Computer Support Forum

HijackThis/SmitFraud logs - Awola!

Question: HijackThis/SmitFraud logs - Awola!

Hey guys, I'm working on a PC for a friend, and she has the constant "Your Computer is infected!" crap going on... Here's the HJT and SmitFraud logs:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:18:29 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\VERONI~1\APPLIC~1\ECURIT~1\smss.exe
C:\WINDOWS\system32\??pPatch\?poolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\System32\10592.exe
C:\Documents and Settings\Veronica Robinson\Desktop\avg75free_516a1225.exe
C:\DOCUME~1\VERONI~1\LOCALS~1\Temp\RarSFX0\avgsetup.exe
C:\Documents and Settings\Veronica Robinson\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {E7D9DB60-35F4-1C24-892C-4BE671F35992} - C:\WINDOWS\system32\wwrlug.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pest-Capture] C:\Program Files\PestCapture\PestCapture.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\VERONI~1\APPLIC~1\ECURIT~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Skcvn] C:\WINDOWS\system32\??pPatch\?poolsv.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\Veronica Robinson\Application Data\fhdmi.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Veronica Robinson\Application Data\Awola\Awola.exe" /MIN
O4 - HKUS\S-1-5-21-820027407-1106392339-1976350212-500\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-820027407-1106392339-1976350212-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-820027407-1106392339-1976350212-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.library.capella.edu/lib/capella/support/plugins/ebraryRdr.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170375939468
O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} (MNPerformer Class) - http://www.charter.net/files/musicnet/download/charter/PerformerSetup-sa.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9254 bytes
SmitFraudFix v2.274

Scan done at 21:10:37.39, Wed 01/09/2008
Run from C:\Documents and Settings\Veronica Robinson\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\DOCUME~1\VERONI~1\APPLIC~1\ECURIT~1\smss.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Veronica Robinson
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Veronica Robinson\Application Data

C:\Documents and Settings\Veronica Robinson\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VERONI~1\FAVORI~1

C:\DOCUME~1\VERONI~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video Access ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{14D9CE0B-F236-4F29-A552-2F11223AB074}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{14D9CE0B-F236-4F29-A552-2F11223AB074}: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End

Relevance 100%
Preferred Solution: HijackThis/SmitFraud logs - Awola!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: HijackThis/SmitFraud logs - Awola!

Please see the new post below... the above scan was old...

2 more replies
Relevance 74.21%

I've got an infected Dell running Windows XP Home. Can't get to many sites on the internet in either Intenet Explorer or Firefox. Scanned system with Anti-Virus software (reported ZLob, Smitfraud, Various online virus virus scanners (Drantivirus) and PCprivacy junk, and a number of others like AskPbar), ran the Smitfraudfix and remsmit for both user profiles on the system in safemode, did a scan with Spybot Search and Destroy which removed a number of items and is now showing clean. Don't have the system restore CD, so if this does not work then I may have to try and get one for the system. I had turned off the system restore and probably need to do it again. I've done as much software removal through add-remove programs so the list looks pretty clean right now. But Windows Updates do not work, can't get to many on line virus scanners or update the Bitdefender that is installed on the system. The C:\Tools folder is legitimate downloads I have placed on there for removal and repair of this system. This is for only one of the 2 profiles- nothing really needs to be saved for the profiles, can easily delete and create new ones if necessary.Latest HiJackThis log is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:57:00 PM, on 4/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\s... Read more

Answer:Infected Dell Smitfraud- Hijackthis And Other Logs

Hello RShea,Welcome to Bleeping Computer Can you confirm that Ghost is the only Norton app running? Everything else looks good. Several unnecessary startups, but nothing malicious. Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won?t be able to access the Internet to view these instructions.Please download AVG Anti-Spyware Free Edition and save that file to your desktop.This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click ... Read more

16 more replies
Relevance 56.17%

Logfile of HijackThis v1.99.1
Scan saved at 3:15:41 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-... Read more

More replies
Relevance 55.76%

Hello,

I have a Toshiba laptop with OEM Vista Home Premium.
I had Avast, SpywareSearch&Destroy, PCTools Firewall, SpywareBlaster, ComodoBOClean.

After I got I got infected on Thursday (by BAGLE/winupgro, I think) , seeing that my AV, AS etc. seemed to cause problems, I uninstalled them (and cut the internet connection).

I followed your procedures, except that, in the first steps:
- SP1 isn't installed. (The installation had failed once for no apparent reason when I first tried it a while ago, and failed a second time because I didn't have enough space left on C: More on this below.)
- I didn't defragment, last defrag was one or two months ago, and most of my partitions are pretty full anyway.

I couldn't instal SAS ("SuperAntiSpyware.exe is not a valid Win32 application"), no workaround worked.
- Malwarebytes: BSOD during the scans (tried twice)
- ComboFix: couldn't install, no workaround worked.
- MGTools: worked.

I then found your "Remove BAGLE" thread, and followed the instructions, FindyKill seems to have solved the problem.

The PC seems to work fine, apart from a warning in the tray regarding startup programs that don't launch. (I did what you said about MSControl/CCleaner regarding starting procedures today; I will get into HJT for my startup once I know the PC is clean), so I re installed Avast, SpybotS&D, SPywareBlaster, ComodoBOClean, PCToolsFirewall.
In the meantime I did some cleaning... Read more

Answer:BAGLE (and Smitfraud); Logs

the other logs, from after FindyKill apparently got rid of BAGLE/winupgro, and I thus could run the general malware Removal procedure.
SAS found Smitfraud.
 

9 more replies
Relevance 55.76%

here is my first log for smitfraud-c removal, will post 2nd once it is complete.
thanks for your time
-Andrew
 

Answer:malware logs for smitfraud

2nd log here
 

2 more replies
Relevance 55.76%

Ran it as it said in removing zlob aka smitfraud, ect.

Posting logs as needed, just wondering if smitfraud is gone.

Rapport1 = before scan
Rapport2 = after scan
 

Answer:Ran SmitFraud, logs attached

Graphics said:





Posting logs as needed, just wondering if smitfraud is gone.Click to expand...

We cannot tell from those scans as they are not comprehensive enough.

If you want to be sure your malware is removed, you should run the below. If you are not having problems, it is up to you to decide if you want to take the risk on really being clean.
 

1 more replies
Relevance 55.35%

I've had the delta homes browser hijacker bugging me for a while and haven't been able to get rid of it. At one point my computer booted to a blank screen and I couldn't do anything unless I restarted in safe mode. Not sure if the two things are related, but I do know that after I used HijackThis to remove everthing with delta homes in the name, it fixed both problems for a while. Eventually delta homes came back to mess up my browser, and I'm trying to get rid of it for good. I just used HijackThis again to remove everything with delta homes in the name, only this time when I removed them, the problem remained when I opened my browser. That's where I'm at right now, so below are the logs from HijackThis as well as DDS which apparently gives more info for Windows 7 if you know how to read it.
 
If anyone can help me based on this information I'd really appreciate it. If you need more information of some kind then let me know and I'll try to get it for you as soon as possible.
 
___________________________________________________________________________________________________
HijackThis logs:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:39:52, on 24/07/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
FIREFOX: 39.0 (x86 en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeCont... Read more

Answer:Can't get rid of Delta Homes: HijackThis logs and DDS logs posted

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Relevance 54.94%

Can someone please assist with reading the below logs? My laptop picked up the virusheat trojan. What I have done after reading of others who had similiar issues is the following in addition to using mcafee (did not find anything) .

I have run smitfraud and then ran a corrective measure to clean up the malware which seems to have knocked the trojan out, but I would like to take additional measures in order to be sure it is not a replicating trojan virus. Can someone review the logs for smitfraud and
HJT and tell me if there is anything else wrong or any other protective measures to take?

Thanks in advance.

SmitFraudFix v2.309

Scan done at 22:59:18.60, 04/03/2008
Run from C:\Documents and Settings\Greg\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McA... Read more

More replies
Relevance 54.94%

Recently my computer has been slow and I have had pop-ups open in Firefox. I ran Spybot S&D and it removed a couple problems, but could not fix:

Virtumonde
Virtumonde.generic
Smitfraud-C

Any help would be appreciated. Thanks!


DDS (Version 1.1.0) - NTFSx86
Run by Jeff at 16:43:41.59 on Mon 12/22/2008
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://my.att.net/
BHO: c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: c:\windows\system32\gzjiri.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: c:\windows\system32\opnlMgfE.dll
BHO: c:\windows\system32\yayyVliF.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor: {0BF43445-2F28-4351-9252-17FE6E806AA0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: &Google: {2318C2B1-49... Read more

Answer:Virtumonde - Smitfraud-C - Logs Included - Please Help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here for running GMER:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Please run GMER and attach its log to your next reply.

