Over 1 million tech questions and answers.

Hijackthis Log for Analysis - Yahoo email hijacked

Q: Hijackthis Log for Analysis - Yahoo email hijacked

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:49 AM, on 7/7/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Garmin\gStart.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
O4 - Global Startup: Logitech Music Anywhere Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11458 bytes

RELEVANCY SCORE 200
Preferred Solution: Hijackthis Log for Analysis - Yahoo email hijacked

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Hijackthis Log for Analysis - Yahoo email hijacked

Greetings keithohlms and Welcome to the Forums,Please read This Topic pasted at the top of this forum. Please do what it says to do, and post back the requested logs. We'll have a look...suggestions will be based upon the results of those scan logs. Thanks!

Read other 3 answers
RELEVANCY SCORE 66.8

Salutations Forum goers and IT Professionals! I appreciate any help you can supply me with about this issue.

I run a bunch of travel related websites, we have been dealing with spam for a while. Its mostly just a small aggravation, however this morning I found that it can be more than that. An issue was brought to me by my agent. Apparently she discovered a LOT of failed E-mail messages in her inbox this morning. They were not messages that she sent. So I thought she had been hijacked so I ran a hijack this program and have posted the results below. I have not reviewed one of these logs before, but have found that forum dwelling do-gooders can analyze the results for people in need. I would like to be one of those people. If there is somewhere that I can learn to evaluate the results myself I would appreciate a poke in the right direction. Thanks guys. Here is the log, if someone could give it a quick look-see for me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:50 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe ... Read more

Read other answers
RELEVANCY SCORE 64.8

My Yahoo email addresses were hijacked. It sent different web links to different people. I went in and deleted all of my contacts, but don't want to change email addresses if I don't have to.

Here is a Hijackthis Log if anyone sees something unusual.

Thanks.

Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
65.55.37.104 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable
Giving up on 65.55.37.104.

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 80931 invoked by uid 60001); 1 Feb 2011 15:28:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1296574096; bh=Z0qiIjIkJ+A7FS4ce4e6dfnQByaeDxaf6LeGr+lrXJ4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=Thy367DadNy7GpIHa1ME6jCmSbB5kSvs9L9kXQkkYB7qb5oWqBwIQZLzz1HUoS61S89hZJ6y0a+0gbw6H9/tCu2kblwDNV++9Wb7Om5DFEzp4SOAWrLCjxxdcrSAG+qdkCHKiVjTgHlF75eVm/gBvrZMfMr1rXV5kw1Bx0777xc=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=WMt6gb0rPmuEt7wHpm/uW3hYTzzjAVTW/bwV3BGEynJvNY4FcjSTPFXVRDRQTWwkuUgeznxEm6MLUWy89wRypGAJ+ndVoABxAcid24j+Kpuwunm1Ljn... Read more

A:Yahoo Email Hijacked

Hello, you did not include an HJT log. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.You can also include your HJT log.Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 64.8

I am currently facing some majorly frustrating issues with my yahoo email. I used to have ATT as my ISP, but I dropped them and just kept the sbcglobal email. Turns out my email has been hijacked and the password changed. Well, I either can't remember the security questions or they have been changed also. I've been up and down and all around with people in India about this and none of them know enough to help me. This jacker is looking at my email and sending bogus spam and I can't get in to change my password or anything. There's sentimental emails in there. No #, no fax, no nothing to get a hold of someone who knows how to verify that I'm me, and that I want my email back. Any thoughts?

A:Yahoo email hijacked

See if any of these suggestions help: http://in.answers.yahoo.com/question...7075315AA9ty8M

Yahoo Help Form: http://help.yahoo.com/l/us/yahoo/security/general.html

Read other 1 answers
RELEVANCY SCORE 64.8

This Monday AM I noticed my yahoo email account was sending spam mail to my entire contact list.The emails appeared in my sent items folder, and had a link to businesslenews15.net/jobs/?alert=86255. I did not click on the link. A few of the people that got the email did.The full header for the email looks fairly legit, except the from IP is in Warsaw, Poland. I am in the US.I checked the login history from yahoo for my account. I did not see anything that looked like it was not me.Here is what I did:+ I changed my yahoo password. (as well as other critical pwds)+ I checked that my password recovery email addresses were not changed.+ I sent a mail to my contacts list telling them to delete the email and not click on the link.+ I deleted all my contacts from yahoo.+ I scanned my home pc using AVAST, Windows Defender and MalwareBytes (quick, then full scans). Nothing significant was found.The home pc mentioned above has been running it's fan a little more than previously over the last month, but performance-wise it seems fine. Whenever the fan goes on, I check the processes running and they all seem to be something I kicked off.I can think of one other PC I logged onto yahoo from since I last changed my pwd 6 months ago, and he ran a scan and found no issues (Norton). Of course, he also clicked the link in the email, so draw your own conclusions about that. He also had his yahoo email hijacked in a similar manner ~1 yr ago, but he changed his pwd and it stopped.Here a... Read more

