Over 1 million tech questions and answers.

Hijackthis Log for Analysis - Yahoo email hijacked

Q: Hijackthis Log for Analysis - Yahoo email hijacked

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:49 AM, on 7/7/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Garmin\gStart.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
O4 - Global Startup: Logitech Music Anywhere Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11458 bytes

RELEVANCY SCORE 200
Preferred Solution: Hijackthis Log for Analysis - Yahoo email hijacked

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Hijackthis Log for Analysis - Yahoo email hijacked

Greetings keithohlms and Welcome to the Forums,Please read This Topic pasted at the top of this forum. Please do what it says to do, and post back the requested logs. We'll have a look...suggestions will be based upon the results of those scan logs. Thanks!

Read other 3 answers
RELEVANCY SCORE 66.8

Salutations Forum goers and IT Professionals! I appreciate any help you can supply me with about this issue.

I run a bunch of travel related websites, we have been dealing with spam for a while. Its mostly just a small aggravation, however this morning I found that it can be more than that. An issue was brought to me by my agent. Apparently she discovered a LOT of failed E-mail messages in her inbox this morning. They were not messages that she sent. So I thought she had been hijacked so I ran a hijack this program and have posted the results below. I have not reviewed one of these logs before, but have found that forum dwelling do-gooders can analyze the results for people in need. I would like to be one of those people. If there is somewhere that I can learn to evaluate the results myself I would appreciate a poke in the right direction. Thanks guys. Here is the log, if someone could give it a quick look-see for me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:50 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe ... Read more

Read other answers
RELEVANCY SCORE 64.8

Lately I`ve noticed sometimes, key word being sometimes my Yahoo e-mail seems to get redirected at the sign in. I sign on using the "secure" tab, not sure why, but since spyware, bugs, hacks etc etc getting more frequent, and more ingrained into the net I started doing so. Not sure maybe I had missed it on occasion, but once about a month ago the time between clicking e-mail, and anything happening seemed awful long, and I got to looking at the bar address at the bottom of Firefox, which flickers the different places/names info being loaded. It flashed on something like akami.net for a second, and I thought hmmmm, usually to yahoo I see a lot of Yming, Y something, but had never noted this akami.net. When the page finally loaded it showed it as a broken secure connection. I closed the browser, reopened to Yahoo mail under secure, and it went right there, as it normally would, and without the long delay I`d just had. I`ve noted the same a few times since, and again noted it tonite. A search on Google for Akami.net doesn`t get any hits, I`m not positive if it is Akami, but thats what my minds eye thinks it was. I only saw it on the one occasion, as if it`s opening normally I guess I don`t pay any attention to what is flashing on the bar, but I`ve noted the broken secure link, and assumed was same thing.

Earlier today I had gone through the complete sequence of running Avast, AdAware, Spybot, checked Spyware Blaster, and done a HJT log after checking all of the site... Read more

A:Yahoo email getting Hijacked, but not??

Akamai is a "clearing house" of sorts, for all sorts of programs...almost a file sharing thing. Many legit programs and sites are listed by Akamai, but a multitude of infected programs and files can be found in there, too.

So, Akamai, in and of itself, is not suggestive of a problem. In fact, it could conceivably be a link for one of the ads on your Yahoo home page, as they do that sort of hosting business, as well.

If your tools show nothing, and your HJT log is unchanged, then the overwhealming probability is that nothing significant is afoot. That being said, there are so many new baddies out there right now, that the tools, and even HJT, can't see, that if you continue to have problems, you might want to consider taking a deeper look. We could help you with that.

Read other 12 answers
RELEVANCY SCORE 64.8

I am currently facing some majorly frustrating issues with my yahoo email. I used to have ATT as my ISP, but I dropped them and just kept the sbcglobal email. Turns out my email has been hijacked and the password changed. Well, I either can't remember the security questions or they have been changed also. I've been up and down and all around with people in India about this and none of them know enough to help me. This jacker is looking at my email and sending bogus spam and I can't get in to change my password or anything. There's sentimental emails in there. No #, no fax, no nothing to get a hold of someone who knows how to verify that I'm me, and that I want my email back. Any thoughts?

A:Yahoo email hijacked

See if any of these suggestions help: http://in.answers.yahoo.com/question...7075315AA9ty8M

Yahoo Help Form: http://help.yahoo.com/l/us/yahoo/security/general.html

Read other 1 answers
RELEVANCY SCORE 64.8

My Yahoo email addresses were hijacked. It sent different web links to different people. I went in and deleted all of my contacts, but don't want to change email addresses if I don't have to.

Here is a Hijackthis Log if anyone sees something unusual.

Thanks.

Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
65.55.37.104 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable
Giving up on 65.55.37.104.

