Professional XP-2, IE 6 with Cookies Enabled, MS Office 2003, BSNL Broadband, Java (TM) 6 update 11, Java (TM) 6 update 7, no Startup programs other than AVG Free version 8. I am based in India.

I have checked with those using the same broadband connection as to not facing any problem with Yahoo.

Yahoo FT Server and Yahoo! Messenger are provided as exceptions in my Windows Firewall. In IE6 under Security Sites I have not blocked any website.

Where could the problem be?
 

A:Yahoo Messenger 9, Yahoo email, Yahoo sites not opening on Windows XP2, IE6

is yahoo running at start up
 

Read other 3 answers
RELEVANCY SCORE 50.4

Hello,
For the past several weeks now, when I check my Yahoo email account using IE 8 version (actions performed: clicking on the Inbox, moving from email to email, opening an email) I am redirected to this website:

hxxp://premium_.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1296073985&Signature=r1JBMUZ7yDiRdj2Wu3Ul5hjNCoQ%3D

This does not happen all the time. It seems to be sporadic. I can have periods of time when this does not happen (I can open several messages or navigate from one message to another and not have a problem) then all of a sudden I will be redirected to the site listed above. If I click the back button I can get back to my email and move around once again. The redirect may or may not occur again or from that point forward. From what I have read online, there doesn't seem to be a fix for this issue.

I have tried running several scans with Malwarebytes (in safe mode), Ad-Aware, AVG, Spybot, Hitman Pro 3.5 and ComboFix. But, none of these scans have returned any results that have resolved this issue. I have also removed all versions of Java and updated to the latest version (Java 6 update 23). I've also removed all versions of Adobe and installed Adobe Reader X version 10.0.0 as I have read that keeping old versions may pose a security risk. Just trying to provide as much information on what I've done up to this point.

I've attached scan results from RootKit Unhooker Report.txt (zipped), the DDS Attach.tx... Read more

A:Yahoo redirects my IE session when checking my Yahoo email

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 50.4

Oh boy!

I am running Windows XP Home Edition SP2.

Here is where I will start. My apologies, this might be long winded.
I was having problems with browsing (posted this prior) and wasn't getting anywhere with attempting to adjust browser settings. I was getting blocked going regular places. So... after getting very aggravated, I accessed Symantec's online chat help w/ an analyst. During this time, the analyst remotely accessed my computer on two occassions, ultimately finding out that the problem was not with the Norton 360 but was with IE (v.7). We were having problems with connectivity. He said his system said I was disconnected yet he was still in my system. He started a notepad doc to chat with me, saying that we were locking up and I should Google the verbage I was receiving during the browsing blocks I was receiving. As I was typing a response saying I have done that, we were disconnected. Since I knew what I had originally found, I disconnected completely and left it for today since more than 2-3 hours have now passed. Today, I cannot access my email. I receive an HTTP 405 error. (Programming error). I noted that in the heading, the address started like this: hxxp://red.clientapps.yahoo.com/customize/toplevel/msgr6. After searching that on the web, I found that this is a BAD thing. I also noticed that the Phishing filter was off. Message said "Phishing filter cannot check this website because the Microsoft online service is temporarily unavailable&qu... Read more

A:Unable To Access Yahoo Email (red.clientapps.yahoo.com/)

Have you tried using an alternate browser like Firefox to see if you encounter the same problem? If you can use Firefox, then will narrow the problem down to an IE issue.Since you cannot run the Housecall or Panda scans, if you install Firefox you can then perform and online scan using Trend Micro Housecall Scan for Firefox. This also leads me to believe you have an ActiveX problem.

Read other 2 answers
RELEVANCY SCORE 50.4

I belong to one Yahoo Group and have my email for that group set up for "individual emails" for all group messages. I receive all messages daily from all other group members except one member. Can't figure out why I don't get his messages (makes no difference if it is text only messages or messages with pics attached). The only way I know this particular member has posted to the group is when other members have their group email settings set up to automatically affix all/part of posts at the bottom of their replies to same. As you see by my signature, I use Firefox 1.5.09 as my default browser. My other realtime running programs also listed there, but I don't think they could be a factor. Not sure whether Firefox is a factor with the blocking. I have asked this member to post a test message today and I am accessing the net exclusively via IE6 today to see if his test message comes through or not. Will report back my findings on that score. BTW, I do not use an email client. I read all my mail directly off the Yahoo Mail website. Only thought I've had, is once or twice my mail has "bounced" because my inbox was full. But my inbox rarely gets full. And this problem seems to be more persistent than just a few occasions. Anyone have any additional thoughts on what could be causing my dilemma?

