Over 1 million tech questions and answers.

Hot_kiss virus!? Hijack This log... please please tell me what to do!

Q: Hot_kiss virus!? Hijack This log... please please tell me what to do!

Hi, I've got the Hot_kiss virus, and I've read through most posts concerning this so I downloaded Hijack This, and my log is below. PLease please could you tell me what do from here on! Thank you in advance!

Logfile of HijackThis v1.97.7
Scan saved at 13:00:59, on 14/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpyBlocker Software\spyblocker.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\svchost.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KaZaA Lite\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis[1]\HijackThis.exe

O2 - BHO: (no name) - {004B23E0-1E63-4ED6-BCAC-922BA26CF096} - C:\Program Files\Wincognito\Pop Up Blocker\files\PBBHO.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Pop Up Blocker - {D0B72B55-4B68-4A57-9719-E119AD1D8950} - C:\Program Files\Wincognito\Pop Up Blocker\files\ToolBar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [System MScvb] C:\WINDOWS\mscvb32.exe
O4 - HKLM\..\Run: [system] dcomx.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Program Files\SpyBlocker Software\spyblocker.exe
O4 - HKLM\..\Run: [Runner] C:\WINDOWS\svchost.exe /i
O4 - HKLM\..\RunServices: [system] dcomx.exe
O4 - HKCU\..\Run: [System MScvb] C:\WINDOWS\mscvb32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AC25FA0-7984-44AE-8222-688EE47CFB7A}: NameServer = 194.74.65.69 217.35.209.180
O17 - HKLM\System\CS3\Services\Tcpip\..\{0AC25FA0-7984-44AE-8222-688EE47CFB7A}: NameServer = 194.74.65.69 217.35.209.180
What shall I do now?

RELEVANCY SCORE 200
Preferred Solution: Hot_kiss virus!? Hijack This log... please please tell me what to do!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Hot_kiss virus!? Hijack This log... please please tell me what to do!

Please stay with one thread. http://forums.techguy.org/showthread.php?t=220297

Read other 1 answers
RELEVANCY SCORE 63.2

Hello,

I have this Hot Kiss irus or programme, could you please help me as of how to get rid of it? if possible could you please explain step by step very easily? thank you very much.

i have read the other thread on this but do still not understand, i cannot download zip files because they keep opening in ms publisher.

cheers.
 

A:Hot_Kiss Virus

Please DO NOT post duplicates.

Reply here:

http://forums.techguy.org/showthread.php?postid=1534869#post1534869

Closing duplicate.
 

Read other 1 answers
RELEVANCY SCORE 63.2

i am a chinese.

i found TSG today,it's very good!
who can help me?

does the hot_kiss is a virus?

thanx
 

A:hot_kiss , virus?

Read other 16 answers
RELEVANCY SCORE 49.6

hi

could somebody please tell me how to get rid of this virus?

thanks.
 

RELEVANCY SCORE 49.6

this is probably a common thing, but this dialler keeps interrupting my ISP and causes 2 pop ups and changes my home page to http://www.123found.com. Then my dial up keeps breaking off and i have to keep reconncting.

Do anyone have a cast iron way of getting rid of this?

I am not a computer expert, but have downloaded Ad-aware and Spybot - both do no good at all.

thanks is advance.
 

A:hot_kiss.exe

Read other 13 answers
RELEVANCY SCORE 49.2

I hope someone can help, and I'll be sure to make a donation if so.

Like several other posters, I have been struck by the Hot_Kiss dialer, which silences my modem dial-up, installs a new dialer on to the computer, and dials it without my permission. Not to mention the hardcore images.

I have attached my Hijack This log below, having found Ad-Aware does not help.

Can anyone talk me through what to do now. I am not a complete illiterate, but the more basic the advice the better. I am running Windows XP.

Thanks in advance.

HS

Logfile of HijackThis v1.97.7
Scan saved at 20:22:30, on 6/6/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\browse.exe
C:\WINDOWS\System\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com
R1 - HKLM\Software\Microsoft... Read more

Read other answers
RELEVANCY SCORE 49.2

Hi this is my log file, I'm having a similar problem as others have had with the 'Hot_Kiss' virus. Id be incredibly grateful if you could help me out, this is a persistant and expensive virus.
Thanks, Oli

Logfile of HijackThis v1.97.7
Scan saved at 10:22:21, on 08/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Fmctrl.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Oliver's\Winamp\winampa.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\User\LOCALS~1\Temp\sysdaemg.exe
C:\Ol... Read more

A:Hot_Kiss, Could someone look at my log file?