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 80931 invoked by uid 60001); 1 Feb 2011 15:28:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1296574096; bh=Z0qiIjIkJ+A7FS4ce4e6dfnQByaeDxaf6LeGr+lrXJ4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=Thy367DadNy7GpIHa1ME6jCmSbB5kSvs9L9kXQkkYB7qb5oWqBwIQZLzz1HUoS61S89hZJ6y0a+0gbw6H9/tCu2kblwDNV++9Wb7Om5DFEzp4SOAWrLCjxxdcrSAG+qdkCHKiVjTgHlF75eVm/gBvrZMfMr1rXV5kw1Bx0777xc=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=WMt6gb0rPmuEt7wHpm/uW3hYTzzjAVTW/bwV3BGEynJvNY4FcjSTPFXVRDRQTWwkuUgeznxEm6MLUWy89wRypGAJ+ndVoABxAcid24j+Kpuwunm1Ljn... Read more

A:Yahoo Email Hijacked

Hello, you did not include an HJT log. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.You can also include your HJT log.Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 64.8

This Monday AM I noticed my yahoo email account was sending spam mail to my entire contact list.The emails appeared in my sent items folder, and had a link to businesslenews15.net/jobs/?alert=86255. I did not click on the link. A few of the people that got the email did.The full header for the email looks fairly legit, except the from IP is in Warsaw, Poland. I am in the US.I checked the login history from yahoo for my account. I did not see anything that looked like it was not me.Here is what I did:+ I changed my yahoo password. (as well as other critical pwds)+ I checked that my password recovery email addresses were not changed.+ I sent a mail to my contacts list telling them to delete the email and not click on the link.+ I deleted all my contacts from yahoo.+ I scanned my home pc using AVAST, Windows Defender and MalwareBytes (quick, then full scans). Nothing significant was found.The home pc mentioned above has been running it's fan a little more than previously over the last month, but performance-wise it seems fine. Whenever the fan goes on, I check the processes running and they all seem to be something I kicked off.I can think of one other PC I logged onto yahoo from since I last changed my pwd 6 months ago, and he ran a scan and found no issues (Norton). Of course, he also clicked the link in the email, so draw your own conclusions about that. He also had his yahoo email hijacked in a similar manner ~1 yr ago, but he changed his pwd and it stopped.Here a... Read more

A:Yahoo email hijacked, not sure how

1. Update MBAM and do a full scan.2. Please visit the Eset online scanner:Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo to the Eset web page to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishClick on copy to clipboard or copy and paste the results here in this topic

Read other 16 answers
RELEVANCY SCORE 64

Hi there. My friend recommended your site.

My Yahoo email appears to be hijacked. All my friends are telling me they are getting weird emails from 'me' with various attachments that are links to online pharmacies, usually for Viagra.. etc. Also, all my sent emails are gone! I have looked over some of the other forum posts with similar problems, and it appears some scans are in order.

I have Avast antivirus and CyberDefender. They don't seem to find anything that has stopped the problem. I really don't want to delete this email account because i've had it a really long time now, but i'm worried my computer security is at risk. I am running Vista 64-bit on a Sony Vaio (pretty new).
Thank you in advance.

A:yahoo email hijacked! is this malware?

Looks like I forgot to follow instructions. Ok. Here is what happened when I followed your preparation guide. Nothing seems to be happening as described in the guide. but I did my best....1- DDS file download link didn't work. Didn't get that log. I get following message:File not foundFirefox can't find the file at http://download.bleepingcomputer.com/sUBs/dds.scr. * Check the file name for capitalization or other typing errors. * Check to see if the file was moved, renamed or deleted.

2- Gmer options for scan weren't as described in the preparation guide. All option boxes were greyed out except last three: 'Services', 'Registry', and 'Files'. 'C:\' drive was selected as was 'ADS'. 'Show All' was also greyed out. I did a scan with those options.That log ark.txt is attachedWell, now i don't see an option to attach a file. So i'll just post it here too.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-06 07:54:56Windows 6.0.6001 Service Pack 1Running: gmer.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcd035 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d3be9a Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f... Read more

Read other 2 answers
RELEVANCY SCORE 63.2

Wondering if anyone had this happen-last week an email account I had not had virtually disappeared. I have 2 other yahoo names and they are fine. Naturally, I can only seem to get form letters back from yahooletechs. Does someone know if there is a program going around that can boot people or delete their accounts?
 

Read other answers
RELEVANCY SCORE 61.2

My wife was given a computer that seemed good but i am not sure if it was infected with trojans and spyware i thrn tried and used a usb onto 2 of the laptops and seems i got same thing on all 3 i am using a desktop at present since i do not feel safe on the other ones .  After  weeks of using our computer, she suddenly wasn't able to sign into hotmail or Skype.  Her password had been changed as well as mine  Then as we tried to reset the password we discovered her email address had been deleted.  She had just accessed and used her email the day before.  Her information was definitely stolen and I feel it was probably logged while using our computer.  The reason i suspect is my wife and I have noticed many pop-ups, especially when using Google Chrome and redirects     I had attempted to download a VPN browser software  and it was free of spyware/malware.  But in my haste, I downloaded and installed the software from a location that I am sure had spyware/malware software attached and now i am using windows 8 on this pc and get a constant dial up window at certain times and all programs are running slow many are crashing and more think backdoor trojans etc.  so now,  please we beg, please, help!...

A:Hotmail ,Yahoo ,Facebook,Skype and email username/password hijacked

Hello frankp747 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 38 answers
RELEVANCY SCORE 55.6

Yahoo Messenger 9 version 9.0.0.2034, yahoo.co.in e-mail, Yahoo answers, etc. do not run/open on my PC. On attempting to log into Messenger 9 I get an error message: “Please click Try Again to re-enter your ID and password. If you have forgotten you ID or password, click Sign-in Problems”.

