Over 1 million tech questions and answers.

variation of [email protected] - HijackThis

Q: variation of [email protected] - HijackThis

What you please let me know which items should be fixed in this HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 17:07:42, on 22/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
G:\Programmotheque\AnyDVD\AnyDVD.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msdlc.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Roger\Mes documents\Année 2007\Mes Docum QI 2007\HijackThis 1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f270.mail.yahoo.com/ym/login?.rand=378m5puib8sm0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {307042C4-3066-41A5-947B-F177257BF1D6} - C:\WINDOWS\System32\ssqrs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\System32\wsatqaqh.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\System32\trpmhykt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - C:\WINDOWS\System32\yayywxw.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\trpmhykt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\mrnnoebc.dll",sitypnow
O4 - HKLM\..\RunOnce: [freinst] "C:\Program Files\BestsellerAntivirus\pgs.exe" /empty
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .TIF: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = psc.pscnet.com
O20 - Winlogon Notify: awtqnkh - C:\WINDOWS\SYSTEM32\awtqnkh.dll
O20 - Winlogon Notify: trpmhykt - C:\WINDOWS\SYSTEM32\trpmhykt.dll
O20 - Winlogon Notify: yayywxw - C:\WINDOWS\SYSTEM32\yayywxw.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\smc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\Programmotheque\TuneUp Utilities\WinStylerThemeSvc.exe
O23 - Service: Microsoft Networking Services (Windows Networking Services) - Unknown owner - C:\WINDOWS\msdlc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

RELEVANCY SCORE 200
Preferred Solution: variation of [email protected] - HijackThis

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: variation of [email protected] - HijackThis

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me regardless of what it finds with a new HijackThis log .

This will take some time!!!!!!!!

Read other 2 answers
RELEVANCY SCORE 66.8

Read the answer to the question and followed the list of things to do. I have a copy here..what now?Logfile of HijackThis v1.99.1
Scan saved at 3:34:50 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\pmsngr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:... Read more

A:Continue with [email protected] of HijackThis Logfile of HijackThis

Read other 16 answers
RELEVANCY SCORE 65.2

Logfile of HijackThis v1.99.1
Scan saved at 18:29:59, on 26/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Security\isamntr.exe
C:\Program Files\Internet Security\pmsnrr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Internet Security\isamini.exe
C:\Program Files\Internet Security\pmmnt.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe... Read more

Read other answers
RELEVANCY SCORE 65.2

please take a look at my hijackthis logfile

Logfile of HijackThis v1.99.1
Scan saved at 16:45:43, on 03/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:... Read more

A:[email protected] hijackthis log

Hi and :welcome: to TechGuy!!

My name is David

You are currently using HijackThis from a temporary directory, this can cause problems.

Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.
Download HijackThis to the new folder:
Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
Close ALL windows except HJT
SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
Post the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
_____________

David
 

Read other 1 answers
RELEVANCY SCORE 65.2

I got hit with [email protected] I used smitfraudfix in windows
safe mode to get rid of most of the problems and pop ups. But
my internet is still hijacked. I get pop ups every few minutes
and my homepage is always redirected. The site sent to instead of
my homepage is this- http://runonce.msn.com/runonce2.aspx.

Please take a look at my hiJackThis log and see if there is
anything here I need to get rid of. I can also post additional
logs from other software if they are needed.

Thanks,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:03 AM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Quic... Read more

A:I got hit with [email protected] can someone take a look at my HiJackThis

Read other 16 answers
RELEVANCY SCORE 64.4

[email protected], psw.x-virtrojan, [email protected], etc.. If I could get to my desktop I would tell you the programs I already ran. One was Smitfraudfix, another was AVG, and there was another.. nothing has worked. Here is my Hijackthis log. Can anyone please help me? I've been trying all day to get rid of this..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:46 AM, on 10/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware... Read more

A:Here's my Hijackthis log, I have the [email protected], etcetc. Please help

Read other 6 answers
RELEVANCY SCORE 64.4

I know this has been done a million times, but i got this [email protected] thingy on my computer last night, ive looked at a few different websites on how to fix it, it got all too technical for me so im hoping someone here can dumb it right down!! lol
Also I may have SpyWorm.Win32, not sure if thats the first trojan pullin my leg or not...
I got my hijackthis log here as well, hope it helps

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:20 AM, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD... Read more

A:Solved: [email protected] - Hijackthis Log

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

hi there, i really hope you can help me on this cos im worried its gonna send my bank details!