A:Yahoo email hijacked, not sure how

1. Update MBAM and do a full scan.2. Please visit the Eset online scanner:Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo to the Eset web page to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishClick on copy to clipboard or copy and paste the results here in this topic

Read other 16 answers
RELEVANCY SCORE 64.8

Lately I`ve noticed sometimes, key word being sometimes my Yahoo e-mail seems to get redirected at the sign in. I sign on using the "secure" tab, not sure why, but since spyware, bugs, hacks etc etc getting more frequent, and more ingrained into the net I started doing so. Not sure maybe I had missed it on occasion, but once about a month ago the time between clicking e-mail, and anything happening seemed awful long, and I got to looking at the bar address at the bottom of Firefox, which flickers the different places/names info being loaded. It flashed on something like akami.net for a second, and I thought hmmmm, usually to yahoo I see a lot of Yming, Y something, but had never noted this akami.net. When the page finally loaded it showed it as a broken secure connection. I closed the browser, reopened to Yahoo mail under secure, and it went right there, as it normally would, and without the long delay I`d just had. I`ve noted the same a few times since, and again noted it tonite. A search on Google for Akami.net doesn`t get any hits, I`m not positive if it is Akami, but thats what my minds eye thinks it was. I only saw it on the one occasion, as if it`s opening normally I guess I don`t pay any attention to what is flashing on the bar, but I`ve noted the broken secure link, and assumed was same thing.

Earlier today I had gone through the complete sequence of running Avast, AdAware, Spybot, checked Spyware Blaster, and done a HJT log after checking all of the site... Read more

A:Yahoo email getting Hijacked, but not??

Akamai is a "clearing house" of sorts, for all sorts of programs...almost a file sharing thing. Many legit programs and sites are listed by Akamai, but a multitude of infected programs and files can be found in there, too.

So, Akamai, in and of itself, is not suggestive of a problem. In fact, it could conceivably be a link for one of the ads on your Yahoo home page, as they do that sort of hosting business, as well.

If your tools show nothing, and your HJT log is unchanged, then the overwhealming probability is that nothing significant is afoot. That being said, there are so many new baddies out there right now, that the tools, and even HJT, can't see, that if you continue to have problems, you might want to consider taking a deeper look. We could help you with that.

Read other 12 answers
RELEVANCY SCORE 64

Hi there. My friend recommended your site.

My Yahoo email appears to be hijacked. All my friends are telling me they are getting weird emails from 'me' with various attachments that are links to online pharmacies, usually for Viagra.. etc. Also, all my sent emails are gone! I have looked over some of the other forum posts with similar problems, and it appears some scans are in order.

I have Avast antivirus and CyberDefender. They don't seem to find anything that has stopped the problem. I really don't want to delete this email account because i've had it a really long time now, but i'm worried my computer security is at risk. I am running Vista 64-bit on a Sony Vaio (pretty new).
Thank you in advance.

A:yahoo email hijacked! is this malware?

Looks like I forgot to follow instructions. Ok. Here is what happened when I followed your preparation guide. Nothing seems to be happening as described in the guide. but I did my best....1- DDS file download link didn't work. Didn't get that log. I get following message:File not foundFirefox can't find the file at http://download.bleepingcomputer.com/sUBs/dds.scr. * Check the file name for capitalization or other typing errors. * Check to see if the file was moved, renamed or deleted.

2- Gmer options for scan weren't as described in the preparation guide. All option boxes were greyed out except last three: 'Services', 'Registry', and 'Files'. 'C:\' drive was selected as was 'ADS'. 'Show All' was also greyed out. I did a scan with those options.That log ark.txt is attachedWell, now i don't see an option to attach a file. So i'll just post it here too.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-06 07:54:56Windows 6.0.6001 Service Pack 1Running: gmer.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcd035 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d3be9a Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f... Read more

Read other 2 answers
RELEVANCY SCORE 63.2

Wondering if anyone had this happen-last week an email account I had not had virtually disappeared. I have 2 other yahoo names and they are fine. Naturally, I can only seem to get form letters back from yahooletechs. Does someone know if there is a program going around that can boot people or delete their accounts?
 

Read other answers
RELEVANCY SCORE 61.2

My wife was given a computer that seemed good but i am not sure if it was infected with trojans and spyware i thrn tried and used a usb onto 2 of the laptops and seems i got same thing on all 3 i am using a desktop at present since i do not feel safe on the other ones .  After  weeks of using our computer, she suddenly wasn't able to sign into hotmail or Skype.  Her password had been changed as well as mine  Then as we tried to reset the password we discovered her email address had been deleted.  She had just accessed and used her email the day before.  Her information was definitely stolen and I feel it was probably logged while using our computer.  The reason i suspect is my wife and I have noticed many pop-ups, especially when using Google Chrome and redirects     I had attempted to download a VPN browser software  and it was free of spyware/malware.  But in my haste, I downloaded and installed the software from a location that I am sure had spyware/malware software attached and now i am using windows 8 on this pc and get a constant dial up window at certain times and all programs are running slow many are crashing and more think backdoor trojans etc.  so now,  please we beg, please, help!...