A:Yahoo Web-based Email/yahoo Groups Problem

Don't know if it is the problem, but just realized I normally keep my mail options set to "automatically delete" bulk mail messages. Maybe somehow this group member's messages are being "perceived" as spam and Yahoo's spam filter is blocking his posts. I've gone into my settings just now and told it to hold those messages a week for me so I can test possible factor. Will post back my findings.

Read other 6 answers
RELEVANCY SCORE 49.2

Can anyone suggest how to perform email evidences acquisition (Email forensic). I need to gather information related to email like email header details, attachment preview (PDF, word, images etc.), IP addresses and other relevant information. It will be
advantageous if the tool allows you to import emails with diverse extensions(MBOX, EML, Gmail, Outlook.com) and also export email evidences in a format standard for court like Concordance etc?.???

Read other answers
RELEVANCY SCORE 49.2

Hi Geniuses:
I wanted to throw this out to you to see if there was a solution to my "inbox zero woes"

TECH SPECS:

Yahoo Email address (yes I know)
iPhone with Outlook App
Mac Computer with Mail APP
Extra Gmail account with a "send gmail from account"

What I found was that while on the road (most of my email use) the Outlook App for iPhone was fastest at fetching mail, and I LOVE the interface (ability to snooze emails, archive etc).

Problem is, my home mac with MAIL doesn't play nice when I archive Emails on my app.
Secondly, I also like to use gmail as a web client for searching files, using todo etc.

My question: can all of these play nice in the same sandbox? Can I archive on one device, and have it translated amongst the others? If not, what are my solutions (switching over to outlook on Mac? Just using a GMAIL address from now on). Would love some light / insight on this.

Many, Many thanks!
-Bryan.
 

Read other answers
RELEVANCY SCORE 48.8

I think this problem has come up here before, and got this advice:

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
I already had Hijack this, and thus pushed on to running a scan...

Logfile of HijackThis v1.99.1
Scan saved at 13:22:17, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer... Read more

A:[email protected] has gotten me... analysis needed

Hi, Whamme.

Welcome!

Please download SmitfraudFix (by S!Ri) to your Desktop.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Onc... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Please help me rid my PC of unwanted Malware/Spyware/Virus etc. I know I have one called AntivirusXp 2008 on here. Thanks so much,Matt*******************************************************************************************Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:08:23, on 8/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program ... Read more

A:Hijackthis Log Analysis

Hi mcguire1019 and Welcome to Bleeping Computer First of all, we apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not, solve other issues you have with your machine. As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through these instructions and printing them for ease of reference. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thre... Read more

Read other 23 answers
RELEVANCY SCORE 48.4

Does anyone see anything malicious here?

Logfile of HijackThis v1.99.1
Scan saved at 4:42:59 PM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\GAIM\gaim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Jebus\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run... Read more

A:Hijackthis Analysis

Read other 7 answers
RELEVANCY SCORE 48.4

Hi everyone I have a Hewlett Packard ZD7000 Pentium 4 2.8mHz 512 RAM 40 GB laptop.

Lately it feels sluggish and I've been going through Spybot, Adaware, AVG Antivirus like no tomorrow... nothing seems to have really helped? I don't use P2P softwares and I only download with bittorrent occasionally.

When I use a new profile, however, things seem significantly faster... can anyone take a quick look at my HiJackThis file? What can I safely remove/delete and will it help my system get back to its normal speed?

Thanks in advance!

_______________

Logfile of HijackThis v1.99.1
Scan saved at 12:04:42 PM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\... Read more

A:HiJackThis log analysis

Looks fine, is this the problem profile?
 

Read other 3 answers
RELEVANCY SCORE 48.4

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

A:HijackThis log Analysis

Due to the lack of feedback, this Topic is now closed.In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 48.4

Please help resolve my spyware problems. Thanks!Logfile of HijackThis v1.99.1Scan saved at 1:51:17 PM, on 7/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ProcessGuard\dcsuserprot.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Commo... Read more

A:Hijackthis Analysis Please

Hi there and welcome to Bleeping Computer !As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 1 answers
RELEVANCY SCORE 48.4

Dear Members,

I am new member and this is my first HijackThis log. I would appreciate if anyone of you could take a look at it and let me know if my system is infected, and how to fix it.

