Computer Support Forum

BT home router wide open to hijackers

Question: BT home router wide open to hijackers

If you rely on BT for high-speed internet or VoIP, there's a good chance a pair of UK-based researchers know how to enable a backdoor in your router that leaves you wide open to eavesdropping, caller spoofing and other nasty attacks.
The vulnerability resides in the BT Home Hub, one of the UK's most popular home routers, according to Adrian Pastor and Petko D. Petkov. A constellation of bugs in the router, which is made by Thomson/Alcatel, make it possible to bypass the device's password authentication system and gain complete administrative control.

All an attacker needs to do to exploit the weaknesses is lure the victim to a maliciously crafted website, according to this post on the GNUCitizen blog. The exploit doesn't require knowledge of the administrator password.
"The BT Home Hub is vulnerable to an authentication bypass that allows us to make any administrative requests to the router from a malicious website WITHOUT needing username and password," Pastor wrote in an email to The Reg. He and Petkov have confirmed the vulnerability in the BT Home Hub running the most recent firmware. They believe the exploit will work on all Thomson/Alcatel Speedtouch 7G routers.
US-based BT representatives didn't immediately respond to requests for comment.
The scope of the vulnerability and the ease in carrying it out means that a remote attacker can quietly gain full administrator control over a device simply by social engineering a user into visiting a website. The exploit makes it possible to steal a user's WPA key, listen in on VoIP calls, steal VoIP credentials or change DNS settings so users are silently redirected to fraudulent websites.
Thomson/Alcatel's Speedtouch 780, a similar router used by Bethere, shares some of the same cross-site-scripting and cross-site-request forgery bugs found on the BT Home Hub. But because it's not vulnerable to authentication bypass, attackers have to know the router's password in order to gain administrative control, Pastor said.


BT home router wide open to hijackers | The Register

More replies
Relevance 100%
Preferred Solution: BT home router wide open to hijackers

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 53.71%

How can I make a system wide homepage? I am looking for a registry entry. I want it to be set to MSN.com

More replies
Relevance 53.3%

I dont know if this is for real, it was recorded on August 10th.
http://www.grc.com/sn/SN-052.htm

"Description: Steve and Leo discuss the week’s security woes, covering D-Link and Centrino wireless buffer overflows which allow remote wireless compromise of user’s networks and machines. They explore the recent revelation that JavaScript can be used to scan an unwitting user’s internal network to take over their equipment. They talk about the purchase of Hamachi by LogMeIn and how Botnets are being used to create fraudulent eBay users with perfect “feedback” in order to defraud even careful eBay users. And more!"

The Java bit is nearly 1/2 way down the page.
 

Answer:Java leaves you wide open?!

Yeha, that's kinda interesting.

It's not Java they are talkign about, it's JavaScript, so there's a difference.

The thing they are talking about is a site's melicious script being able, not exactly to "scan" your network with a port scanner, but to be able to dos ome network mapping by finding IP ranges and web servers in the interneal network, and reporting that back to their server.

This is more like s stealth scan to find your servers through passive, rather than active, scanning. So if you have a file server on your internal network or your router, and they host web based services, ok, this script can discover that. But what then? The script doesn't give them root access to your machine and they can't get access to your machiens unless they are exposed to them to begin with.

I suppose it would be possible for the script to make the melicious web server identify you on the next visit and have a payload ready for you based on what the scan discovered in the first place, but that relies on the payload successfully running on your machine. There are a few sites I go to that have porn popups with java script that tries to force my browser to download something (IE isn't the only browser suceptable to this issue), but my antivirus is quite aware of those methods and prevents it.

They point it out in the discussion over and over, and I knwo I've heard it plenty of times: surfing the web with scripting enab... Read more

3 more replies
Relevance 53.3%

Hello and thank you in advance,
 
Not IT here however I know this isn't good. First I noticed too much data moving to & from "dumb" devices on the LAN I.E. time clock, printer etc. started looking in logs and at that time back up was faulting and previous backups gone. All logs had the same start date of 9.21.16 and nothing prior. Most all apps showed created on the same date of 9.21.16 in add/remove programs. I have lots of saved logs, screenshots and files however would like some guidance scrubbing them before posting in the open. Here are the FRST64 files and I apologize if I make a posting mistake. I will correct anything brought to my attention.
 
   Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by fast (administrator) on ANONYMOUS-FAST (24-10-2016 01:54:41)
Running from C:\Users\fast\Desktop
Loaded Profiles: fast (Available Profiles: fast)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\... Read more

More replies
Relevance 52.89%

Facebook & MySpace Backdoors Wide Open

Yeah, yeah, yeah?there are a ton of "open backdoor" jokes that can be made here but, it?s too easy, I?ll take the high road this time.

For example when accessed, a automatic "post update" could be made, that would lure friends of the user to access the exploit URL, and the exploit would spread virally. An more invasive and hidden exploit could harvest all the users personal photo's, data and messages to a central server without any trace, and there is no reason why this wouldn't be happening already with both Facebook and MySpace data.

Answer:Facebook & MySpace Backdoors Wide Open

so what can a large group of my friends that just started using facebook do to defend against this exploit?

4 more replies
Relevance 52.89%

and has the default username and password.

What should I do?
 

Answer:So my neighbors Wifi Motorola AP is wide open

Whatever you want.

Just remember that though when you lock yourself out and need to pop over next door, need a favour, your house is broken into but your neighbor didn't call the cops because he/she didn't know you and didn't know you were away. I allow my neighbour to use my wifi for her email once in a while as she rarely would go online otherwise and appreciate free wifi when I find it.
My advice, walk next door and say hello and don't be a dick.
 