------------------------------------------------------

13 more replies
Relevance 54.53%

Hi!

My pc is currently under attack from smitfraud, qqrob, backdoor.delf and alot of other random malware, ive spent the past week trying to fix it myself in bits, but still no avail
Have been using Ewido AVG, smitfraud.fix, Adaware, spybot and trojan hunter...

Here is my HJT log: (below that is my smitfraud log)

Logfile of HijackThis v1.99.1
Scan saved at 11:07:14 PM, on 16/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\SYSTEM32\RUNDLL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Damian Play\Desktop\Virus Control\hijackthis\HijackThis.exe

O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All ... Read more

Answer:Smitfraud,QQRob etc attacking my pc!! please help!!! :'( HJT & other logs included..

16 more replies
Relevance 54.53%

Am fixing friends daughters laptop.

Hi, have run spybot snd avast and superantispyware.

am including HJT log and rapport.txt contents.

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 1:36:16 PM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS... Read more

Answer:Infected Virusheat Smitfraud others. Logs attached

16 more replies
Relevance 54.53%

Hello, I'd appreciate any help on this. Many thanks in advance!

I use XP. A few days ago, I clicked on a website a button which loaded some ActiveX object....bad move.

Since then, I've been seeing pop-ups (to antivirus sites). AdAware and Spybot found Smitfraud-C, Smitfraud-C.MSVPS, Zlob.b, Zlob.downloader. I thought I've deleted them when no more pop-ups appeared, but just now the scans detected more problems, namely:

Adware.SXGAdvisor
Trojan.Unclassified/EGO
New Malware.j

I tried to delete them by clicking "fix/clean" from the anti spyware programs, but I'm not sure if there are more latent problems. Here are the HijackThis and Smitfraud Fix results (done in normal mode):

__________________________________
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:57 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP... Read more

More replies
Relevance 54.53%

Hi all. I discovered your great site while looking for a cure for Smitfraud. I have followed your instructions; installing Recovery Console, running Combofix, and HiJackThis. Combofix ran successfully and now I can access the internet. I am including the logs from these to see how well I did.I originally ran Ad-Aware & Spybot and ran across something I had not seen before, Smitfraud. Since this computer belongs to my boss, and I'm being very careful with it, I'd appreciate any help you can give me.ThanxWes____________________________ComboFix LogComboFix 08-05-08.1 - ALBry 2008-05-10 11:07:10.1 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.776 [GMT -7:00]Command switches used :: C:\Documents and Settings\ALBry\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point.The following files were disabled during the run:C:\WINDOWS\system32\datmps.dll((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\ALBry\Application Data\install.datC:\Documents and Settings\ALBry\cftmon.exeC:\Documents and Settings\LocalService\cftmon.exeC:\WINDOWS\cookies.iniC:\WINDOWS\start.exeC:\WINDOWS\system32\__c006C400.exeC:\WINDOWS\system32\__c006D871.datC:\WINDOWS\system32\__c006E089.datC:\WINDOWS\system32&#... Read more

Answer:Smitfraud Removal? Combofix & Hjt Logs Included

Hi,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO20 - Winlogon Notify: byvvwts - byvvwts.dll (file missing)O20 - Winlogon Notify: datmps - datmps.dll (file missing)O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll (file missing)O20 - Winlogon Notify: jkkjg - C:\WINDOWS\system32\jkkjg.dll (file missing)O20 - Winlogon Notify: vtutr - C:\WINDOWS\system32\vtutr.dll (file missing)O20 - Winlogon Notify: vtutt - C:\WINDOWS\system32\vtutt.dll (file missing)O20 - Winlogon Notify: __c006D871 - C:\WINDOWS\system32\__c006D871.dat (file missing)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Then, * Go to start > run and copy and paste next command in the field:ComboFix /uMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.Let me know in your next reply how things are now... Read more

4 more replies
Relevance 53.71%

First, I would like to thank you people for even being here to do this for those of us with minimal experience in the removal of malware. I had no idea there were help forums like this until I started doing Google searches for some of the filenames that were popping up on my Virus Scanners. I realise you are all busy and have others to help and lives to lead and it may take some time to get to me - I will be patient!

I've been trying for a few days to get rid of my problems using Norton AntiVirus 2008, AVG Anti-Spyware 7.5 and Spybot (all of which are up to date with their virus defintions etc). Each program has removed various threats only to have them reinstall themselves again in no time

I have taken a few screenshots of several of the popup messages and fake window system messages/advertisements that I've been getting. I figured it might be easier for you all to see eactly what I'm seeing.

You can access the screenshots here:
http://jjball.homeip.net:82/ (No, these are not hosted on the infected computer).

The following are "file names" that have cropped up either in the popup messages or in various virus scan logs over the last couple days:

-HPProduct Assistant
-Trojandownloader.xs
-Smitfraud
-Worm.Win32.Netbooster
-Trojan.zlob
- Not-A-Virus.Downloader.Win32.PopCap.a (I think I might have gotten rid of this one but I guess I don't really know for sure).

There were more but I didn't think to start writing them down at the beginni... Read more

Answer:Trojandownloaer.xs, HPProduct Assistant, Smitfraud and more /HJT logs included!

16 more replies
Relevance 53.71%

I am currently running WINDOWS XP Home Edition. I am missing my control panel, getting restriction messages saying "This operation has been cancelled due to restrictions in effect on this computer..." I am also getting the Windows Security box pop-ups which direct to a spyware link.

I was directed by another tech support group to run AVAST Anti Virus software while in SAFE MODE and that would cure everything - three files were deleted with the Trojan virus. My intial problem still exists!

I have now run a new HJT and SmitFraud log since then and attached them.

This has been ongoing for a few weeks now and I would like any help possible.

Thanks in advance!
 

Answer:Security Warnings/Restrictions - HJT & SmitFraud Logs attached

16 more replies
Relevance 53.3%

Hello.This past Friday, I was using my notebook backing some files on my new storage drive and I think I activated a Trojan on one of my files because Avira pops up telling me about some Trojan boot. I forgot the name.I reboot then the following happens...lsass.exe failed to initialize properly. Click on OK to terminate the application.I couldn't get into XP. It just hangs at the welcome screen.I reboot into safe mode and I get the blue screen.AVG rescue CD didn't find anything.I use ubcd4win, and run Spybot.Spybot found Smitfraud-c (the lsass.exe error I have been having) on wininit.ini but couldn't remove it.I cant get smitfraud or smitrem removal tools to work. Access is denied.After using almost all other types of scanners, nothing.Now userinit.exe has the same problem and although I can get into a blank XP screen, I had to open a task manager to run OTL and Hijackthis.According to logs below, I remember getting infected on 07/01 17:49. That's when the problems started and I seem to found the culprits:atl7132.dlliassvcs32.dlliassdo32.dllPlease help!OTL, Extras, and HijackThis logs below.I hope I don't have anything else. I'm trying to rescue XP because a I have a few programs I'm trying to save.I'm desperate at this point and would appreciate any help.Would be much appreciated.OTL logfile created on: 7/3/2011 12:23:17 PM - Run 1OTL by OldTimer - Version 3.2.25.0 Folder = C:\Windows XP Media Center Edition Service Pack 3 (Versio... Read more

Answer:XP wont boot. Hit by nasty smitfraud trojan. Logs included. Pls Help!

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 52.48%

Ok, the other day I got bombarded with VirusBurst and some other junk and I have been diligently trying to get rid of it all. I seem to have gotten rid of the VirusBurst malware, but now scans keep turning up various Trojans. Usually Downloader.Zlob and Puper.dl.
No matter how many times AVG Anti-Spyware scans, it never picks it up; but during its active-scans, it grabs them quite often, so I just keep quarantining more and more. AVG Antivirus and Trend Micro haven't been picking up anything. I have been running Webroot Spysweeper for about a year now and that hasn't been picking up anything lately either. Here is the HJT log from today:

Logfile of HijackThis v1.99.1
Scan saved at 6:20:27 PM, on 12/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe... Read more

Answer:Trojan infection and other malware! HJT, Panda ActiveScan, & Smitfraud logs included

15 more replies
Relevance 52.48%

This computer is deeply infected with viruses/malware and trying to crawl my way out. The infection somehow corrupted my Norton Antivirus so I tried to reinstall it but the installation program is telling me that it does not have priveleges to certain areas of my registry. It clearly should as I am the only user on this computer and have administrator priveleges.

