Over 1 million tech questions and answers.

Hijackthis Log for Analysis - Yahoo email hijacked

Q: Hijackthis Log for Analysis - Yahoo email hijacked

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:49 AM, on 7/7/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Garmin\gStart.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331&r=173612095203p0334v185r48l1s223
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\RunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
O4 - Global Startup: Logitech Music Anywhere Settings.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11458 bytes

RELEVANCY SCORE 200
Preferred Solution: Hijackthis Log for Analysis - Yahoo email hijacked

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Hijackthis Log for Analysis - Yahoo email hijacked

Greetings keithohlms and Welcome to the Forums,Please read This Topic pasted at the top of this forum. Please do what it says to do, and post back the requested logs. We'll have a look...suggestions will be based upon the results of those scan logs. Thanks!

Read other 3 answers
RELEVANCY SCORE 66.8

Salutations Forum goers and IT Professionals! I appreciate any help you can supply me with about this issue.

I run a bunch of travel related websites, we have been dealing with spam for a while. Its mostly just a small aggravation, however this morning I found that it can be more than that. An issue was brought to me by my agent. Apparently she discovered a LOT of failed E-mail messages in her inbox this morning. They were not messages that she sent. So I thought she had been hijacked so I ran a hijack this program and have posted the results below. I have not reviewed one of these logs before, but have found that forum dwelling do-gooders can analyze the results for people in need. I would like to be one of those people. If there is somewhere that I can learn to evaluate the results myself I would appreciate a poke in the right direction. Thanks guys. Here is the log, if someone could give it a quick look-see for me:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:50 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe ... Read more

Read other answers
RELEVANCY SCORE 64.8

I am currently facing some majorly frustrating issues with my yahoo email. I used to have ATT as my ISP, but I dropped them and just kept the sbcglobal email. Turns out my email has been hijacked and the password changed. Well, I either can't remember the security questions or they have been changed also. I've been up and down and all around with people in India about this and none of them know enough to help me. This jacker is looking at my email and sending bogus spam and I can't get in to change my password or anything. There's sentimental emails in there. No #, no fax, no nothing to get a hold of someone who knows how to verify that I'm me, and that I want my email back. Any thoughts?

A:Yahoo email hijacked

See if any of these suggestions help: http://in.answers.yahoo.com/question...7075315AA9ty8M

Yahoo Help Form: http://help.yahoo.com/l/us/yahoo/security/general.html

Read other 1 answers
RELEVANCY SCORE 64.8

My Yahoo email addresses were hijacked. It sent different web links to different people. I went in and deleted all of my contacts, but don't want to change email addresses if I don't have to.

Here is a Hijackthis Log if anyone sees something unusual.

Thanks.

Hi. This is the qmail-send program at yahoo.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[email protected]>:
65.55.37.104 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable
Giving up on 65.55.37.104.

--- Below this line is a copy of the message.

Return-Path: <[email protected]>
Received: (qmail 80931 invoked by uid 60001); 1 Feb 2011 15:28:16 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1296574096; bh=Z0qiIjIkJ+A7FS4ce4e6dfnQByaeDxaf6LeGr+lrXJ4=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=Thy367DadNy7GpIHa1ME6jCmSbB5kSvs9L9kXQkkYB7qb5oWqBwIQZLzz1HUoS61S89hZJ6y0a+0gbw6H9/tCu2kblwDNV++9Wb7Om5DFEzp4SOAWrLCjxxdcrSAG+qdkCHKiVjTgHlF75eVm/gBvrZMfMr1rXV5kw1Bx0777xc=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
b=WMt6gb0rPmuEt7wHpm/uW3hYTzzjAVTW/bwV3BGEynJvNY4FcjSTPFXVRDRQTWwkuUgeznxEm6MLUWy89wRypGAJ+ndVoABxAcid24j+Kpuwunm1Ljn... Read more

A:Yahoo Email Hijacked

Hello, you did not include an HJT log. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.You can also include your HJT log.Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 64.8

This Monday AM I noticed my yahoo email account was sending spam mail to my entire contact list.The emails appeared in my sent items folder, and had a link to businesslenews15.net/jobs/?alert=86255. I did not click on the link. A few of the people that got the email did.The full header for the email looks fairly legit, except the from IP is in Warsaw, Poland. I am in the US.I checked the login history from yahoo for my account. I did not see anything that looked like it was not me.Here is what I did:+ I changed my yahoo password. (as well as other critical pwds)+ I checked that my password recovery email addresses were not changed.+ I sent a mail to my contacts list telling them to delete the email and not click on the link.+ I deleted all my contacts from yahoo.+ I scanned my home pc using AVAST, Windows Defender and MalwareBytes (quick, then full scans). Nothing significant was found.The home pc mentioned above has been running it's fan a little more than previously over the last month, but performance-wise it seems fine. Whenever the fan goes on, I check the processes running and they all seem to be something I kicked off.I can think of one other PC I logged onto yahoo from since I last changed my pwd 6 months ago, and he ran a scan and found no issues (Norton). Of course, he also clicked the link in the email, so draw your own conclusions about that. He also had his yahoo email hijacked in a similar manner ~1 yr ago, but he changed his pwd and it stopped.Here a... Read more

A:Yahoo email hijacked, not sure how

1. Update MBAM and do a full scan.2. Please visit the Eset online scanner:Note: You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo to the Eset web page to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishClick on copy to clipboard or copy and paste the results here in this topic