11 more replies
Relevance 52.89%

Just thought it was worth mentioning to help anyone, several WOW customers in my area have been experiencing slow/intermittent internet problems the last few days, the problems are related to WOW's DNS servers and can be resolved (no pun) by using different DNS settings such as openDNS (http://opendns.org/).

WOW is currently denying that the problem is on their end, but it's pretty clear that they are lying, several IT guys in my department at work have reported the same issues, and the same resolution. Hope this helps someone!
 

Answer:Wide Open West Internet Problems

we used to have the same problems with MediaCom here in Iowa. Since then I have just been forwarding all my traffic at home to 4.2.2.2 and 4.2.2.1. Haven't had problems since.
 

2 more replies
Relevance 52.07%

From Zdnet News

http://zdnet.com.com/2100-1105-933836.html

File swappers expose themselves
Users of the popular file-swapping program Kazaa frequently expose personal data to other network users by mislabeling the files that can be shared, according to research released by HP Labs.

The research, which was published Wednesday on Hewlett-Packard's Web site, found that a significant percentage of Kazaa users have accidentally or unknowingly designated private files to be shared with everyone who has access to the popular Kazaa network.

"The majority of the users in our study were unable to tell what files they were sharing, and sometimes incorrectly assumed they were not sharing any files when in fact they were sharing all files on their hard drive," the researchers wrote.

The study, conducted by computer scientists Nathaniel S. Good of HP Labs and Aaron Krekelberg of the University of Minnesota, points out that peer-to-peer programs often pose a threat to computer privacy.

Those programs have been controversial in other ways as well. Sharman Networks, which owns the Kazaa software, recently came under a firestorm of criticism for linking Kazaa users, often unwittingly, into peer-to-peer activities unrelated to their own file sharing. And content owners lambaste file swapping in general for fueling massive copyright infringement.

Good and Krekelberg scripted programs to search the Kazaa network for files that store Microsoft Outlook Express e-mail, with t... Read more

Answer:Kazaa could leave your hard drive wide open

Well most users leave file and printer sharing on with shares that are not passworded also. I am sure there are far more people using MS file and printer sharing than are using Kazaa...I bet I could access the drives of half the users on my ISP if I wanted to. Thanks for the info and keep it coming.
 

3 more replies
Relevance 52.07%

I saw if some folks screen shots, that there must be a way to cause the open programs on the task bar to display wide.. Referring to sergio's theme, and a few others.. I have dug into the taskbar options, but not struck gold, anyone know how this can be done?

Answer:How to make open programs on taskbar display wide?

Choose option from here:
Attachment 27140

3 more replies
Relevance 52.07%

Storm Worm botnet cracked wide open.

A team of researchers from Bonn University and RWTH Aachen University have analysed the notorious Storm Worm botnet, and concluded it certainly isn't as invulnerable as it once seemed. Quite the reverse, for in theory it can be rapidly eliminated using software developed and at least partially disclosed by Georg Wicherski, Tillmann Werner, Felix Leder and Mark Schlösser. However it seems in practice the elimination process would fall foul of the law.

-- Tom
 

More replies
Relevance 51.66%

I may not be well educated enough about this suspicious item in the registry, and being part of the recycle bin as s-1-21-blablablblalablah, but is it supposed to be called that? I've researched this so called trash worm, but fortunately enough I haven't really noticed any files that its supposed to just delete out of nowhere. I was using windows 7 and have shifted down to using windows xp pro sp3. (which I'm finding a little more convenient but still catch this problem) Either way, any other knowledge of this bug I have is the fact its supposed to set out a remote call(?) to a Bot or something in that nature. Anyways I've noticed a lot of weird but interesting things go on the more try to use anti-malware or spyware, as these types of programs almost can get instantly infected to not show up in any scans. I do have one file that was found trying out avast, :procss 660 avgaurd.exe
block size 4104192 memory block 0x0000000002800000
threat name: Suela-1042

Is not the log but just what i manually typed cause avast would not have any reaction to rid or clean the file, so no log could be saved and i couldnt close, having to press the power button.

So...
Here are the logs, if i wasnt or was supposed to put somewhere else i deeply apologize.
DDS (Ver_10-10-21.02) - NTFSx86
Run by SoloArtistic at 13:20:41.14 on Thu 10/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1470.640 [GMT -6:00]

AV: Norton 360 ... Read more

Answer:memory leak, possible trash wurm, wide open backdoor

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 51.66%

If I pick up a t61 wide system board and insert him on a T400 wide chassis what device connections could be inoperative by plastics presence outside place compared with T61 wide chassis ?

More replies
Relevance 51.25%

Hi,
I posted last week that I was having trouble with my monitor that all the colors went to green and yellow. I ended up having to buy a new monitor so I'm sorry I did not get back here to thank those who replied.

The monitor that I bought is a wide screen Hpw2007 my computer is a Dell xpps 410 I am using windows XP.

The trouble im having is they want the display set too 1680 X 1050 and when I set the setting to this resolution I cant read the screen its way too small. Now if I don't set it to this all my images I download from my camera look too wide. Many pictures on websites as well look too wide. So wanted to know if anyone knows away around this?

Thanks bunches
Jill

PS? Why do I see floating text here that says if I can see if PM Major attitude yet if I try to PM him he has his PM's off? LOL! Is this an Aprils fools joke?
 

