Over 1 million tech questions and answers.

Hot_kiss virus!? Hijack This log... please please tell me what to do!

Q: Hot_kiss virus!? Hijack This log... please please tell me what to do!

Hi, I've got the Hot_kiss virus, and I've read through most posts concerning this so I downloaded Hijack This, and my log is below. PLease please could you tell me what do from here on! Thank you in advance!

Logfile of HijackThis v1.97.7
Scan saved at 13:00:59, on 14/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpyBlocker Software\spyblocker.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\svchost.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KaZaA Lite\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis[1]\HijackThis.exe

O2 - BHO: (no name) - {004B23E0-1E63-4ED6-BCAC-922BA26CF096} - C:\Program Files\Wincognito\Pop Up Blocker\files\PBBHO.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Pop Up Blocker - {D0B72B55-4B68-4A57-9719-E119AD1D8950} - C:\Program Files\Wincognito\Pop Up Blocker\files\ToolBar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [System MScvb] C:\WINDOWS\mscvb32.exe
O4 - HKLM\..\Run: [system] dcomx.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [Runner] C:\WINDOWS\svchost.exe /i
O4 - HKLM\..\RunServices: [system] dcomx.exe
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\mscvb32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AC25FA0-7984-44AE-8222-688EE47CFB7A}: NameServer = 194.74.65.69 217.35.209.180
O17 - HKLM\System\CS3\Services\Tcpip\..\{0AC25FA0-7984-44AE-8222-688EE47CFB7A}: NameServer = 194.74.65.69 217.35.209.180
What shall I do now?

RELEVANCY SCORE 200
Preferred Solution: Hot_kiss virus!? Hijack This log... please please tell me what to do!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Hot_kiss virus!? Hijack This log... please please tell me what to do!

Please stay with one thread. http://forums.techguy.org/showthread.php?t=220297

Read other 1 answers
RELEVANCY SCORE 62.8

Hello,

I have this Hot Kiss irus or programme, could you please help me as of how to get rid of it? if possible could you please explain step by step very easily? thank you very much.

i have read the other thread on this but do still not understand, i cannot download zip files because they keep opening in ms publisher.

cheers.
 

A:Hot_Kiss Virus

Please DO NOT post duplicates.

Reply here:

http://forums.techguy.org/showthread.php?postid=1534869#post1534869

Closing duplicate.
 

Read other 1 answers
RELEVANCY SCORE 62.8

i am a chinese.

i found TSG today,it's very good!
who can help me?

does the hot_kiss is a virus?

thanx
 

A:hot_kiss , virus?

Read other 16 answers
RELEVANCY SCORE 49.6

this is probably a common thing, but this dialler keeps interrupting my ISP and causes 2 pop ups and changes my home page to http://www.123found.com. Then my dial up keeps breaking off and i have to keep reconncting.

Do anyone have a cast iron way of getting rid of this?

I am not a computer expert, but have downloaded Ad-aware and Spybot - both do no good at all.

thanks is advance.
 

A:hot_kiss.exe

Read other 13 answers
RELEVANCY SCORE 49.6

hi

could somebody please tell me how to get rid of this virus?

thanks.
 

RELEVANCY SCORE 48.8

Hi this is my log file, I'm having a similar problem as others have had with the 'Hot_Kiss' virus. Id be incredibly grateful if you could help me out, this is a persistant and expensive virus.
Thanks, Oli

Logfile of HijackThis v1.97.7
Scan saved at 10:22:21, on 08/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Fmctrl.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Oliver's\Winamp\winampa.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\User\LOCALS~1\Temp\sysdaemg.exe
C:\Ol... Read more

A:Hot_Kiss, Could someone look at my log file?

Hi Cheadle

Welcome to TSG!

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com

O4 - HKLM\..\Run: [System Process] C:\WINDOWS\csrss.exe /i

O4 - HKLM\..\Run: [1on1] C:\WINDOWS\1on1.exe -n

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete:

The C:\WINDOWS\1on1.exe file
The C:\WINDOWS\csrss.exe file

*Note: The legitimate csrss.exe file is in the C:\Windows\System32 folder. DO NOT delete that one.