Read other 16 answers
RELEVANCY SCORE 64.8

Lately I`ve noticed sometimes, key word being sometimes my Yahoo e-mail seems to get redirected at the sign in. I sign on using the "secure" tab, not sure why, but since spyware, bugs, hacks etc etc getting more frequent, and more ingrained into the net I started doing so. Not sure maybe I had missed it on occasion, but once about a month ago the time between clicking e-mail, and anything happening seemed awful long, and I got to looking at the bar address at the bottom of Firefox, which flickers the different places/names info being loaded. It flashed on something like akami.net for a second, and I thought hmmmm, usually to yahoo I see a lot of Yming, Y something, but had never noted this akami.net. When the page finally loaded it showed it as a broken secure connection. I closed the browser, reopened to Yahoo mail under secure, and it went right there, as it normally would, and without the long delay I`d just had. I`ve noted the same a few times since, and again noted it tonite. A search on Google for Akami.net doesn`t get any hits, I`m not positive if it is Akami, but thats what my minds eye thinks it was. I only saw it on the one occasion, as if it`s opening normally I guess I don`t pay any attention to what is flashing on the bar, but I`ve noted the broken secure link, and assumed was same thing.

Earlier today I had gone through the complete sequence of running Avast, AdAware, Spybot, checked Spyware Blaster, and done a HJT log after checking all of the site... Read more

A:Yahoo email getting Hijacked, but not??

Akamai is a "clearing house" of sorts, for all sorts of programs...almost a file sharing thing. Many legit programs and sites are listed by Akamai, but a multitude of infected programs and files can be found in there, too.

So, Akamai, in and of itself, is not suggestive of a problem. In fact, it could conceivably be a link for one of the ads on your Yahoo home page, as they do that sort of hosting business, as well.

If your tools show nothing, and your HJT log is unchanged, then the overwhealming probability is that nothing significant is afoot. That being said, there are so many new baddies out there right now, that the tools, and even HJT, can't see, that if you continue to have problems, you might want to consider taking a deeper look. We could help you with that.

Read other 12 answers
RELEVANCY SCORE 64

Hi there. My friend recommended your site.

My Yahoo email appears to be hijacked. All my friends are telling me they are getting weird emails from 'me' with various attachments that are links to online pharmacies, usually for Viagra.. etc. Also, all my sent emails are gone! I have looked over some of the other forum posts with similar problems, and it appears some scans are in order.

I have Avast antivirus and CyberDefender. They don't seem to find anything that has stopped the problem. I really don't want to delete this email account because i've had it a really long time now, but i'm worried my computer security is at risk. I am running Vista 64-bit on a Sony Vaio (pretty new).
Thank you in advance.

A:yahoo email hijacked! is this malware?

Looks like I forgot to follow instructions. Ok. Here is what happened when I followed your preparation guide. Nothing seems to be happening as described in the guide. but I did my best....1- DDS file download link didn't work. Didn't get that log. I get following message:File not foundFirefox can't find the file at http://download.bleepingcomputer.com/sUBs/dds.scr. * Check the file name for capitalization or other typing errors. * Check to see if the file was moved, renamed or deleted.

2- Gmer options for scan weren't as described in the preparation guide. All option boxes were greyed out except last three: 'Services', 'Registry', and 'Files'. 'C:\' drive was selected as was 'ADS'. 'Show All' was also greyed out. I did a scan with those options.That log ark.txt is attachedWell, now i don't see an option to attach a file. So i'll just post it here too.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-06 07:54:56Windows 6.0.6001 Service Pack 1Running: gmer.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbcd035 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433d3be9a Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00214f... Read more

Read other 2 answers
RELEVANCY SCORE 63.2

Wondering if anyone had this happen-last week an email account I had not had virtually disappeared. I have 2 other yahoo names and they are fine. Naturally, I can only seem to get form letters back from yahooletechs. Does someone know if there is a program going around that can boot people or delete their accounts?
 

Read other answers
RELEVANCY SCORE 61.2

My wife was given a computer that seemed good but i am not sure if it was infected with trojans and spyware i thrn tried and used a usb onto 2 of the laptops and seems i got same thing on all 3 i am using a desktop at present since i do not feel safe on the other ones .  After  weeks of using our computer, she suddenly wasn't able to sign into hotmail or Skype.  Her password had been changed as well as mine  Then as we tried to reset the password we discovered her email address had been deleted.  She had just accessed and used her email the day before.  Her information was definitely stolen and I feel it was probably logged while using our computer.  The reason i suspect is my wife and I have noticed many pop-ups, especially when using Google Chrome and redirects     I had attempted to download a VPN browser software  and it was free of spyware/malware.  But in my haste, I downloaded and installed the software from a location that I am sure had spyware/malware software attached and now i am using windows 8 on this pc and get a constant dial up window at certain times and all programs are running slow many are crashing and more think backdoor trojans etc.  so now,  please we beg, please, help!...

A:Hotmail ,Yahoo ,Facebook,Skype and email username/password hijacked

Hello frankp747 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 38 answers
RELEVANCY SCORE 55.6

Yahoo Messenger 9 version 9.0.0.2034, yahoo.co.in e-mail, Yahoo answers, etc. do not run/open on my PC. On attempting to log into Messenger 9 I get an error message: “Please click Try Again to re-enter your ID and password. If you have forgotten you ID or password, click Sign-in Problems”.

Earlier they would open only if they were the first programs I switched on when I would start my PC else I would get an error message “Messenger encountered a connection problem. Please check the network connection and then click "Try Again" (81003004)”.

My computer system: AMD 64 3200+ 2.01Ghz, 1 GB RAM, 80 GB HDD, Windows Professional XP-2, IE 6 with Cookies Enabled, MS Office 2003, BSNL Broadband, Java (TM) 6 update 11, Java (TM) 6 update 7, no Startup programs other than AVG Free version 8. I am based in India.