Answer:Wide Screen Monitor makes pictures look too wide?

you could set it to native resolution and then increase your dpi settings to increase text size.
 

6 more replies
Relevance 50.02%

We have a Dell 4400 computer and had a 17 1/2" Samsung monitor that was working great until the past couple of months. (Flashing green light, and it would take a really long time for the screen to go from black to color.) We bought a new monitor, a 22 1/2" Samsung. My problem is that I am a photographer and when going to edit photos, everything is too wide and people are too fat (they don't really look anything like what the monitor is showing). I read somewhere that there is a way to change the video card so I can set the monitor to a wider setting than what the computer is currently allowing me to do (1280 x 1024 is as wide as I can go, and this monitor recommends 1920 x 1080) Can I change the video card information, and if yes, how would I do that please? I have a 20GB hard drive on the computer (the original 40GB hd died two years ago) and just installed a 160GB hd (7200) after the computer stopped recognizing the 60GB hd that was where I kept everything...thank God I had backed it all up within the past two weeks on a portable hd!)
thanks so much!
 

Answer:Need help to adjust wide monitor so everything doesn't look too wide

6 more replies
Relevance 50.02%

I currently added a steam link to my network. I ran a 25ft cat6 cable through my basement into my living room to give it a wired connection(wireless wasn't cutting it). I'm currently using a Netgear R6300v1 router. Well i had an old 10/100 router(Netgear wnr2000v2) lying around and wanted to also add wired connectivity to my xbox one for streaming to Win10 devices.(same room as steam link)
I plugged the long cable from router 1 into port 1 on router 2. Disabled DHCP and set a static IP address. But i noticed a slight latency when streaming games. Nothing extreme, but more latency on top of the normal latency wasn't desired.

To the question!
I would prefer to not have to buy another networking device, so would setting up QOS on the routers maybe alleviate some latency?
Someone I work with suggested i get another router, but for the price of gigabit routers, i opted to look into switches. I was able to find gigabit switches under $20. Would a switch be better than daisy chaining routers?
Thanks for any help
 

Answer:Home Router/Switch vs router/router Latency(details inside)

I am trying to understand why you hooked up an extra device in between your main router and your XB1.

Can't you just hook up your XB1 directly to your R6300v1?
 

15 more replies
Relevance 48.38%

Hello
Just got a wide screen and it worked well on a newer pc but hooked it up to my older one and everything is wider and not proportioned. Tried to adjust monitor but there doesn't seem to be any mention in monitor book. This is OK for most things but pics are stretched wider than they should be and sqaure icons are rectangular.
Is there a way of adjusting this?
Thanks
Rob
 

Answer:Solved: I'm wide on the wide screen

15 more replies
Relevance 48.38%

Alright, the computer that I thought I cleaned up earlier this week is really McScrewed today. (After, mind you, I increased the security levels, added Spyblocker and Spyguard per the instructions in the pinned thread above.)

In today's episode, you try to start the PC normally (you press the power button) and it cycles through the Dell screen, the Microsoft XP screen, and then briefly on the Welcome screen -- only to shut down, and restart in an endless loop of these events.

I've taken the liberty of getting a HJT log and startup log while in Safe Mode. Here's the startup log:

StartupList report, 5/25/2004, 10:20:19 AM
StartupList version: 1.52
Started from : C:\Documents and Settings\Mike Benke.BYRIDER-3\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Mike Benke.BYRIDER-3\Local Settings\Temp\Temporary Direct... Read more

Answer:What in the Wide, Wide World of Sports is going on?!?

7 more replies
Relevance 47.56%

Hi, there I?m using R61 8918-A14 15.4? wide screen model.I heard that both as above have the same-sized motherboards from someone. Is it possible to adopt T61P 15.4? wide screen model?s motherboardin my R61 by replacing it with T61P?s ? Thank you for reading this question..













Solved!

Go to Solution.

Answer:T61P 15.4” wide screen model’s motherboard INTO R61 8918-A14 15.4” wide screen model ?

Hi and welcome to the forums, tester. It seems like its possible to put a 15.4" T61p's motherboard on an 15.4" R61. The R and T series share a lot of components, including the motherboard. However, there are modifications involved. The heatsink on the R61 may not be up to the job of handling the cooling, and the early batch of Nvidia GPUs on the T61p's motherboard do have problems so make sure to get a GPU with a late build date.





Best Regards,Ryan TurnerVolunteer Lenovo AdvocateThinkPads R51: 1836HAU, T41: 23737FU, 600: 264551U, T60: 2008VRQLenovo C440I Love Lenovo!thePCxp on Twitter

2 more replies
Relevance 46.74%

I recently replaced a broken 15.6" led lcd with a new on a g550 lenova laptop, a new hard drive and clean windows 7 install. now when it boots the computer seems to think that it is  a 14" wide screen (boot screen, bios, and windows)  and will not do a resolution over 1280 x 800 is this a defective lcd chipset or am i missing something.













Solved!

Go to Solution.

Answer:Replaced LCD g550 2958 but thinks the 15.6 wide screen is a 14 " wide screen

try to flash bios update first.
http://consumersupport.lenovo.com/us/en/DriversDownloads/drivers_list.aspx?CategoryID=600154

9 more replies
Relevance 46.33%

I have some irritating hijackers/adwares on my computer! There are the Home Search Assistent/Search Extender/Shopping Wizard programs that I cannot delete. There is also the about:blank hijacker that keeps taking over my home page. Then, I also see this fake warning about "your computer might be at risk" and that wants me to download a searchclick.cc file or something.