A:Hotmail ,Yahoo ,Facebook,Skype and email username/password hijacked

Hello frankp747 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 38 answers
RELEVANCY SCORE 56

Yahoo Messenger 9 version 9.0.0.2034, yahoo.co.in e-mail, Yahoo answers, etc. do not run/open on my PC. On attempting to log into Messenger 9 I get an error message: “Please click Try Again to re-enter your ID and password. If you have forgotten you ID or password, click Sign-in Problems”.

Earlier they would open only if they were the first programs I switched on when I would start my PC else I would get an error message “Messenger encountered a connection problem. Please check the network connection and then click "Try Again" (81003004)”.

My computer system: AMD 64 3200+ 2.01Ghz, 1 GB RAM, 80 GB HDD, Windows Professional XP-2, IE 6 with Cookies Enabled, MS Office 2003, BSNL Broadband, Java (TM) 6 update 11, Java (TM) 6 update 7, no Startup programs other than AVG Free version 8. I am based in India.

I have checked with those using the same broadband connection as to not facing any problem with Yahoo.

Yahoo FT Server and Yahoo! Messenger are provided as exceptions in my Windows Firewall. In IE6 under Security Sites I have not blocked any website.

Where could the problem be?
 

A:Yahoo Messenger 9, Yahoo email, Yahoo sites not opening on Windows XP2, IE6

is yahoo running at start up
 

Read other 3 answers
RELEVANCY SCORE 50.8

Oh boy!

I am running Windows XP Home Edition SP2.

Here is where I will start. My apologies, this might be long winded.
I was having problems with browsing (posted this prior) and wasn't getting anywhere with attempting to adjust browser settings. I was getting blocked going regular places. So... after getting very aggravated, I accessed Symantec's online chat help w/ an analyst. During this time, the analyst remotely accessed my computer on two occassions, ultimately finding out that the problem was not with the Norton 360 but was with IE (v.7). We were having problems with connectivity. He said his system said I was disconnected yet he was still in my system. He started a notepad doc to chat with me, saying that we were locking up and I should Google the verbage I was receiving during the browsing blocks I was receiving. As I was typing a response saying I have done that, we were disconnected. Since I knew what I had originally found, I disconnected completely and left it for today since more than 2-3 hours have now passed. Today, I cannot access my email. I receive an HTTP 405 error. (Programming error). I noted that in the heading, the address started like this: hxxp://red.clientapps.yahoo.com/customize/toplevel/msgr6. After searching that on the web, I found that this is a BAD thing. I also noticed that the Phishing filter was off. Message said "Phishing filter cannot check this website because the Microsoft online service is temporarily unavailable&qu... Read more

A:Unable To Access Yahoo Email (red.clientapps.yahoo.com/)

Have you tried using an alternate browser like Firefox to see if you encounter the same problem? If you can use Firefox, then will narrow the problem down to an IE issue.Since you cannot run the Housecall or Panda scans, if you install Firefox you can then perform and online scan using Trend Micro Housecall Scan for Firefox. This also leads me to believe you have an ActiveX problem.

Read other 2 answers
RELEVANCY SCORE 50.8

Hello,
For the past several weeks now, when I check my Yahoo email account using IE 8 version (actions performed: clicking on the Inbox, moving from email to email, opening an email) I am redirected to this website:

hxxp://premium_.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1296073985&Signature=r1JBMUZ7yDiRdj2Wu3Ul5hjNCoQ%3D

This does not happen all the time. It seems to be sporadic. I can have periods of time when this does not happen (I can open several messages or navigate from one message to another and not have a problem) then all of a sudden I will be redirected to the site listed above. If I click the back button I can get back to my email and move around once again. The redirect may or may not occur again or from that point forward. From what I have read online, there doesn't seem to be a fix for this issue.

I have tried running several scans with Malwarebytes (in safe mode), Ad-Aware, AVG, Spybot, Hitman Pro 3.5 and ComboFix. But, none of these scans have returned any results that have resolved this issue. I have also removed all versions of Java and updated to the latest version (Java 6 update 23). I've also removed all versions of Adobe and installed Adobe Reader X version 10.0.0 as I have read that keeping old versions may pose a security risk. Just trying to provide as much information on what I've done up to this point.