Hi Cheadle

Welcome to TSG!

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com

O4 - HKLM\..\Run: [System Process] C:\WINDOWS\csrss.exe /i

O4 - HKLM\..\Run: [1on1] C:\WINDOWS\1on1.exe -n

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete:

The C:\WINDOWS\1on1.exe file
The C:\WINDOWS\csrss.exe file

*Note: The legitimate csrss.exe file is in the C:\Windows\System32 folder. DO NOT delete that one.

Also in safe mode navigate to the C:\Documents and Settings\User\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
 

Read other 3 answers
RELEVANCY SCORE 48.4

Hi; I'm SO glad that there are people like you guys around who are A) Able to help computer thickos such as myself and B) willing to!

Basically I'm on the net when Norton Anti Virus says that it has intercepted and killed the Trojan.ByteVerify bug. I'm pleased and carry on surfing. But then an icon appears on my taskbar for the 1on1 chat service at 1.50 a minute and pops up. At the same time my startpage is set to 123found.com and the virus switches off the sound on my modem and tries to redial an XXXSERVER which has been added to my dialups. The number is listed as 5551212, (how can this be premium rate when its not a 09000 number? [in fact when I dial it from my phone the number is said not to exist] I'm not that tech savvy to understand these things unfortuanately.
I deleted the hot_kiss (came back as 1on1 when deleted) file from C:\Windows and reset my homepage (and checked that my critical updates had all been installed). Then I checked files which had been created / modified within the last few minutes. As well as the chat dialer thing it said that csrss.exe had been created in C:\Windows (I turned off archive and hidden settings etc and tried to delete it, but it wouldnt let me <maybe for the best as I wasn't 100% sure it was involved, but I think it is).

I downloaded and ran ad-aware 6; Spy-bot and Xoft spy, but they never found anything apart from a couple of minor vulnerabilites which I corrected. The online trojan scan and CWShredder... Read more

A:1on1 hot_kiss trojan HELP!!!

Not a bad instinct Andrew

Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windowsincluding this one and "fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O4 - HKLM\..\Run: [Update] C:\WINDOWS\csrss.exe /i
O4 - HKLM\..\Run: [1on1] C:\WINDOWS\1on1.exe -n
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//7ble.chm::/wincfgid.exe

Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Delete:
C:\WINDOWS\csrss.exe [MAKE SURE ITS THE ONE IN THAT EXACT LOCATION]
C:\WINDOWS\1on1.exe
C:\bla.MHT

let us know if its ok after.

 

Read other 1 answers
RELEVANCY SCORE 38.4

Alright to start off i regularly run Avast professional aswell as Adaware. I recently started using ccleaner also. Two weeks ago i kept getting google redirects in IE and Firefox. NOW, i cant even access my browsers. Ive tried Google Chrome, IE, Firefox, AND Opera 10 Beta! The only browser i can access is Blackbird for some reason. All the others get a proxy denied! Heres a picture ( http://tinypic.com/r/33tmiqq/5 )So i installed HJT and i couldn't run it, after doing some google searching i found that sometime virus's block HJT from running by its name, so i simply reinstalled with a new name and new folder and the renamed the program in the folder and wah-laa i got it too run. Which is telling me that something IS blocking it from running with its usual name! In the HJT File "thenew****.exe" is hijackthis rennamed so i could get it to work.Ive ran Avast Scan and Adaware scan and found several items but i quarantined and deleted them all, although some seem to be reappearing. Also When running CCleaner one file doesn't delete, it seems some other Thinkpad t43 users are having this problem aswell, and im not sure of what it is. (Update: i just ran CCleaner again and this item didn't show up, but other thinkpad t43 users can get rid of it, so im baffled by this now aswell.)Once again heres the picture of all 5 browsers trying to run ( http://tinypic.com/r/33tmiqq/5 ) and heres my HJT Log, Someone help please because i'm beyond having no idea at this point... Read more

A:All browser Hijack, Virus Blocking Hijack This from running. HJTLogfile Enclosed! HELP!

my apologies.