Earlier they would open only if they were the first programs I switched on when I would start my PC else I would get an error message “Messenger encountered a connection problem. Please check the network connection and then click "Try Again" (81003004)”.

My computer system: AMD 64 3200+ 2.01Ghz, 1 GB RAM, 80 GB HDD, Windows Professional XP-2, IE 6 with Cookies Enabled, MS Office 2003, BSNL Broadband, Java (TM) 6 update 11, Java (TM) 6 update 7, no Startup programs other than AVG Free version 8. I am based in India.

I have checked with those using the same broadband connection as to not facing any problem with Yahoo.

Yahoo FT Server and Yahoo! Messenger are provided as exceptions in my Windows Firewall. In IE6 under Security Sites I have not blocked any website.

Where could the problem be?
 

A:Yahoo Messenger 9, Yahoo email, Yahoo sites not opening on Windows XP2, IE6

is yahoo running at start up
 

Read other 3 answers
RELEVANCY SCORE 50.4

I belong to one Yahoo Group and have my email for that group set up for "individual emails" for all group messages. I receive all messages daily from all other group members except one member. Can't figure out why I don't get his messages (makes no difference if it is text only messages or messages with pics attached). The only way I know this particular member has posted to the group is when other members have their group email settings set up to automatically affix all/part of posts at the bottom of their replies to same. As you see by my signature, I use Firefox 1.5.09 as my default browser. My other realtime running programs also listed there, but I don't think they could be a factor. Not sure whether Firefox is a factor with the blocking. I have asked this member to post a test message today and I am accessing the net exclusively via IE6 today to see if his test message comes through or not. Will report back my findings on that score. BTW, I do not use an email client. I read all my mail directly off the Yahoo Mail website. Only thought I've had, is once or twice my mail has "bounced" because my inbox was full. But my inbox rarely gets full. And this problem seems to be more persistent than just a few occasions. Anyone have any additional thoughts on what could be causing my dilemma?

A:Yahoo Web-based Email/yahoo Groups Problem

Don't know if it is the problem, but just realized I normally keep my mail options set to "automatically delete" bulk mail messages. Maybe somehow this group member's messages are being "perceived" as spam and Yahoo's spam filter is blocking his posts. I've gone into my settings just now and told it to hold those messages a week for me so I can test possible factor. Will post back my findings.

Read other 6 answers
RELEVANCY SCORE 50.4

Hello,
For the past several weeks now, when I check my Yahoo email account using IE 8 version (actions performed: clicking on the Inbox, moving from email to email, opening an email) I am redirected to this website:

hxxp://premium_.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1296073985&Signature=r1JBMUZ7yDiRdj2Wu3Ul5hjNCoQ%3D

This does not happen all the time. It seems to be sporadic. I can have periods of time when this does not happen (I can open several messages or navigate from one message to another and not have a problem) then all of a sudden I will be redirected to the site listed above. If I click the back button I can get back to my email and move around once again. The redirect may or may not occur again or from that point forward. From what I have read online, there doesn't seem to be a fix for this issue.

I have tried running several scans with Malwarebytes (in safe mode), Ad-Aware, AVG, Spybot, Hitman Pro 3.5 and ComboFix. But, none of these scans have returned any results that have resolved this issue. I have also removed all versions of Java and updated to the latest version (Java 6 update 23). I've also removed all versions of Adobe and installed Adobe Reader X version 10.0.0 as I have read that keeping old versions may pose a security risk. Just trying to provide as much information on what I've done up to this point.

I've attached scan results from RootKit Unhooker Report.txt (zipped), the DDS Attach.tx... Read more

A:Yahoo redirects my IE session when checking my Yahoo email

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 50.4

Oh boy!

I am running Windows XP Home Edition SP2.

Here is where I will start. My apologies, this might be long winded.
I was having problems with browsing (posted this prior) and wasn't getting anywhere with attempting to adjust browser settings. I was getting blocked going regular places. So... after getting very aggravated, I accessed Symantec's online chat help w/ an analyst. During this time, the analyst remotely accessed my computer on two occassions, ultimately finding out that the problem was not with the Norton 360 but was with IE (v.7). We were having problems with connectivity. He said his system said I was disconnected yet he was still in my system. He started a notepad doc to chat with me, saying that we were locking up and I should Google the verbage I was receiving during the browsing blocks I was receiving. As I was typing a response saying I have done that, we were disconnected. Since I knew what I had originally found, I disconnected completely and left it for today since more than 2-3 hours have now passed. Today, I cannot access my email. I receive an HTTP 405 error. (Programming error). I noted that in the heading, the address started like this: hxxp://red.clientapps.yahoo.com/customize/toplevel/msgr6. After searching that on the web, I found that this is a BAD thing. I also noticed that the Phishing filter was off. Message said "Phishing filter cannot check this website because the Microsoft online service is temporarily unavailable&qu... Read more

A:Unable To Access Yahoo Email (red.clientapps.yahoo.com/)

Have you tried using an alternate browser like Firefox to see if you encounter the same problem? If you can use Firefox, then will narrow the problem down to an IE issue.Since you cannot run the Housecall or Panda scans, if you install Firefox you can then perform and online scan using Trend Micro Housecall Scan for Firefox. This also leads me to believe you have an ActiveX problem.