I've attached scan results from RootKit Unhooker Report.txt (zipped), the DDS Attach.tx... Read more

A:Yahoo redirects my IE session when checking my Yahoo email

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

I belong to one Yahoo Group and have my email for that group set up for "individual emails" for all group messages. I receive all messages daily from all other group members except one member. Can't figure out why I don't get his messages (makes no difference if it is text only messages or messages with pics attached). The only way I know this particular member has posted to the group is when other members have their group email settings set up to automatically affix all/part of posts at the bottom of their replies to same. As you see by my signature, I use Firefox 1.5.09 as my default browser. My other realtime running programs also listed there, but I don't think they could be a factor. Not sure whether Firefox is a factor with the blocking. I have asked this member to post a test message today and I am accessing the net exclusively via IE6 today to see if his test message comes through or not. Will report back my findings on that score. BTW, I do not use an email client. I read all my mail directly off the Yahoo Mail website. Only thought I've had, is once or twice my mail has "bounced" because my inbox was full. But my inbox rarely gets full. And this problem seems to be more persistent than just a few occasions. Anyone have any additional thoughts on what could be causing my dilemma?

A:Yahoo Web-based Email/yahoo Groups Problem

Don't know if it is the problem, but just realized I normally keep my mail options set to "automatically delete" bulk mail messages. Maybe somehow this group member's messages are being "perceived" as spam and Yahoo's spam filter is blocking his posts. I've gone into my settings just now and told it to hold those messages a week for me so I can test possible factor. Will post back my findings.

Read other 6 answers
RELEVANCY SCORE 49.6

Can anyone suggest how to perform email evidences acquisition (Email forensic). I need to gather information related to email like email header details, attachment preview (PDF, word, images etc.), IP addresses and other relevant information. It will be
advantageous if the tool allows you to import emails with diverse extensions(MBOX, EML, Gmail, Outlook.com) and also export email evidences in a format standard for court like Concordance etc?.???

Read other answers
RELEVANCY SCORE 49.2

Hi Geniuses:
I wanted to throw this out to you to see if there was a solution to my "inbox zero woes"

TECH SPECS:

Yahoo Email address (yes I know)
iPhone with Outlook App
Mac Computer with Mail APP
Extra Gmail account with a "send gmail from account"

What I found was that while on the road (most of my email use) the Outlook App for iPhone was fastest at fetching mail, and I LOVE the interface (ability to snooze emails, archive etc).

Problem is, my home mac with MAIL doesn't play nice when I archive Emails on my app.
Secondly, I also like to use gmail as a web client for searching files, using todo etc.

My question: can all of these play nice in the same sandbox? Can I archive on one device, and have it translated amongst the others? If not, what are my solutions (switching over to outlook on Mac? Just using a GMAIL address from now on). Would love some light / insight on this.

Many, Many thanks!
-Bryan.
 

Read other answers
RELEVANCY SCORE 48.8

I think this problem has come up here before, and got this advice:

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
I already had Hijack this, and thus pushed on to running a scan...

Logfile of HijackThis v1.99.1
Scan saved at 13:22:17, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer... Read more

A:[email protected] has gotten me... analysis needed

Hi, Whamme.

Welcome!

Please download SmitfraudFix (by S!Ri) to your Desktop.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Onc... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

Hi to all,Im having a problem on my computer right now. I dont know if there is a virus threat on my pc. I dont know how to read the hijackthis log, so any help would be greatly appreciated. Here is the problem, the USB device always saying that "USB not recognize" I did what i have to do but still i can't fix it. So i came up with this if there are causing some virus or what so ever on my processes. Please Help me figure this. thank you very much on advance.---- My hijackthis Log -------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:37 PM, on 3/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1... Read more

A:Help for analysis of my hijackthis log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Can you please analyze my hijack this log. I was recently infected with a virus and was wondering if anything is still in my system. thank youRunning processes:c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Program Files (x86)\ooVoo\ooVoo.exeC:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explor... Read more

A:Hijackthis log analysis please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Logfile of HijackThis v1.99.1Scan saved at 6:48:00 PM, on 11/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exec:\program files\mcafee.com�... Read more

A:Hijackthis Log Analysis 11/26

Hi deuce23,Your log is clear of malware and you can fix the following entry if you like:O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kHowever, it will just come back until the underlying problem is fixed. That is just a report of an error on your system, but doesn't give a clue as to what the error is and is difficult to troubleshoot. And that type of troubleshooting is not what HijackThis is designed for.Usually it is a general indication of a hardware problem or software conflict. But I have a good idea it is because of the Earthlink software you have installed. I used to have Total Access installed myself and had fault checks in my log. Most of the problems were caused by their popup blocker, even if it's disabled, and there are other things about their software package I don't like. My system ran much better once I got rid of it and Total Access is not required, at least for a dialup connection.Third party popup blockers are known to be problematic, often causing more problems than they solve. If you are going to use them I suggest enabling only the ones that are native to your browser, IE 7's works fine as well as Firefox's. I see you have McAfee's enabled, so that could be the problem right there. Plus, the Google Toolbar has a PUB as well.I've reviewed your thread in the XP forum as well as your last log session with OT. I don't see the file ntvbm.exe in your log. Can you tell me where you came up with that? In a... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