I have checked with those using the same broadband connection as to not facing any problem with Yahoo.

Yahoo FT Server and Yahoo! Messenger are provided as exceptions in my Windows Firewall. In IE6 under Security Sites I have not blocked any website.

Where could the problem be?
 

A:Yahoo Messenger 9, Yahoo email, Yahoo sites not opening on Windows XP2, IE6

is yahoo running at start up
 

Read other 3 answers
RELEVANCY SCORE 50.4

Hello,
For the past several weeks now, when I check my Yahoo email account using IE 8 version (actions performed: clicking on the Inbox, moving from email to email, opening an email) I am redirected to this website:

hxxp://premium_.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1296073985&Signature=r1JBMUZ7yDiRdj2Wu3Ul5hjNCoQ%3D

This does not happen all the time. It seems to be sporadic. I can have periods of time when this does not happen (I can open several messages or navigate from one message to another and not have a problem) then all of a sudden I will be redirected to the site listed above. If I click the back button I can get back to my email and move around once again. The redirect may or may not occur again or from that point forward. From what I have read online, there doesn't seem to be a fix for this issue.

I have tried running several scans with Malwarebytes (in safe mode), Ad-Aware, AVG, Spybot, Hitman Pro 3.5 and ComboFix. But, none of these scans have returned any results that have resolved this issue. I have also removed all versions of Java and updated to the latest version (Java 6 update 23). I've also removed all versions of Adobe and installed Adobe Reader X version 10.0.0 as I have read that keeping old versions may pose a security risk. Just trying to provide as much information on what I've done up to this point.

I've attached scan results from RootKit Unhooker Report.txt (zipped), the DDS Attach.tx... Read more

A:Yahoo redirects my IE session when checking my Yahoo email

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 50.4

Oh boy!

I am running Windows XP Home Edition SP2.

Here is where I will start. My apologies, this might be long winded.
I was having problems with browsing (posted this prior) and wasn't getting anywhere with attempting to adjust browser settings. I was getting blocked going regular places. So... after getting very aggravated, I accessed Symantec's online chat help w/ an analyst. During this time, the analyst remotely accessed my computer on two occassions, ultimately finding out that the problem was not with the Norton 360 but was with IE (v.7). We were having problems with connectivity. He said his system said I was disconnected yet he was still in my system. He started a notepad doc to chat with me, saying that we were locking up and I should Google the verbage I was receiving during the browsing blocks I was receiving. As I was typing a response saying I have done that, we were disconnected. Since I knew what I had originally found, I disconnected completely and left it for today since more than 2-3 hours have now passed. Today, I cannot access my email. I receive an HTTP 405 error. (Programming error). I noted that in the heading, the address started like this: hxxp://red.clientapps.yahoo.com/customize/toplevel/msgr6. After searching that on the web, I found that this is a BAD thing. I also noticed that the Phishing filter was off. Message said "Phishing filter cannot check this website because the Microsoft online service is temporarily unavailable&qu... Read more

A:Unable To Access Yahoo Email (red.clientapps.yahoo.com/)

Have you tried using an alternate browser like Firefox to see if you encounter the same problem? If you can use Firefox, then will narrow the problem down to an IE issue.Since you cannot run the Housecall or Panda scans, if you install Firefox you can then perform and online scan using Trend Micro Housecall Scan for Firefox. This also leads me to believe you have an ActiveX problem.

Read other 2 answers
RELEVANCY SCORE 50.4

I belong to one Yahoo Group and have my email for that group set up for "individual emails" for all group messages. I receive all messages daily from all other group members except one member. Can't figure out why I don't get his messages (makes no difference if it is text only messages or messages with pics attached). The only way I know this particular member has posted to the group is when other members have their group email settings set up to automatically affix all/part of posts at the bottom of their replies to same. As you see by my signature, I use Firefox 1.5.09 as my default browser. My other realtime running programs also listed there, but I don't think they could be a factor. Not sure whether Firefox is a factor with the blocking. I have asked this member to post a test message today and I am accessing the net exclusively via IE6 today to see if his test message comes through or not. Will report back my findings on that score. BTW, I do not use an email client. I read all my mail directly off the Yahoo Mail website. Only thought I've had, is once or twice my mail has "bounced" because my inbox was full. But my inbox rarely gets full. And this problem seems to be more persistent than just a few occasions. Anyone have any additional thoughts on what could be causing my dilemma?

A:Yahoo Web-based Email/yahoo Groups Problem

Don't know if it is the problem, but just realized I normally keep my mail options set to "automatically delete" bulk mail messages. Maybe somehow this group member's messages are being "perceived" as spam and Yahoo's spam filter is blocking his posts. I've gone into my settings just now and told it to hold those messages a week for me so I can test possible factor. Will post back my findings.

Read other 6 answers
RELEVANCY SCORE 49.2

Can anyone suggest how to perform email evidences acquisition (Email forensic). I need to gather information related to email like email header details, attachment preview (PDF, word, images etc.), IP addresses and other relevant information. It will be
advantageous if the tool allows you to import emails with diverse extensions(MBOX, EML, Gmail, Outlook.com) and also export email evidences in a format standard for court like Concordance etc?.???

Read other answers
RELEVANCY SCORE 49.2

Hi Geniuses:
I wanted to throw this out to you to see if there was a solution to my "inbox zero woes"

TECH SPECS:

Yahoo Email address (yes I know)
iPhone with Outlook App
Mac Computer with Mail APP
Extra Gmail account with a "send gmail from account"

What I found was that while on the road (most of my email use) the Outlook App for iPhone was fastest at fetching mail, and I LOVE the interface (ability to snooze emails, archive etc).