Logfile of HijackThis v1.99.1
Scan saved at 13:45:07, on 08/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program File... Read more

A:Solved: HijackThis Log - please help, [email protected]

Read other 15 answers
RELEVANCY SCORE 64

EMERGENCY ALERT: Many reports of W32/MyDoom-A worm

If you have been infected with this worm, Click Here to obtain the removal tool from Symantec.

Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
Close all the running programs before running the tool.
If you are on a network, or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, then disable System Restore.

"How to disable or enable Windows Me System Restore"
"How to turn off or turn on Windows XP System Restore"
What You Should Know About the Mydoom Worm Variants: Mydoom.A, Mydoom.B, and Mydoom.C (a.k.a. Doomjuice)
Published: January 27, 2004 | Updated: February 10, 2004 - 1:30 P.M. Pacific Time
Important New Information
A new variant of the Mydoom worm, known as Mydoom.C (or Doomjuice), was detected on the Internet on February 9. Currently spreading to computers that were already infected with Mydoom.A, Mydoom.C causes computers to be used in attacks against other computers on the Internet. Infection by Mydoom.C can degrade both computer performance and network connections.

If you suspect that you have this worm or just want to be sure you do not, click here and scroll down to the utility that Microsoft has provided to "Automatically Check Your PC for Infection" and click the "Check my PC for infec... Read more

A:EMERGENCY ALERT: Mimail.R, Novarg.A, Shimg, [email protected], [email protected], Win32.MMa

Read other 16 answers
RELEVANCY SCORE 62.8

Ok this occured out of nowhere-- it went undetected & has been annoying ever since, i use XP.
symptoms:
Certain letters on the keyboard cause random outbursts of keys. the caps & scroll lock turn on randomly

for instance the a ---> sadfJ|
if i press the number one then the computer restarts--
z --> xzcvm
seems to be the left keys only.
another key brings up microsoft outlook--- i've used ewido, kaspersky, clean up, trojan hunter, ...outlook has been mysteriously showing up-- however i dont even have an account or even use it.
these are my log files:

Logfile of HijackThis v1.99.1
Scan saved at 9:14:26 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\M... Read more

A:help, my [email protected] [email protected] been [email protected] over log file inside

does everything look alright here? Should i format my harddrive, buy a new one? Any sort of directions would be appreciated, thanks.
 

Read other 2 answers
RELEVANCY SCORE 62.8

Please Help. I have the following four that pop up through a yellow triangle with exclamation point in my toolbar that creates pop ups for rogue antispyware programs.

[email protected]
PSW.x-Vir
Spyware.Cyberlog-X
[email protected]
[email protected]

I have been following this older thread:
http://forums.techguy.org/malware-removal-hijackthis-logs/639933-solved-networm-i-virus-fp.html

But it has not been working entirely.

I can use the Firefox browser fine, it works well and other programs also work, but start up has slowed down considerably.

Here is the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:11 AM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
... Read more

A:[email protected] & PSW.x-Vir & Spyware.Cyberlog-X & [email protected] & [email protected]

Closing duplicate thread, please continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/644905-i-have-4-trojans-yellow.html
 

Read other 1 answers
RELEVANCY SCORE 62.4

When I try to go to my home page it redircts me to a site wanting you to purchase Spam Blockers/Anti-Virus Programs because it says my computer is infected with [email protected] I have McAfee, but they don't tell me how to remove it. It is in the C drive in the Windows file - System32 - xxfgmy.dll. There may be more but this is the information I obtained thru McAfee. I'll include my Hijackthis log below. Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 12:48:17 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe... Read more

A:Help removing Trojan! [email protected] & Spywarestrike Hijackthis log included

Read other 9 answers
RELEVANCY SCORE 61.2

Hi, I picked up malware. I've read the previouse posts on this one. I've got [email protected] I'm including my HijackThis because what I've read said that's it's best to let the experts review my logfile first. Any help would be greatly appreciated. Kids have homework to do and I won't let them near the computer right now. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:06 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS... Read more

Read other answers
RELEVANCY SCORE 60.8

Since about a month ago, each time I open my laptop (see specs below) has posted the following message on the desktop: "The procedure entry point [email protected]@[email protected][email protected] could not be located in the dynamic link library hpqtscmn.dll."
I have used my avast! antivirus program to run a detailed scan of my hard drive; it returns a clear report. A search of my computer for hpqtscmn.dll yields nothing. Any solution?