Hi, I would like to remove the spyware http://letgohome.com/hp.htm?id=9.I read previous posts on that issue, so I started Windows in safe mode and ran HijackThis, and here is the log, I got...Could you please help me to remove it definitely.Thank you for your help!Logfile of HijackThis v1.99.1Scan saved at 04:54:02, on 25/02/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\dybiak_arn\Mes documents\Download\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\S111CV~1.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM... Read more

A:HijackThis.log analysis

Please run this online scan , delete all it finds and then post a new log:http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Read other 1 answers
RELEVANCY SCORE 48.8

Hi, I'm actually having trouble every time I start windows,can someone please check my log, thanks!!Logfile of HijackThis v1.99.1Scan saved at 19.09.38, on 22/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Programmi\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Temp\FireDaemon.EXEC:\WINDOWS\Temp\svchost1.exeC:\WINDOWS\Temp\FireDaemon.EXEC:\WINDOWS\Temp\system.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programmi\ATI Technologies\ATI.ACE\cli.exeC:\Programmi\Synaptics\SynTP\SynTPLpr.exeC:\Programmi\Synaptics\SynTP\SynTPEnh.exeC:\Programmi\CyberLink\PowerDVD\PDVDServ.exeC:\Programmi\iTunes\iTunesHelper.exeC:\Programmi\QuickTime\qttask.exeC:\Programmi\Java\jre1.5.0_08\bin\jusched.exeC:\PROGRA~1\Sony\SONICS~1... Read more

A:Hijackthis Log Analysis

One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and Download and Execute filesI would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallHowever, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.Should you have any questions, please feel free to ask.Please let us know what you have decided to do in your next post.If you do want to clean, then:

Read other 1 answers
RELEVANCY SCORE 48.8

Hi folks,
I downloaded Hijackthis to remove an unwanted program cyberfamousas which I believe is
associated with adware or malware.
My computer is seven years old and I would appreciate any help and direction you can provide in
cleaning things up.
Regards,
xcitableboi

A:Hijackthis analysis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:53:24 AM, on 1/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\WINDOWS\System32\cisvc.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\MMKeybd.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotif... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

I have run free AVG, CWshredder, spybot S & D, ad-aware, and HijackThis, and my browser is still super slow. Also, all the icons on my desktop are highlighted and I don't know why. I am afraid that maybe I previously erased some files with HijackThis v1.97 that I should not have erased. PLEASE HELP! Here is the Log file:Logfile of HijackThis v1.99.0Scan saved at 12:07:39 PM, on 12/29/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\P2P Networking\P2P Networking.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\ctfmon... Read more

A:HijackThis Log Analysis

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.comO4 - HKLM\..\Run: [vjtvrnf] "C:\WINDOWS\System32\vjtvrnf.exe"O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTARTO16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -Reboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\WINDOWS\System32\vjtvrnf.exeC:\WINDOWS\System32\P2P Networking\Reboot your computer to go back to normal mode and post a new log.

Read other 1 answers
RELEVANCY SCORE 48.8

I think I may have a trojan and/or keylogger on my pc, please analyze my log!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:57:42 PM, on 11/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\inetsrv\inetinfo.exec:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:�... Read more

A:HijackThis log analysis

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Regards

Read other 4 answers
RELEVANCY SCORE 48.8

Dear Members,

I am new member and this is my first HijackThis log. I would appreciate if anyone of you could take a look at it and let me know if my system is infected, and how to fix it.

Thank you for your time and valuable input.

Regards,

SLeopard

A:HiJackThis log analysis

Hi SLeopard,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 17 answers
RELEVANCY SCORE 48.8

Here is my hijackthis log..... problems I'm having is browser hijack every so often going to random webpages...and my hosts file keeps disappearing..... only problems I can notice at the moment... I'm using Comodo internet security....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:31:17 PM, on 9/27/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\hijackthis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Li... Read more

A:Hijackthis Log - Analysis Please

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420853 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Logfile of HijackThis v1.99.1Scan saved at 12:06:44 PM, on 2/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\Program Files\Video Access ActiveX Object\pmsnrr.exeC:\Program Files\SiteAdvisor\6028\SiteAdv.exeC:\Program Files\Free History Eraser\HistoryEraser.exeC:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exeC:\Program Files\Video Access ActiveX Object\pmmnt.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VI... Read more

A:Hijackthis Log Analysis Help Please

Welcome to BC PCtweakers Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.***************************Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt,the SmitfraudFix report,and a new Hijackthis log in your next reply please.

Read other 9 answers
RELEVANCY SCORE 48.8

Not sure what I can delete from this "hijackthis" log . Can someone here analyze this report?