Read other 3 answers
RELEVANCY SCORE 38.4

Hello!
 
 
As per Malwarebytes Anti-Malware scan results, my pc is infected with the following
 
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[15346897017956e03bc6c763917352ae]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[4bfe4eb14337d264758def3bb74d3ac6]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[4306689786f4f73fab5882a8877d21df]
PUM.Hijack.TaskManager, HKU\S-1-5-21-2000478354-179605362-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[69e042bdf28891a5c728da51e1237a86]
PUM.Hijack.Regedit, HKU\S-1-5-21-2000478354-179605362-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[dc6db34c314924124548f238798bf20e]
 
 
Please note:
 
1. The virus came through an infected pen drive
 
2. I am unable to boot the computer in safe mode. It keeps going in a loop.
 
3. I have used Combofix, Hitmanpro, Avast, MBAM, Anvi smart defender to remove the infections. But the infections keep coming back. Now, Combofix, Hitmanpro, Avast have become corrupt and unuseable.
 
4. The taskmanager and registry editing have been disabled. I... Read more

A:Windows XP infected with Virus.Sality,PUM.Hijack.Regedit, PUM.Hijack.TaskManager

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi vp17,
 
This doesn't sound good, but I would like to confirm it is Sality before I give you some bad news.
 
What detected Sality? Do you have a log for that program?
 
Also, please go to the root of your drive (normally C:) and y... Read more

Read other 5 answers
RELEVANCY SCORE 38

So my pc was hit with a variation on the XP Antivirus 2011 virus. I ran Malware Antibytes, SuperAnti Spyware, and Hitman Pro and it seems to have removed the virus. However, a browser hijack still exists so that whenever I click a link in a search engine, it takes me to an assortment of sites (from fake antivirus sites to plain marketing pages). I can't seem to get rid of it and don't know enough about looking at the logs to identify it. I'd be very grateful if someone could identify any malicious programs I have running.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:05, on 5/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files... Read more

A:After Virus Removal, Browser Hijack Remains (Hijack This Log)

Read other 7 answers
RELEVANCY SCORE 36

After clicking on what now can be deemed a 'dodgey' link, I have seemed to have picked up this annoying virus. Common annoyances include the incapability to open programs, and the fake window that opens up, attempting to explain that I have many problems with my computer, whilst trying to encourage me to register with them as well. Upon logging on, Windows also tries to tell me that my computer is not protected, and is at risk.

You guys have helped me out a lot in the past, and I would sincerely appreciate further help with this issue. Thank you. It may also be worth stating that I have two main accounts on the computer. The account on which I was logged in on when obtaining the virus is the only one that seems to be affected.

System info from TSG SysInfo

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 2047 Mb
Graphics Card: ATI Radeon HD 2350, 256 Mb
Hard Drives: C: Total - 238464 MB, Free - 199233 MB;
Motherboard: ASUSTeK Computer INC., P5KPL-AM, x.xx, MS1C92B00A00924
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:41:15, on 03/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Syst... Read more

A:XP Anti-Virus 2011 virus problem, hijack log attached

Read other 7 answers
RELEVANCY SCORE 36

First off pc specs:
duo core 3.2 ghz running windows xp sp2

now the problem:

I was surfing the internet last night and got hit with some nasty popup giving a fake security alert in the toolbar I then killed the open firefox browser through task manager and then tried to run some anti virus/maleware programs to check for infections and this is where the problems began.

First off a strange little pop up keeps appearing on the computer from "Internet Explorer" saying: "Scripts are usually safe, do you want to allow scripts to run?" with a yes/no option. (I've always clicked no or the little x box to exit it)

Trojan Remover: When the scan begins it proceeds normally until it reches the services/drivers part of the scan then just terminates.

Malware Bytes Anti Malware: It started running for about 20 seconds then suddenly terminated and now whenver I try to run it I get the following error: "Windows cannot access the specified device, path, or file, you may not have ther appropriate permissions to access the item"

Hijackthis: It started running for about 20 seconds then suddenly terminated and now whenver I try to run it (even the hijackthis.exe) I get the following error: "Windows cannot access the specified device, path, or file, you may not have ther appropriate permissions to access the item"

Spybot S&D: Started running for about 20-30 seconds then abruptly terminated and now gives the "Windows cannot access the spec... Read more

A:Adaptive virus keeps disabling anti virus progams & hijack this

Any suggestions or feedback, (such as if snort woudl be worth using) would be appreciated, thanks.
 