I would appreciate any help.

Here is my HJT log:

Logfile of HijackThis v1.99.0
Scan saved at 1:19:49 PM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\javaot.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\V... Read more

Answer:"Home Search Assistent" and "about:blank" hijackers have taken over my computer!

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

4 more replies
Relevance 46.33%

How do I make it so i can enable router forwarding?
Windows XP Home Edition-Westell Router Model E90-610014-06
 

More replies
Relevance 46.33%

Hi everyone !

Last night I set up a home network for a friends house using a NETGEAR DG834G wireless router. The desktop is connected to the net through the ethernet cable no probs, and my laptop connects to the router wirelesly no problem in every room in the house.

Problem is my friends laptop which is a Compaq Presario (I forget model) cannot find the router. Instead it finds all the neighbour's routers ?!?!? even with the laptop sitting next to the router there is no detection. It is about one year old and running XP. On the Windows network setup it says the wireless chip on the Compaq is a Broadcom 802.116/g

I use Intel PROSet/Wireless to connect to it using my laptop, but my friends laptop has something called HP Wireless Assistant, which has basically no options other than telling you that the wireless technology is turned on.

I have turned off firewalls etc but it will not find the NETGEAR router ?

Any help greatly appreciated.
 

More replies
Relevance 45.51%

What do with this:

I have a server (under XP) set up in my home network
I have dyn dns running
I have a buffalo router Wireless-N Nfiniti™ Dual Band

my server can be accessed thru the buffalo router from only from inside the network (so thru 192.168 etc) and not via internet - so basically I am not able to correctly test my webservices from home

in short i can do:

external network --> internet --> buffalo --> home network

and also:
home network --> buffalo --> home network

but not the correct loop:

home network -> buffalo --> internet --> buffalo --> home network

buffalo support tells me its router doesnt allow me to go out of my network to come back in - and i just dont believe them...

anyone any suggestions?
 

Answer:buffalo router: cant access home network through internet from home?

First off, I'd suggest using dd-wrt.

Can u post a screenshot of ur configuration? That will help as a start...
 

8 more replies
Relevance 44.69%

Dear forum,

I have a certain situation for you:
6 people use LAN-cables connected to the same router in the basement. They all have decent internet.
One day, the 6th person decides to connect a (wireless) router on his end.
Ever since then, the other 5 tenants have had very slow internet connection.

They're pretty sure it's due to the last person installing his wireless router. However, they have no idea how to explain to him how exactly his router is causing the troubles.

How would u explain what is causing the slow connection? (does it have something to do with 'ethernet' and 'gigabit ethernet' ?) ( you can throw whatever terms u want at me, I'll google them if necessary.)

Thank you,
Michael
 

Answer:home networking problem: router - router

Did he just plug his router into the other router, and then expect everything to work properly? If so, that's a really bad idea, since DHCP is likely enabled on both routers, and the IP conflicts between them will definitely be part of the general mess. If you can provide the make and models of both routers, then a walk-through on here might be possible.
 

2 more replies
Relevance 43.46%

So my sister just moved back home, and her work issued her a router (which is probably configured for vpn or something). She said she needs to call the help desk to get it set up, but I want to know if any of you might have an idea of how this would get hooked up. I don't want her doing this while I'm at work during the day, and somehow blocking all of my ports that I use with my router. How do companies typically have these setup? She can't remember how it was setup before she moved.

Modem > Home Router > (crossover cable?) Work router?


?
 

Answer:Modem > Home Router | Work Router > Home|Work

they should also pay for a second connection for her.
 

6 more replies
Relevance 39.77%

Logfile of HijackThis v1.98.2
Scan saved at 11:59:52 AM, on 9/23/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP4 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\ekkrhsr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\administrator\local settings\temp\m9CkLPQs.exe
C:\WINNT\system32\IEHost35.exe
C:\PROGRA~1\INTERN~3\inetmgr.exe
C:\WINNT\system32\ccfgnt71.exe
C:\PROGRA~1\INTERN~3\inetsvc.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINNT\system32\asffo.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\ClearSearch\Loader.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\Common... Read more

Answer:HELP!!! HELP!!! HELP!!!! The hijackers got me on my other PC

Please DO NOT post multiple threads for the same problem. You have been answered here:

http://forums.techguy.org/t277057.html

Make all posts regarding this matter in that thread.

This thread is closed.
 

1 more replies
Relevance 39.77%
Question: hijackers

These popups from wabu.com have been driving me bonkers.
I ran Hijack This but I dont want to delete the wrong files so here they are.................... Please advise on which ones i should delete
Thanks sooooooooooo much

Logfile of HijackThis v1.95.1
Scan saved at 2:40:46 PM, on 7/29/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RVP\bpc.exe
C:\Program Files\Srng\Srng.exe
C:\Program Files\rb32\rb32.exe
C:\WINDOWS\TVTMD.exe
C:\PROGRA~1\NETRAT~1\Premeter\prmt.exe
C:\Program Files\MemoryMeter\MemoryMeter.exe
C:\Program File... Read more

Answer:hijackers

You have a LOT of spyware/malware there. I have a feeling that what we see in the HJT log is just the tip of the iceberg. Let’s take care of RabidBlaster first

I would suggest that you Read this advisory on RapidBlaster: http://www.wilderssecurity.net/spec...pidblaster.html

Before doing anything else, you NEED to run Javacool's RapidBlaster killer : http://www.wilderssecurity.net/downloads/rbkiller.exe
It's at present the only application that will effectively remove this pest!