I managed to install AVG Antivirus and found and removed 125 infected files. I have disabled system restore so there should be nothing lingering. It is now detected 15 infected files which it does not let me delete. It is also running into errors checking the MBR.

I have run HiJackThis, Ewido, Panda, and SmitFraud scans with the results posted below. Any help would be extremely helpful!

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 7:12:31 PM, on 9/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\devldr32.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\AOL\1154298926\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Win... Read more

Answer:Malware takeover. Please help! HJThis, Ewido, Panda, and SmitFraud logs posted

15 more replies
Relevance 52.48%

Hi all,

About a month ago, I began a spyware cleaning on my dad's friend's computer (Cookiegal was last assisting me with this):

http://forums.techguy.org/malware-removal-hijackthis-logs/647949-solved-need-help-malware-fix.html

Well, now it's back in my hands to fix, and so I need your help. Here are both Spybot and HJT logs:
--- Report generated: 2007-12-28 13:33 ---

Smitfraud-C.: Autorun settings (WinAVX) (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAVX

Smitfraud-C.: Program file (File, fixed)
C:\WINDOWS\system32\WinAvXX.exe

Smitfraud-C.: Autorun settings (WinAVX) (Registry value, fixed)
HKEY_USERS\S-1-5-21-3806293429-407118150-2358220067-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAVX

Smitfraud-C.: Executable (File, fixed)
C:\Documents and Settings\Oem User\Start Menu\Programs\Startup\system.exe

Smitfraud-C.: Executable (File, fixed)
C:\WINDOWS\system32\printer.exe

Microsoft.Windows.Explorer: User settings (Registry change, fixed)
HKEY_USERS\S-1-5-21-3806293429-407118150-2358220067-1004\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel!=W=0

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads-us2.kaspersky-labs.com=192.168.200.3

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
downloads-us3.kaspersky-labs.com=192.168.200.3

Microsoft.Windows.RedirectedHosts: Redirected host (Redirected host, fixed)
ftp.dow... Read more

Answer:Solved: Combined SmitFraud.C, Zlob, and Vario infection: Spybot and HJT logs

16 more replies
Relevance 51.66%

Running Vista Home Premium. Child hit virus warning while online. Have/had fake Windows Security Alert and porn popups. I researched solutions online an did the following:

1. Ran Smitfraud; Log included below.
2. Ran Super Antispyware; Log included below.
3. Ran Highjack This; Log included below.

Computer seems to be back to normal.

Would appreciate someone looking over the included scans for additional problems.

Thanks,

elizbeth

SmitFraudFix v2.424

Scan done at 19:38:00.95, Sun 02/28/2010
Run from C:\Users\Akins Family\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits... Read more

Answer:Have Fake Windows Security Center Alert & Porn Popups-Smitfraud, SAS, HJT Logs incl

bump
 

1 more replies
Relevance 50.43%

Dear Madam/Sir,

I just had problems with Smitfraud and followed one of your counselors advice to remove all the files. Would you please check my hijackthis file:

Logfile of HijackThis v1.99.1
Scan saved at 12:39:17 AM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program... Read more

Answer:Smitfraud ... please help with hijackthis

14 more replies
Relevance 50.43%

Hello everyone, this is my first post here. Looks like a great website!I had a problem with some variant of Smitfraud. I used SmitfraudFix and it seemed to go well with one exception, and that is the message: "Cannot import cleanup.reg: Error accessing the registry." SmitfraudFix did eliminate the pop-ups (about every 5 minutes) that read "Windows Security Alert. Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! Click YES to download spyware remover . . " I then manually cleaned out the "hosts" file which had been modified to prevent access to many security oriented websites (actually, I completely emptied out the hosts file).So here is the HijackThis Log created after doing all the above:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:40:57 PM, on 9/8/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\EPSON\ESM2\eEBSVC.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINNT\Syste... Read more

Answer:Hijackthis Log / Smitfraud

Hello Richard,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 50.43%

hi
i left my computer on and unattended for about half an hour, when i returned i got this bluescreen saying:

Fatal Error in IE has occurred at 0028:C0011E36 in VXD VMM(01)+00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c

computer cannot run in normal mode...

after rebooting the bluescreen reappeared along with an error message that IE can not be initialised...and now i am unable to do anything apart from open the taskmanager, in normal mode...

followed the steps to remove smitfraud i found here: http://www.wilderssecurity.com/showthread.php?t=75890
but none of the files to be deleted were there(i did activate the display all files tag), did all the steps nonetheless and now the problem remains....maybe theres something else in there?

ran hijackthis in safemode...

pls take a look and help me out...
thx
mike
hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 04:24:06, on 27.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.o... Read more

Answer:pls help smitfraud.c? hijackthis log

16 more replies
Relevance 49.61%

Logfile of HijackThis v1.99.1
Scan saved at 10:01:35 AM, on 5/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdrfyf4vtdyiv5thd.exe
C:\WINDOWS\SYSTEM32\osk.exe
C:\WINDOWS\SYSTEM32\MSSWCHX.EXE
c:\wp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explor... Read more

Answer:smitfraud trojan...hijackthis log help

16 more replies
Relevance 49.61%

ALRIGHT I BOUGHT A COMPAQ PRESARIO V6000 WITH WINDOWS VISTA HOME PREMIUM ALREADY INSTALLED AMD TURION 64 PROCESSER MK-36 2.00 GHZ WITH A NVIDIA GEFORCE GRAPHICS CARD GO 6150...BEEN HAVIN PROBLEMS SINCE I GOT IT I UNDERSTAND ALOT OF PEOPLES VISTA RUNS THEIR CPU AT 100% I HAD THE SAME PROBLEM HAD TO GO INTO SERVICES AND DISABLE SOME STUFF IT BROUGHT MY CPU DOWN BUT ALOT OF OPTIONS WE DISABLED AND I COULDNT INSTALL SOME STUFF, SOME WEBSITES WOULDNT WORK SO I ENDED UP RECHECKING EVERYTHING IN SERVICES MY COMP GOES FROM 2%-64% AT THE HIGHEST I STILL DONT KNOW IF THATS NORMAL..IT'LL BE 64 AND JUST SHOOT DOWN TO 2% BUT WHENEVER I LOAD THE TASK MANAGER IT IMMEDIATLY SAYS 100% BUT SHOOTS DOWN DRAMATICALLY EVEN WHEN I DISABLED THE SERVICES AND COMPLETELY HAD IT RUNNING AT 15% AND UNDER IT WOULD STILL SAY 100% WHEN I START IT..

EITHER WAY THIS HAS LED ME TO MY CURRENT PROBLEM JUST TRYING TO EXECUTE ANY ALREADY DOWNLOADED EXE FILE WILL SAY

"WINDOWS CANNOT ACCESS THE SPECIFIFED DEVICE, PATH , OR FILE. YOU MAY NOT HAVE THE APPROPRIATE PERMISSIONS TO ACCESS THE ITEM"

I DONT UNDERSTAND THIS BECAUSE THERE IS ONLY 1 USER ACCOUNT AND IT'S THE ADMINSTRATOR, I'VE TURNED THE USER ACCOUNT CONTROL ON AND OFF TRIED IT BOTH WAYS IT STILL SAYS THE SAME THING..ANOTHER REASON WHY THIS IS SO STRANGE WHEN I RUN IT WITH USER ACCOUNT CONTROL ON THE FOLDER THE EXE IS IN SAYS I DONT HAVE PERMISSIONS TO ACCESS THE FOLDER CLICK OK TO CONTINUE, I DO SO AND IT LETS ME INTO THE FOLDER GET TO... Read more

Answer:Need Help Plz Read!(hijackthis/smitfraud Fix Log)

i got sdfix...i cant install this either "SDFIX REQUIRES ADMINISTRATOR ACCOUNT PRIVLEGES, PLEASE LOGIN TO AN ADMINISTRATOR ACCOUNT BEFORE RUNNING SDFIX"

KEEP IN MIND I AM THE ADMINISTRATOR THERE IS ONLY ONE USER ACCOUNT ON THIS COMPUTER!!!