SPECS:
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name LAPTOP
System Manufacturer Sony Corporation
System Model VGN-FS640_W
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~1596 Mhz
BIOS Version/Date Phoenix Technologies LTD R0044J1, 6/5/2006
SMBIOS Version 2.34
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name LAPTOP\Alan Spaulding
Time Zone Pacific Standard Time
Total Physical Memory 512.00 MB
Available Physical Memory 55.49 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.20 GB
Page File C:\pagefile.sys
 

A:[email protected]@[email protected][email protected] could not be located in hpqtsmn.dll

reinstall your HP scanjet printer
it is a damaged or missing file from the drivers
 

Read other 1 answers
RELEVANCY SCORE 60.8

Hello, I need a little bit of help. I'm getting that little yellow triangle with an exclamation point in the tool bar and pop ups galore. I use firefox but the popups were coming up in internet explorer. I don't use I.E. so I deleted it of my computer. My computer has been infected with this malware since last night and I have tried multiple programs in an attempt to clear up my computer to no avail.

Here is my hijackthis log, thanks in advance for any help! I was scrolling though some of these posts and I'm amazed at what you guys can do with the information provided.

Logfile of HijackThis v1.99.1
Scan saved at 6:52:35 PM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\D... Read more

A:[email protected], PSW.x Vir trojan, [email protected], spware.cyberlog.x

Read other 8 answers
RELEVANCY SCORE 60.8

Messages have been popping up about security threats and what not, those have been some of the names. I've run some spyware scans and what-not so some may be deleted, but there's still a problem. Computer is acting slow and system alert messages still pop up. This happened to me on my laptop and I was able to fix it with your help, now this is happeneing on my parents desktop and I could use assistance again.

Logfile of HijackThis v1.99.1
Scan saved at 7:10:48 PM, on 2/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\... Read more

A:Solved: [email protected], [email protected], Downloader.zlob.boi

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

Read other 3 answers
RELEVANCY SCORE 60.8

To the Dearest staff here, i really really really need your help.
My computer has gone haywire.. and it seems to me it has contracted millions of trojans and viruses and i am just oh so overwhelmed.. i need to fix this soon so i can do my work.

i think these trojans got on my computer when a forum i was using was hacked and some iframe was put in that lead me to a trojan or virus at everypage i clicked. thats maybe why i have so many problems. BAH.

i started getting system alerts and warnings this afternoon and they wouldnt stop. ive been browsing around the internet for a while.. and ive followed some outside advice.. and some advice from here..

I ran Smitfraudfix.cmd and done option #2 cleanup.
it didnt work.. so i ran a HJT
Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:18 PM, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\C... Read more

A:Solved: [email protected] & [email protected] & PSW.x-Vir & Spyware.Cyberlog-x

Read other 16 answers
RELEVANCY SCORE 58.4

Earlier today, my computer went crazy with pop-up System Alerts and such...
The two malware programs listed were [email protected] and [email protected]

Pretty much, I have PcTools SpyWareDoctor and Avira Anti-Virus programs installed on my computer. Neither one had shown evidence of infection at the time, so I checked this site for more information on both.

Imagine my surprise to find that most of you are having difficulties with the same programs! So far, I have followed directions to fix the NetWork virus only. When I rebooted my computer, I found that I had successfully removed it the components, but now there is a Trojan to deal with. *sigh*

I have downloaded HijackThis! and SmitFraud Fix. Here are the results of the scans:

SmitFraudFix v2.232

Scan done at 11:06:02.75, Fri 09/28/2007
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}"="aldoa"

[HKEY_CLASSES_ROOT\CLSID\{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}\InProcServer32]
@="C:\WINDOWS\system32\swqzdtj.dll"

[HK... Read more

A:Solved: [email protected] and [email protected] infection...