Launch the program and hit the Scan button.
RBKiller will find any RapidBlaster variants on your system, kill the process, delete the Registry Run entry, and remove the file itself.

Next go to http://security.kolla.de/index.php?...n&page=download and down load SpyBot. Once Spybot is installed click on 'Online' and download the latest updates. Hold off on using it until we can analyze your HiJackThis log.

Now, close all web browser windows and disconnect from the Internet.
Then run Spybot (click "Check for Problems").
When the results appear, tick everything highlighted in RED .
DELETE all entries in red using Spybot.
After this, REBOOT your PC.

Spybot may appear to 'hang' at certain points. Please allow it several minutes to continue the scan, as it may be carrying out some extensive file checking at these points.

Sometimes, Spybot will show a dialogue box, asking that you run the utility again – after rebooting your PC. If you see this box, click &... Read more

1 more replies
Relevance 39.77%
Question: 13 hijackers???

I ran a scan with pestpatrol and it found 2 tracking cookies and 13 hijackers(wont remove then unless I buy)None of the usual scans are picking up even 1 of the hijackers and I would have expected some decrease in speed but theres no change.Instinct tells me These hijackers dont exist but surely a scan cant be wrong? Could someone please advise me on this?

Answer:13 hijackers???

From what i have read here, pestpatrol is a pest in it's own right. It seems to come up with 'false' detections in an attempt to get youu to shell out for the full version. click here

2 more replies
Relevance 39.77%
Question: hijackers

can someone tell me witch ones to delete!!!

C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ASM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *ne2.attbb.net;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.nascar.com/... Read more

Answer:hijackers

12 more replies
Relevance 39.77%

About three days ago, minimized internet explorer windows have been popping up on the taskbar. They are always of a search engine like google, alta vista, yahoo, hotbot, etc. It pop up about every half hour. They reconfigure my IE window settings so that when i open IE, the windows is a very small square in the bottom right hand corner of my screen, and the toolbar is locked so that i have no options, including an address bar. I have been fighting with this for 3 days and i am finally ready to admitt that i can't do it myself. I would really appreciate some help on this. THANKS A MILLION.Logfile of HijackThis v1.99.0Scan saved at 12:10:03 PM, on 1/17/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Sony\Giga Pocket\shwserv.exeC:\WINDOWS\Explorer.EXEc:\PROGRA~1\mcafee.com\vso\mcvsrte.e... Read more

Answer:I need help with hijackers

I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot. Now please create a new Hijackthis Log and post it as a reply.

13 more replies
Relevance 39.77%

Hi - I had a lot of Hi-jackers on my computer. I am thinking I got rid of them using some of the tools mentioned on this site, but I wanted to be sure. Can someone please let me know if there's anything else that needs to be fixed. Thanks a lot!

-- Jill

Logfile of HijackThis v1.99.1
Scan saved at 5:18:49 PM, on 3/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\So... Read more

Answer:Had a lot of Hijackers, are they gone yet??

Hi jdot and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

5 more replies
Relevance 39.77%
Question: hijackers

Hello, I am having problems with hijackers. I have spygate firewall and running firefox browser. Everday spygate tells that my comp has been hijacked and has scanned several ports. I was trying to find out how can I stop this? As far as I know it's not hurting my comp, but I don't want people (or programs) to know what I have on my comp. Please help! Anything would be appreciated.

Answer:hijackers

Hello trevorveasey. If you think you have been hijacked then what would be the best would be to submit a HijackThis log to the HijackThis forum for analysis by an expert. Here's a link to tell you how to submit a log:http://www.bleepingcomputer.com/forums/t/956/how-to-submit-a-hijackthis-log/Cheers.OT

1 more replies
Relevance 39.77%
Question: Hijackers

I did Logfile of HijackThis and this is the results.Can anyone tell me what to fix and what not to fix. v1.99.1
Scan saved at 6:32:00 PM, on 5/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\program files\quicktime\qttask.exe
C:\WINDOWS\iprx.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Basrah\Local Settings\Temporary Internet Files\Content.IE5\CDUZUPGL\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\lojqs... Read more

Answer:Hijackers

Hi and Welcome....
The biggest problem that you have is that you really need to make your computer more secure from malware. I would advise you update your Windows and IE Browser security to SP1a or SP2.Is there any reason why you dont have it ?.This will help prevent malware.You really need to get up to date with your security by getting at least SP1a.You are just wide open to malware that is designed to attack 'raw' XP systems which exploits security 'holes' .You are wide open to infection.

http://www.microsoft.com/windowsxp/sp2/default.mspx
http://www.microsoft.com/windowsxp/d...1/default.mspx

-----------------------------------------------
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.

Please do NOT run Hijack This in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/

Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To sh... Read more

5 more replies
Relevance 39.77%
Question: hijackers ?

I was wondering if I have a hijacker ?
Sometimes when I am doing A search and I click on a site I am prompted to log on to the internet but I am already connected
can you help please thank you
I have broadband DSL sympatico no I do not have any network
yes I see a login with username and password box
 

Answer:hijackers ?

Hi, We will need some details> what type of Internet service, dialup or broadband such as cable or DSL do you have?

Do you network with other computers where you are connecting from, through a router or modem that allows several computers to have Internet access at the same time?