Also in safe mode navigate to the C:\Documents and Settings\User\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
 

Read other 3 answers
RELEVANCY SCORE 48.8

I hope someone can help, and I'll be sure to make a donation if so.

Like several other posters, I have been struck by the Hot_Kiss dialer, which silences my modem dial-up, installs a new dialer on to the computer, and dials it without my permission. Not to mention the hardcore images.

I have attached my Hijack This log below, having found Ad-Aware does not help.

Can anyone talk me through what to do now. I am not a complete illiterate, but the more basic the advice the better. I am running Windows XP.

Thanks in advance.

HS

Logfile of HijackThis v1.97.7
Scan saved at 20:22:30, on 6/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\browse.exe
C:\WINDOWS\System\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com
R1 - HKLM\Software\Microsoft... Read more

Read other answers
RELEVANCY SCORE 48.4

Hi; I'm SO glad that there are people like you guys around who are A) Able to help computer thickos such as myself and B) willing to!

Basically I'm on the net when Norton Anti Virus says that it has intercepted and killed the Trojan.ByteVerify bug. I'm pleased and carry on surfing. But then an icon appears on my taskbar for the 1on1 chat service at 1.50 a minute and pops up. At the same time my startpage is set to 123found.com and the virus switches off the sound on my modem and tries to redial an XXXSERVER which has been added to my dialups. The number is listed as 5551212, (how can this be premium rate when its not a 09000 number? [in fact when I dial it from my phone the number is said not to exist] I'm not that tech savvy to understand these things unfortuanately.
I deleted the hot_kiss (came back as 1on1 when deleted) file from C:\Windows and reset my homepage (and checked that my critical updates had all been installed). Then I checked files which had been created / modified within the last few minutes. As well as the chat dialer thing it said that csrss.exe had been created in C:\Windows (I turned off archive and hidden settings etc and tried to delete it, but it wouldnt let me <maybe for the best as I wasn't 100% sure it was involved, but I think it is).

I downloaded and ran ad-aware 6; Spy-bot and Xoft spy, but they never found anything apart from a couple of minor vulnerabilites which I corrected. The online trojan scan and CWShredder... Read more

A:1on1 hot_kiss trojan HELP!!!

Not a bad instinct Andrew

Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windowsincluding this one and "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O4 - HKLM\..\Run: [Update] C:\WINDOWS\csrss.exe /i
O4 - HKLM\..\Run: [1on1] C:\WINDOWS\1on1.exe -n
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//7ble.chm::/wincfgid.exe

Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Delete:
C:\WINDOWS\csrss.exe [MAKE SURE ITS THE ONE IN THAT EXACT LOCATION]
C:\WINDOWS\1on1.exe
C:\bla.MHT

let us know if its ok after.

 

Read other 1 answers
RELEVANCY SCORE 38.4

Alright to start off i regularly run Avast professional aswell as Adaware. I recently started using ccleaner also. Two weeks ago i kept getting google redirects in IE and Firefox. NOW, i cant even access my browsers. Ive tried Google Chrome, IE, Firefox, AND Opera 10 Beta! The only browser i can access is Blackbird for some reason. All the others get a proxy denied! Heres a picture ( http://tinypic.com/r/33tmiqq/5 )So i installed HJT and i couldn't run it, after doing some google searching i found that sometime virus's block HJT from running by its name, so i simply reinstalled with a new name and new folder and the renamed the program in the folder and wah-laa i got it too run. Which is telling me that something IS blocking it from running with its usual name! In the HJT File "thenew****.exe" is hijackthis rennamed so i could get it to work.Ive ran Avast Scan and Adaware scan and found several items but i quarantined and deleted them all, although some seem to be reappearing. Also When running CCleaner one file doesn't delete, it seems some other Thinkpad t43 users are having this problem aswell, and im not sure of what it is. (Update: i just ran CCleaner again and this item didn't show up, but other thinkpad t43 users can get rid of it, so im baffled by this now aswell.)Once again heres the picture of all 5 browsers trying to run ( http://tinypic.com/r/33tmiqq/5 ) and heres my HJT Log, Someone help please because i'm beyond having no idea at this point... Read more

A:All browser Hijack, Virus Blocking Hijack This from running. HJTLogfile Enclosed! HELP!

my apologies.