Read other 8 answers
RELEVANCY SCORE 58.4

I got the alert that mah PC is infected with '[email protected]' and '[email protected]';
sometimes the internet explorer starts automatically and the following msg is shown-"Forbidden
You don't have permission to access /gatevc.php on this server.";
Norton scan shows nothing;

Logfile of HijackThis v1.99.1
Scan saved at 1:54:28 AM, on 9/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\WinMediaCodec\pmsngr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\ZoneAlarm\zlclient.exe
C:\Program Files\WinMediaCodec\pmmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\NMain.ex... Read more

A:Solved: infected with [email protected]' and [email protected]'

Read other 16 answers
RELEVANCY SCORE 58.4

Help this is my Smittfraud log

SmitFraudFix v2.253

Scan done at 10:19:27.01, Wed 11/14/2007
Run from C:\Documents and Settings\Lachelle Greer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{0BD417AE-B19B-4B77-97D3-BA73E402BF6E}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»?... Read more

A:I have psw.x-vir, [email protected], [email protected], spyware.cyberlog-x

This is my HJT after running superantispy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:14 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\sy... Read more

Read other 3 answers
RELEVANCY SCORE 58.4

My computer keeps getting balloon pop-ups that say I'm infected with a [email protected] Trojan and [email protected] Also I keep receiving a "malicious action blocked" pop-up. also there is a constant blinking yellow triangle with a black exclamation point in the middle of it, this is where the balloon pop-ups are coming from.
 

Read other answers
RELEVANCY SCORE 58.4

i've had several bubbles in the bottom right corner of my window saying that i have all of these on my comp, as well as random internet windows popping up. 2 days before this occurred, i had uninstalled norton online protection. I've run numerous scans with other antivirus software that were free, and they have found several viruses, but the warnings have continued to show up.

Here is my log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:26 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil... Read more

A:PSW.x-Vir trojan, [email protected], netWorm [email protected]

Please visit this webpage for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

Read other 1 answers
RELEVANCY SCORE 58.4

I am having a bit of trouble after looking through some myspace pages. I seem to have aquired some spyware somewhere along the line. I have 3 different pop ups... one for spyworm.win32, [email protected], and [email protected] Could someone please help me to get rid of these? I am running windows XP Home Edition version 5.1. I noticed that some people have recommended running HijackThis so I have already done this step. Someone please help me out?!

Thanks a bunch,
Megan

Logfile of HijackThis v1.99.1
Scan saved at 8:28:21 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swup... Read more

A:spyworm.win32, [email protected], and [email protected]

Hi, mjones51

Welcome to the forum.

Before continuing, please move Hijackthis to a permanent location. It does not work properly in a Temporary folder.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once ... Read more

Read other 1 answers
RELEVANCY SCORE 58.4

To the Dearest staff here, i really really really need your help.
My computer has gone haywire.. and it seems to me it has contracted millions of trojans and viruses and i am just oh so overwhelmed.. i need to fix this soon so i can do my work.

i think these trojans got on my computer when a forum i was using was hacked and some iframe was put in that lead me to a trojan or virus at everypage i clicked. thats maybe why i have so many problems. BAH.

i started getting system alerts and warnings this afternoon and they wouldnt stop. ive been browsing around the internet for a while.. and ive followed some outside advice.. and some advice from here..

I ran Smitfraudfix.cmd and done option #2 cleanup.
it didnt work.. so i ran a HJT
Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:18 PM, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\C... Read more

A:[email protected] & [email protected] & PSW.x-Vir & Spyware.Cyberlog-x

Do not use code to post the log - just post it into the quick reply box
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has ... Read more

Read other 1 answers
RELEVANCY SCORE 58.4

Hi,

Thanks for looking at my problem!

I have this virus that is similar to what others here have complained about. I get the bubbles telling me to download software. I also have the shield on the taskbar that blinks red x or blue question mark, plus the yellow triangle w/ !. I'm very annoyed and also nervous that I can't get rid of it.