2 more replies
Relevance 49.61%

Ive looked the manual and 4 steps for spyware removal

changed the settings in spy bot, scanned the pc, it found the smitfraud c toolbar and deleted it.

then i made the change with msconfig, but i restored the previous settings


this is the Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 21:57:57, on 23.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\System32\igfxt... Read more

Answer:Hijackthis Log - Smitfraud C Toolbar

I really dont see anything wrong here, what problems are you having? Still have smitfraud? If so follow this below

Download smitRem.exe, saving the file to your desktop. Double click it to extract the contents to a folder of it's own. Restart your computer in safe mode, logon to the user account that is infected, open the smitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen and allow disk cleanup to complete. Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

http://www.bleepingcomputer.com/resources/link240.html

9 more replies
Relevance 49.61%

After Spybot & Adaware checks, Bazooka showed the following:
2ndthought adware, 180 search assistant, VoiceIP, Zango.
Smitfraud-c may still have some has some remains, including the desktop background which still has their spyware "warning" . And another friend added a second antivirus prog, so I will probably remove both and put on Avast.
This friend's campus computer had significant spyware on it. I will start online Kaspersky check as soon as I submit this. Thanks...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:33 AM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft... Read more

Answer:hijackthis log_Zango & Smitfraud

Looks like all is back to normal, and system is running free of spyware and viruses.
So I won't need any analysis. Spybot, Adaware, and a little registry tweaking did the trick.
 

1 more replies
Relevance 49.61%

Recently I had a virus on one of my computers, which I've googled about and I'm assuming its the "smitfraud" virus. Basically upon logging into any account, including the admin account, I get a big yellow and blue screen warning of spyware. Task manager is disabled, as are any windows functions. You see nothing but that stupid screen.So I could get in with safe mode, and i did, and took the opportunity to try running Hijackthis to see if it'd fix it. Unfortunately, after running it and rebooting, I found out that I couldn't log into any account under safe mode or normally at all. Immediately upon clicking a user, it says logging in, then flashs the screen for a second and goes straight back to a logout screen, saying saving settings, etc...I've tried pretty much every command in recovery console, and i've done every method I could find on google, all to no avail.To my knowledge this computer has XP Home, and I have an OEM XP MCE2k5 CD (which i guess is identical to XP Pro) and the repair-install function unfortunately isn't availible. I also tried burning a copy of XP Pro SP2 to a CD and still no repair install function. The R just doesn't show up at the setup screen. Again, I've googled every solution to try and force a repair install, or copy boot files, but nothing seems to work.Its sad that I have the .exe for a smitfraud fix, a bit late obviously, but I have no way to apply it. I just need to get logged into safe mode or some... Read more

Answer:Can't Login After Smitfraud + Hijackthis

You are booting to the CD?http://www.michaelstevenstech.com/XPrepairinstall.htmyou've gone thru this guide step by step?alsohttp://www.irongeek.com/i.php?page=securit...buildertutorial

1 more replies
Relevance 49.61%

hello! i think both my firefox and internet explorer have been hijacked... a couple of days ago, i caught a klon-n virus, and since my avast antivirus has been blocking it... i somehow got rid of it by following steps from this website, but other things come and go...

also i think i may have caught a selfgenerating spyware, since even if i run spybot and ad-aware and destroy those items i find (smitfraud and another one that starts with the letter a - sorry i forgot the name) my firefox opens a new tab and resizes the window to redirect to this page (you may wanna be careful before you go there, as i dont know if it is the place where you catch the spyware, or juste a bad joke...)


so i ran hijackthis (while msn, thunderbird, firefox and winamp were on) to get more info, but honestly im at a loss as i dont know what to do

here goes:


Logfile of HijackThis v1.99.1
Scan saved at 19:49:59, on 2006-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svch... Read more

Answer:Klone-N, Smitfraud, etc. (with hijackthis.log)

I'd like you to rename HijackThis.exe to Me2.exe. Navigate to C:\HJT\HijackThis.exe
Right click on HijackThis.exe
Select 'Rename'
Type in Me2.exe
Press Enter.

Post a new log with this renamed executable.

13 more replies
Relevance 49.2%

Hi,
Spybot S&D has just informed me i have smitfraud-c toolbar888. i have also been struggling with virtumundo. i have run vundofix to try to remedy that problem but i'm not sure if it is completely gone.

Here is my HiijackThis log! Any help would be greatly appreciated, thank you!!
Logfile of HijackThis v1.99.1
Scan saved at 4:52:00 PM, on 6/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\j7261832.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Progr... Read more

Answer:Smitfraud-C Toolbar888 and Virtumundo HijackThis

7 more replies
Relevance 49.2%

I need help getting rid of this "Smitfraud" virus on my laptop. I ran HiJackThis and Don't know what Registries to fix. Here's my log

PLEEEEEESE Help....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04: VIRUS ALERT!, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapi... Read more

Answer:HELP HELP! Smitfraud virus on LAPTOP. Used HiJackThis

Hello, sinBLACK
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste the... Read more

2 more replies
Relevance 49.2%

1. I did spybot and adaware plus scanned with Symantec Norton cleaned out stuff it found but Internet explorer is still opening at this page http://www.syssecuritypage.net/ with a popup saying warning W32 Fyzor is a virus that effects exe file etc etc, even though I changed it to google.com (did it remove all the smitfraud instances???)This syssecuritypage.net states that Quote"Attention! Your system is currently vulnerable to computer attacks. Remote intruders can gain access to following files and folders on your PC:- \Windows\System32- \Program Files\Internet Explorer- \My Documents- Drive C:\ filesTo enhance the security on your PC Download and run Intrusion Detection System (IDS software)Investigation Report: SummaryYour IP address:Your Country: US, United StatesYour Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)Your Operation System: Windows XP SP2 VULNERABLESystem Security Status: CAUTIONTime of investigation: Thu Sep 7 8:06:35 PDT 2006Scan and Protect Your PC Download and install one of the following approved software products:Spy Heal? Over 40,000 threats in the database? Exclusive algorythm of cleaning? IE Safe Mode - simply cleans your browser!? Manual / automatic update system? Autostart items / IE Objects / Running Processes manager? Dialer blocker, Popup blocker? Visit Website ? Free Download Pest Trap? Daily updated threat databases? Intelligent threat scanner? Application advanced ... Read more

Answer:Help! Hijackthis Log (smitfraud) Syssec Thing?

Hi flakeup and welcome the BleepingComputer You got some infections.Please create a new folder named HijackThis to your desktop. After that, move HijackThis.exe into that folder. Then, rename HijacThis.exe to Scanner.exePlease download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply along with a fresh HijackThis (scanner.exe) log.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htmNOTE: Do not run any other options from SmitfraudFix until I tell you to do so!

1 more replies
Relevance 48.79%

I think I might have picked up these problems from myspace, I'm not entirely sure. Either way, i should probably let u know what i have already done. almost instantaneously i saw that my internet browser shut down when i clicked on a profile on myspace. immediately following that, i started getting pop-ups and my desktop image changed to this blue screen that has a link on it for spyware removal programs. And I keep getting these bubbles popping up on my control panel telling me that i have a spyware infection. In addition, there are red boxes that pop up on my computer telling me which viruses/malware/etc. are installed on my computer and telling me to update my security settings or something like that. I ran ad-aware, and it removed some things, but almost immediately, they came back bc i ran back to back scans and the same things kept popping back up. so seeing that i was getting nowhere with that at that point, i shut the computer down. a day later, i downloaded mcafee and tried that, with similar results. and i also went through the folders on windows and system32 and local settings and i manually removed some of the files, but when i emptied the recycle bin, it was like they just came back and had copies with them too. So, being baffled, i googled the names of the files that i kept getting come up on the scans and i came across a blog from pcguide that had mentioned trying combofix to try to fix the problems and also detailing very similar problems that were ... Read more

Answer:Hijackthis Log: I Think I Have Smitfraud, Adbreak, Aconti, And Acespy, And Maybe More...help!

I also have the red pop up box that says i have trojandownloader.xs. I was reading through previous messages and there was also something mentioned about Deckard's System Scanner. Well, I downloaded it and ran it and the results are below. Also, I am locked out of task manager. And the current list of problems i have on this computer are as follows: adbreak, acespy, aconti, access media, adblaster, win32, and mgmrwmrv.exe. I can delete most of these files manually, but they just seem to reinstall themselves immediately afterward with the exception of the last one. it won't let me delete it bc it says it is either in use or read/write protected. Would really like for someone to please help. Computer is kind of a necessity for my fiance to get paid from where he works at. And he has used the computer for access to his bank account before as well. Until I hear back, I am going to keep going through these blogs and try to fix it or atleast get as much information as possible for someone to be able to help me. Deckard's System Scanner v20071014.68Run by Owner on 2008-03-04 07:03:27Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --58: 2008-03-04 12:03:46 UTC - RP387 - Deckard's System Scanner Restore Point57: 2008-03-04 05:18:36 UTC - RP386 - Comb... Read more

4 more replies
Relevance 48.79%

Hi, I am having problems with Smitfraud-C.toolbar888. Here is the logfile:


EDIT: removed inline log for guide to be run




Any help would be much appreciated.