Read other 3 answers
RELEVANCY SCORE 38.4

Hello!
 
 
As per Malwarebytes Anti-Malware scan results, my pc is infected with the following
 
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[15346897017956e03bc6c763917352ae]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[4bfe4eb14337d264758def3bb74d3ac6]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[4306689786f4f73fab5882a8877d21df]
PUM.Hijack.TaskManager, HKU\S-1-5-21-2000478354-179605362-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[69e042bdf28891a5c728da51e1237a86]
PUM.Hijack.Regedit, HKU\S-1-5-21-2000478354-179605362-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[dc6db34c314924124548f238798bf20e]
 
 
Please note:
 
1. The virus came through an infected pen drive
 
2. I am unable to boot the computer in safe mode. It keeps going in a loop.
 
3. I have used Combofix, Hitmanpro, Avast, MBAM, Anvi smart defender to remove the infections. But the infections keep coming back. Now, Combofix, Hitmanpro, Avast have become corrupt and unuseable.
 
4. The taskmanager and registry editing have been disabled. I... Read more

A:Windows XP infected with Virus.Sality,PUM.Hijack.Regedit, PUM.Hijack.TaskManager

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi vp17,
 
This doesn't sound good, but I would like to confirm it is Sality before I give you some bad news.
 
What detected Sality? Do you have a log for that program?
 
Also, please go to the root of your drive (normally C:) and y... Read more

Read other 5 answers
RELEVANCY SCORE 38

So my pc was hit with a variation on the XP Antivirus 2011 virus. I ran Malware Antibytes, SuperAnti Spyware, and Hitman Pro and it seems to have removed the virus. However, a browser hijack still exists so that whenever I click a link in a search engine, it takes me to an assortment of sites (from fake antivirus sites to plain marketing pages). I can't seem to get rid of it and don't know enough about looking at the logs to identify it. I'd be very grateful if someone could identify any malicious programs I have running.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:05, on 5/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files... Read more

A:After Virus Removal, Browser Hijack Remains (Hijack This Log)

Read other 7 answers
RELEVANCY SCORE 36

After clicking on what now can be deemed a 'dodgey' link, I have seemed to have picked up this annoying virus. Common annoyances include the incapability to open programs, and the fake window that opens up, attempting to explain that I have many problems with my computer, whilst trying to encourage me to register with them as well. Upon logging on, Windows also tries to tell me that my computer is not protected, and is at risk.

You guys have helped me out a lot in the past, and I would sincerely appreciate further help with this issue. Thank you. It may also be worth stating that I have two main accounts on the computer. The account on which I was logged in on when obtaining the virus is the only one that seems to be affected.

System info from TSG SysInfo

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 2047 Mb
Graphics Card: ATI Radeon HD 2350, 256 Mb
Hard Drives: C: Total - 238464 MB, Free - 199233 MB;
Motherboard: ASUSTeK Computer INC., P5KPL-AM, x.xx, MS1C92B00A00924
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:41:15, on 03/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Syst... Read more

A:XP Anti-Virus 2011 virus problem, hijack log attached

Read other 7 answers
RELEVANCY SCORE 36

First off pc specs:
duo core 3.2 ghz running windows xp sp2

now the problem:

I was surfing the internet last night and got hit with some nasty popup giving a fake security alert in the toolbar I then killed the open firefox browser through task manager and then tried to run some anti virus/maleware programs to check for infections and this is where the problems began.

First off a strange little pop up keeps appearing on the computer from "Internet Explorer" saying: "Scripts are usually safe, do you want to allow scripts to run?" with a yes/no option. (I've always clicked no or the little x box to exit it)

Trojan Remover: When the scan begins it proceeds normally until it reches the services/drivers part of the scan then just terminates.

Malware Bytes Anti Malware: It started running for about 20 seconds then suddenly terminated and now whenver I try to run it I get the following error: "Windows cannot access the specified device, path, or file, you may not have ther appropriate permissions to access the item"

Hijackthis: It started running for about 20 seconds then suddenly terminated and now whenver I try to run it (even the hijackthis.exe) I get the following error: "Windows cannot access the specified device, path, or file, you may not have ther appropriate permissions to access the item"

Spybot S&D: Started running for about 20-30 seconds then abruptly terminated and now gives the "Windows cannot access the spec... Read more

A:Adaptive virus keeps disabling anti virus progams & hijack this

Any suggestions or feedback, (such as if snort woudl be worth using) would be appreciated, thanks.
 