Logfile of HijackThis v1.97.2
Scan saved at 9:59:53 AM, on 10/4/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETRATINGS\PREMETER\NRPR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\CLIENTMAN\MSCMAN.EXE
C:\PROGRAM FILES\CLIENTMAN\MSCKIN.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\KONTIKI\BIN\KONTIKI.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM ... Read more

A:Hijackthis log analysis

Welcome to TSG, RobS

Looks like there is a bit of cleaning up to do

The first ting I would like you to do is to download and run LSPfix

When you have done that,

Restart Hijack this and put a check mark against the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - (no file)
O2 - BHO: (no name) - {000000F1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\FONE.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {000000DA-0786-4633-87C6-1AA7A4429EF1} - C:\WINDOWS\SYSTEM\EMESX.DLL
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\PROGRA~1\CLIENT~1\RUN\2IN188~1.DLL
O2 - BHO: (no name) - {96BE1D9A-9E54-4344-A27A-37C088D64FB4} - C:\PROGRAM FILES\CLIENTMAN\RUN\DNSREPADAD2562.DLL
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\PROGRA~1\CLIENT~1\RUN\TRACKU~1.DLL
O2 - BHO: (no name) - {166348F1-2C41-4C9F-86BB-EB2B8ADE030C} - C:\PROGRAM FILES\CLIENTMAN\RUN\M... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

I would greatly appreciate the expertise this forum offers. Does anyone see any problems with this log?

Logfile of HijackThis v1.99.0
Scan saved at 8:37:34 PM, on 1/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\rawkcuf\LOCALS~1\Temp\Rar$EX00.037\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ahead\Nero\nero.exe
C:\Program Files\Grouper\Grouper.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\rawkcuf\LOCALS~1\Temp\Rar$EX00.900\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\epghy.dll/sp.html#32777
R1 - HKLM\Software\Microsoft\Internet Explorer\M... Read more

A:Hijackthis .log analysis

Welcome to TSG

Go to Control Panel - Add/Remove Programs

Uninstall: BullsEyeNetwork

Download Ad-Aware: http://www.lavasoftusa.com/support/download/

In the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.
Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.
Then, deselect Search for negligible risk entries.
To start the scan, click the Next button.
When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Reboot

Post a new log
 

Read other 1 answers
RELEVANCY SCORE 48.8

I have run spybot, ad-aware, and noadware on this computer and there are still some pesky popups that will not go away. I need some help understanding the log file from hijackthis. Any help would be appreciated. Thanks.Logfile of HijackThis v1.99.1Scan saved at 3:59:08 PM, on 3/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ltmoh\Ltmoh.exeC:\Program Files\Launch Manager\LaunchAp.exeC:\Program Files\Launch Manager\PowerKey.exeC:\Program Files\Launch Manager\... Read more

A:Hijackthis log analysis

Hi johnny OWelcome to BCPlease print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures belowGo to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked. You can uncheck them after you are cleanReboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):C:windows/system32/zxgenvtw.exeRun a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.remaxtalk.com/R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://red... Read more

Read other 5 answers
RELEVANCY SCORE 48.8

Please help resolve my spyware problems. Thanks!Logfile of HijackThis v1.99.1Scan saved at 1:51:17 PM, on 7/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\ProcessGuard\dcsuserprot.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Commo... Read more

A:Hijackthis Analysis Please

Hi there and welcome to Bleeping Computer !As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 1 answers
RELEVANCY SCORE 48.8

I am having trouble with "Dr. Watson postmortem". I seems to be some form of virus or trojan that has replaced Windows' Dr. Watson. I've run HouseCall, Spybot, Ad-aware, Avast, AVG, TrojanHunter, SpywareBlaster, Panda Titanium and Microsoft AntiSpyware and it still seems to be there. While in the mess of installing and uninstalling programs other viruses seem to have gotten on. I've been able to clean off a lot, but I'm not sure if I got them all. I'd greatly appreciate any advice you guys have! Thank you so much for your time! Here is my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 9:06:23 PM, on 4/28/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\... Read more

A:HijackThis Log for analysis

Hi Myself and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. Your log is clean.

Dr. Watson is part of the operating system and has been around since Windows 95. It collects data whenever there is a system malfunction brought on by hardware or software. By the time you see Dr. Watson, something bad has already happened. Unfortunately, us mere mortals have quite a hard time understanding the logs made by Dr. Watson. They need to be analyzed by Microsoft personel.

A couple of things that you could check yourself are the system's Event Logs and look for any error messages in the System and Program areas. If the problems recently started and you installed any new hardware or software at the time then that might point to a bad or corrupt piece of hardware or installation.

I would suggest posting a topic in the XP forum and see what they come up with. There are many users there that can assist you in analyzing the problem.

Cheers.

OT

Read other 3 answers
RELEVANCY SCORE 48.8

Logfile of HijackThis v1.99.1Scan saved at 9:43:01 PM, on 6/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Skyscape\smARTupdate.exeC:\PROGRA~1\MICROS~4\rapimgr.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\PROGRA~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\syste... Read more

A:Need Help With Hijackthis Log Analysis

Do you think you are still having problems? Please post a current hijackthis log.