~StaceyJ
 

Answer:Smitfraud-C.toolbar888. HijackThis logfile included.

Welcome to Majorgeeks!

Best option is to run the below as hijackthis can miss some crucial malware out of its scan, these days malware comes in groups which is why the below is they best way to mop up all the malware, once the logs are attached and if you still have the malware toobar on your PC, we will issue you soem further instructions to clean up the remaining bits,


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.





When you return to make your next post, make sure you attach the following logs and that you have run these... Read more

1 more replies
Relevance 48.79%

hi there,i have encountered trojan-spy.HTML.smitfraud.c and it is very annoying. i have done some tricks and got rid of the blue screen but still my computer is infected.Here is the Hijackthis Log file;Logfile of HijackThis v1.99.1Scan saved at 13:13:37, on 30.06.2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\srvany.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\resetservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Mixer.exeC:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXEC:\PROGRA~1\A4Tech\Mouse\Amoumain.exeD:\Program Files\Winamp\winampa.exeC:\WINDOWS\System32\rundll32.exeD:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXED:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\System32\wuauclt.... Read more

Answer:Hijackthis Log file - Trojan-spy.HTML.smitfraud.c

If you still need help, could you post a fresh log please?

3 more replies
Relevance 47.97%

Hijack this log file. Computer is infected and Norton is not helping. Any input is appreciated. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:27:43 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPRO... Read more

Answer:Help with Virus. HijackThis log, Active Scan log and Smitfraud.fix log Inside

7 more replies
Relevance 47.97%

Hi,

I'm using XP and have recently had problems. I think something has downloaded on to my pc and I can't get rid of it. Tried using AVG, Adaware and Spybot but with no luck.

The symptoms:

1) 3 unidentified objects in the desktop toolbar (where the time is). The objects are a yellow triangle with exclamation mark in it, a red circle with a white cross in it and a red circle with a white exclamation mark in it. They have these annoying speech bubble pop ups, like other xp programmes, that say something like you are "Protect your computer from viruses. You need to use antivirus software.". One of the speech bubble pop ups says my pc is infected with iworm.attck.v122.02a. When I click on these symbols they link to:

http://www.antivirus-gold.com/?wm=&swm=
http://www.psguard.com/?aff=9&sub=0
and a site selling regfreeze

2) The desktop background has changed to black with writing saying "Warning - You're in danger" and then goes on to say how I should protect my computer.

3) When I shut down i get a quick flash which i think says I have a page fault but it disappears so quickly i can't get the code or any info.

4) When I close down the computer this comes up "A fatal error has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c".

Here is my hijackthis file:

Logfile of HijackThis v1.99.1
Scan saved at 01:26:11, on 08/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MS... Read more

Answer:hijackthis file please help (moved from XP, smitfraud, hookdump, possibly others)

7 more replies
Relevance 47.56%

Hello,

I had a problem with the red background and "your computer is infected" and browsers popping up all over. I followed your advice on another thread and ran HJT, then smitfraud fix in safe mode, then downloaded superantispyware and ran it. The background and the popups seem to be gone but here are my logs:

First HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 8:51:54 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_13\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_t... Read more

Answer:"Your privacy is in danger," HJT, smitfraud fix logs

I just logged onto as my husband and it's not fixed on his end. When I logged on in safe mode, I logged onto my own screen. Should I have logged on as the administrator? Or do I need to do it all again logged on as my husband? Help please!
 

1 more replies
Relevance 47.56%

I'll sum up the information in a few words and then post the Logfile.SmifFraud, WinantiVirius, Vundo Trojan...And here is the logfile... I hope you guys can help me out.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:57:58 PM, on 8/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXEC:\WINDOWS\system32\iwnwvnkm.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exeC:\Program Files\Dell Photo AIO Printer 942\me... Read more

Answer:Hijackthis Logfile- Vundo Trojan, Win Anti-viruis, Smitfraud-c

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Murasame AssassinMy name is Richie and i'll be helping you to fix your problems.Please do the following in the same order as posted.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option 1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.*IMPORTANT* Do NOT run any other options until you are asked to do so!Also post a new Hijackthis log.

9 more replies
Relevance 46.74%
Question: Hijackthis Logs

my pc recently runing slow... n hard to open... it will hang... n stop...i need to restart a lot of time.... it will back to normal...i do antivirus kaspersky scan show no proble...n i got problem when i when open video with AVI format.i will appear error report .i use a lot of program also same... other fromat like wmv and rm no problem.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:00:14, on 2007-8-4Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\sistray.EXEC:\WINDOWS\system32\keyhook.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ulead Systems\DVD ... Read more

Answer:Hijackthis Logs

Hello and welcome to BC.Sorry for the delayed response. If you've not already been helped elsewhere and still need help, please post a fresh HijackThis log and I'll be happy to help you.

2 more replies
Relevance 46.74%
Question: Hijackthis Logs

Hi,I'm NOT that smart with computers and know how to but I certainly can follow the instructions to make it right and get rid of whatever is bothering me and my PC. I do have an anti virus and firewall installed in my PC but I have a feeling that something is not right as whenever I type something or search for specific word, item, .... I'll receive spams from websites/persons in my email(s) which I've never visited!!! anyway, I'm gonna go ahead and post my HijackThis Logs here and hope for getting help in how to fix the problems in my PC system! thanks Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:03:44, on 2008-09-03Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\SYSTEM32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXEC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Windows\SOUNDMAN.EXEC:\Windows\ehome\ehtray.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Wind... Read more

Answer:Hijackthis Logs

Hi Spam Buster I apologize for the delay in response to your thread.If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please post a new Hjt log so i can see the current condition of your system.Thanks.

2 more replies
Relevance 46.74%
Question: HijackThis Logs

Have been having the problem of search engine results being redirected to unwanted sites. Please help! I heard about hijack this and bleeping computer from doing research on the internet. Here is my hijackthis log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:10:32 AM, on 8/18/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exeC:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exeC:�... Read more

Answer:HijackThis Logs

When I click on a link from google search engine, it takes me to another search engine or site of unrelated business. Please help - I have followed instructions from bleeping computer preparation guide and have attached two documents. Thank you!

12 more replies
Relevance 46.74%
Question: Hijackthis Logs

Here are a few of the hijackthis Log Files from 2 of my computers that do not seem to be functioning properly. This virus has disabled my mcafee virus scan software repeatedly and seems to be preventing it from updating itself. Any help would be greatly appreciatedNUMBER 1:Logfile of HijackThis v1.99.1Scan saved at 6:49:07 AM, on 5/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeC:\Program Files\McAfee.com\VSO... Read more

Answer:Hijackthis Logs

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

1 more replies
Relevance 46.74%
Question: HiJackThis Logs

My Pc's screen turnned blue.. and i don't now what's wrong. here's a scan from hijackthis logs...

Answer:HiJackThis Logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner o... Read more

2 more replies
Relevance 46.74%

Hi!
Recently i've had a few problems with my computer and i read
a guide to remove spyware, keylogs and other viruses.
I did as told and then they told me to download MBAM and Hijackthis and
then post the logs on this site.
I'm not good at all at computers so hopefully i did everything correct!
Thanks!
Linus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:01, on 2010-07-19
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ico.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\- Program\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Linus\Program Files\DNA\btdna.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PowerStrip\PStrip.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Users\Linus\AppData... Read more

More replies
Relevance 46.74%
Question: My Hijackthis logs

Hi, I have insane lag when i use Internet. My computer is very slow too Thank you for ur interest.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:02:35, on 2010-03-05Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_10\bin\jusched.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\sy... Read more

Answer:My Hijackthis logs

up===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Re... Read more

3 more replies
Relevance 46.74%
Question: Hijackthis logs

have been presented with a file of what appear to be hijacked settings on my lap top but do not know if I have problem. My system seems to working OK and not running slow.
Do know if I have got this right but I have attached the relevant files including system information.
Advice on the matter would be welcome.
Nunthorpe

Answer:Hijackthis logs

Hello nunthorpe and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the re... Read more

2 more replies
Relevance 46.74%
Question: Hijackthis Logs

Hello:Im new in this forum, I was wondering if you can check my log whenever you have a chance and give me advice how to fix the problems,Tanks a lot!! Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:57:31 PM, on 2/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXED:\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeD:\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Webshots\webshots.scrC:\Program Files\Alwil Software\... Read more

Answer:Hijackthis Logs

Hello mabel01us Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience.