Problem is, my home mac with MAIL doesn't play nice when I archive Emails on my app.
Secondly, I also like to use gmail as a web client for searching files, using todo etc.

My question: can all of these play nice in the same sandbox? Can I archive on one device, and have it translated amongst the others? If not, what are my solutions (switching over to outlook on Mac? Just using a GMAIL address from now on). Would love some light / insight on this.

Many, Many thanks!
-Bryan.
 

Read other answers
RELEVANCY SCORE 48.8

I think this problem has come up here before, and got this advice:

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
I already had Hijack this, and thus pushed on to running a scan...

Logfile of HijackThis v1.99.1
Scan saved at 13:22:17, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer... Read more

A:[email protected] has gotten me... analysis needed

Hi, Whamme.

Welcome!

Please download SmitfraudFix (by S!Ri) to your Desktop.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Onc... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Can someone help me analyze a HijackThis log? Been having some troubles on the computer with a "Windows Recovery" Virus that I think I got rid of using Malware Bytes and Combo Fix, but not all files are showing in my folders or desktop any longer.

Thanks in advance for the assitance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:34:34 AM, on 4/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
... Read more

A:HijackThis log analysis please?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hello,
I am having a bunch of problems with my computer but primarily, it shuts itself down all the time, has error messages and during games ranging from basic puzzles to EQ, I get shut down. I recently had Malware on my system but removed it to the best of my ability. Please analyze the hijackthis log and let me know what you think. Thank you in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:54 AM, on 1/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C: ... Read more

A:hijackthis analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hi to all,Im having a problem on my computer right now. I dont know if there is a virus threat on my pc. I dont know how to read the hijackthis log, so any help would be greatly appreciated. Here is the problem, the USB device always saying that "USB not recognize" I did what i have to do but still i can't fix it. So i came up with this if there are causing some virus or what so ever on my processes. Please Help me figure this. thank you very much on advance.---- My hijackthis Log -------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:37 PM, on 3/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AskBarDis\bar\bin\AskService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\PROGRA~1... Read more

A:Help for analysis of my hijackthis log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Logfile of Trend Micro HijackThis v2.0.4
Thanks for the help!
Scan saved at 6:48:53 AM, on 6/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
D:\Program Files\Utils\System\Lavasoft\Ad-Aware\AAWService.exe
D:\Program Files\Utils\System\Alwil Software\Avast5\AvastSvc.exe
C:\WINXP\system32\spoolsv.exe
D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINXP\system32\cisvc.exe
D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe
D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe
D:\Program Files\Utils&... Read more

A:Hijackthis log for analysis

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hello folks,

First off, thanks for your help. I've suddenly gotten a considerably slower computer. I've done most everything in the "prep" guide, as well as a few scans. No luck yet, and I cannot identify the problem. My log follows.

David
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:52 PM, on 5/19/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\AVG\AVG9\avgchsvx.exe
H:\Program Files\AVG\AVG9\avgrsx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\AVG\AVG9\avgcsrvx.exe
H:\Program Files\AVG\AVG9\avgwdsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\AVG\AVG9\avgnsx.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Viewpoint\Common\ViewpointService.ex... Read more

A:HijackThis log - help with analysis

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Not sure what I can delete from this "hijackthis" log . Can someone here analyze this report?

Logfile of HijackThis v1.97.2
Scan saved at 9:59:53 AM, on 10/4/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SAHAGENT.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETRATINGS\PREMETER\NRPR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\CLIENTMAN\MSCMAN.EXE
C:\PROGRAM FILES\CLIENTMAN\MSCKIN.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\KONTIKI\BIN\KONTIKI.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 500\BIN\HPOSTART.EXE
C:\PROGRAM ... Read more

A:Hijackthis log analysis

Welcome to TSG, RobS

Looks like there is a bit of cleaning up to do

The first ting I would like you to do is to download and run LSPfix

When you have done that,

Restart Hijack this and put a check mark against the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\WINDOWS\system32\searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {6085FB5B-C281-4B9C-8E5D-D2792EA30D2F} - (no file)
O2 - BHO: (no name) - {000000F1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\FONE.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL
O2 - BHO: (no name) - {0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} - C:\PROGRA~1\SEARCH~1\STOOLBAR.DLL
O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL
O2 - BHO: (no name) - {000000DA-0786-4633-87C6-1AA7A4429EF1} - C:\WINDOWS\SYSTEM\EMESX.DLL
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\PROGRA~1\CLIENT~1\RUN\2IN188~1.DLL
O2 - BHO: (no name) - {96BE1D9A-9E54-4344-A27A-37C088D64FB4} - C:\PROGRAM FILES\CLIENTMAN\RUN\DNSREPADAD2562.DLL
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\PROGRA~1\CLIENT~1\RUN\TRACKU~1.DLL
O2 - BHO: (no name) - {166348F1-2C41-4C9F-86BB-EB2B8ADE030C} - C:\PROGRAM FILES\CLIENTMAN\RUN\M... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi all, my world of warcraft account was just recently hacked, and I have no idea how it happened, first time in 5 years. I am very up to date on my security checking and pretty smart when it comes to fake emails and sites. It bugs me a lot that I have no clue how it happened, as I didn't really have a virus or malware on my comp. It could have been a keylogger or just that my password was weak, which is was. Anyways, can someone look at my log below and tell me if anything is wrong. This hack occured Monday, and since then I have been running all sorts of scans and cleans. I have run about 4 different virus scans: the one I own, norton antivirus 2010, then free online ones like bitdefender, panda, eset. I did a few malwarebytes scans, AVG anti-rootkit, spy bot search and destroy, as well as CCleaner. I also turned off system restore to delete all those points and turned it back on and did windows update. I use firefox and got the flashblock/noscript addons. I even tried out this keylogger detector called KL-Detector. It was kinda hard to understand since it doesn't remove anything, it just tells you to check certain files. But anyways, I'm out of ideas for protection and scanning. I did change all my passwords to make them stronger, but it's just annoying that I have no idea how it happened, which leads me to believe it could happen again, or is still happening without me knowing it. So any suggestions on what else to keep up to date on, or othe... Read more