Read other 2 answers
RELEVANCY SCORE 49.2

Can anyone suggest how to perform email evidences acquisition (Email forensic). I need to gather information related to email like email header details, attachment preview (PDF, word, images etc.), IP addresses and other relevant information. It will be
advantageous if the tool allows you to import emails with diverse extensions(MBOX, EML, Gmail, Outlook.com) and also export email evidences in a format standard for court like Concordance etc?.???

Read other answers
RELEVANCY SCORE 49.2

Hi Geniuses:
I wanted to throw this out to you to see if there was a solution to my "inbox zero woes"

TECH SPECS:

Yahoo Email address (yes I know)
iPhone with Outlook App
Mac Computer with Mail APP
Extra Gmail account with a "send gmail from account"

What I found was that while on the road (most of my email use) the Outlook App for iPhone was fastest at fetching mail, and I LOVE the interface (ability to snooze emails, archive etc).

Problem is, my home mac with MAIL doesn't play nice when I archive Emails on my app.
Secondly, I also like to use gmail as a web client for searching files, using todo etc.

My question: can all of these play nice in the same sandbox? Can I archive on one device, and have it translated amongst the others? If not, what are my solutions (switching over to outlook on Mac? Just using a GMAIL address from now on). Would love some light / insight on this.

Many, Many thanks!
-Bryan.
 

Read other answers
RELEVANCY SCORE 48.8

I think this problem has come up here before, and got this advice:

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
I already had Hijack this, and thus pushed on to running a scan...

Logfile of HijackThis v1.99.1
Scan saved at 13:22:17, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer... Read more

A:[email protected] has gotten me... analysis needed

Hi, Whamme.

Welcome!

Please download SmitfraudFix (by S!Ri) to your Desktop.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Onc... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.98.2Scan saved at 8:40:47 PM, on 10/14/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\crzh32.exe:chnthC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Messenger\msmsgs.exeC:\antihijack\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\system32\d3pt32.exeC:\Documents and Settings\Richard\Desktop\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\rbdqi.d... Read more

A:Hijackthis log; analysis help

The first thing I need you to do is download the file from here:Getservices.zip - Get list of XP/2000/NT ServicesExtract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post along with a brand new hijackthis log.

Read other 4 answers
RELEVANCY SCORE 48.4

Hi,Could you please help me to analyse the HijackThis log below : explorer.exe in using 50 % CPU all the time .... Logfile of HijackThis v1.99.1Scan saved at 21:22:25, on 06/06/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Soft\Norton\ISSVC.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Soft\Norton\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Java\j2... Read more

A:Hijackthis analysis

Hello jeffgonguet. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download Process Explorer by Sysinternals and unzip it to your desktop. Do not run it yet.Download Pocket Killbox and unzip it to your desktop. Do not run it yet.Step #2Open Notepad and copy/paste the text in the quotebox below into the new document:REGEDIT4[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}][-HKEY_CLASSES_ROOT\CLSID\{B8B55274-0F9A-41E5-9067-A3539BD9E860}][-HKEY_CLASSES_ROOT\MSEvents.MSEvents][-HKEY_CLASSES_ROOT\MSEvents.MSEvents.1][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSEvents.MSEvents.1]Save the document to your desktop as fixvundo.reg and close Notepad. Step #3The rest of this fix must be done in safe mode.Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #4Locate procexp.exe on your desktop and double-click on it to start the program.In the top section of the Process Exlporer screen double-click on WinLogon.exe to bring up the WinLogon.exe Properties Dialog. Click on the Threads tab at the top.Locate each instance of dvdcat.dll, click once on the instance and... Read more

Read other 1 answers
RELEVANCY SCORE 48.4

Hi folks,
I downloaded Hijackthis to remove an unwanted program cyberfamousas which I believe is
associated with adware or malware.
My computer is seven years old and I would appreciate any help and direction you can provide in
cleaning things up.
Regards,
xcitableboi

A:Hijackthis analysis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:53:24 AM, on 1/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\WINDOWS\System32\cisvc.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\MMKeybd.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotif... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Dear Friends,During the last week I have used Spybot S&E, Microsoft Antispyware and AdAware to remove Ezula, Statblaster, People on Page and about a dozen others, but they keep coming back. Could you please advise ? My log is below.Logfile of HijackThis v1.99.1Scan saved at 10:44:28 PM, on 5/20/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\userint32.exeC:\WINDOWS\SYSCFG16.EXEC:\aight.exeC:\WINDOWS\System32\rcbstr.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\System32\qtwgnt5.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolb... Read more

A:Need help with HijackThis log Analysis

Hi nomonkeytricks and Welcome to the Bleeping Computer!Was that the Entire HijackThis Log???Please Update and then configure Ad Aware like this Configure Ad-Aware SE Personal 1.05: o Click on the Gear button at the top of the window. o Click "General" on the left hand side to display the General Settings box. + Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark: # "Automatically save logfile" # "Automatically quarantine objects prior to removal" # "Safe Mode (always request confirmation)" # "Prompt to update outdated definitions" - change to 7 days from the default 14. o Click "Scanning" on the left hand side to display the Scan Settings box. + Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark: # "Scan within archives" # "Select drives & folders to scan" - select your hard drive(s). # "Scan active processes" # "Scan registry" # "Deep-scan registry" ... Read more