Read other 2 answers
RELEVANCY SCORE 36

my computer has gotten some sort of virus my screen goes all black except the start bar on the bottom ( i cans till open programs from there) and a thing called system check keeps poping up saying i have a million errors and asking to scan my computer and buy the full version but it wont go away no matter what i do, unless i run in safe mode like im doing now. ive scaned with avg and malwarebytes and it still wont go away ( there not finding any thing ) and like 30-40 or so boxes keep poping up saying different system 32 files are corrupted but i can click those off.and when the computer first starts up it says somethings wrong with the ati catalyst drivers here is my hijackthis log


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:49 PM, on 1/27/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\matt\Downloads\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Li... Read more

A:bad virus acts like a virus scanner wont go away (hijack log included) help please!!

Read other 15 answers
RELEVANCY SCORE 36

Computer was obviously infected. Reformatted and reinstalled OS. Computer still infected. Ran Malwarebytes and Virus.Expiro, Hijack.Comsysapp and Virus.FakeMS detected. Will attach Malwarebytes log as well as other items requested in the "preparation guide..."
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by hmc at 18:10:54.79 on Wed 10/26/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3239 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\hmc\Desktop\gmer\gmer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\hmc\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey... Read more

A:Virus.Expiro, Hijack.Comsysapp and Virus.FakeMS Detected

Hi,

I know the response time is ~5 days. I've been waiting for 9. Could someone look at my case? Thanks

Read other 16 answers
RELEVANCY SCORE 35.6

Hi,
 
my laptop is Windows 8.1 Proo 64-bit on a sony vaio.
 
my laptop is infected with 2 things : "Flash Player Pro" and browser hijack, where, every site i try to open , gets redirected to mbox.com or candyoyo.
 
I found this thread below and ran the tools :
 
http://www.bleepingcomputer.com/forums/t/554256/flash-player-pro-and-mystery-app/#entry3523433
 
FSS
MTB
MBAM
rKill
MBAR
AdwCleaner
JRT
TFC
 
I'll post the logs in the next reply, in few minutes...
 
any other tools I should run?
 
Pls help.
 

A:"Flash Player Pro" virus and browser hijack virus

there are too many log files, 5-7 in total.
 
Do i copy-paste or attach them in this post? pls advice. I cannot find the option to attach files, when I clicked "more reply options".
 
also, I cannot download "SecurityCheck.exe" from http://screen317.spywareinfoforum.org/SecurityCheck.exe. it's broken or not found.
 
any alternatives to "SecureCheck"?

Read other 11 answers
RELEVANCY SCORE 35.6

A couple of days ago I noticed my google searches being redirected. I ran McAfee and it found nothing. Now today the only thing I can do is access a website ("Antivirus Scan") that is trying to get me to buy their antivirus software, some sort of full blown Ransonware. I can't run any .exe file. I can't do a single thing unless I run safe mode. I can't even get regedit to open up. Operating XP 5.1 in safe mode does work to access the internet but I still can't change settings in McAfee to search for Spyware.

Here is the DDS Scan:
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 13:16:51.07 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.720 [GMT -6:00]

AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program... Read more

A:Google Redirect Virus Turned into a Hijack Virus

Hello and welcome to Bleeping Computer Merry Christmas. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions tha... Read more

Read other 2 answers
RELEVANCY SCORE 35.6

My problem has puzzled me for a while now. I cannot quite remove this Anti Virus Soft Virus off my computer. I ran malwarebytes but i think it might be somewhat deeper. But I need someone to help me with checking out my Hijack This Log and I need what i should check and fix. If you have any further questions feel free to ask.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:41:45 PM, on 5/4/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Program Files\Advanced System Optimizer 3\SystemProtector.exeC:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exeC:\Program ... Read more