A:Need analysis of HijackThis log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hi, I am a new member and I am not sure if I'm posting this in the correct place, but I have a log file from Hijack this that I need some expert advice with. I have run scans with malware bytes and CWshredder, as well as AVG. They don't find anything. Can someone look at this log file for me please. TIA.
-T
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:18:43 PM, on 12/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C: ... Read more

A:Hijackthis analysis

Hello Tfortunato,From this point on, please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. I strongly suggest that you uninstall Ask Toolbar. Some of the bad practices of this toolbar are:Promoting its toolbars on sites targeted to kids. Details.Promoting its toolbars through ads that appear to be part of other companies' sites. Details.Promoting its toolbars through other companies' spyware. Details.Installing without any disclosure whatsoever and without any consent whatsoever. Details.Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. Details.Plesae read the full details HERE.If you decided to remove Ask Toolbar. Go to Start > Control Panel > Add Remove programs and remove Ask Toolbar.Then go to C: > Program Files and delete Ask Toolbar folder.************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Please do not attach your log.*******... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

I have run spybot, ad-aware, and noadware on this computer and there are still some pesky popups that will not go away. I need some help understanding the log file from hijackthis. Any help would be appreciated. Thanks.Logfile of HijackThis v1.99.1Scan saved at 3:59:08 PM, on 3/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\ltmoh\Ltmoh.exeC:\Program Files\Launch Manager\LaunchAp.exeC:\Program Files\Launch Manager\PowerKey.exeC:\Program Files\Launch Manager\... Read more

A:Hijackthis log analysis

Hi johnny OWelcome to BCPlease print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures belowGo to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked. You can uncheck them after you are cleanReboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):C:windows/system32/zxgenvtw.exeRun a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any): R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.remaxtalk.com/R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://red... Read more

Read other 5 answers
RELEVANCY SCORE 48.4

Hi, I would like to remove the spyware http://letgohome.com/hp.htm?id=9.I read previous posts on that issue, so I started Windows in safe mode and ran HijackThis, and here is the log, I got...Could you please help me to remove it definitely.Thank you for your help!Logfile of HijackThis v1.99.1Scan saved at 04:54:02, on 25/02/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\dybiak_arn\Mes documents\Download\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\S111CV~1.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM... Read more

A:HijackThis.log analysis

Please run this online scan , delete all it finds and then post a new log:http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Read other 1 answers
RELEVANCY SCORE 48.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:47 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Pro... Read more

Read other answers
RELEVANCY SCORE 48.4

Hey... A few days ago, I started hearing a bugle-type noise that wold play rather randomly. I normally have all the same windows and programs running, so I was naturally confused as to what would be causing the noise. There seems to be no rhyme nor reason to why or when it sounds. I've run Hijack This, here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:12 PM, on 2/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Eset\nod32kui.exeC:\Program Files\iTunes\iTunesHelper.exeC:\program files\steam\steam.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CyberLink\PowerCinema\Kernel\TV\... Read more

A:HijackThis Log - Analysis Please

In case I posted the wrong log, here is the one I got from this forum, sorry...
DDS (Ver_09-02-01.01) - NTFSx86
Run by Josh at 14:23:21.93 on Sat 02/28/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.905 [GMT -6:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iP... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Our building Site Manager's PC had AlfaCleaner on it. I've followed the instructions at this site on removing it as well as the steps to do before submitting a HJT log. Can anyone tell me if the PC is now clean or whether there's anything else I need to do?Thanks,DavidLogfile of HijackThis v1.99.1Scan saved at 11:15:11, on 28/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Winjan\JanusTimeServer.exeC:\Program Files\Dell AIO Printer A920\dlbkbmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DE... Read more

A:Hijackthis Log For Analysis

Hi,

I can't see anything suspicious in the log anymore.
How are things running now? Can you change wallpaper/background in the display setting?

Read other 6 answers
RELEVANCY SCORE 48.4

My CPU seems to be running at close to 100% quite often when I am not doing anything. I was advised to run a hijackthis test and post a logfile here.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:11 PM, on 4/24/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome... Read more

A:CPU 100%: HijackThis Analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

[attachment=93287:Attach.txt]
Alright guys, I hear this the place to go. I recently downloaded a file from a website, this website was mcafee certified, not just green dot check as in mcafee secure. After this download my computer got kinda slow and i figured the download was causing it so I uninstalled it. Apparently too late because my internet went out. It was hooked up, it registered a connection, but instead of registering that I was connected to my home network it said I was registered to an unknown network and there was no internet connection. I researched this and found that sometimes the TCP/IP messed up or got corrupted and tried to reset this, didnt work, and then I tried the run -> ipconfig /release then ipconfig /renew remedy to no avail and keep trying. There was one remedy which did work it got 14 thumbs up however I was reculant to try it because it wanted me to and disable my McAfee network agent service. Run > "msconfig" > Services. I disabled the mcafee network agent and the mcafee firewall core service. I was kinda shaky about this and decided not to try any downloads/signins etc. if this worked. It did work. However shortly after I pull up my internet suddenly these porn windows start popping up and I did not visit any porn sites so I could not have got a virus from that. Also did not know is this is a seperate problem or not but google keeps redirecting me to advertisments. Went to research again, told me to get HijackThis and post on ... Read more

A:HijackThis Analysis

Hi CrazedLoon, and welcome to Bleeping Computer.Please follow our Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, and post the logs requested! Since you're using a 64bit system, there is no need for a Gmer scan - post just the DDS.txt and Attach.txt logs...