Read other 10 answers
RELEVANCY SCORE 48.4

Ran all the appropriate tools I know of (CW Shredder, Ad-aware, SPYbot, Mcafee) still have some bogus processes running (r?ndll32.exe). I keep getting pop-ups as well as Ad-aware continues to report that the registry is being modified. Here is the Hijack This Analyzer results:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:54:12 PM, on 10/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\ComputerAssociates\NTAgent\Ntagent.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\system32\wwSecure.exe
C:\Program Files\ComputerAssociates\ARCserveITDS\asdscsvc.exe
C:\Program Files\ComputerAssociates\ARCserveITDS\Liccheck.exe
C:\Program Files\GIANT Comp... Read more

A:hijackthis.log analysis

Hi and Welcome
It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed..

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.

Please do NOT run Hijack This in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/



SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Files highlighted in BLACK will need to be removed from your hard drive.



------------------------------------------------------------------


To help clean out Trusted Zones,download and run DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.


----------------------------------------------------------------------

Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
-------------------------------------------------------------... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

OT: Here's another system that needs your magic touch.Thanks, BobhLogfile of HijackThis v1.99.1Scan saved at 10:25:12 AM, on 5/27/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\DELLMMKB.EXEC:\Program Files\C... Read more

A:HijackThis Log for analysis

Hi bobh. It must be Spring and you are doing Spring Cleaning! You know the routine so let's clean this one up.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exeO4 - HKLM\..\Run: [tdXrm4DGE] C:\WINDOWS\xjayaluf.exeO4 - HKLM\..\Run: [salm] c:\temp\salm.exeO9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - (no file) (HKCU)O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c9.cabO16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cabO16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/download.ocxO16 - DPF: {8C42D15B-D8C2-40AD-9A06-3F27F58AE33E} - http://www.search-climbers.com/download/un...wordsUnInst.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://dow... Read more

Read other 6 answers
RELEVANCY SCORE 48.4

Hi OT: Back again! Had a run on trashed systems lately. Let me know what you see with this one.Thanks!Logfile of HijackThis v1.99.1Scan saved at 10:59:06 PM, on 5/23/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\BQTray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwso... Read more

A:HijackThis Log for Analysis

Hi again bobh! Let's see if we can fix this one up. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htmR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//... Read more

Read other 5 answers
RELEVANCY SCORE 48.4

my pc got infected and i downloaded the hijackthis software. it showed this log. there is no O20 entry so i followed your instructions to post this....Logfile of HijackThis v1.98.2Scan saved at 1:50:02 PM, on 11/2/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\CARPSERV.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\LVCOMS.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\SYSTEM\E_S4I3T1.EXEC:\WINDOWS\FVPROTECT.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\NNDLI680OI6T.EXEC:\WINDOWS\RUNDLL32.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Inter... Read more

A:HijackThis Log and Analysis

Hi xywarlock1. Download CWShredder: Download here. Unzip it on your Desktop. Don't use it yet.2. Download this tool from Symantec: Backdoor.Agent.B Removal Tool and save it on your Desktop. Follow Symantec's instructions for how to run it.3. When the removal process is finished you will find a log on your Desktop . Don't delete it. Please copy & paste the contents of the log as a reply to this post.4. Restart the computer.5. Make sure all browser windows are closed and run cwshredder.exe, and click on the FIX button (not the "Scan only" button) and let it scan your computer.6. Run HijackThis! again and post a fresh together with the Symantec Tool log.

Read other 4 answers
RELEVANCY SCORE 48.4

HijackThis log file for analysis and help:Logfile of HijackThis v1.99.1Scan saved at 10:13:05 PM, on 5/20/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\svchost.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exec:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exeC... Read more

A:HijackThis Log for analysis

Hello bobh and welcome back . After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download Cwshredder.exe and save it to a folder of its own. Start the program and click on the Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).Download CCleaner and install it but do not run it yet.Now we need to remove a service.Part 1Click Start>Run, type services.msc into the Open editbox and click the Ok button.Locate the .NET Framework Service service and click the Stop button.In the Startup type dropdown select Disabled.Click the Apply button and then the Ok button.Close the Services windowPart 2Click Start>Run, type cmd into the Open editbox and click the Ok button.Copy/paste the line below into the Command Prompt window and press the Enter key:sc delete .NET Connection ServiceClose the Command Prompt windowStep #2Restart in Safe ModeRestart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.htmlR0 - HKLM\Software\Mi... Read more

Read other 8 answers
RELEVANCY SCORE 48.4

Hi, I've recently been having problems with online accounts having password changes, leading me to think that I may have a keylogger of some sort. An analysis of my attached log would be greatly appreciated! Thanks!