Read other 2 answers
RELEVANCY SCORE 36

my computer has gotten some sort of virus my screen goes all black except the start bar on the bottom ( i cans till open programs from there) and a thing called system check keeps poping up saying i have a million errors and asking to scan my computer and buy the full version but it wont go away no matter what i do, unless i run in safe mode like im doing now. ive scaned with avg and malwarebytes and it still wont go away ( there not finding any thing ) and like 30-40 or so boxes keep poping up saying different system 32 files are corrupted but i can click those off.and when the computer first starts up it says somethings wrong with the ati catalyst drivers here is my hijackthis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:49 PM, on 1/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\matt\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Li... Read more

A:bad virus acts like a virus scanner wont go away (hijack log included) help please!!

Read other 15 answers
RELEVANCY SCORE 36

Computer was obviously infected. Reformatted and reinstalled OS. Computer still infected. Ran Malwarebytes and Virus.Expiro, Hijack.Comsysapp and Virus.FakeMS detected. Will attach Malwarebytes log as well as other items requested in the "preparation guide..."
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by hmc at 18:10:54.79 on Wed 10/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3239 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\hmc\Desktop\gmer\gmer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\hmc\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey... Read more

A:Virus.Expiro, Hijack.Comsysapp and Virus.FakeMS Detected

Hi,

I know the response time is ~5 days. I've been waiting for 9. Could someone look at my case? Thanks

Read other 16 answers
RELEVANCY SCORE 35.6

My problem has puzzled me for a while now. I cannot quite remove this Anti Virus Soft Virus off my computer. I ran malwarebytes but i think it might be somewhat deeper. But I need someone to help me with checking out my Hijack This Log and I need what i should check and fix. If you have any further questions feel free to ask.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:41:45 PM, on 5/4/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Program Files\Advanced System Optimizer 3\SystemProtector.exeC:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exeC:\Program ... Read more

A:Anti Virus soft (virus) Need Hijack This Log Examined

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 35.6

Hi,
 
my laptop is Windows 8.1 Proo 64-bit on a sony vaio.
 
my laptop is infected with 2 things : "Flash Player Pro" and browser hijack, where, every site i try to open , gets redirected to mbox.com or candyoyo.
 
I found this thread below and ran the tools :
 
http://www.bleepingcomputer.com/forums/t/554256/flash-player-pro-and-mystery-app/#entry3523433
 
FSS
MTB
MBAM
rKill
MBAR
AdwCleaner
JRT
TFC
 
I'll post the logs in the next reply, in few minutes...
 
any other tools I should run?
 
Pls help.
 

A:"Flash Player Pro" virus and browser hijack virus

there are too many log files, 5-7 in total.
 
Do i copy-paste or attach them in this post? pls advice. I cannot find the option to attach files, when I clicked "more reply options".
 
also, I cannot download "SecurityCheck.exe" from http://screen317.spywareinfoforum.org/SecurityCheck.exe. it's broken or not found.
 
any alternatives to "SecureCheck"?

Read other 11 answers
RELEVANCY SCORE 35.6

A couple of days ago I noticed my google searches being redirected. I ran McAfee and it found nothing. Now today the only thing I can do is access a website ("Antivirus Scan") that is trying to get me to buy their antivirus software, some sort of full blown Ransonware. I can't run any .exe file. I can't do a single thing unless I run safe mode. I can't even get regedit to open up. Operating XP 5.1 in safe mode does work to access the internet but I still can't change settings in McAfee to search for Spyware.