Read other 2 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 9:43:01 PM, on 6/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Skyscape\smARTupdate.exeC:\PROGRA~1\MICROS~4\rapimgr.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\PROGRA~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\syste... Read more

A:Need Help With Hijackthis Log Analysis

Do you think you are still having problems? Please post a current hijackthis log.

Read other 1 answers
RELEVANCY SCORE 48.4

hi,I have a serious adware infection. I've done all the scans recommended. I still have these annoying ads being displayed all the time. Here's my HijackThis log. Please help me with what I need to do next. Thanks in advance.Gautam.Logfile of HijackThis v1.99.1Scan saved at 11:24:10 PM, on 6/25/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Network Associates\VirusScan\Avsynmgr.exeD:\WINDOWS\system32\ZONELABS\vsmon.exeD:\WINDOWS\system32\rundll32.exeD:\WINDOWS\Explorer.EXED:\Program Files\Network Associates\VirusScan\VsStat.exeD:\Program Files\Network Associates\VirusScan\Vshwin32.exeD:\WINDOWS\Mixer.exeD:\Program Files\Common Files\Real\Update_OB\realsched.exeD:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeD:\Program Files\Network Associates\VirusScan\Avconsol.exeD:\Program Files\Network Associates\VirusScan\Webscanx.exeD:\Program Files\QuickTime\qttask.exeD:\Program Fi... Read more

A:Hijackthis Log For Analysis

Hi,Looks like miekie is already helping you in this thread :http://www.bleepingcomputer.com/forums/t/56678/please-help/Please continue there and don't create a new topic.Good day,Jet Ian

Read other 1 answers
RELEVANCY SCORE 48.4

Dear Friends,During the last week I have used Spybot S&E, Microsoft Antispyware and AdAware to remove Ezula, Statblaster, People on Page and about a dozen others, but they keep coming back. Could you please advise ? My log is below.Logfile of HijackThis v1.99.1Scan saved at 10:44:28 PM, on 5/20/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\userint32.exeC:\WINDOWS\SYSCFG16.EXEC:\aight.exeC:\WINDOWS\System32\rcbstr.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\System32\qtwgnt5.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolb... Read more

A:Need help with HijackThis log Analysis

Hi nomonkeytricks and Welcome to the Bleeping Computer!Was that the Entire HijackThis Log???Please Update and then configure Ad Aware like this Configure Ad-Aware SE Personal 1.05: o Click on the Gear button at the top of the window. o Click "General" on the left hand side to display the General Settings box. + Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark: # "Automatically save logfile" # "Automatically quarantine objects prior to removal" # "Safe Mode (always request confirmation)" # "Prompt to update outdated definitions" - change to 7 days from the default 14. o Click "Scanning" on the left hand side to display the Scan Settings box. + Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark: # "Scan within archives" # "Select drives & folders to scan" - select your hard drive(s). # "Scan active processes" # "Scan registry" # "Deep-scan registry" ... Read more

Read other 10 answers
RELEVANCY SCORE 48.4

HijackThis log file for analysis and help:Logfile of HijackThis v1.99.1Scan saved at 10:13:05 PM, on 5/20/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\svchost.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exec:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exeC... Read more

A:HijackThis Log for analysis

Hello bobh and welcome back . After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download Cwshredder.exe and save it to a folder of its own. Start the program and click on the Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).Download CCleaner and install it but do not run it yet.Now we need to remove a service.Part 1Click Start>Run, type services.msc into the Open editbox and click the Ok button.Locate the .NET Framework Service service and click the Stop button.In the Startup type dropdown select Disabled.Click the Apply button and then the Ok button.Close the Services windowPart 2Click Start>Run, type cmd into the Open editbox and click the Ok button.Copy/paste the line below into the Command Prompt window and press the Enter key:sc delete .NET Connection ServiceClose the Command Prompt windowStep #2Restart in Safe ModeRestart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.htmlR0 - HKLM\Software\Mi... Read more

Read other 8 answers
RELEVANCY SCORE 48.4

Dear members,My Operating system is Windows 2000.When ever i try to open Taskmansger it opens for a second and then disappers and even i cannot paste the copied items in the system.I have run Ad-Aware SE Personal and Spybot Search and Destroy.Spybot detected some problems and fixed them using the 'Fix the selected problem' option of spybot.but i still haunted with the same problem.I ran Hijackthis in safe mode and pasting the log details below.Please help me out. Hijackthis LogLogfile of HijackThis v1.99.1Scan saved at 7:35:59 PM, on 5/4/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SCardClnt.exeC:\WINDOWS\System32\WBEM\WinMgmt.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.exeC:\download\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.182.1R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.182.1:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.182.*;w... Read more