A:Hijackthis log analysis

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Greetings,I'm having problems getting rid of some type of "popup" that lauches even when not connected to the internet. Running XP Home, turned off system restore, updated Adaware SE and Spybot, ran in both in safe mode and normal boot mode numerous times, ran NAV w/latest updates and still can't find the culprit.Assistance would be greatly appreciated.Logfile of HijackThis v1.98.2Scan saved at 3:09:17 PM, on 9/17/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\evntsvc.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exeC:\Program Files\Hewlett-Packard\Digital Imagi... Read more

A:HiJackThis Analysis

HelloPlease have hijackthis fix the following with no browser windows open:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll (file missing)O2 - BHO: (no name) - SOFTWARE - (no file)O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file)O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winnbt32.exeO9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)Reboot your com... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi all, my world of warcraft account was just recently hacked, and I have no idea how it happened, first time in 5 years. I am very up to date on my security checking and pretty smart when it comes to fake emails and sites. It bugs me a lot that I have no clue how it happened, as I didn't really have a virus or malware on my comp. It could have been a keylogger or just that my password was weak, which is was. Anyways, can someone look at my log below and tell me if anything is wrong. This hack occured Monday, and since then I have been running all sorts of scans and cleans. I have run about 4 different virus scans: the one I own, norton antivirus 2010, then free online ones like bitdefender, panda, eset. I did a few malwarebytes scans, AVG anti-rootkit, spy bot search and destroy, as well as CCleaner. I also turned off system restore to delete all those points and turned it back on and did windows update. I use firefox and got the flashblock/noscript addons. I even tried out this keylogger detector called KL-Detector. It was kinda hard to understand since it doesn't remove anything, it just tells you to check certain files. But anyways, I'm out of ideas for protection and scanning. I did change all my passwords to make them stronger, but it's just annoying that I have no idea how it happened, which leads me to believe it could happen again, or is still happening without me knowing it. So any suggestions on what else to keep up to date on, or othe... Read more

A:Need analysis of HijackThis log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hello All,

The log below was generated after I ran both Ad-Aware SE and Spybot Search and Destroy. Ad Aware was run first, then a reboot, then Spybot, then another reboot. This is on a Windows 2000 machine using IE as the browser. The biggest issue at this point is are the pornography popups from "Blend-A-Sex" and "sexocean" .

Thanks in advance for any help that can be rendered...

Logfile of HijackThis v1.98.0
Scan saved at 9:29:02 AM, on 8/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\PROGRA~1\Belarc\BelMonitor\BANTMonitorSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\2\fppdis1.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\Ac... Read more

A:HijackThis Log analysis...

Hi garygibson

Welcome to TSG!

A new version of Hijack This has been released so get rid of the old one and Click here to download the new one, come back here and post the log from it.
 

Read other 3 answers
RELEVANCY SCORE 48.4

Hello

I hope I am in the correct place for this post. This is my first post here. I have downloaded and installed the latest Hijackthis program (1.0.0.1). This is the version given in properties. But I thought I saw 2.0.2 version or something like that when I downloaded Hijackthis from Trend Micro today.

Here is my computer information: Platform: Windows XP SP2 (WinNT 5.01.2600), MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

I use Firefox only as my browser.

Please tell me how and what to remove, or perhaps there is a link that provides instruction to remove entries from the registry.

Many Thanks!

Here is my HijackThis log taken earlier today:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mybasicisp.net

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mybasicisp.net

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = basicisp.net Internet Explorer

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar... Read more

A:Help with Analysis of my HijackThis Log

Hello, AJAX
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on your sys... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

I would greatly appreciate the expertise this forum offers. Does anyone see any problems with this log?

Logfile of HijackThis v1.99.0
Scan saved at 8:37:34 PM, on 1/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\rawkcuf\LOCALS~1\Temp\Rar$EX00.037\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ahead\Nero\nero.exe
C:\Program Files\Grouper\Grouper.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\rawkcuf\LOCALS~1\Temp\Rar$EX00.900\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\epghy.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\M... Read more

A:Hijackthis .log analysis

Welcome to TSG

Go to Control Panel - Add/Remove Programs

Uninstall: BullsEyeNetwork

Download Ad-Aware: http://www.lavasoftusa.com/support/download/

In the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Reboot

Post a new log
 

Read other 1 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 9:43:01 PM, on 6/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Skyscape\smARTupdate.exeC:\PROGRA~1\MICROS~4\rapimgr.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\PROGRA~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\syste... Read more

A:Need Help With Hijackthis Log Analysis

Do you think you are still having problems? Please post a current hijackthis log.

Read other 1 answers
RELEVANCY SCORE 48.4

Please help resolve my spyware problems. Thanks!Logfile of HijackThis v1.99.1Scan saved at 1:51:17 PM, on 7/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ProcessGuard\dcsuserprot.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Commo... Read more

A:Hijackthis Analysis Please

Hi there and welcome to Bleeping Computer !As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 1 answers
RELEVANCY SCORE 48.4

Help with log analysis. THANKS!

--------------------------------------------------------------------------------

Logfile of HijackThis v1.99.0
Scan saved at 1:08:05 PM, on 1/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\services.exe
C:\WINDOWS\System32\svchost.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\csrss.exe
C:\WINDOWS\system32\iebk32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital... Read more

A:HijackThis analysis

Hi, If you still need help with this, I advise that you just post a new HJT log...you have an about:blank hijack and some other things...there are some folks here who can help you with this.
 