Exactly what do you see, a Login box that you type your username and password into, or is it a connection retry message, that tells you to click Connect? That usually is controlled by either the network card settings or the ISP...a timeout period, where if you are not actively surfing, the modem may disconnect you. If I get up and go do something, not every time but sometimes, my connection tells me I am not online, to click Connect, it did not always do that so I think the recent updates my cable provider did set this up.

If you would also like to check the startups for malware, now is a good time and you are in the right forum to post a Hijackthis log:

Would like to have you post a log from HijackThis, a program (very tiny) that we use to see what problems exist.

There are directions here to do it: There are .zip form and .exe form, take your pick.

Download it here:

http://radiosplace.com/

Or here.
It's a direct download so be ready with the folder for it.

Basically, you must create a new folder, the desktop is OK provided you make a folder, name it something like HJT, and download TO that folder, run hijackthis.exe from there. If there ARE other users of the computer who migh... Read more

1 more replies
Relevance 39.77%
Question: hijackers

please view my hijack this & tell me about the enLogfile of HijackThis v1.99.1
Scan saved at 12:20:49 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MP3 CD Extractor\CD-Extractor.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\WINDOWS\system32\ci... Read more

More replies
Relevance 39.77%
Question: hijackers in my pc

hello
I post my logfile,
I think something must be fixed
thank you!


Logfile of HijackThis v1.99.0
Scan saved at 14:30:47, on 24.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\Programmi\NielsenNetratings\bin\insight.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\sysye.exe
C:\WINDOWS\mfcja.exe
C:\... Read more

Answer:hijackers in my pc

Hello and Welcome

Please print out or copy this page to notepad for easy reference when carrying out the instructions. Make sure to work through the fixes in the exact order they are listed. If you have any questions feel free to ask before carrying out the fixes.

You have an outdated version of HijackThis. Click here to get the latest version of HijackThis and run it.

Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.

1. If it gives you an intro screen, just choose Do a system scan and save a logfile.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Show Hidden and System files:
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

For the options that you have checked/enabled, you may uncheck them after your log is clean.
If we ask you to fix a program that you... Read more

4 more replies
Relevance 39.77%
Question: Hijackers

I need help with this hijackthis log file?Logfile of HijackThis v1.99.1
Scan saved at 12:09:36 PM, on 8/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\program files\quicktime\qttask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
C:\Program Files\Uninstaller\Tray icon tool.exe
C:\Program Files\TracksCleaner\Scheduler daemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\AD-AWARE.EXE
C:\Documents and Settings\Basrah\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - H... Read more

Answer:Hijackers

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Ma... Read more

3 more replies
Relevance 39.77%

Hello,

I started another thread but I'm haven't got a reply usually you guys have answered by now..... busy time of the year I'm guessing

Here is my Thread http://forums.techguy.org/security/522556-infection-hijackers-phishing-site-help.html

and here is a NEW HTJ log after I did all the scans

Logfile of HijackThis v1.99.1
Scan saved at 10:34:57 AM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp... Read more

Answer:HELP PLEASE!!!! Hijackers

16 more replies
Relevance 39.77%
Question: Hijackers die!!!!

This is my girlfriends PC, i need some expertice.

Logfile of HijackThis v1.96.1
Scan saved at 11:08:02 AM, on 9/28/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\2WIRE\GATEWAY\2PORTALMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\MEDIAKEY\VERSATO.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\MEDIAKEY\OSD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\TEMP\HIJACKTHIS.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBROWSER.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.client.yahoo.com/... Read more

Answer:Hijackers die!!!!

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.client.yahoo.com/sbc/user_chooser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyd.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
O2 -... Read more

3 more replies
Relevance 39.77%

ComboScan v20070306.20 run by barry on 2007-03-09 at 13:00:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as barry.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:00:09 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\P... Read more

Answer:cant get rid of these hijackers

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

---------------------------------------------------------------------------------------------

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On... Read more

1 more replies
Relevance 39.77%
Question: Hijackers

Logfile of HijackThis v1.99.1Scan saved at 17:53:46, on 25/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\APPS\Powercinema\Kernel\TV\CLCapSvc.exec:\APPS\Powercinema\Kernel\TV\CLSched.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exeC: ... Read more

Answer:Hijackers

Sorry for the delay. If you still need help with your log please post a brand new HJT log as a reply to this topic and I will help you clean it up as necessary.

1 more replies
Relevance 39.77%

I have followed instructions before posting the HJT log. Please help me by informing me which parts of the log to get rid of.

Answer:help with hijackers

Hello michellet

Welcome to Tech Forums


First, create a folder for HijackThis in the root folder of your hard drive so it can make proper backups

example

C:/HJT/
C:/hijackthis/

next


Click here to download Hijack This. 1.99.1 Save it to the folder you have just created

Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.


we can see a little better whats going on with your computer

Lobos

3 more replies
Relevance 39.77%

Here is my hijackthis file....if anyone can help please do.....not exactly computer literate so talk to me like i am 2

Logfile of HijackThis v1.99.1
Scan saved at 8:01:08 PM, on 4/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\weasel\Application Data\neac.exe
C:\WINDOWS\System32\n?tdde.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\abasa5jrp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\weasel\Desktop... Read more

Answer:Help me get rid of the Hijackers!!!

i guess this houlda been posted in the Hijack This sib forum.

4 more replies
Relevance 39.77%
Question: hijackers

Noticed norton keeps popping up with downloader trojan and a few other viruses. I ran adaware and norton antivirus as well as panda active scan but they keep comming back. I did a google search that lead me here. Seems there are some people doing good here. Last year I got some experience with spywhere looks like I am having a new experience with it now.