A:Anti Virus soft (virus) Need Hijack This Log Examined

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 34.8

hi every one new to all this been hijacked got every virus known help me
 

A:virus adware and hijack and multiple virus

i got trojans to and lots of them
 

Read other 3 answers
RELEVANCY SCORE 33.6

Just recently I got this virus that says all of my anti-virus software is out of date. Whenever I go online it keeps me from going to sites saying the sites aren't safe. And I keep getting pop ups about installing anti-virus which is clearly the virus. Here is my hijack this log. Please get back to me as soon as possible. Thanks in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:52:04 PM, on 5/19/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\sys... Read more

A:Hijack This Log - Virus Keeps Saying Need Virus Software

Hi BatmanD,Sorry for the delay the forums here at BC are always very busy and we do are best to keep up. Sinceyour log is quite old and alot could have changed, I would like to see a new log please. If you nolonger require any help could you let me no please, so this topic can be closed.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txt Save both reports to your desktop. Then post back with DDS.txt. Also please attach, Attach.txt in your next reply.Thanks

Read other 3 answers
RELEVANCY SCORE 32

Hi, Could someone please check my hijack log? I have a virus and tried to quarantine it and delete it, but it says it can't be repaired. Please I need help desperately.

Thank you,
Tammy

Logfile of HijackThis v1.97.2
Scan saved at 10:08:07 PM, on 12/14/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Su... Read more

A:Hijack log - Virus

Read other 7 answers
RELEVANCY SCORE 32

Please help me get rid of th virus... here is my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:15 PM, on 8/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program ... Read more

Read other answers
RELEVANCY SCORE 32

It appears to be a hijack type of virus. Won't allow any exe, dds file or gmer. Want's me to purchase to remove. Have malware bytes and virus wont let me execute. Large blue screen with binary art on desktop displaying warnings. "Warning your computer is infected ..for your boss, your friends your wife, every site you or somebody opens...etc

A:Hijack virus

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)There are 4 different versions. If one of them won't run then download and try to run the other one.Vista and Win7 users need to right click and choose Run as AdminYou only need to get one of them to run, not all of them.Link 1Link 2Link 3Link 4Note:You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.At this point, you should now be able to run analysis tools.Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.-------... Read more

Read other 4 answers
RELEVANCY SCORE 32

 DDS.txt   23KB
  2 downloads

My browser (and explorer) keeps reverting to prior pages. I have had this problem for awhile and some time back I spent several days working with Microsoft support and they thought they had the problem solved but it only slowed it down and now its back even worse.

I can be browsing and the tab I am on will start going back to prior pages I have viewed on that tab until I get back to my home page. If I click on one of the other open tabs it will do the same. If I am using explorer it does it too.

I have tried to type the address in and it will not go to any pexceptcpet my home page. It never takes be to some crazy site or anything like that.

Please help DDS lot attached.

JWMD

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by jwd at 14:00:02 on 2012-03-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3063.1280 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:�... Read more

A:hijack virus?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 38 answers
RELEVANCY SCORE 32

Hi, this is my log from Hijack This, please can somebody help me what is wrong??Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:05:11, on 8. 12. 2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18319)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exeC:\Windows\PLFSetI.exeC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exeC:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exeC:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exeC:\Program Files&#... Read more

A:Hijack This - I have virus but don't know what to do

Do you still desire help?

Read other 2 answers
RELEVANCY SCORE 32

Hello,
My sister has a laptop and accidently install "something".
I think its virus, so please check the log and if there's any virus guide me how to remove it.

thanks in forward

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:54, on 2008-11-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Java\jre1.6.0_05\bin\jusched.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\MsnMsgr.Exe
C:\Program\Messenger\msmsgs.exe
C:\Program\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program\Antivirus 2009\av2009.exe
C:\Program\Grisoft\AVG7\avgwb.dat
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - ... Read more

A:HIjack log, virus

Read other 14 answers
RELEVANCY SCORE 32

I keep running norton, and it always says delete failed everytime i try to get rid of 3 files. What can I do? here is my hijack log if this helps. Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 2:12:04 PM, on 1/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\XdriveNT\xdService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ATI Multimedia\main\launchPd.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe... Read more

A:Cant get rid of virus! Hijack maybe?

Read other 9 answers
RELEVANCY SCORE 32

My dads pc caught a virus etc...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:35, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Goog... Read more

A:Virus- Hijack This!

Do not create a new thread for what appears to be the same issue.