Thank you for your time and valuable input.

Regards,

SLeopard

A:HiJackThis log analysis

Hi SLeopard,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 17 answers
RELEVANCY SCORE 48.4

Hi,

I have two problems:
1) I do not succeed in installing Avira Premium 2013 because Avire find "PC cleaner pro", that is incompatible, installed on my system;
In fact in the past I installed this program, but since a long time, it was uninstalled.

2) I am now using Opera 12.12 browser; I had to uninstall IE8 for bad functioning
I would like to reinstall IE8 but installation cannot be completed

May be you will find the reasons of these problems examining hijackthis.log
Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09, on 05.01.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\system32\dtmonx.exe
G:\Files Programmi\Synaptics\SynTP\SynTPEnh.exe
G:\Files Programmi\Analog Devices\Core\smax4pnp.exe
G:\Files Programmi\EverNote\EverNote\UniClipper.exe
C:\Windows\system32\ctfmon.exe
G:\Files Programmi ... Read more

A:hijackthis.log analysis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)O2 - BHO: Webblog - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - g:\Files Programmi\wbtooltb\wbtoolDx.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)O3 - Toolbar: Webblog - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - g:\Files Programmi\wbtooltb\wbtoolDx.dllClick on Fix Checked when finished and exit HijackThis.Restart the computer normally.===Please download and ... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

I don't know for sure if this is the right place to post this, but here it is. If it's the wrong place, maybe someone could tell me where to post it? If the right one, I have some kind of keylogger or something on my computer that regular antivirus and antimalware isn't detecting. I can tell from the spam I am getting. This is the HijackThis log for analysis if anyone can tell me what is safe to delete, and what if any next steps I should take. Thanks!

A:HijackThis Log Analysis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===HijackThis is not providing accurate information for 64 bit systems.In your case we need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDDS.COMDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.====Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with th... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hi There! I am always frustrated (hey, but enough about my private life!) when I first turn on my computer. It appears to have been set to run one or more systems (virus check I assume) which eats up loads of virtual memory REALLY slowing down the machine. So I turn on and walk away for 30 mins or so until it has run the process. I tried to figure out exactly what was running on startup this am and came across HijackThis. I installed and ran an analysis - see below. I would be grateful if you could suggest how I can to identify what exactly is running on startup and using all the virtual memory (Task Manager just shows lots of programmes using varying amounts of memory - I have tried to eliminate them one by one using the Free Process Freezer which is meant to freeze processes - though it doesn't seem to retain this information after shutting down and re-booting - you have to re-freeze processes) and if you think thre are any files / processs identified by HijackThis in the list below which warrant concern.Many thanks for your consideration of this topic. 'Preciated!Many your children all be techno wizzards - but not on the Dark Side.YoursBrassens1 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:27:53, on 06/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32 ... Read more

A:Hijackthis Analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 9:43:01 PM, on 6/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Skyscape\smARTupdate.exeC:\PROGRA~1\MICROS~4\rapimgr.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\PROGRA~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\syste... Read more

A:Need Help With Hijackthis Log Analysis

Do you think you are still having problems? Please post a current hijackthis log.

Read other 1 answers
RELEVANCY SCORE 48.4

To give a bit of background, it started when this fake antivirus (Something Antivirus Pro) downloaded itself onto my computer and gave me thousands of error messages claiming I had a bunch of viruses. Then there was a screen with a fake virus scan saying that the only way to stop this madness was to buy their product. I used AVG, AND Adaware to blast it away. However I was left with a trojan that redirected my search links and gave me massive popups, some containing my User folder directory. None of my antivirus software has been able to even put a dent in this thing. I've tried Malwarebytes, AVG, Spyware Doctor, Spybot:Search and Destroy, Combo-Fix, I even downloaded KillBox. Now I'm on my last thread and I'm hoping someone, ANYone, can help me get rid of this thing because I really don't want to have to reformat, so here's the HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:12 AM, on 12/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Sy... Read more