I've noticed that the first step on the forums is to post the HijackThis log, so here it is:

----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:26:54 PM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
... Read more

A:[email protected] + [email protected] trojan + antivirgear.com

Read other 7 answers
RELEVANCY SCORE 58.4

http://forums.techguy.org/windows-nt-2000-xp/523570-solved-psw-x-vir-trojan-2.html

Hello, I wake up and I have 22 Explorer windows to the same website, a small triangle in my bar, and a window popup saying I have the same Trojan/Spyware as the guy in the link above with "required action" of downloading its antivirus software that has broken image links and odd page layouts as well as ballon popups from the triangle with security alerts that look like they are on a cycle between 3-4 different names but the same outcome---download certified ANtivirus software said above from savetheinformation.com.

Thanks for any help!

Logfile of HijackThis v1.99.1
Scan saved at 2:45:16 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\zHotkey.ex... Read more

A:Solved: PSW.X-VIR [email protected][email protected]/similiar

Read other 11 answers
RELEVANCY SCORE 57.2

Like an idiot I installed some software to stream video onto my laptop and 30 seconds later i was flooded with warning bubbles coming from a blinking exclamation sign in the toolbar, "system failures", "critical errors", all kinds of pop-ups offering solutions. I've looked at a million other posts, and almost all recommend running SmitfraudFix at one point or another. However, I can't restart my computer in Safe Mode. when I try, i get all these lines in MS-DOS that say something about partitions and drivers. I've tried running Spybot, and AVG, but it still gives me all this junk. please help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:47 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Fi... Read more

Read other answers
RELEVANCY SCORE 56.8

I posted earlier but did not post my report. I'm also getting a malicious action blocked pop up. I am having multi warning pop ups with different virus names as indicated in the title.
here is my report.
Logfile of HijackThis v1.99.1
Scan saved at 7:36:59 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\Pr... Read more

Read other answers
RELEVANCY SCORE 56.4

My McAfee virusscan detected the [email protected] virus. I'm unable to do anything with it (delete, clean, quarantine). I get disk is write-protected error. I try to browse to the directory it's in and I can't see it. I've changed folder settings to show hidden and system files. I'm running XP and still can't see the folder it shows up in. I've run viruscan in normal and safe mode. Still can't do anything with it. I've included my Hijackthis log.
 

A:[email protected] and disk is write-protected error

You are using an old version of Hijack This. You are also running HJT from your Temporary Internet Files folder. It will not function properly from there and it cannot create and restore backups from there. You need to create a new folder in My Documents and name it Hijack This. Now Click here to download Hijack This again. Download it and click "Save". Save it to the Hijack This folder you just created. That way it can create and restore backups if needed. HJT will store the backups in the same location that it is run from.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 54.4

Hi, I have been searching for help in trying to find out how to get rid of [email protected] and [email protected] I found you guys after searching google and thought maybe some smarter people then I could solve this annoying issue of have web pages opening by themselves. I have used smitfraudfix along with hjt to scan my computer and hope that will help resolve the problems. Below are the results of my scans, please help me.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:44 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update... Read more

A:Infected with [email protected] and [email protected]

I have been able to follow some similar posts to a certain point and fix some of the problems with these viruses ([email protected] and [email protected]).

1-I was able to load and run combofix

2-moved onto sdfix and ran that program and have downloaded but not used FindAWF.exe

I do not wish to proceed further without help from someone who knows the registry for windows XP Home edition.
I have made an updated copy of hjt and smitgaurd and will have them posted following this message. I also have the information saved from the use of combofix and sdfix if this information is needed.

I will keep looking for updated posts till the problem is resolved.

Thank you for you help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:23 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\... Read more

Read other 1 answers
RELEVANCY SCORE 54.4

Hello! I have a problem with removing the SpyBot and Networm baddies. After reading the forums, I ran the HijackThis and SmitFraudFix scans and am posting the logs here. I tried running the Panda scan, but Firefox isn't able to run it and IE won't open the scan window for me. Any help would be appreciated! Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:11 AM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lavasoft\Ad-Aw... Read more

A:[email protected] and [email protected] Removal

Hi, Welcome to TSG!!

The P2P programs you have installed expose you to risks because of the nature of the P2P file sharing process. File sharing/P2P programs rely on members giving and gaining unrestricted access to computers across the P2P network. This practice can make you vulnerable to data and identity theft. It also exposes you to very malicious worms and trojans. You change those risky default settings to a safer configuration but the act of downloading files from an anonymous source greatly increases your exposure to infection.