1 more replies
Relevance 46.74%
Question: My Hijackthis logs

I have been inundated with all kinds of pop-ups from www.free6.se and www.lassekongos.com/sperm.shtml and 194.237.110.186/randomsites/banner.aspx. Everytime one of these pop-ups come up...it downloads a Trojan. I have tried Adaware to no avail. I ran Hijackthis and this is my log.Please help me!!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXEC:\PROGRA~1\Grisoft\AVG6\avgserv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe... Read more

Answer:My Hijackthis logs

Hi champagn,I'll gladly review your log but I need you to do a couple of things first:You are running HijackThis from a temporary folder. When run from a temporary folder, the backups HijackThis makes may accidentally get deleted, so please put HijackThis into a permanent folder. Full instructions on how to do this can be found here:Detailed ExplanationBrief instructions for this are: To create a permanent folder:Click My Computer, then C:\In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\HJT\ folder. Put your HijackThis.exe there.You have not posted a complete log and are missing the top 4 lines.Please run HijackThis from its new folder and post a full log here.

9 more replies
Relevance 46.74%
Question: Hijackthis Logs

Logfile of HijackThis v1.99.1Scan saved at 17:32:38, on 26/05/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\system32\lxctcoms.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\tcpsvcs.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\dennis\My Documents\Hijack\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\M... Read more

Answer:Hijackthis Logs

Welcome to the BleepingComputer HijackThis Logs and Analysis forum elgan Download DelDomains.zip and extract/unzip it to your desktop:Now right click on Deldomains.inf then click on 'Install'.After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.(No need to restart your pc).*********************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. *********************Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option #1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.Also post a new Hijackthis log.

22 more replies
Relevance 46.74%

Please help see if there are any malicious files left on my computer thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:39 PM, on 9/7/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Software Informer\softinfo.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Windows\SysWOW64\mmrtkrnl.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\AV Music Morpher Gold\AV Music Morpher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T... Read more

Answer:Help please (hijackthis and dds logs)

16 more replies
Relevance 46.74%
Question: Hijackthis Logs

Random popup.and sometimes my nod detect trojan
on //medque.com.au JS/TrojanDownloader.Iframe.EY.genand//digitalcontracts.co.uk/ JS/TrojanDownloader.Iframe.EY.genLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:40:54, on 4/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\SYSTEM32\astsrv.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\QuickSet\Quickset.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Paradial\RealTunnel\rtunnel.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\WinRoll\winroll.exeC:\Program Files\RK Launcher\RKLauncher.exeC:\Program Files\SRS Labs&#... Read more

Answer:Hijackthis Logs

any help?

5 more replies
Relevance 46.74%

Hi! DerfThanks for all your help..I need your help for this HijackThis Logs ASAP.Logfile of HijackThis v1.98.2Scan saved at 오후 3:26:24, on 2004-10-20Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\toshiba\ivp\ISM\pinger.exeC:\WINDOWS\System32\TPWRTRAY.EXEC:\WINDOWS\System32\00THotkey.exeC:\Program Files\AhnLab\Smart Update Utility\AhnSD.exeC:\PROGRA~1\Ahnlab\V3\MonSysNT.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\MonsterTV\montv.exeC:\WINDOWS\System32\conime.exeC:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exeC:\WINDOWS\System32\ctfmon.exeC:\PROGRA~1\Ahnlab\V3\MonSvcNT.exeC:\WINDOWS\... Read more

Answer:HijackThis Logs Please help

he43200, welcome. Please print this out and follow ALL these directions carefully.The use of MSCONFIG as a Startup Manager is not recommended.In each autostarted application (the O4 entries) go Tools or Options and uncheck the Start with Windows function.If you really must use a Startup Manager then Mike Lin's Startup Control Panel is very good.http://www.mlin.net/StartupCPL.shtmlAs I do not know what is in c:\windows\system32\autoexec.nt I do not know what to recommend. Post its contents here.Make sure 'show all files' is enabled:http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=Boot into Safe Mode by tapping F8 key repeatedly at bootup.More detailed instructions here:http://service1.symantec.com/SUPPORT/tsgen...001052409420406Start HijackThis and tick the boxes next to all these, then close all browser and explorer windows, and tell HijackThis to "Fix checked" if still present.O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoReboot and Install the prevention protection below and help your friends from being infected on the Internet.Empty the Recycle Bin.The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there.Index.dat Suite helps with this.http://support.it-mate.co.uk/?mode=Products&p=index.datsuiteInsure that Index.dat Suite is Setup to empty the Temp folders especiallyC:\Documents and Settings�... Read more

1 more replies
Relevance 46.74%

Logfile of HijackThis v1.99.1Scan saved at 9:32:24 AM, on 26/06/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\j2re1.4.2_08\bin\jusched.exeC:\WINDOWS\system32\RAMASST.exeC:\WINDOWS\System32\ZoneLabs\isafe.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exeC:\Program Files\Winamp\winamp.exeC:\Documents and Settings\Daniel\My Documents\Downloads\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhomeR1 - HKLM\Software\Mi... Read more

Answer:HijackThis! Logs, I need help on what to do

Sorry, just wanted to bump this topic. Please post if I need to remove anything or if it's Ok.//Mod edit: Attempting to bump a log only sets you back in the time line.All logs are analyzed on a first in, first served basis. Please have some patience.The HJT techs are all volunteers, giving of their time to help others.

2 more replies
Relevance 46.74%
Question: hijackthis logs

Logfile of HijackThis v1.98.2Scan saved at 12:27:31, on 2004-9-10Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\Netease\popo2004\popo.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\CVS for NT\cvslock.exeC:\Program Files\Rational\common\lmgrd.exec:\mysql\bin\mysqld-max-nt.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\nutsrv4.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Syman... Read more

Answer:hijackthis logs

lightlywind, we're checking it over now. It won't be much longer

3 more replies
Relevance 46.74%

Hi All,

I ran cwshredder and got the hijackthis log as follows:

Logfile of HijackThis v1.97.7
Scan saved at 12:11:02 AM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\ntxr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
D:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\WINDOWS\crth32.exe
C:\Program Files\SecCopy\SecCopy.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\System32\NDrv.exe
C:\Program Files\shortkey\SHORTKEY.EXE
C:\PRO... Read more

More replies
Relevance 46.74%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:11 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg... Read more

Answer:Please Help HijackThis Logs

16 more replies
Relevance 46.74%

Below is my Hijackthis log. Can someone please take a look at it and let me know if anything on it looks suspicious. Thank you...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:55 PM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVi... Read more

Answer:Hijackthis logs...Please help

Hi DirtyD,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on al... Read more

1 more replies
Relevance 46.74%
Question: Hijackthis Logs

a spyware pop up every few minutes potencial spyware operation..and dont know to remove it. and every time i reboot or restart it the homepage is changing to google..so i keep change it to yahoo..and i cant open the task manager and control panel to..i just read the topic about hijack and should post in HijackThis Logs subforumHelp!! pleaseLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:05:34 AM, on 10/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AlienGUIse\wbload.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\printer.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\VM303_STI.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.ex... Read more

Answer:Hijackthis Logs

Closed as a duplicate of this one: http://www.bleepingcomputer.com/forums/t/111208/hijackthis-logs/

1 more replies
Relevance 46.74%
Question: HijackThis Logs

I was trying to enter into files Documents and Settings and it would not let me in. I found it strange, so I tried Local Users and couldn't get in there either. I guessed (?) that I had been hijacked. Can you tell me if that is true or not?

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files�... Read more

Answer:HijackThis Logs

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Relevance 46.74%
Question: Hijackthis logs

I have windows xp sp2. Recenlty i have installed norton 360. Norton 360 detects a trojan horse but is not able to action on it. Attaching the hijackthis log. I am a new user and dont know much abt your site. But hope i will get a solution for the same. email address is removed to avoid getting spammed.Also suggest me if i should go back to kaspersky internet securtiy as norton 360 hangs my system every now and thenRegardsPradeep

Answer:Hijackthis logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 46.74%
Question: My HijackThis Logs

Logfile of HijackThis v1.97.7Scan saved at 1:31:44 PM, on 8/10/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\System23.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\WindUpdates\WinUpdt.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Personal Firewall\NISUM.EXEC:\Program Files\WindUpdates\WinKA.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Internet Optimizer\optimize.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:&... Read more

Answer:My HijackThis Logs

Please click Start - Control Panel - Add/Remove programsRemove Windupdates and Internet Optimizer. Reboot before posting a new log.You are using an old version of HijackThis, please download the latest version and post a new log.Download Hijackthis:http://www.spywareinfo.com/~merijn/files/hijackthis.ziphttp://computercops.biz/downloads-cat-14.htmlIf you cannot reach either site it is available from my signature.