Here is the DDS Scan:
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 13:16:51.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.720 [GMT -6:00]

AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program... Read more

A:Google Redirect Virus Turned into a Hijack Virus

Hello and welcome to Bleeping Computer Merry Christmas. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions tha... Read more

Read other 2 answers
RELEVANCY SCORE 34.8

hi every one new to all this been hijacked got every virus known help me
 

A:virus adware and hijack and multiple virus

i got trojans to and lots of them
 

Read other 3 answers
RELEVANCY SCORE 33.6

Just recently I got this virus that says all of my anti-virus software is out of date. Whenever I go online it keeps me from going to sites saying the sites aren't safe. And I keep getting pop ups about installing anti-virus which is clearly the virus. Here is my hijack this log. Please get back to me as soon as possible. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:52:04 PM, on 5/19/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\sys... Read more

A:Hijack This Log - Virus Keeps Saying Need Virus Software

Hi BatmanD,Sorry for the delay the forums here at BC are always very busy and we do are best to keep up. Sinceyour log is quite old and alot could have changed, I would like to see a new log please. If you nolonger require any help could you let me no please, so this topic can be closed.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. Then post back with DDS.txt. Also please attach, Attach.txt in your next reply.Thanks

Read other 3 answers
RELEVANCY SCORE 32

I've recently come across the AIM virus on my computer that appears in a link and stupidly clicked on it. I've tried getting rid of it but it doesn't show up as a virus on my scans. Here's my hijack this log. Hopefully there's something to be fixed on it.
Logfile of HijackThis v1.99.1
Scan saved at 2:50:45 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA... Read more

A:Aim Virus: Here's Hijack This Log

Welcome to TSG

Hijack This is running from the Temp folder.
It needs to be in a permanent folder on the hard drive.
It will not function properly from there and it cannot create and restore backups from there.

Redownload it here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

Let it extract to C:\Program Files
Rerun it from there and post a new log
 

Read other 3 answers
RELEVANCY SCORE 32

I have a Hijack virus and purchased spyware docters to get rid of it. No luck. I hope you can help me.Here are my files.Thanks, pcrichDDS (Ver_09-12-01.01) - NTFSx86 Run by Steve at 14:01:17.43 on Sun 01/24/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://www.dell4me.com/mywayuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://www.google.com/iemDefault_Page_URL = hxxp://www.google.commDefault_Search_URL = hxxp://www.google.com/iemSearch Page = hxxp://www.google.commSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsluInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dlluURLSearchHooks: McAfee SiteAdvisor Toolba... Read more

A:I have a Hijack Virus, please help

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. Do you still require help?If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 14 answers
RELEVANCY SCORE 32

Hello all. Please can any one help me. I picked a couple of trojans which I removed ok, but when I run AVG, I still get virus alert for .scr
I am running windows xp pro!
Here's my hijack log if anyone can check it out for me....thx

Logfile of HijackThis v1.98.2
Scan saved at 00:00:10, on 11/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common... Read more

A:Hijack this - help please - .scr virus?

scr is a screensaver file extension but indeed there are dozens of viruses around that contains that extension.I recommend that you should scan your hdd - all files and all extensions -with a trusted antivirus software like McAfee.Those guys have a free scanning tool on mcafee.com.
 

Read other 1 answers
RELEVANCY SCORE 32

Sony Vaio laptop, fixing for someone. Had AOL redirecting virus. I deleted the AOL toolbar, need help with this logThanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:48:08 AM, on 10/16/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil9e.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer�... Read more

A:Hijack this log....not sure if there is a virus.

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. ... Read more

Read other 2 answers
RELEVANCY SCORE 32

Hi, My buddy got a virus and I helped him clean up his comp. Here is his hjt log tell me if I missed anything

Logfile of HijackThis v1.99.1
Scan saved at 3:28:20 AM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy S... Read more

A:Hijack This log possible virus

Assuming that this is probably an "error" on HijackThis's part:

O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing

and bmnet.dll is actually present -- I don't see any problems in the Scanlog.
 

Read other 3 answers
RELEVANCY SCORE 32

Hello,
My sister has a laptop and accidently install "something".
I think its virus, so please check the log and if there's any virus guide me how to remove it.

thanks in forward

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:54, on 2008-11-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program\Antivirus 2009\av2009.exe
C:\Program\Grisoft\AVG7\avgwb.dat
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - ... Read more

A:HIjack log, virus

Read other 14 answers
RELEVANCY SCORE 32

Someone at this post
http://forums.techguy.org/web-email...rts-when-internet-connection.html#post4047980
suggested that I do a new post with a HiJack This log inserted. I also have Symantec AntiVirus which seems to have detected some bad stuff. First the HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 3:00:20 AM, on 10/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2614.3500)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\cpqalert.exe
C:\WINNT\CPQDIAG\CPQDFWAG.EXE
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\SYSTEM32\ZONELABS\vsmon.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\... Read more

A:HiJack This run - Virus take over?