Go to add/remove programs and remove Ares.
Download the HostsXpert 4.0 - Hosts File Manager.

Unzip HostsXpert 4.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.0 - Hosts File Manager
Run HostsXpert 4.0 - Hosts File Manager from its new home
Click "Make Hosts Writable?"
Click Restore MS Hosts and then click OK.
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Run HJT again and put a check in the following:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ubmigvoc.dll
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gywklile.dll",sitypnow
O8 - Extra context menu item: &Search - ?p=ZJfox000

Close all applications and browser windows before you click "fix ... Read more

Read other 1 answers
RELEVANCY SCORE 54.4

hi,

basically im having the same problem as most other people that ive read threads here have. i downloaded a codec (obviously now i realise it wasnt legit), and have since been bombarded with popups and info bubbles in the taskbar. they usualy have [email protected] and [email protected] in the text, so i googled these terms and came acrooss this site. i read the threads that deal with getting rid of these, so i followed the guidelines and i dowloaded SmithFraudFix, extracted it to desktop, turned off system restore, restarted the computer, hit F8 and entered safe mode, pressed yes again to remain in safe mode, logged in as administrator.....but SmithFraudFix is not on my desktop! i redid this procedure about 4 or 5 times, trying out different ways each time, but i cant find SmithFraudFix anywhere while im in safe mode.

Please could someone help?
 

A:Solved: [email protected]' and [email protected]'

Read other 13 answers
RELEVANCY SCORE 54.4

Well that dam triangle won't leave me alone. I'm all out of luck, I have tried everything from spybot search and destroy to McAfee. Here the Hijack this, let me know the technique to dispose of this. I read your other replies and I am fearful to use those methods without being sure as to what I have.
Hijack this :
Logfile of HijackThis v1.99.1
Scan saved at 5:20:34 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
... Read more

A:[email protected], PSW.x Vir trojan, [email protected]

Read other 15 answers
RELEVANCY SCORE 54.4

hello all, please bare with me as this is my first post & and i am not bril with computers.

Two days ago, my computer has seemed to pick up these two things. Now i have tried McAfee but it doesn't seem to get rid of them. I have all my daughters pictures on this computer and am petrified i am going to loose them all. I don't know what to do, or how to get rid of this, can anyone help? And if you can is there anyway you can explain it to me that i will understand it?

Thanks for your help
 

A:Solved: [email protected] & [email protected]

Read other 16 answers
RELEVANCY SCORE 54.4

Hello,

I have read several other posts where you guys have been able to take care of these viruses and I would love to have these two buggers off my system as soon as possible!

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:22:37 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3dsMax8\m... Read more

A:Solved: [email protected] and [email protected]

Read other 16 answers
RELEVANCY SCORE 54.4

Hello,

I'm needing some help removing the above, i keep getting balloons apearing advising of malware threats and system errors. Also 2 icons keep apearing after i have deleted them on the desk called "Live Safety Centre" and "Online Security Guard"

I have tried smitfraudfix v 2.253 but still had the same problems

Here are the Logs:

SmitFraudFix v2.253

Scan done at 23:01:16.51, 2007-11-22
Run from C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 NtKrnlpa.info

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) - Packet Scheduler Miniport
DNS Server Search Order: 158.43.240.3
DNS Server Search Order: 158.43.240.4

HKLM\SYSTEM\CCS\Services\Tcpi... Read more

A:Trojan - [email protected] & [email protected]

I've now used te Vundo programme and its helped alot but i've still got a few problems.

Here is the new Hijack This log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:36, on 2007-11-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\firewall.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MS\Desktop\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft... Read more

Read other 2 answers
RELEVANCY SCORE 52
A:Please need one cd key counter strike not used send on my Email [email protected]

Where to get a counter-strike CD Key are you asking? Why thats an easy question.

Your local computer store, or ata MediaPlay, Best Buy, Circuit City, etc. Or online from Amazon or another store.
What-you thought we would give you one for free?
http://www.techguy.org/rules.html
 

Read other 1 answers
RELEVANCY SCORE 52

My school has recently switched to Google Apps for its email service, now resulting in students having an address of [email protected]. I also started working for a company that uses this email in the form of [email protected]. I would like to be able to access both of these email accounts using Mozilla Thunderbird 2.0.