Read other 1 answers
RELEVANCY SCORE 48.8

Hello everyone,I'm not sure that this is the right place to post it' but I have decided to try. Please help with HijackThis analysis. I'm using XP SP2 professional os with the following protective softwares:Norton professional 2005, ad-ware SE professional, Win XP Firewall disabled.A few days ago I visited a site called crackspider (a "friend" sujestion) and as soon as I entered the site. something was uploaded to my computer and installed without any warning neather from Noton personal protection nor from ad-Ware. eversince NAV is displaying a message about a virus called MHTMLRedir.Expoit is present on my computer. I have ran the BitDefender online scan service and all I got was one virus (Exploit.Html.MhtRedir.Gen) that was present at the NAV quarantine. BitDefender announced the file 3 times: the first time was the name of the virus, the second time was "Disinfection failed" and the third one was "deleted", so I guess that the virus was deleted from Nav quarantine. I was trying also running the Panda software on my scan service, but unfortunatly for no avail (It seems to me that my NAV is blocking this site but I'm not sure). I'm a novice with computers, so please provide me with as much detailed instructions as possible about the processes that you think that might help me remove the introuder. Any help will be apreciated.Yafa AlderotyLogfile of HijackThis v1.99.1Scan saved at 10:22:25 PM, on 4/25/2005Platform: Windows XP SP2 (W... Read more

A:Hijackthis Analysis

Hello yafa alderoty and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please proceed with the following steps in order.Step #1First we will remove some programs using Add or Remove Programs in the Control Panel. MyWay Search Bar is an adware infected toobar that installs to the Internet Explorer. Both P2P Networking and Kazaa are malware infected file-sharing applications that include malware in their installations. If you want to use a file-sharing applicaition then go to the Clean and Infected File Sharing Programs link and choose a file-sharing application that is free from malware.Click Start.Click Control Panel.Double-click Add or Remove Programs.Look in the Currently installed programs box for each program listed below and if it is there:Click on it to select it.Click Change (or Change/Remove) button.If you are prompted to confirm the removal of the program, click Yes.MyWay Search Bar (or anything with MyWay in the name)P2P NetworkingKazaaAltnet Points ManagerInstaFinder (or anything similar)Step #2Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLLO3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL... Read more

Read other 7 answers
RELEVANCY SCORE 48.8

Could someone identify a listing on this log that would cause this site: http://searchpage.cc/
to appear whenever a web page button or a music file is selected to play?

I have already run Coolwebblaster, Adaware, spybot, spywareblaster, in that order and have not stopped this hijacking. Also, I checked add/remove programs to uninstall, but nothing is there.

Thank you
Logfile of HijackThis v1.97.7
Scan saved at 5:04:06 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Pat\LOCALS~1\Temp\HijackT... Read more

A:Hijackthis log analysis?

This is suspect:
O2 - BHO: (no name) - {46DAAC7E-7C0B-6051-91AE-C741F2F708EB} - C:\WINDOWS\System32\xnooszwf.dll
This is a known trojan:
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvtr.exe
Look here for removal:
http://www.globalhauri.com/html/support/virus_read.html?page=2&code=TRW3000603
 

Read other 2 answers
RELEVANCY SCORE 48.8

My Firefox browser is being redirected to a search website. Here's my HJT log. Thanks for the help.

Logfile of HijackThis v1.99.1
Scan saved at 12:15:45 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Devel\Encompass\distribution\windows_services\RemoteObjectHostService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Share... Read more

A:Need HijackThis Log Analysis

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

Read other 1 answers
RELEVANCY SCORE 48.8

Whenever I search anything on Google and click on one of the results, it takes me to some random other page. I can copy paste the URL and still pull up the page I want, but it's rather annoying, and after digging around online it seems that other people are having similar problems and they suggested that I post this HijackThis log thing onto a forum. I don't really know what it tells you, but here's mine.
Any help would be greatly appreciated.
Thank you in advance.

A:HijackThis log analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Thanks in advance for any help that you can lend. Please keep in mind that my skills at spyware removal should be considered novice. Any advice on a fix or files needed to be removed should be pretty specific and basic. I've run CSWShredder and the Hijack fix as well as About:Buster. I've been instructed to post my logfile. Here it is. Thanks again. You guys are a public necessity.Logfile of HijackThis v1.99.1Scan saved at 2:26:55 PM, on 4/16/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exec:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\RioMSC.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Network Associates\VirusScan\VsStat.exeC:\Program Files\Network Associates\VirusScan\Vshwin32.exeC:\WINDOWS\Explorer.EXEC:\Pro... Read more

A:Hijackthis Log for Analysis, Please

Hi ccg106 and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please proceed with the following steps in order.Step #1Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htmO9 - Extra button: Microsoft AntiSpyware helper - {28CADB63-A41A-45C0-8E85-AC7A44594B87} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {28CADB63-A41A-45C0-8E85-AC7A44594B87} - (no file) (HKCU)O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exeNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.OK. Reboot your computer normally, start HijackThis and perform a new scan. Post your new log file back here along with details of any problems you encountered performing the above steps using the Add Reply button and I will review it when it comes in.OT

Read other 1 answers
RELEVANCY SCORE 48.8

Hope someone will take a look at my Hijack This log and let me know if anything looks dangerous and/or suspicious. Thanks in advance.