Logfile of HijackThis v1.97.7
Scan saved at 10:36:19 PM, on 9/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
G:\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pag... Read more

Answer:hijackers

Howdy!

The log is clean. There could still be something in the system, but a clean log narrows it down pretty well.

What kind of symptoms is the machine showing?

Is it possible that the other security progs already took care of the problems?

4 more replies
Relevance 39.77%

I have sitting on the shelf an unused BT router Home Hub 3. I use one for my internet in the home already, so wondering what to do with the second one. To use it or sell it? Is there any way I can use it to extend the strength of the signal around the property? Like a repeater sitting downstairs?
Thanks!

Answer:2nd BT Home Hub 3 router...what to do with it?

Have a read here - enter link description here

3 more replies
Relevance 39.77%

Hey all.
I'm a bit concerned. I can't get onto my home Router from my Browser. The page just loads and loads, then it says "your connection has timed out."
It's funny because my internet "works" but the router can't be "found".
I need to use it to fix up some of my internet connection issues & to get my Nintendo Wii to be fully functional online. I need to get the Mac Address from the Router but I can't since...well...it doesn't let me go on it.
I also would like to change my channels from 1 - 11 but....I can't.

We have a Optus home router, that's connected to all of our wireless devices.

The main problem I have is my Wii's internet connection, because it used to work all the time until a few years ago, oh and also I used to be able to go on my Router from my Browser until when I tried it again a few days ago.

What's going on??
 

Answer:Can't get onto home router

post an ipconfig /all from a PC

then connect the PC to the router by cable and then use the default gateway IP address and see if that logs into the login page

------------------------------------------------------------------------
ipconfig /all
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post the results in a reply here.
Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file and paste here.

We would like to see the results from an ipconfig /all - post back the results in a reply here.

Hold the Windows key and press R, then type CMD then press Enter to open a command prompt box
(A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

Note that there is a space before the /ALL, but there is NOT a space after the / in the following command.

ipconfig /all > network.txt & network.txt

It will export the results into notepad and then automatically open the notepad and display on your screen.

Now all you need to do is copy and paste those results into a reply here
to do that:
From the notepad menu - choose Edit - Select all
all the text will now be highlighted
Next
From the notepad menu - choose Edit - Copy

Now go back to the forum - goto the reply and then right clic... Read more

2 more replies
Relevance 39.77%

It appears that my Netgear WGR614v5 has given up the ghost and it's time for a replacement. I'm looking at two linksys models, the WRT54Gv6 and the WRT54GC. Anyone have either of these? The C looks nice because it's smaller and stands vertical, but the firmware hasn't been updated in over a year...that doesn't bode to well for me. The 54Gv6 was just updated back in May.

TIA
 

Answer:Need a new router for home.

NETGEAR WPNT834 RangeMax 240
http://www.newegg.com/Product/Product.asp?Item=N82E16833150023

or

D-Link DGL-4300
http://www.newegg.com/Product/Product.asp?Item=N82E16833127158

Best SOHO performance routers under $250.

Edit: Check froogle as these guys are often on sale and/or may have rebates at different retailers.
 

6 more replies
Relevance 39.77%

ok so I know routers are based on what you want them for, I know each one is different.. etc...

But there are some that are specifically tailored to certain criteria of usages...

I'm wanting a router that is able to do a wireless N, good speeds over 50'(foot) radius through a max of 2 walls that is not concrete/brick/solid but insulated.
The router will be mainly used for gaming (via rj-45, needing/wanting 10/100/1000 gbps) , secondary for streaming video feed to a computer or two every now and then(wireless, via wireless N)

Backward compatibility is required for the wireless as I have family that likes to come over and tap into the wireless and surf the internet for basic use and sometimes they like to download files.
I'm wanting to see if there is a router out there that has higher priority to gaming, secondary to video streaming and third to basic internet use

I want to cap a download speed on the wireless clients so they cannot go over say,.... 40kbps down and 5kbps up

this way it will not take all my bandwidth available and lag my butt off in a death match skirmish in my fav. fps games and mmorpg games (no i don't wow, actually despise the game actually)
I would like for the router to also(if possible)
have the ability to share a usb external HD via usb hookup to the router...
min connection speed hookup dsl, max; T1-T3

price max would be 300usd

I know about the dgl-4500 but the firmware is total trash on its upgrades and the dir-855,... Read more

Answer:I really need some help here for a Home Router.

You sound like a perfect candidate for a Netgear WNDR3700:
http://www.newegg.com/Product/Product.aspx?Item=N82E16833122326

review here:
http://www.smallnetbuilder.com/content/view/30925/96/

It's also the best router in this sub-forum's sticky thread The Router Recommendations Thread (Consumer)
 

7 more replies
Relevance 39.77%

Hey, I'm looking for just a 4-port router, preferrably with a hardware firewall. It's gonna replace this old linksys I have. I was looking into the Netgear-www.newegg.com/app/ViewProductDesc.asp?description=33-122-120&depa=5
But I heard most ppl choose linksys, any input is helpful
 

Answer:Need a router for home, but which one?

Up until just about a week ago when I stood up my smoothie box here at home I was using a WGR614 from Netgear (V4 to be exact) with no problems to report except perhaps a bug with the newest (v5.0.2) firmware where DNS information wasn't being properly forwarded via the DHCP server, but that can be solved by simply keeping the slightly older version (4.04) or back-flashing, ymmv.