Instructions for your issue are posted in your other thread.

http://www.techsupportforum.com/secu...kthis-log.html

This thread is closed.

Read other 1 answers
RELEVANCY SCORE 32

Good morning hope you can help me.

I noticed in my AOL(yes i know) email sent items that 2 different emails had been sent to all contacts that I have sent emails to in the past when there was no chance anybody was on which leads me to think there is a virus that somebody has opened. The two links in the emails were:

http://accounts.forwardlabs.com/79qWHLxcbn.html

and

http://www.twomutts.net/379TUioSKl.html

Both within a minute of each other. I have AVG installed and have also scanned with Malwarebytes but both do not detect anything at all. Any thoughts on what could have happened?

Regards, James
 

Read other answers
RELEVANCY SCORE 32

Logfile of HijackThis v1.99.1
Scan saved at 3:40:21 PM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\syssb.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\DOCUME~1\NESETG~1\LOCALS~1\Temp\79.tmp.exe
C:\DOCUME~1\NESETG~1\LOCALS~1\Temp\7A.tmp.exe
C:\WINDOWS\mfccx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless ... Read more

A:virus hijack log.. please look

Read other 9 answers
RELEVANCY SCORE 32

MY COMPUTER IS PRETTY FUNKY NO NUMBER KEYS NO CAPS LOCK CAN:T USE BACK BOTTON WHEN I TRY AND DOUBLE CLICL AN ICON IT LITE UP THE WHOLE DESK TOP >>>>>> REN NORTON > ADAWARE> CWS ETC
PLEASE HELP

Logfile of HijackThis v1.99.1
Scan saved at 9:54:12 PM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\altsvc.exe
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\lssas.exe
C:\WINDOWS\system32\msthost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:... Read more

A:I Think I Got A Virus Hijack This

Read other 12 answers
RELEVANCY SCORE 32

Hi all,

Below is my hijack this log. Everytime I boot up my firewall seems to be disabled. Also when AVG does a virus scan I used to get these two virus alerts...but havent the last time it ran

JS/Downloader.small
JS/Psyme


When I run a hijack this log I get this message too...."You have a particularly large amount of hijacked domains. Its probably better to delete the file itslef than to fix each item."

I have no idea which file its talking about. Can someone guide me through the process as I am somewhat PC challenged.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:26 PM, on 28/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\PRIMAV~1\IntrBase\bin\ibserver.exe
C:\Program Files\Logitech\Easy Synchronization\ser... Read more

A:Hijack This Log....have a virus...I think??

Bump....


Still no answer.

Can anyone help??

Pretty, pretty please.

Read other 19 answers
RELEVANCY SCORE 32

my mcafee recently detect a virus that cannot be cleaned,i had scan with ad aware and spybot ,but looks clean except some tracking cookies.If it doesnt bother you all too much,take a look of my log

Logfile of HijackThis v1.99.1
Scan saved at 7:58:51 PM, on 11/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Softwa... Read more

A:virus,hijack this log

Read other 7 answers
RELEVANCY SCORE 32

Below is a log from both hijackthis and NAV. I have a number of viruses and am not sure how to get rid of them, as NAV won't erase the ones it found. Any help would be much appreciated!!!-CLogfile of HijackThis v1.99.1Scan saved at 5:24:17 PM, on 5/1/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\rmctrl.exeC:\Program Files\Ahead\InCD\InCD.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exeC:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukeb... Read more

A:Hijack Log/Virus Help

Hello cvaughn and welcome to the BC forums. Your log shows a few entries for internet searching that we will need to deal with but none of the infected files that Norton is showing so let's start out with some scans for various threats. Please proceed with the following steps in order.Step #1Run On-line virus scansPlease run at least 2 of the following on-line virus scans:Trend Micro HousecallBitDefender On-Line Virus ScanPanda ActiveScanMake sure that you choose "fix" or "clean".Step #2Run Spybot Search & DestroyDownload, install, update and run a scan with Spybot S&D:Download and Install Spybot Search & Destroy, accepting the Default Settings.In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.Close ALL windows except Spybot S&DClick the button to ?Search for Updates? and then download and install all available Updates.Next click the button ?Check for Problems?When Spybot is complete, it will be showing ?RED? entries bold 'Black' entries and ?GREEN? entries in the window.Make certain there is a check mark beside all of the RED entries ONLY.Choose ?Fix Selected Problems? and allow Spybot to fix the RED entries.REBOOT to complete the scan and clear memory.Step #3Run AdAware SEDownload, install, update, configure and run a scan with Ad-aware SE: Download and Install AdAware SE Personal, keeping the default options. However, some of the settings will need to... Read more