1 more replies
Relevance 46.74%

Long story short, AVG keeps telling me I have a trojan virus and continue to keep getting a window popping up on our pc and need it to go away as soon as possible. Please review, I've ran AVG, MalwareBytes and SpyBot search and destroy and continue to get the pop up from avg even after it has cleaned or deleted the infected files.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25:51 AM, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sql... Read more

Answer:Hijackthis Logs Please Help

Anyone? Please...

2 more replies
Relevance 46.74%

I recently have been having some malware issues and was recommended to your site for help. I have performed all the steps outlined in your hijack this section of the site. I unfortunately was unable to get the AVG log while in safe mode for some reason and BitDefender would not work for me either. Everything else did work fine and did seem to remove most of the problems. One of the issues I am still having is I experience an error message when trying to log onto World of Warcraft saying unable to validate game version. I researched into this and it appears to be caused by malware so I believe there is still something present. Here are my logs.
 

Answer:HijackThis and other logs

This is my HijackThis log.


Thanks for your time,
Mark
 

8 more replies
Relevance 46.74%
Question: Hijackthis Logs

A persistent dialer has infected my system, and cannot be eradicated by any of the spyware tools that I've tried. HijackThis logs (scan and startup) are below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:04:20 AM, on 8/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Laplink Everywhere\ServerProxyService.exeC:\WINDOWS\System3... Read more

Answer:Hijackthis Logs

After many hours of reading other posts, I think that I fixed the problems! No further follow-up required (I hope!).

Ross

2 more replies
Relevance 46.74%

My garandson has been on some gaming sites and now i have lots of popup and browser hijackers i have run a virus scan and removed some and now run hijackthis and need help with it
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:27:37 AM, on 8/17/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0494)

FIREFOX: 45.0.1 (x86 en-GB)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\... Read more

More replies
Relevance 46.74%

got a lot of popups and browser problems here are the hijack this logs
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:27:37 AM, on 8/17/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0494)
FIREFOX: 45.0.1 (x86 en-GB)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Samsung\AllShare\AllShareAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloud... Read more

More replies
Relevance 46.74%
Question: HiJackThis Logs

I know there was some discussion about this earlier, but I could not find the thread, so please forgive me for asking the question again....

I would love to be able to troubleshoot my own logs on a regular basis vs. posting them here. Can someone provide those "bad things" to look for that can be removed. I know this will not clean the log as completely as if one of you technical geniuses was reviewing it , but surely there are some generic items that could be listed for those of us who would like to help ourselves.

What say ye?
 

Answer:HiJackThis Logs

9 more replies
Relevance 46.74%
Question: Hijackthis Logs

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:05:34 AM, on 10/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AlienGUIse\wbload.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\printer.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\VM303_STI.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\WTablet\TabUserW.exeC:\Program Files\Hamachi\... Read more

Answer:Hijackthis Logs

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jc088 My name is Richie and i'll be helping you to fix your problems. You have a Backdoor Trojan present on your pc A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.They are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such risks may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These risks severely compromise the system by lowering security settings, installing 'backdoors,' infecting system files, or spreading to other networked machines.If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one,if not an attacker may get the new passwords and transaction information. Banking and credit card institutio... Read more

3 more replies
Relevance 46.74%
Question: HijackThis Logs

HELP PLEASE...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:49, on 13/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Indosat\Accelerator Client\bmoc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\E_Daisy_vanG\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\E_Daisy_vanG\AppData\Local\Yahoo!\Messenger for Vista\Yahoo.Messenger.YmApp.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\... Read more

Answer:HijackThis Logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 46.74%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:39:08 PM, on 10/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exec:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exec:\PROGRA~1\COMMON~1\mc... Read more

Answer:Hijackthis Logs...help!?

Hello katrock79,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 46.74%
Question: Hijackthis Logs

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:40:08 am, on 7/1/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Documents and Settings\ted.TEDS\Application Data\m\flec006.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\System32\locator.exeC:\Program Files\AnalogX\POW\pow.exeC:\Program Files\Atomic Clock Sync\Atomic.exeC:\Program Files\Microsoft Office\Office10\msoffice.exeC:\Program Files\MemTurbo30\MemTurbo.exeC:\WINDOWS\system32\drivers\downld\347656.exeC:\My Downloads\TedCops.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by122w.bay122.mail.live.com/mail/In...p;wa=wsignin1.0R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local ... Read more

Answer:Hijackthis Logs

Hello tjmoesWelcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to. If you have not resolved this issue and still need assistance, post a new HJT log as your system may have changed since your original post.Ken

2 more replies
Relevance 46.74%
Question: HijackThis Logs

Hey, just wondering, how do you use a HijackThis Log.?
like what do you look for.?
to be able to use it myself. thanks
 

More replies
Relevance 46.74%

Here's my log. Any help would be appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 5:55:17 AM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\ace\LOCALS~1\Temp\sysnet.exe
C:\WINDOWS\system32\sprhelp.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files... Read more

Answer:Hijackthis logs!!!---need help!

8 more replies
Relevance 46.74%

Hi.. Can someone please, please, please help with these logs. I have tried to do it myself, but i am completely confused!! Thank u soo much! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:43:43 AM, on 10/19/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18294)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\rundll32.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:... Read more

Answer:HijackThis Logs Please Help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 46.74%

Hi Below is my HijackThis Log. I've ran windows defender (found nothing) ad aware (found 4 files) and tried to remove all of the malware. The problem I'm having is with my Internet Explorer. Thanks in advance.Logfile of HijackThis v1.99.1Scan saved at 6:16:20 PM, on 6/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Wave Systems Corp\Common\DataServer.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\NTRU Cryptosystems\... Read more

Answer:Need Help With Hijackthis Logs

Hello,<<< instructions to upload sample removed >>>* Download smitRem and save the file to your desktop.Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.* Reboot into Safe Mode`: ( without networking support !)?To get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmpO3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.* Reboot back into Windows normal mode.* Update your Sun Java:Updating Java:Go to Start > Control Panel double-click on the Software icon > add/remove programs.Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it:
Select it and click Remove.T... Read more

12 more replies
Relevance 46.74%
Question: HiJackThis Logs

I have HiJackThis logs from 3 PC, 2 of which keep having their automatic updates turned off after being turned back on every time. And 1 of these PCs has inappropriate ads appearing within Yahoo! and various news websites ? there?s a small note under these ads that they are not from the host site or something along those lines. I've already run Malwarebytes and SUPERAntiSpyware and each didn't find any viruses. I've also run System File Checker (sfc /scannow) on the 2 PCs having issues and they reported no integrity violations.

SMhijackthis and BHhijackthis both have their automatic updates turned off repeatedly. BEhijackthis is the good/control PC.

Answer:HiJackThis Logs

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465881 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 46.74%

Hello

This is my first time in a forum so I apologise, in advance, if I make any cockups!

Have run through your routine for removing malware, steps 1 to 6. I'm hopeful that the problem(s) have been resolved. However, I would be very grateful if some nice chap could just check my logs and let me have their opinion.

This is 2nd time I have had a go at this pc; unfortunately it is the MD's m/c so I'm particularly keen to get it right this time, otherwise could be bad career move ;-)

Thanks for your help.
 

Answer:Help with Hijackthis logs

Here are 2 other logs.

Having problems uploading BitDefender log - "File of 1.71Mb exceeds limit of 250KB for this filetype"

Any suggestions?
Regards





cyberequine said:





Hello

This is my first time in a forum so I apologise, in advance, if I make any cockups!

Have run through your routine for removing malware, steps 1 to 6. I'm hopeful that the problem(s) have been resolved. However, I would be very grateful if some nice chap could just check my logs and let me have their opinion.

This is 2nd time I have had a go at this pc; unfortunately it is the MD's m/c so I'm particularly keen to get it right this time, otherwise could be bad career move ;-)

Thanks for your help.Click to expand...