Read other 16 answers
RELEVANCY SCORE 32

I may have a virus in the system folder within a svchost file. I run AVG every night but it looks like I still got snagged. Here is my hijack this log from tonight. Thanks in advance for your help!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:39 PM, on 9/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServic... Read more

A:Possible Virus. Hijack this Log. Please help.

to the top. I may have been missed or may have done something wrong? Thanks for your help!

Read other 3 answers
RELEVANCY SCORE 32

Logfile of HijackThis v1.97.7
Scan saved at 7:19:50 PM, on 12/1/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\SYSWB6.exe
C:\WINDOWS\System32\Winkb6.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mary Jean\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bw.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Soft... Read more

A:Hijack virus log

Run Hijack this again, out a check by all of the following, close all browsers, and hit 'Fix This'.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = C:\WINDOWS\system32\searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://findloss.com/srchasst.html
O1 - Hosts: 66.40.16.131 livesexlist.com
O1 - Hosts: 66.40.16.131 lanasbigboobs.com
O1 - Hosts: 66.40.16.131 thumbnailpost.com
O1 - Hosts: 66.40.16.131 adult-series.com
O1 - Hosts: 66.40.16.131 www.livesexlist.com
O1 - Hosts: 66.40.16.131 www.lanasbigboobs.com
O1 - Hosts: 66.40.16.131 www.thumbnailpost.com
O1 - Hosts: 66.40.16.131 www.adult-series.com
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com

You might be well served to run a new HJT log and post it; I may have missed something.

Symantec Security Response on downloader.tooncom
 

Read other 3 answers
RELEVANCY SCORE 32

I have been working on this virus for 2 days and cant find it or figure out what it is. It keeps changing my homepage, adding links on my desktop, and at times making a huge link on my desktop that makes me go to the website no matter where i click.

here is the log

Logfile of HijackThis v1.97.7
Scan saved at 4:08:46 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Wes S\My Documents\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/... Read more

A:Need help with virus- HiJack this log inc.

Read other 10 answers
RELEVANCY SCORE 32

My friend pc is infected with some virus..He got constant pop ups.Anyway hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 3:35:16 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP... Read more

A:Virus..hijack this log

Please save or print these instructions before beginning

Move HijackThis to a permanent folder such as your Desktop
Go to Start>>Control Panel>>Add or Remove Programs
Uninstall any of the following programs that appear in the list:

SpyAxe



Save smitRem to your Desktop and run smitRem.exe

Download and install Ewido Security Suite
During the installation, uncheck the following under Additional Options:

Install background guard
Install scan via context menu

Run Ewido and click OK when prompted to update the program
On the left side of the screen, click update>>Start
When the update is finished, exit Ewido

Start your computer in Safe Mode

Open the smitRem folder and run RunThis.bat. Follow the onscreen prompts

Run Ewido Security Suite
Click scanner>>Complete System Scan
Click OK when prompted to clean the problems found
When the scan is finished, click Save Report and save a copy of this log to your Desktop
Exit Ewido

Go to Start>>Control Panel>>Internet Options>>Programs
Click Reset Web Settings>>Apply>>OK

Go to Start>>Control Panel>>Display>>Desktop
Click Customize Desktop>>Web
If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK

Restart your computer

Run Kaspersky Online Scanner and post the results here

Post the contents of C:\smitfiles.txt

Post the contents of the Ewido Security Suite report that y... Read more

Read other 3 answers
RELEVANCY SCORE 32

hello there. I think I have a virus on my computer that's been going around on AOL Instant messenger. This is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:24:31 PM, on 7/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yaho... Read more

A:new virus- hijack this log

Read other 9 answers
RELEVANCY SCORE 32

I know I've got the virus (Outlook and IE don't work, NAV Live Update freezes) but I've tried scanning for viruses, checking my registry, running the fix tools and I thought I had it beat but Outlook still doesn't work. Can somebody help me out here? Thanks so much!