A:Analysis Hijackthis log

Hello Shree and welcome to the BC forums. It appears that we have several infections here to deal with. This will take multiple stages so please have patience. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe C:\login.exeO3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)O4 - HKLM\..\Run: [Windows Manager Drivers] svscahost.exeO4 - HKLM\..\Run: [CT Control Settings] CTSVCCD.EXEO4 - HKLM\..\Run: [picsvr] C:\WINDOWS\system32\picsvr\picsvr.exeO4 - HKLM\..\Run: [IPC Connection] ipcconn.exeO4 - HKLM\..\Run: [Windows Messenger] winmessenger60.exeO4 - HKLM\..\Run: [Microsoft Windows Update] wupdatemanager.exeO4 - HKLM\..\Run: [Shell Logon] C:\login.exeO4 - HKLM\..\Run: [salm] c:\temp\salm.exeO4 - HKLM\..\Run: [wintnt32.exe] wintnt32.exeO4 - HKLM\..\Run: [Windows Mouse Utilities]... Read more

Read other 11 answers
RELEVANCY SCORE 48.4

I have a new computer (3 months old). Recently, it has started locking up and the only thing I can do is to shut it off at the off/on switch. I can't even get to Task Manager because nothing is reponding. Could someone please assist with analyzing my HiJackThis log.

HP Pavilion Desktop
Model 6400f
Windows Vista Home Premium
Service Pack 1
3.0 GB
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:11 PM, on 9/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\QUICKENW\QWDLLS.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro... Read more

Read other answers
RELEVANCY SCORE 48.4

Hi,

I have two problems:
1) I do not succeed in installing Avira Premium 2013 because Avire find "PC cleaner pro", that is incompatible, installed on my system;
In fact in the past I installed this program, but since a long time, it was uninstalled.

2) I am now using Opera 12.12 browser; I had to uninstall IE8 for bad functioning
I would like to reinstall IE8 but installation cannot be completed

May be you will find the reasons of these problems examining hijackthis.log
Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09, on 05.01.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\system32\dtmonx.exe
G:\Files Programmi\Synaptics\SynTP\SynTPEnh.exe
G:\Files Programmi\Analog Devices\Core\smax4pnp.exe
G:\Files Programmi\EverNote\EverNote\UniClipper.exe
C:\Windows\system32\ctfmon.exe
G:\Files Programmi ... Read more

A:hijackthis.log analysis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)O2 - BHO: Webblog - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - g:\Files Programmi\wbtooltb\wbtoolDx.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)O3 - Toolbar: Webblog - {C3947F4E-8894-4C04-98E0-DF182C706DDF} - g:\Files Programmi\wbtooltb\wbtoolDx.dllClick on Fix Checked when finished and exit HijackThis.Restart the computer normally.===Please download and ... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Hello all,This is my first post here and I'd very much appreciate your advice.I've got my parents PC in for a service as its running slowly. Here's what I've done so far.Installed McAfee AV, scanned and removed every virus that was on thereInstalled Microsoft AntiSpyware and removed every virus that was on thereInstallled a2 squared and removed one occurance of malwareInstalled all latest Microsoft updates, currently still on service pack 1Run msconfig and stopped "suspect" programs from starting.So. I'm fairly confident that the system is clean now. But is still seems sluggishOk its not the fastest of PC's but it was certainly faster than this, here is the spec:-Intel Celeron 2.6ghz - 224mb ramIt seems to take quite a while (3-4 mins) from choosing the username at the menu screen on XP to actually being able to run anything. And even then it seems a bit slow to respond when you ask it to start something up like say... My Computer or whatever.So, here is the hijackthis log, there's a lot of mention of yahoo on here, my parents like the BT Yahoo browser software that comes with it.TIALogfile of HijackThis v1.99.1Scan saved at 09:52:04, on 27/04/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 ... Read more

A:hijackthis log analysis (and greetings)

Hello GMANLS20, Welcome to BleepingComputer. You do have some issues, if you still need help, please follow these directions. Run msconfig and stopped "suspect" programs from starting.1) I do not see an indication that you are running Selective Startup in MSCONFIG. If you are I must see everything. Please enable all for the next log. 2) Since you know what you are doing, I will say nothing about the files sharing program: O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\ares.exe" -h and only mention quickly C:\PROGRA~1\INCRED~1\bin\IMAPP.EXEIncredimail: http://www.langa.com/newsletters/2002/2002-10-10.htm#63) You are running Beta Microsoft AntiSpyware and it will interfere with the work HJT has to do, these instructions will hopefully turn it off. Remember to turn it back on when finished.To disable the program, follow the instructions below:A.) Right click on the Microsoft Antispyware tray icon (a little red and yellow circle looking thing)B.) Click on Security Agents Status (Enabled)C.) Click on Disable Real-time Protection.4) HJT needs a folder, create a new folder on the Desktop called HJT then move the HJT.exe and the logfile that should be there into that folder. Needed also to store backups for safety.5) Download CCleaner from this link: http://www.ccleaner.com/ Take the time to review the instructions on the download page so that when I ask you to run it you will know what you are doing.6) Open Hij... Read more

Read other 4 answers
RELEVANCY SCORE 48.4

Could someone identify a listing on this log that would cause this site: http://searchpage.cc/
to appear whenever a web page button or a music file is selected to play?

I have already run Coolwebblaster, Adaware, spybot, spywareblaster, in that order and have not stopped this hijacking. Also, I checked add/remove programs to uninstall, but nothing is there.

Thank you
Logfile of HijackThis v1.97.7
Scan saved at 5:04:06 PM, on 7/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Pat\LOCALS~1\Temp\HijackT... Read more

A:Hijackthis log analysis?