A:HijackThis Analysis, if you please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

hi,I have a serious adware infection. I've done all the scans recommended. I still have these annoying ads being displayed all the time. Here's my HijackThis log. Please help me with what I need to do next. Thanks in advance.Gautam.Logfile of HijackThis v1.99.1Scan saved at 11:24:10 PM, on 6/25/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Network Associates\VirusScan\Avsynmgr.exeD:\WINDOWS\system32\ZONELABS\vsmon.exeD:\WINDOWS\system32\rundll32.exeD:\WINDOWS\Explorer.EXED:\Program Files\Network Associates\VirusScan\VsStat.exeD:\Program Files\Network Associates\VirusScan\Vshwin32.exeD:\WINDOWS\Mixer.exeD:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeD:\Program Files\Network Associates\VirusScan\Avconsol.exeD:\Program Files\Network Associates\VirusScan\Webscanx.exeD:\Program Files\QuickTime\qttask.exeD:\Program Fi... Read more

A:Hijackthis Log For Analysis

Hi,Looks like miekie is already helping you in this thread :http://www.bleepingcomputer.com/forums/t/56678/please-help/Please continue there and don't create a new topic.Good day,Jet Ian

Read other 1 answers
RELEVANCY SCORE 48.4

my pc got infected and i downloaded the hijackthis software. it showed this log. there is no O20 entry so i followed your instructions to post this....Logfile of HijackThis v1.98.2Scan saved at 1:50:02 PM, on 11/2/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\CARPSERV.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\LVCOMS.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\SYSTEM\E_S4I3T1.EXEC:\WINDOWS\FVPROTECT.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\NNDLI680OI6T.EXEC:\WINDOWS\RUNDLL32.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Inter... Read more

A:HijackThis Log and Analysis

Hi xywarlock1. Download CWShredder: Download here. Unzip it on your Desktop. Don't use it yet.2. Download this tool from Symantec: Backdoor.Agent.B Removal Tool and save it on your Desktop. Follow Symantec's instructions for how to run it.3. When the removal process is finished you will find a log on your Desktop . Don't delete it. Please copy & paste the contents of the log as a reply to this post.4. Restart the computer.5. Make sure all browser windows are closed and run cwshredder.exe, and click on the FIX button (not the "Scan only" button) and let it scan your computer.6. Run HijackThis! again and post a fresh together with the Symantec Tool log.

Read other 4 answers
RELEVANCY SCORE 48.4

Can you please analyze my hijack this log. I was recently infected with a virus and was wondering if anything is still in my system. thank youRunning processes:c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explor... Read more

A:Hijackthis log analysis please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

I am new to this web site but I really need your help. My laptop is only a year old but has lately slowed down soo bad, it takes almost 3 minutes to close/log off.

I have included the requested saved file below...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:10 PM, on 22/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Fi... Read more

A:Need HiJackThis analysis...

Read other 16 answers
RELEVANCY SCORE 48.4

hi, i'm a new user. my computer's being really slow. and norton's not detecting any problems. i've got a highjacker thing called about blank but i dont seem to be able to remove it properly. can anyone help please here's my hijackthis reportLogfile of HijackThis v1.98.2Scan saved at 14:27:30, on 19/10/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\gearsec.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:&#... Read more

A:hijackthis analysis

greenie, welcome. Please print this out and follow ALL these directions carefully.You should install Windows Service Pack 2 and ALL Critical Updates to help from being continually infected.In Internet Explorer go to Tools then Windows Updates and install each patch one by one rebooting when necessary.First to remove the infection.This is a new CoolWebSearch (CWS) hijack infection and is hard to remove.Note: Every time you reboot the files multiply and change names. This process is like exterminating cockroaches.Important: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis.exe into this folder as you do not want the HijackThis backup logsall over your Desktop.When you run HijackThis from C:\HJT folder by double clicking on it and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.Make sure 'show all files' is enabled:http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=Please download the tool called about:buster fromhttp://www.downloads.subratam.org/AboutBuster.ziporhttp://www.majorgeeks.com/download4289.htmlUnzip it to your desktop.In WinME/XP turn off System Restore.http://www.arnoldco.com/help/html/disable_restore.htmlThen reboot into Safe Mode by tapping F8 key repeatedly during bootup. Enable System Restore after the infection is removed.Double... Read more

Read other 8 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.98.2Scan saved at 8:40:47 PM, on 10/14/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\crzh32.exe:chnthC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Messenger\msmsgs.exeC:\antihijack\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\system32\d3pt32.exeC:\Documents and Settings\Richard\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rbdqi.d... Read more

A:Hijackthis log; analysis help

The first thing I need you to do is download the file from here:Getservices.zip - Get list of XP/2000/NT ServicesExtract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post along with a brand new hijackthis log.