Logfile of HijackThis v1.97.7
Scan saved at 2:57:07 PM, on 1/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SM56HLPR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\ADAPTEC... Read more

A:RE: Virus & Hijack this --help!

I don't see anything in the Scanlog that is malicious. What virus do you think you have?

Since this is an IE/Outlook Express problem primarily I would try removing IE then updating it again installing all components.

For the Nav live update freeze, try disabling ZoneAlarm temporarily.

See also:

http://service1.symantec.com/SUPPOR...88256cdb007648b9?OpenDocument&src=bar_sch_nam
 

Read other 1 answers
RELEVANCY SCORE 32

Trying to sort friends computer out windows98se with microsoft plus98 on one of the acconts with the mcafee program and cant remove that in add remove programs as its not there,,, cant get it to connect to the net so havent been able to run spybot or update adware.when installing anti virus program about a year out of date (antivir) it found and deleted (The file nduninstall4_50.exe contains signature of the dial up program dial/300 744) and then in safe mode found and deleted (the file newdotnet3-36.dll contains signature of the spr/newdotnet.a program) and ( the file defanlt.c.ssis the trojan hourse ty/qhost.a.z) and then when i restarted computer my anti virus has been disabled and removed from the startup list msconfig and i cant turn it back on. got 2 log reports and she has 2 acconts and they are different. got message from anti virus update (server name or address could not be resolved) trying to connect to net at my home now, i can burn programs to put on if need to ,,,,thanks for any help

Logfile of HijackThis v1.99.1
Scan saved at 01:22:32, on 10/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\K... Read more

A:virus's and hijack log

You may need to transfer this tool to the infected PC.

LSPFix.exe

Instructions for using LSPFixDouble click on LSPFix.exe to run it.
Once running, you will be required to tick the disclaimer "I know what I'm doing".
You'll find a window with 2 panes.
In the left pane which is labeled Keep, select all instances of newdotnet4_50.dl
Then click on the arrow pointing to the right, >>.
This will move the entry to the right pane labeled Remove
Click the Finish button to complete the fix.
If there are any files listed in the right pane when you start the program, please note their names and post them here, Do not continue with the fix

Can the PC access the Internet now?

Read other 3 answers
RELEVANCY SCORE 32

Hi, this is my log from Hijack This, please can somebody help me what is wrong??Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:05:11, on 8. 12. 2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18319)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exeC:\Windows\PLFSetI.exeC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exeC:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exeC:\Program Files&#... Read more

A:Hijack This - I have virus but don't know what to do

Do you still desire help?

Read other 2 answers
RELEVANCY SCORE 32

It appears to be a hijack type of virus. Won't allow any exe, dds file or gmer. Want's me to purchase to remove. Have malware bytes and virus wont let me execute. Large blue screen with binary art on desktop displaying warnings. "Warning your computer is infected ..for your boss, your friends your wife, every site you or somebody opens...etc

A:Hijack virus

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)There are 4 different versions. If one of them won't run then download and try to run the other one.Vista and Win7 users need to right click and choose Run as AdminYou only need to get one of them to run, not all of them.Link 1Link 2Link 3Link 4Note:You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.At this point, you should now be able to run analysis tools.Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.-------... Read more

Read other 4 answers
RELEVANCY SCORE 32

My computer is infected with some sort of virus or malware that most programs can't fix. Search engines are hijacked, random videos and emails pop up, etc. Originally all of my C: drive files were hidden but I managed to recover those already. I ran the D.D.S. file. It is below. Any help would be appreciated. I don't want to have to wipe the hard drive clean. The software was all preloaded and it will be a pain to reinstall it.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Michael at 13:16:55 on 2011-08-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.5882 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k ... Read more

A:Hijack Virus Help

I see that your log is properly posted, here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.To avoid confusion, I am closing this duplicate topic.