Read other 1 answers
RELEVANCY SCORE 32

Hey guys. Well I'm trying to help out my mom by working on her computer. I'm trying to install hijack from two different sites (both i have used for my computer in the past) Once I save it and try to extract it says the following:
A VIRUS HAS BEEN DETECTED & CLEANED....The file (then it lists the folder its in) was infected by the W32/Generic.Worm!p2p Virus & And Has Been Deleted To Complete The Cleaning Process.

I don't have a lot of time to be spending over here and was hoping to at least get a log posted. Will you help me out with this issue? Thank!!

TANYA

A:hiJack Has Virus???

Tanya,

DISABLE your Moms antivirus when downloading that file. This sounds like she's using McAfee which falsely detects the HJT download file as a virus/trojan. Make sure your using a legit site to get the program from. Use the link in my signature.

Read other 12 answers
RELEVANCY SCORE 32

I get popups every 20 minutes, please someone help me with this one.

Logfile of HijackThis v1.95.1
Scan saved at 11:08:15 PM, on 7/22/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\NVATray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\E-Color\Colorific\hgcctl95.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKCU\Softw... Read more

A:hijack this, some on please help with virus?

Run Hijack This again and put a check by these. Close all browser windows and "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cus...://my.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

Restart your computer.

Since you already have Spybot be sure and take advantage of the "Immunize" feature. It will help protect you from future attacks.

Also go here http://www.net-integration.net/cgi-...=ST;f=3... Read more

Read other 3 answers
RELEVANCY SCORE 32

dds and rootAfter reboot, works fine for like 5 mins. then when I try to use the desktop icons, i cannot. nothing happens. Also, I can open new window from the task bar and start button but when I close them they stay on the screen. Everything starts working slowly. It is like the screen will not refresh.I had a virus in my gmail account sending out to my contacts. they made me go in and change pass. I think that is fixed but probably not since this is happening. i am using outlook to get my email. have like 5 email accounts it is pulling in but only one was effected.Let me know if you see anything in these files or have other suggestions. I have also used tweaknow powerpack 2010.EDIT: Posts merged ~BP

A:Virus, Hijack or something, not sure

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 32

please reffer to this post http://www.bleepingcomputer.com/forums/t/262973/need-help-ergently/Here is my log i do not know if i am infected i am running in safe modeLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:26:37 PM, on 8/10/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18294)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Program Files\Registry Kit\RegistryKit.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exeC:\Program Files\Opera\opera.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU... Read more

A:A hijack this log not sure if virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 32

Hello,Recently my computer has been running excessively slow and randomly when I click on a link while web browsing my window closes out and a message from windows explorer prompts me that I may have an infected computer and that I should immediately download and install Antivirus 2009. I haven't as it appears to be a hoax. Upon closing out the message I am brought to a webpage to download the program anyways. I cannot use the back button to get to my previous web address without getting the message prompt again.Here is my Hijack This logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:51:53 PM, on 12/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\ACS.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files... Read more

A:Possible Hijack/Virus

Hello.Sorry for the wait.Download and run MalwareBytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main... Read more

Read other 13 answers
RELEVANCY SCORE 32

I may have a virus in the system folder within a svchost file. I run AVG every night but it looks like I still got snagged. Here is my hijack this log from tonight. Thanks in advance for your help!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:39 PM, on 9/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServic... Read more

A:Possible Virus. Hijack this Log. Please help.

to the top. I may have been missed or may have done something wrong? Thanks for your help!