A:HijackThis Analysis Please

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

To give a bit of background, it started when this fake antivirus (Something Antivirus Pro) downloaded itself onto my computer and gave me thousands of error messages claiming I had a bunch of viruses. Then there was a screen with a fake virus scan saying that the only way to stop this madness was to buy their product. I used AVG, AND Adaware to blast it away. However I was left with a trojan that redirected my search links and gave me massive popups, some containing my User folder directory. None of my antivirus software has been able to even put a dent in this thing. I've tried Malwarebytes, AVG, Spyware Doctor, Spybot:Search and Destroy, Combo-Fix, I even downloaded KillBox. Now I'm on my last thread and I'm hoping someone, ANYone, can help me get rid of this thing because I really don't want to have to reformat, so here's the HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:12 AM, on 12/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\Sy... Read more

A:HijackThis Analysis, if you please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

I don't know for sure if this is the right place to post this, but here it is. If it's the wrong place, maybe someone could tell me where to post it? If the right one, I have some kind of keylogger or something on my computer that regular antivirus and antimalware isn't detecting. I can tell from the spam I am getting. This is the HijackThis log for analysis if anyone can tell me what is safe to delete, and what if any next steps I should take. Thanks!

A:HijackThis Log Analysis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===HijackThis is not providing accurate information for 64 bit systems.In your case we need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDDS.COMDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.====Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with th... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Hi There! I am always frustrated (hey, but enough about my private life!) when I first turn on my computer. It appears to have been set to run one or more systems (virus check I assume) which eats up loads of virtual memory REALLY slowing down the machine. So I turn on and walk away for 30 mins or so until it has run the process. I tried to figure out exactly what was running on startup this am and came across HijackThis. I installed and ran an analysis - see below. I would be grateful if you could suggest how I can to identify what exactly is running on startup and using all the virtual memory (Task Manager just shows lots of programmes using varying amounts of memory - I have tried to eliminate them one by one using the Free Process Freezer which is meant to freeze processes - though it doesn't seem to retain this information after shutting down and re-booting - you have to re-freeze processes) and if you think thre are any files / processs identified by HijackThis in the list below which warrant concern.Many thanks for your consideration of this topic. 'Preciated!Many your children all be techno wizzards - but not on the Dark Side.YoursBrassens1 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:27:53, on 06/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32 ... Read more

A:Hijackthis Analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Hey... A few days ago, I started hearing a bugle-type noise that wold play rather randomly. I normally have all the same windows and programs running, so I was naturally confused as to what would be causing the noise. There seems to be no rhyme nor reason to why or when it sounds. I've run Hijack This, here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:12 PM, on 2/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Eset\nod32kui.exeC:\Program Files\iTunes\iTunesHelper.exeC:\program files\steam\steam.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CyberLink\PowerCinema\Kernel\TV\... Read more

A:HijackThis Log - Analysis Please

In case I posted the wrong log, here is the one I got from this forum, sorry...
DDS (Ver_09-02-01.01) - NTFSx86
Run by Josh at 14:23:21.93 on Sat 02/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.905 [GMT -6:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iP... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

Hi.. This is my HiJack this Log.. Please advise!Logfile of HijackThis v1.97.7Scan saved at 1:24:51 PM, on 9/5/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\iebe.exeC:\WINDOWS\System32\cdbmzzzp.exeC:\PROGRA~1\DEFEND~2\DEFEND~1\PopUpKiller.exeC:\Program Files\Lexmark X1100 Series\lxbkbmon.exeC:\PROGRA~1\AWS\WEATHE~1\Weather.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exeC:\WINDOWS\system32\atlok32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS... Read more

A:HijackThis Log Analysis, Anyone?

You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log

Read other 11 answers
RELEVANCY SCORE 48.8

Logfile of HijackThis v1.99.1Scan saved at 12:02:22, on 14/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5450.0004)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security 2005\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\OLYMPUS\DeviceDetector\DM1Service.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\e... Read more

A:Help With Hijackthis Log Analysis

Hi Yaveja06,

We're studying your log and will be back to you a.s.a.p.

Thanks for your patience.

Read other 3 answers
RELEVANCY SCORE 48.8

Was wondering if people could check my hijack this log and see if I have anything bad going on. I have noticed since having this computer after awhile firefox starts running massive resources (over 2 GB) doesnt matter how many windows are open (a few or alot) or if there is active flash media going or not. It just builds up and builds up until I shut it down and restart it.

I am running windows 8.1 and using classic shell to get a more old school windows experience.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:46:40 PM, on 7/15/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 47.0 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
C:\Windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe
C:\Program Files (x86)\A... Read more

Read other answers