Read other 1 answers
RELEVANCY SCORE 48.4

hi,I have a serious adware infection. I've done all the scans recommended. I still have these annoying ads being displayed all the time. Here's my HijackThis log. Please help me with what I need to do next. Thanks in advance.Gautam.Logfile of HijackThis v1.99.1Scan saved at 11:24:10 PM, on 6/25/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Network Associates\VirusScan\Avsynmgr.exeD:\WINDOWS\system32\ZONELABS\vsmon.exeD:\WINDOWS\system32\rundll32.exeD:\WINDOWS\Explorer.EXED:\Program Files\Network Associates\VirusScan\VsStat.exeD:\Program Files\Network Associates\VirusScan\Vshwin32.exeD:\WINDOWS\Mixer.exeD:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeD:\Program Files\Network Associates\VirusScan\Avconsol.exeD:\Program Files\Network Associates\VirusScan\Webscanx.exeD:\Program Files\QuickTime\qttask.exeD:\Program Fi... Read more

A:Hijackthis Log For Analysis

Hi,Looks like miekie is already helping you in this thread :http://www.bleepingcomputer.com/forums/t/56678/please-help/Please continue there and don't create a new topic.Good day,Jet Ian

Read other 1 answers
RELEVANCY SCORE 48.4

I have a new computer (3 months old). Recently, it has started locking up and the only thing I can do is to shut it off at the off/on switch. I can't even get to Task Manager because nothing is reponding. Could someone please assist with analyzing my HiJackThis log.

HP Pavilion Desktop
Model 6400f
Windows Vista Home Premium
Service Pack 1
3.0 GB
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:11 PM, on 9/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro... Read more

Read other answers
RELEVANCY SCORE 48.4

In an attempt to rid my computer of malware/spyware/whatever-else, I tried to install and run AVG, Comodo, MSE, Spybot S&D and Avira. AVG and MSE never finished installing due to an unidentified error occurring at the end of installation, and both Comodo and Avira don't start up when I run them, though they both technically installed; Spybot is the only one that's working, atm.

Worth mentioning also, I think, is that Task Manager doesn't run either when I hold ctrl+alt+del.

After a quick Google, I noticed some solutions to similar problems involving Hijackthis, and was wondering if any experts out there could take a look at my logfile and give me some advice as to what could be causing the above problems (and potentially all my problems). I'd obviously be very appreciative.

The following is the complete logfile from a HijackThis scan:


Quote:




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:32:42, on 24/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Expl... Read more

A:HijackThis Analysis

Hello and welcome to TSF.


Quote:




I tried to install and run AVG, Comodo, MSE, Spybot S&D and Avira.




AVG, Comodo, MSE and Avira are all antivirus applications. As stated in our preposting sticky, you should not have more than one antivirus installed.


Quote:




3. Uninstall the following via Add or Remove Programs in Control Panel:

* If you have more than one antivirus software installed, leave only ONE and uninstall the others.




Having said that, HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 48.4

Hi There! I am always frustrated (hey, but enough about my private life!) when I first turn on my computer. It appears to have been set to run one or more systems (virus check I assume) which eats up loads of virtual memory REALLY slowing down the machine. So I turn on and walk away for 30 mins or so until it has run the process. I tried to figure out exactly what was running on startup this am and came across HijackThis. I installed and ran an analysis - see below. I would be grateful if you could suggest how I can to identify what exactly is running on startup and using all the virtual memory (Task Manager just shows lots of programmes using varying amounts of memory - I have tried to eliminate them one by one using the Free Process Freezer which is meant to freeze processes - though it doesn't seem to retain this information after shutting down and re-booting - you have to re-freeze processes) and if you think thre are any files / processs identified by HijackThis in the list below which warrant concern.Many thanks for your consideration of this topic. 'Preciated!Many your children all be techno wizzards - but not on the Dark Side.YoursBrassens1 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:27:53, on 06/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32 ... Read more

A:Hijackthis Analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Had (have?) a real nasty Hijacker on my computer. Ran the About:Buster, which deleted over 600 bits, then did HijackThis. The log follows. Now what???? Thanks! GeneLogfile of HijackThis v1.98.0Scan saved at 12:42:24 AM, on 7/29/2004Platform: Windows ME (Win9x 4.90.3000A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXEC:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\ATI2EVXX.EXEC:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXEC:\WINDOWS\EXPLORER.EXEC:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXEC:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\PROGRAM FILES\MOTIVE\MOTMON.EXEC:\WINDOWS\SYSTEM\LVCOMS.EXEC:\WINDOWS\LO... Read more

A:Help! on HijackThis Log Analysis

Gene fix with hijackthis all the O2's that say (file missing) and then post a new log

Read other 7 answers
RELEVANCY SCORE 48.4

To give a bit of background, it started when this fake antivirus (Something Antivirus Pro) downloaded itself onto my computer and gave me thousands of error messages claiming I had a bunch of viruses. Then there was a screen with a fake virus scan saying that the only way to stop this madness was to buy their product. I used AVG, AND Adaware to blast it away. However I was left with a trojan that redirected my search links and gave me massive popups, some containing my User folder directory. None of my antivirus software has been able to even put a dent in this thing. I've tried Malwarebytes, AVG, Spyware Doctor, Spybot:Search and Destroy, Combo-Fix, I even downloaded KillBox. Now I'm on my last thread and I'm hoping someone, ANYone, can help me get rid of this thing because I really don't want to have to reformat, so here's the HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:12 AM, on 12/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Sy... Read more

A:HijackThis Analysis, if you please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

My desktop pic has been eliminated and when I go to control panel/display/desktop tab, it's frozen and will not allow me to do anything! Also, I downloaded the Panda Trial Version and it will not fully download. Something is seriously wrong. I have XP OS. I ran Ad-Aware SE, Spybot, SBC Yahoo Spyware and Virus scan and the Trend Micro scan. Still nothing. Here is my Hijack this log. Could some knowledgeable person please tell me which files here to delete. Thank you very much. This is my first post in this forum.
Tom
Logfile of HijackThis v1.99.1
Scan saved at 12:18:31 AM, on 1/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C... Read more

A:Hijackthis log analysis please...