This is suspect:
O2 - BHO: (no name) - {46DAAC7E-7C0B-6051-91AE-C741F2F708EB} - C:\WINDOWS\System32\xnooszwf.dll
This is a known trojan:
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvtr.exe
Look here for removal:
http://www.globalhauri.com/html/support/virus_read.html?page=2&code=TRW3000603
 

Read other 2 answers
RELEVANCY SCORE 48.4

I don't know for sure if this is the right place to post this, but here it is. If it's the wrong place, maybe someone could tell me where to post it? If the right one, I have some kind of keylogger or something on my computer that regular antivirus and antimalware isn't detecting. I can tell from the spam I am getting. This is the HijackThis log for analysis if anyone can tell me what is safe to delete, and what if any next steps I should take. Thanks!

A:HijackThis Log Analysis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===HijackThis is not providing accurate information for 64 bit systems.In your case we need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDDS.COMDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results.Please note: You may have to disable any script protection running if the scan fails to run.Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.====Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with th... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Dear Members,

I am new member and this is my first HijackThis log. I would appreciate if anyone of you could take a look at it and let me know if my system is infected, and how to fix it.

Thank you for your time and valuable input.

Regards,

SLeopard

A:HiJackThis log analysis

Hi SLeopard,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 17 answers
RELEVANCY SCORE 48.4

I am having trouble with "Dr. Watson postmortem". I seems to be some form of virus or trojan that has replaced Windows' Dr. Watson. I've run HouseCall, Spybot, Ad-aware, Avast, AVG, TrojanHunter, SpywareBlaster, Panda Titanium and Microsoft AntiSpyware and it still seems to be there. While in the mess of installing and uninstalling programs other viruses seem to have gotten on. I've been able to clean off a lot, but I'm not sure if I got them all. I'd greatly appreciate any advice you guys have! Thank you so much for your time! Here is my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 9:06:23 PM, on 4/28/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\... Read more

A:HijackThis Log for analysis

Hi Myself and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. Your log is clean.

Dr. Watson is part of the operating system and has been around since Windows 95. It collects data whenever there is a system malfunction brought on by hardware or software. By the time you see Dr. Watson, something bad has already happened. Unfortunately, us mere mortals have quite a hard time understanding the logs made by Dr. Watson. They need to be analyzed by Microsoft personel.

A couple of things that you could check yourself are the system's Event Logs and look for any error messages in the System and Program areas. If the problems recently started and you installed any new hardware or software at the time then that might point to a bad or corrupt piece of hardware or installation.

I would suggest posting a topic in the XP forum and see what they come up with. There are many users there that can assist you in analyzing the problem.

Cheers.

OT

Read other 3 answers
RELEVANCY SCORE 48.4

Hello everyone,I'm not sure that this is the right place to post it' but I have decided to try. Please help with HijackThis analysis. I'm using XP SP2 professional os with the following protective softwares:Norton professional 2005, ad-ware SE professional, Win XP Firewall disabled.A few days ago I visited a site called crackspider (a "friend" sujestion) and as soon as I entered the site. something was uploaded to my computer and installed without any warning neather from Noton personal protection nor from ad-Ware. eversince NAV is displaying a message about a virus called MHTMLRedir.Expoit is present on my computer. I have ran the BitDefender online scan service and all I got was one virus (Exploit.Html.MhtRedir.Gen) that was present at the NAV quarantine. BitDefender announced the file 3 times: the first time was the name of the virus, the second time was "Disinfection failed" and the third one was "deleted", so I guess that the virus was deleted from Nav quarantine. I was trying also running the Panda software on my scan service, but unfortunatly for no avail (It seems to me that my NAV is blocking this site but I'm not sure). I'm a novice with computers, so please provide me with as much detailed instructions as possible about the processes that you think that might help me remove the introuder. Any help will be apreciated.Yafa AlderotyLogfile of HijackThis v1.99.1Scan saved at 10:22:25 PM, on 4/25/2005Platform: Windows XP SP2 (W... Read more

A:Hijackthis Analysis

Hello yafa alderoty and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please proceed with the following steps in order.Step #1First we will remove some programs using Add or Remove Programs in the Control Panel. MyWay Search Bar is an adware infected toobar that installs to the Internet Explorer. Both P2P Networking and Kazaa are malware infected file-sharing applications that include malware in their installations. If you want to use a file-sharing applicaition then go to the Clean and Infected File Sharing Programs link and choose a file-sharing application that is free from malware.Click Start.Click Control Panel.Double-click Add or Remove Programs.Look in the Currently installed programs box for each program listed below and if it is there:Click on it to select it.Click Change (or Change/Remove) button.If you are prompted to confirm the removal of the program, click Yes.MyWay Search Bar (or anything with MyWay in the name)P2P NetworkingKazaaAltnet Points ManagerInstaFinder (or anything similar)Step #2Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLLO3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL... Read more

Read other 7 answers
RELEVANCY SCORE 48.4

Hi,
I am a new member of this forum. Few days back my laptop started behaving erratically. Please check my log and let me know if I am infected and steps to handle the issue. Thanks in advance.

Regards,
FrancisNPM.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:05, on 04-06-2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\... Read more

A:HiJackThis log analysis

Good evening. As HijackThis has not been seriously updated by Trend Micro in some time, it is now no longer considered to be an effective tool for malware removal. You will need to go here, follow steps 6, 7 and 8 and post accordingly into this thread.Will you also include a brief description of your PC's issues, if there are any, or let me know if this is just an exploratory thing.

Read other 2 answers
RELEVANCY SCORE 48.4

Hi folks,
I downloaded Hijackthis to remove an unwanted program cyberfamousas which I believe is
associated with adware or malware.
My computer is seven years old and I would appreciate any help and direction you can provide in
cleaning things up.
Regards,
xcitableboi

A:Hijackthis analysis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:53:24 AM, on 1/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\WINDOWS\System32\cisvc.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\MMKeybd.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotif... Read more

Read other 3 answers