Read other 4 answers
RELEVANCY SCORE 48.4

My McAFee security has detected Trojans and quarantined them. I also found a virus that had gotten through and put an icon on my lower task bar. The virus appears to be removed but my computer has slowed down considerably.

I?ve attached a scan log from HIJACKTHIS, can someone be so kind to analysis it and/or give me some advice so I can get the laptop running faster again?

Thanks so much for your help.

Nafload

A:Analysis HIJACKThis log

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, p... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hello,Yesterday I noticed an error message in the taskbar, saying that spyware had been detected on my laptop and that I should click on a link and that windows would download antispyware software.After a reboot this morning some terminal windows opened up after boot up with a cursor jumping all over the place.It took about one minute to close these windows using using alt F4.Anyways, since then I ran scans with ESET anti virus, superantispyware, malwarebytes anti-malware, malwarebyttes rogue remover and removed quite a few trojans, adware etc....After another reboot Im still noticing adware tracking cookies etc... in the scans after removing the previously found adware etc... in the last scan. But the initial false spyware message & the terminal screens no longer appear.When I am not connected to the wireless internet, here is an output of netstat from the command line:Active Connections Proto Local Address Foreign Address State TCP r60-3112-jn:1025 localhost:1026 ESTABLISHED TCP r60-3112-jn:1026 localhost:1025 ESTABLISHED TCP r60-3112-jn:1027 localhost:1028 ESTABLISHED TCP r60-3112-jn:1028 localhost:1027 ESTABLISHED TCP r60-3112-jn:1032 localhost:1033 ESTABLISHED TCP r60-3112-jn:1033 localhost:1032 ESTABLISHED TCP r60-3112-jn:1034 localhost:1035 ESTABLISHED TCP r60-3112-jn:1035 localhost:1034 ESTABLISHED TCP ... Read more

A:HijackThis log for analysis

Just some more info on this:

After a reboot and cleaning temporary files using a program ccleaner, I ran a full check with malwarebytes anti-malware software and the folloeing rootkit was found:

Malwarebytes' Anti-Malware 1.30
Database version: 1347
Windows 5.1.2600 Service Pack 2

31/10/2008 22:20:34
mbam-log-2008-10-31 (22-20-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116257
Time elapsed: 51 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP261\A0042748.sys (Rootkit.Agent) -> Quarantined and deleted successfully.



When I reboot this stays here.

Also just running through some other posts, I will not be able to run the program check that requires Administrative rights, as I dont have them on this computer.

Read other 19 answers
RELEVANCY SCORE 48.4

Hi, I've recently been having problems with online accounts having password changes, leading me to think that I may have a keylogger of some sort. An analysis of my attached log would be greatly appreciated! Thanks!

A:Hijackthis log analysis

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hope someone will take a look at my Hijack This log and let me know if anything looks dangerous and/or suspicious. Thanks in advance.

A:HijackThis Analysis Please

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Greetings,I'm having problems getting rid of some type of "popup" that lauches even when not connected to the internet. Running XP Home, turned off system restore, updated Adaware SE and Spybot, ran in both in safe mode and normal boot mode numerous times, ran NAV w/latest updates and still can't find the culprit.Assistance would be greatly appreciated.Logfile of HijackThis v1.98.2Scan saved at 3:09:17 PM, on 9/17/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\evntsvc.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imagi... Read more

A:HiJackThis Analysis

HelloPlease have hijackthis fix the following with no browser windows open:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)O2 - BHO: (no name) - SOFTWARE - (no file)O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file)O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winnbt32.exeO9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)Reboot your com... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi.. This is my HiJack this Log.. Please advise!Logfile of HijackThis v1.97.7Scan saved at 1:24:51 PM, on 9/5/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\iebe.exeC:\WINDOWS\System32\cdbmzzzp.exeC:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exeC:\Program Files\Lexmark X1100 Series\lxbkbmon.exeC:\PROGRA~1\AWS\WEATHE~1\Weather.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\WINDOWS\system32\atlok32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS... Read more

A:HijackThis Log Analysis, Anyone?