Read other 1 answers
RELEVANCY SCORE 32

My sons computer. He said he got a bunch of viruses last night. Avg got rid of them but it is still showing spyware on Super anti Spyware and is slow loading pages.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:28, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\AOL\1201654840\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.... Read more

Read other answers
RELEVANCY SCORE 32

My computer is infected,i removed some bad .exe and the popups are all gone.I've been able to regain control of the task manager which a couple days ago was ''disabled by my administrator''

I cant install norton 2007 because my windows installer is gone.I downloaded it an still it wont let me complete the installation,everytimes i try to install it it say the operation is not allowed by my administrator and then my computer shut.

heres a report from fixwareout

if im not mistaken i removed most of the .exe listed below

my skills are limited,i really need helph to get rid of this problem.

thanks

Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Office Quick Launcher"="iau1.exe"
"Internet Connection Wizard"="stisvsq1.exe"
"Games Acceleration"="svshost1.exe"
"Internet Mail and News"="msqdevl1.exe"
"Microsoft Management Console"="lssas1.exe"
"Multimedia extensions"="mservice1.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Internet Connection Wizar... Read more

A:hijack,virus

Hi and welcome to TSG,

Click here and then scroll down to and click on hijackthis self installer to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 1 answers
RELEVANCY SCORE 32

My computer is sending spam mail to everyone in my contacts. It is using my yahoo mail account to do so. I just ran hijack this and here is my log... can anybody help me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:21 PM, on 1/10/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Users\User\Desktop\utorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32... Read more

A:hijack or virus?

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 32

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:35:53 PM, on 10/2/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Hp\HP Software Update\hpwuSchd2.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Hp\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Windows\ehome\... Read more

A:Help Please! Possible Hijack/virus

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.Uninstall AVG7I see that you are running more than one antivirus program. It is not recommended that you do so. In addition to wasting resources, the programs may detect virus signatures in the other and cause false positives. The different drivers used by the programs can cause crashes.Please uninstall AVG7 because it is now outdated using Add/Remove Programs.----I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before con... Read more

Read other 2 answers
RELEVANCY SCORE 32

this is my run check can i do anything about it?
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
D:\Program Files\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\System32\msiexec.exe
D:\Program Files\Anime\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/s... Read more

A:HiJack/virus

Hi and welcome to TSG.

You've posted on an old thread.

You have system32.exe which is a virus in your log so I requested that it be moved over to the security forum for you.

Cookie
 

Read other 2 answers
RELEVANCY SCORE 32

Ok im trying to fix my moms computer currently...i have run all the online scans and adaware and whatnot and still i have this problem with logging into hotmail and like my fileplanet account....when i enter in my username and password and hit enter it brings me to page can not be displayed thing and tells me to go into internet settings and stuff..I did all that correctly(I think) and i still am unable to log into hotmail...Oh yes also i can not get windows update to download either....My last thought is its some sort of virus...help if you can plz...Thanks

------------------------------------

Logfile of HijackThis v1.98.2
Scan saved at 3:43:36 AM, on 8/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\So... Read more

A:Virus Help/hijack log

winupdt.exe
W32/Rbot-FP is a worm that also has backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
Spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element receiving the appropriate commands from a remote user.
remove that reboot in safe mode and delete WindUpdates folder
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

there might be more so wait for someone with more experance to answer
 

Read other 2 answers
RELEVANCY SCORE 32

Hi: I think I have a possible virus and some registry changes from something. I can't get windows updates for XP something stop this but after running various programs to try removing everything it's still the same.Also haven't found a permenant wat to get rid of Text Enhance. I ran Hijackthis and am posting the log for comment.Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:44 PM, on 3/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Ralink\Common\RaRegistry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfe... Read more

A:Possible Virus and Hijack this log

Please note I followed a post on the missing windows update in the registry and pasted the section in as windows update and restarted but still won't work.SWPSmith

Read other 1 answers
RELEVANCY SCORE 32

Anyone able to help with this? I am having some annoying things going on with my machine and I suspect I have a virus or something.....

Thanks!


----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:33, on 20/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\drivers\explore.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go... Read more

A:Virus? [Hijack This log]

Anyone? Sorry, I just have a project I am supposed to be working on for a client and I can't with the computer the way it is currently.

Thanks :)

Read other 1 answers
RELEVANCY SCORE 32

my mcafee recently detect a virus that cannot be cleaned,i had scan with ad aware and spybot ,but looks clean except some tracking cookies.If it doesnt bother you all too much,take a look of my log

Logfile of HijackThis v1.99.1
Scan saved at 7:58:51 PM, on 11/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Softwa... Read more

A:virus,hijack this log

Read other 7 answers