I've been told that by changing the user name for these accounts to include the full email address will allow access as if the account was a regular Gmail account, but I have not been able to make this work. I continue to get an error message:
Code:
Sending of password did not succeed. Mail server pop.googlemail.com responded: Username and password not accepted.
This also happens for the mail server pop.gmail.com.

I tried using the Unlock CAPTCHA feature for both accounts. It worked for the [email protected] email address (it unlocked it, supposedly), but not for the [email protected] account. For the edu account, the unlock CAPTCHA responded saying the username and password do not match.

I also just installed the addon Gmail IMAP Account Setup for Thunderbird, which seems to know just what to do. However, with the employee email, I get the error message, "Login to server imap.gmail.com failed." With the student email, I get the error, "Invalid credentials (Failure)" followed by the same error as the employee email.

My I know my login information is correct. This is getting very frustrating. What do I do to... Read more

Read other answers
RELEVANCY SCORE 49.2

Problem: when an email is replied to in Plain text - an email address is slipped in to the email's body: "<mailto:[email protected]>" It's not being done by the person replying and it's only happening to 1 user.

what I've done so far:
a. I've already checked the user's signature and I dont see "mailto:" anywhere
b. checked the user's AD account

what else can slip this line in??
 

A:Outlook 2003 - adding "<mailto:[email protected]>" inside body of email

Read other 9 answers
RELEVANCY SCORE 49.2

Hi Everyone,

I use Eudora for email and when I check mail Norton detects the [email protected] virus and posts the following messages.

The 1st alert says Unable to repair file.
The 2nd alert says Access to file denied.

The problem is that Eudora disconnects from the mail server and doesn't download the waiting email messages. When I click check mail it opens the server and goes through the same routine again without downloading the mail. I've run the fix from Norton for this virus and it says I don't have the virus on the computer.

I get the message: Error reading from Network Connection closed by foreign host.

Eudora shows that the amount of email awaiting download is increasing each day, so it must be getting to some point.

Can someone please tell me how I can correct this problem and download mail.

Thanks for your help.

Regards,

John
 

A:[email protected] Email Help Needed

Read other 6 answers
RELEVANCY SCORE 47.6

Cannot get rid of [email protected]

My hijack this log file is as follows:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:57:27 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaSafeConnectWatcher.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 47.6

I have this virus and my computer is running really slow. If anyone knows how to get rid of it please help asap. Everytime i open my internet explorer a security page comes up with a pop up. What should i do?
 

Read other answers
RELEVANCY SCORE 47.6

Hi. My son got on my computer and got into some things he shouldn't have. Now I have messages popping on my computer saying I have several spyware/trojans.
It says I have [email protected] and it says I have PSW.x-Virspyware and something about spyware.cyberlog-x. I downloaded Hijack This and here is my log. PLEASE HELP!

Logfile of HijackThis v1.99.1
Scan saved at 2:51:40 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Video AX Object\smmain.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\... Read more

A:[email protected] & psw.x

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132
Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the ... Read more

Read other 1 answers
RELEVANCY SCORE 47.6

I seem to have [email protected] on one of our office computers. I have looked on your site and followed the instructions given to another member. Attached is the Hijack this note pad. Can you give me some halp please. I will send the listing from smitfraudfix in a second thread.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:26 AM, on 9/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iCodecPack\isamonitor.exe
C:\Program Files\iCodecPack\pmsngr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\iCodecPack\pmmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iCodecPac... Read more

A:[email protected]

Read other 8 answers
RELEVANCY SCORE 47.6

Friends and possibly my own computer are infected with [email protected] What can we do?

Part of message that bounced back to me:

----- The following addresses had permanent fatal errors -----
<'friendsname'@bellsouth.net>
(reason: 551 [email protected] infected)
 

A:Help! Get rid of [email protected]

Read other 6 answers
RELEVANCY SCORE 47.6

Any help with this would be appreciated.
Ive downloaded Hijack as you have advised other users and here is my report

Logfile of HijackThis v1.99.1
Scan saved at 21:02:36, on 19/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iCodecPack\pmsngr.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\iCodecPack\pmmon.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Pr... Read more

A:[email protected]

Read other 10 answers