Hello Hypnotised and welcome to TSF,

There's not much showing itself in this log.

Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.

---------------------------

Run a scan in HijackThis. 'Check' each of the following if they still exist (make sure not to miss any):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing

Click 'Fix Checked' and close HijackThis.

---------------------------

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Standard CleanUp!"
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
-Scan local drives for temporary files
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

Reboot into Normal Mode.

Perform an online scan using Internet Explorer with Kasper... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

My Xp computer was infected with SpySheriff along with a bunch other malwares, I ran Ad-Aware SE, Microsoft AntiSpyware, ewido anti-malware, CleanUp!, Spybot Search & Destroy and got most of the poison out of the systems.

However there are still two outstanding problems.

1. I can't set my wallpaper to the standard the XP wallpaper, seems to be disabled. I used to have desktop.html, and I deleted it.
2. My Task Manager is also disabled.
My HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System has three entries

(Default) REG_SZ (value not set)
DisableTaskMgr REG_SZ 0
Wallpaper REG_SZ

Here is my HijackThis report, please let me know if I still have any infections and how to solve the above two problems.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:04:28 PM, on 12/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
... Read more

A:Need help with HijackThis analysis

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install - CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Download & extract it to it's own folder - smitRem.exe


'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKL... Read more

Read other 7 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.97.7Scan saved at 下午 10:41:55, on 2004/7/22Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Winamp\Winampa.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\vsnphv71.exeC:\WINDOWS\System32\lrcfg32.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\System32\jacfg2.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\srvany.exeC:\WINDOWS\system32\resetservice.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\S... Read more

A:Hijackthis log analysis plz

There is a new version of hijackthis available. Please download it fromhttp://www.spywareinfo.com/~merijn/files/hijackthis.zip or here:http://computercops.biz/downloads-cat-14.htmland post a new log

Read other 8 answers
RELEVANCY SCORE 48.4

Hi.. This is my HiJack this Log.. Please advise!Logfile of HijackThis v1.97.7Scan saved at 1:24:51 PM, on 9/5/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\iebe.exeC:\WINDOWS\System32\cdbmzzzp.exeC:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exeC:\Program Files\Lexmark X1100 Series\lxbkbmon.exeC:\PROGRA~1\AWS\WEATHE~1\Weather.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\WINDOWS\system32\atlok32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS... Read more

A:HijackThis Log Analysis, Anyone?

You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log

Read other 11 answers
RELEVANCY SCORE 48.4

Attached below is a Hijackthis log file. I am having a problem with my Windows XP taskbar and sound. A virus window poped up and I assumed it was my McAfee virus program. I probably made a mistake and clicked on it letting the virus or ad-ware onto my computer. I can not change my taskbar back to the XP blue version. I returned my system to an earlier state and that did not help either. Any help is appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:52:46 AM, on 6/1/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nslsvice.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exec:\icollect\icserv.exec:\icollect\wake_up.exeC:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Network Associates\Common Framework\... Read more

A:Hijackthis Log Analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Dear members,My Operating system is Windows 2000.When ever i try to open Taskmansger it opens for a second and then disappers and even i cannot paste the copied items in the system.I have run Ad-Aware SE Personal and Spybot Search and Destroy.Spybot detected some problems and fixed them using the 'Fix the selected problem' option of spybot.but i still haunted with the same problem.I ran Hijackthis in safe mode and pasting the log details below.Please help me out. Hijackthis LogLogfile of HijackThis v1.99.1Scan saved at 7:35:59 PM, on 5/4/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SCardClnt.exeC:\WINDOWS\System32\WBEM\WinMgmt.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.exeC:\download\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.182.1R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.182.1:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.182.*;w... Read more

A:Analysis Hijackthis log

Hello Shree and welcome to the BC forums. It appears that we have several infections here to deal with. This will take multiple stages so please have patience. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe C:\login.exeO3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)O4 - HKLM\..\Run: [Windows Manager Drivers] svscahost.exeO4 - HKLM\..\Run: [CT Control Settings] CTSVCCD.EXEO4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exeO4 - HKLM\..\Run: [IPC Connection] ipcconn.exeO4 - HKLM\..\Run: [Windows Messenger] winmessenger60.exeO4 - HKLM\..\Run: [Microsoft Windows Update] wupdatemanager.exeO4 - HKLM\..\Run: [Shell Logon] C:\login.exeO4 - HKLM\..\Run: [salm] c:\temp\salm.exeO4 - HKLM\..\Run: [wintnt32.exe] wintnt32.exeO4 - HKLM\..\Run: [Windows Mouse Utilities]... Read more

Read other 11 answers