 

6 more replies
Relevance 46.74%

Hi Just wanted someone to look at the log below. A little of background, a friend got a few virus on his Laptop with XP Home but he had no Spyware software or updated anti virus. I installed Spybot and Lavasoft Adware, also install Norton Antivirus (corporate) and AVG Free. Run all of the them several times and now all of them show as clear. While I run them I had the system on Safe mode and System Restore was disable, I just run hijackThis and the log is bellow. Can you let me know what you think and what other spyware, trojan or Virus still on the system. THANKS in Advance. Logfile of HijackThis v1.99.1 Scan saved at 18:31:37, on 17/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Patrick\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - H... Read more

Answer:Help With Hijackthis Logs

Where are you located???Add remove programs - remove logitech desktop messenger===================Download Hoster from here:www.funkytoad.com/download/hoster.zip Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.==================1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exehttp://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall======================Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.3. On the main screen select the icon "Update" then select the "Update now" link.o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings&q... Read more

12 more replies
Relevance 46.74%

Hi allI have an issue with full screen IE popup adverts happening when I don't even use IE. Could you be kind enough to have a look through the following to tell me what the issue is. I'm running XP Pro at the moment. Please let me know if you need anything else, I think I have provided everything!DDS (Ver_10-03-17.01) - NTFSx86 Run by mbo at 13:22:43.13 on 06/07/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2000.753 [GMT 1:00]AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {B02B524A-0C22-45DD-A6D1-70C7010CE58E}============== Running Processes ===============svchost.exe 4C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exe 4svchost.exeC:\WINDOWS\system32\spoolsv.exec:\drivers\audio\r205445\stacsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Program Files\Avira\Avira Security Management Center Agent\agent.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\WINDOWS\system... Read more

Answer:DDS & HiJackThis logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 46.74%

Hello guys,My AVG, ewido, ad-aware, spywareblaster, zone alarm ... couldn't rid off from a regenearting virus. They all claim to have healed but the moment I reboot the viruses, malware or whatever its resurface. One of it is this WinAntivirusPro continuosly nagging to instal itself.My Hijackthis log file is:Logfile of HijackThis v1.99.1Scan saved at 2:21:52 PM, on 10/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\System32\tcpip.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\Ex... Read more

Answer:Hijackthis Logs Help

Hello obasanjo, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks

2 more replies
Relevance 46.74%
Question: Hijackthis logs

Hey everybody, I'm new to this site as well as Hijackthis. I THINK this is where i am supposed to post this. My computer has been acting funny lately and i thought I'd look into the possibility of malware. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:45 PM, on 11/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\.... Read more

Answer:Hijackthis logs

Hello ViPDeVo Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.When you say your computer is acting funny can you elaborate on that some. What are the symptoms you are experiencing? Please provide the answer to that as well as the logs which the following will produce in your next reply.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.We need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zip Mirror
This version will d... Read more

2 more replies
Relevance 46.74%
Question: HijackThis Logs?

Does anybody check these on here? Please message back, i'm new
 

Answer:HijackThis Logs?

Hi and yes we have some experts in HiJackThis BUT, Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.





- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
Click to expand...


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

 

2 more replies
Relevance 46.74%
Question: HijackThis Logs

Okay I have two HijackThis logs I need help with (these are two different computers):

Logfile of HijackThis v1.99.1
Scan saved at 10:24:55 AM, on 8/24/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\zqskw.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Tom Roddy\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\System32\xeymi.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKLM\..\RunOnce: [{D7CC80D4-376C-4586-B023-4F35C2CEB28E} Deskbar UNINSTALL] regsvr32 /s /u "C:\Program Files\Deskb... Read more

Answer:HijackThis Logs

Maybes you should of posted it here :

http://techist.com/forumdisplay.php?forumid=126

Also, are you having problems? If yes, what?

9 more replies
Relevance 46.74%

Hi I have a friends PC that was full of spy ware I have done all the windows updates and ran spybot, ad-aware, cwshredder and her antivirus program (updated all first)and still her browser is being hijacked there are 2 users on the pc so I have done the same on both and ran Hijack this on both logs below..Thanks in Advance for your assistanceChrisUser DoyleLogfile of HijackThis v1.97.7Scan saved at 5:31:05 PM, on 26/06/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Messenger Plus! 2\MsgPlus.exeC:\PROGRA~1\Grisoft\AVG6\avgserv.exeC:\WINDOWS\System32\CTHELPER.EXEC:\PROGRA~1\MIXABO~1\upload up.exeC:\WINDOWS\System32\devldr32.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXEC:\Documents and Settings\Pattie\Desktop\Spyware removal\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar... Read more

Answer:Help please HijackThis Logs

Let?s start with Doyle. I?m not sure if this fix will take effect universally or not. Please boot into safe mode and select the following with HijackThis. With all windows (including this one!) closed, please select "fix.?R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.ht...www.google.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.htmlO2 - BHO: (no name) - {ADFE3AFC-EF61-CC74-BDF1-6D1B5EA3D6A5} - C:\PROGRA~1\MESSMA~1\Data rule.dllO3 - Toolbar: BENDDASHTOOL - {44AB0BB3-78BC-680C-BF68-92143DA8E329} - C:\PROGRA~1\MESSMA~1\Data rule.dllO4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"O4 - HKLM\..\Run: [debug htm] C:\PROGRA~1\MIXABO~1\upload up.exeO4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart***************************************Please find and d... Read more

3 more replies
Relevance 46.74%
Question: HijackThis Logs

Please look over the HijackThis Log file. I've been having a lot of difficulties with my PC recently and pretty sure it's infected with something.I'll be very interested in hearing any opinions. Thanks for the help..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:29:11 AM, on 1/20/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\svchost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exeC:\Window... Read more

Answer:HijackThis Logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 46.74%

here is the hijack logs, pls help... thanks very muchLogfile of HijackThis v1.99.0Scan saved at 8:37:33, on 2004-12-19Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\VM_STI.EXEC:\WINDOWS\System32\khooker.exeC:\WINDOWS\System32\RunDll32.exeD:\Program Files\FarStone\VirtualDrive\VDTask.exeC:\WINDOWS\vcdplayx.exeD:\Program Files\Winamp\winampa.exeD:\Program Files\Network Associates\VirusScan\SHSTAT.EXED:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Internet Explorer\iexplore.exeD:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXED:\Program Files\Network Associates\Common Framework\FrameworkService.exeD:\Program Files\Network Associates\VirusScan\Mcsh... Read more

Answer:hijackthis logs - pls help

Hi Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop.Install the program. Don't use it yet.Please print or copy these instructions because you are not able to access the Internet in SafeMode.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun HijackThis!, press Scan, and put a check mark next to all these:O4 - HKLM\..\Run: [MsHosts] C:\WINDOWS\System32\MsHosts.exeClose all other windows and browsers, and press the Fix Checked button.Search for these files and delete them if found:C:\WINDOWS\System32\MsHosts.exe <-- this fileWith all windows and browsers closed.Clean out temporary and Temporary Internet Files.A. Open System Security Suite.B. In the Items to Clear tab thick:- Internet Explorer (left pane): Cookies & Temporary files- My Computer (right pane): Temporary files & Recycle BinPress the Clear Selected Items button.Close the program.REBOOT normally. Perform at least two online scans:Perform a full scan here: Trendmicro, check AutoClean and let him remove anything he finds.Perform a ful... Read more

1 more replies
Relevance 46.74%
Question: Hijackthis Logs

hey, i am having problems with my comp. i think from all the research ive done that it is iexplorer.exe that is giving me the problem, and probably other things, so here r my long filles maybe somewone could tell me how to remove it?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:00:47 PM, on 4/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\stsystra.exeC:\Progra... Read more

Answer:Hijackthis Logs

Hello Hawksl32,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 46.74%

some one recommend this forum to me and I've got some problem on my pchope u guys can help me and told what should I do ,anyway, thanx a lot....Logfile of HijackThis v1.98.2Scan saved at 下午 10:33:22, on 2004/12/12Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exeC:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files... Read more

Answer:HijackThis Logs and HELP ME PLS!

Hi Download this ZIP file and unzip the contents to a folder, then open that folder and double click on Find.bat. It will run for a minute, then produce a log (ignore any File not found messages on the screen, it should continue anyway). Please copy and paste that log here.From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.

6 more replies
Relevance 46.74%
Question: hijackthis logs..

Logfile of HijackThis v1.99.1
Scan saved at 2:01:14 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\syste... Read more

Answer:hijackthis logs..

and the problem is??

might help to indicate why the post even though a log expert might be able to figure it out
 

2 more replies
Relevance 46.74%
Question: Hijackthis logs

I am in need of some help. Anyone who can analyze these and let me know what to get rid of would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:28:50 AM, on 10/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\OProtSvc.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TPSMain.exeC:\Program F... Read more

Answer:Hijackthis logs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

19 more replies