Read other 3 answers
RELEVANCY SCORE 32

I have a Hijack virus and purchased spyware docters to get rid of it. No luck. I hope you can help me.Here are my files.Thanks, pcrichDDS (Ver_09-12-01.01) - NTFSx86 Run by Steve at 14:01:17.43 on Sun 01/24/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ============================= Pseudo HJT Report ===============uSearch Page = hxxp://www.google.comuDefault_Page_URL = hxxp://www.dell4me.com/mywayuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearch Bar = hxxp://www.google.com/iemDefault_Page_URL = hxxp://www.google.commDefault_Search_URL = hxxp://www.google.com/iemSearch Page = hxxp://www.google.commSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://yahoo.sbc.com/dsluInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dlluURLSearchHooks: McAfee SiteAdvisor Toolba... Read more

A:I have a Hijack Virus, please help

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. Do you still require help?If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 14 answers
RELEVANCY SCORE 32

I think I have something very fishing going on.

I can browse the internet fine but My firewall keeps popping up to connect to svchost.exe odd ports...

pictures provided.. I've started to run a lot of anti-rootkit/virus programs and it occasionally finds things that I ofcourse fix..

I feel like I've installed something or clicked things that are hijacking my firefox..

the best example I've seen is different home pages when I start firefox up.. and taking long time to connect to websites etc.. slow download speeds.. so I know something is up..

How do I go about defusing the situation with possible hijacking ..

I will eventually probably just reinstall windows clean.. but is there anything I can do now.. I do have a lot of programs installed etc..

A:possible Hijack/virus..

As you can see from my pictures, I have Svchost.exe already allowed by default windows firewall rules..

so why is svchost.exe trying to connect more? I know this is a red flag.. especially the ports its trying to connect to..

Read other 25 answers
RELEVANCY SCORE 32

Hi

My computer keeps resetting every 30 minutes to an hour and i believe it is because of the file called hijack this which appeared today shortly before the computer started resetting. Can someone help me?
 

A:How do you get rid of the virus Hijack this

I got this info from the smitfraudfix

C:\WINDOWS\Web
C:\WINDOWS\system32
C:\Documents and Settings\Anders
C:\Documents and Settings\Anders\Application Data
Start Menu
C:\DOCUME~1\Anders\FAVORI~1
Desktop
C:\Program Files
Corrupted keys
Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB60787}"="DCOM Server 60787"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB60787}\InProcServer32]
@="C:\WINDOWS\system32\cpcrv.dll"

[HKEY_LOCAL_MAC... Read more

Read other 1 answers
RELEVANCY SCORE 32

Ok im trying to fix my moms computer currently...i have run all the online scans and adaware and whatnot and still i have this problem with logging into hotmail and like my fileplanet account....when i enter in my username and password and hit enter it brings me to page can not be displayed thing and tells me to go into internet settings and stuff..I did all that correctly(I think) and i still am unable to log into hotmail...Oh yes also i can not get windows update to download either....My last thought is its some sort of virus...help if you can plz...Thanks

------------------------------------

Logfile of HijackThis v1.98.2
Scan saved at 3:43:36 AM, on 8/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\So... Read more

A:Virus Help/hijack log

winupdt.exe
W32/Rbot-FP is a worm that also has backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
Spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element receiving the appropriate commands from a remote user.
remove that reboot in safe mode and delete WindUpdates folder
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe

there might be more so wait for someone with more experance to answer
 

Read other 2 answers
RELEVANCY SCORE 32

Logfile of HijackThis v1.99.1Scan saved at 4:02:40 PM, on 7/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\AOL\1103218890\ee\AOLSoftware.exeC:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exeC:\Program Files\Common Files\AOL\1103218890\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exeC:\Program Files\mcafee.com\antivirus\oasclnt.exeC:\Program Files\mcafee.com\antivirus\mcvsescn.exeC:\Program Files\SiteAdvisor\6066\SiteAdv.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\ALW... Read more

A:Hijack Log, Have A Virus And Need Help, Please

Could someone please help me?

Read other 3 answers
RELEVANCY SCORE 32

Logfile of HijackThis v1.99.1Scan saved at 3:24:43 PM, on 9/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Eset\nod32krn.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\keyhook.exeC:\WINDOWS\htpatch.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\ewido anti-spyware 4.0\ewido.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC: ... Read more

A:Hijack This Log --- I Think I Have A Virus!

Hello,I can't see anything suspicious here...The only thing I noticed is that you are still using a vulnerable version of Sun Java:Updating Java:Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: "Accept License Agreement".The page will refresh.Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the icon next to it.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-1_5_0_09-windowsi586-p.exe to install the newest version.

Read other 2 answers