You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log

Read other 11 answers
RELEVANCY SCORE 48.4

My Firefox browser is being redirected to a search website. Here's my HJT log. Thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 12:15:45 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Devel\Encompass\distribution\windows_services\RemoteObjectHostService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Share... Read more

A:Need HijackThis Log Analysis

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

Read other 1 answers
RELEVANCY SCORE 48.4

Had (have?) a real nasty Hijacker on my computer. Ran the About:Buster, which deleted over 600 bits, then did HijackThis. The log follows. Now what???? Thanks! GeneLogfile of HijackThis v1.98.0Scan saved at 12:42:24 AM, on 7/29/2004Platform: Windows ME (Win9x 4.90.3000A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXEC:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\ATI2EVXX.EXEC:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXEC:\WINDOWS\EXPLORER.EXEC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXEC:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\PROGRAM FILES\MOTIVE\MOTMON.EXEC:\WINDOWS\SYSTEM\LVCOMS.EXEC:\WINDOWS\LO... Read more

A:Help! on HijackThis Log Analysis

Gene fix with hijackthis all the O2's that say (file missing) and then post a new log

Read other 7 answers
RELEVANCY SCORE 48.4

Lately,my computer has turned very sluggish
Twice I have lost files because I could not reopen them after rebooting, the error message I was getting was that some process had exclusive access to that file
Thanks to all in advance

Logfile of HijackThis v1.99.1
Scan saved at 12:49:25 PM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks Basic Edition\Norton Utilities\NPROTECT.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\real... Read more

A:Hijackthis analysis please

Read other 13 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.97.7Scan saved at 下午 10:41:55, on 2004/7/22Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\Winampa.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\vsnphv71.exeC:\WINDOWS\System32\lrcfg32.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\System32\jacfg2.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\srvany.exeC:\WINDOWS\system32\resetservice.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\S... Read more

A:Hijackthis log analysis plz

There is a new version of hijackthis available. Please download it fromhttp://www.spywareinfo.com/~merijn/files/hijackthis.zip or here:http://computercops.biz/downloads-cat-14.htmland post a new log

Read other 8 answers
RELEVANCY SCORE 48.4

Hi,
I am a new member of this forum. Few days back my laptop started behaving erratically. Please check my log and let me know if I am infected and steps to handle the issue. Thanks in advance.

Regards,
FrancisNPM.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:05, on 04-06-2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\... Read more

A:HiJackThis log analysis

Good evening. As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. You will need to go here, follow steps 6, 7 and 8 and post accordingly into this thread.Will you also include a brief description of your PC's issues, if there are any, or let me know if this is just an exploratory thing.

Read other 2 answers
RELEVANCY SCORE 48.4

Any help would be appreciated. I am new to using Hijack This and this particular client has a nasty spy ware infection. Thanks - DJLogfile of HijackThis v1.98.2Scan saved at 3:58:11 PM, on 11/4/2004Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\Program Files\NavNT\defwatch.exeC:\WINNT\System32\svchost.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\NavNT\rtvscan.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\MsgSys.EXEC:\WINNT\Explorer.EXEC:\WINNT\System32\hkcmd.exeC:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\PROGRA~1\NavNT\vptray.exeC:\WINNT\system32... Read more

A:HijackThis Log Analysis

Note, please read this carefully, as the steps do repeat a few times, but the last step does change a bitDownload killbox here:KillBoxUnzip the folder to your desktop.Start Killbox.exeSelect the Delete on reboot option.In the field labeled "Full path of file to delete" enter C:\DOCUMENTS AND SETTINGS\Alana\LOCAL SETTINGS\Temp\pilld.datThen press the button that looks like a red circle with a white X in it.When it asks if you would like to Reboot now, press the NO button.Next In the field labeled "Full path of file to delete" enter C:\WINNT\dllip.exeThen press the button that looks like a red circle with a white X in it.When it asks if you would like to Reboot now, press the NO button.Next In the field labeled "Full path of file to delete" enter c:\winnt\system32\hostx.exeThen press the button that looks like a red circle with a white X in it.When it asks if you would like to Reboot now, press the NO button.Next In the field labeled "Full path of file to delete" enter c:\winnt\system32\bkinst.exeThen press the button that looks like a red circle with a white X in it.When it asks if you would like to Reboot now, press the YES button.Your computer will now reboot and check to see if the file is gone.When it reboots, fix these entries in hijackthis:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blankR0 - HKLM\Software\... Read more

Read other 5 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 12:02:22, on 14/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5450.0004)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security 2005\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\e... Read more

A:Help With Hijackthis Log Analysis

Hi Yaveja06,

We're studying your log and will be back to you a.s.a.p.

Thanks for your patience.

Read other 3 answers