The best thing Linksys has going for them right now is the fact that they have been bought out by CISCO and in turn are using a Linux based OS on their routers, which tends to offer more advanced features than most; because Linksys opted for a Linux NOS it left a way open for modders out there to write their own variants which can offer more features, range expansion, etc. at perhaps only a marginal cost in stability.

Probably one of the most common Linksys picks is the WRT54G, which can be had for $59.99 ($49.99 after mail-in-rebate) from newegg at the link below:

http://www.newegg.com/app/ViewProductDesc.asp?description=33-124-010&depa=0

Doesn't come with a print server, but whether you need that is up to you. =)

Without seeing your network it's hard to say if you'll be displeased with either, but for general SOHO use and even internet gaming, you're probably not going to notice a difference either way. For the money, if you need it, getting that Netgear with the embedded print server is a nice deal.
 

7 more replies
Relevance 39.77%

OK now im a complete noob when it comes to this router stuff......


So yea the main router that my fam has in the basement is a little old (5 years?) And i belive it is slowing down our internet connections. This router is what all the wires connect to that go to all of our rooms i assume. We have about 5 computers running all the time, 1-2 on a wireless router. Just curious as if any one has a suggestions on what i should buy.

(as side question since im here, Im going with a new Vista build and i dont nessisarly want to use norton as my firewall due to the clutter of shit on it. Iv heard a program called AVG was good but not to sure about all that either.)

Thanks for the help!
 

Answer:Looking for a new home router

I doubt the router is slowing down your wired internet connections. Maybe it is only a hub? ...
 

2 more replies
Relevance 39.77%

I live in the basement of a three-story house, and unfortunately the primary router stays on the third floor office. We have been using a powerline network for the time being, and when it works, it works well, but it periodically loses connections -- I think it actually has to do with some IP address conflicts.

Either way, I'd like to replace the router with something newer, ideally a model that can reach the basement without a repeater. I have a few spare WRT54GLs with Tomato, but I know there are much faster and much better-range solutions out there now.

What would be my best option for about/around $200? I would prefer something that I can flash with Tomato or DD-WRT since I've used that in the past, but not a dealbreaker.

Reliability is really the most important aspect since I don't have easy access to the upstairs, except by request.

Thanks!
 

Answer:Best router for big home?

How far is it from the connecting point in the basement to the third floor office router? The router will not dictate the distance the runs can be, the connection method will.

If you are speaking of wireless connectivity, I would not recommend wireless for anything requiring reliability.
 

12 more replies
Relevance 39.77%
Question: Home Lab Router

I just realized I need a router to connect/isolate my lab from the rest of the home network. Looking at using a cisco 1841 or some flavour of open source router such as pfsense. I am not sure which is best option/ which offers me the most experience in using?

Open to any and all suggestions.
 

Answer:Home Lab Router

Use them all. Cycle them through your lab so you can get accustomed to each flavor of router.

(Cisco, Ubiquiti ERL, pFsense)
 

1 more replies
Relevance 39.77%

HiI have bt broadband and connect using a BT Home Hub. I would like to add my xbox 360 and my media centre PC to the network but neither has a wireless card and they are both at the other end of the house from the hub. I really cant afford to buy anymore hardware just now. However I still have a Belkin F5D7632uk4A modem/router from a while ago. Is there any way I can use this as a wireless extender and plug my media centre and 360 into this?Cheers S

Answer:using second router with bt home hub

I am also interested in the answer to this query because I have a similar problem. AFAIK a second LAN must be created for the devices connected to the Belkin router. Then, I think, the new domain must be added to trusted sites on the BT Hub. However, I am not clear how to actually do this.

4 more replies
Relevance 39.77%

I'm looking for a good, relatively cheap home router that can handle about a dozen wireless connections and about 4 regular lan. Any hints? Thanks!
 

Answer:q about home router

http://www.amazon.com/NETGEAR-Night...=1400898739&sr=1-1&keywords=netgear+nighthawk
 

8 more replies
Relevance 39.77%

I'll start off by apologizing if I'm asking an incredibly dumb question, but hopefully I can get this sorted out. I decided to play around with some 2k8 Server vm's on my esxi host recently to try and get some hands on experience (i.e. break things in a safe environment) with AD as well as some other things.

I have a current home network with a few pcs/devices on it that are behind a DD-WRT router that I've been using happily for several years. I have the router doing dhcp with static leases and dns provided by dnsmasq, and generally speaking it just works. I'd like to continue to keep this mostly the way it is for general purpose and ease.

Now, moving to my current situation - I have a vm that I've set up as a DC, and in the process it also installed a dns server on it as that appears to be required. After going back and forth, I wanted to be able to play with the domain on any of the systems, but have a natural fail-over to the router based dns (which passes through the isp dns servers). I want to be able to have this configured automatically for any system that logs on via dhcp. What I ended up with was adding an entry on the router for local dns to go to the DC/DNS server - any system that logs onto the network then has the dns pointed to the router, which has 3 entries (1st being the DC/DNS, 2nd/3rd being ISP DNS) and presumably uses these in turn to resolve the address.

My first issue was that anytime I tried to resolve an... Read more

More replies
Relevance 39.77%

This is probably going to sound more complicated than it is but here goes:

I have a Router in the House directly connected to the Home computer and the Modem. From that Router I have a cable going out to the Shop to a Second Router. the Second Router has a Shop computer and a Fileserver.

I want to connect from the House computer to the Fileserver in the shop but they cant see each other. I cant ping the shop from inside and I cant ping the house computer from the shop but I can ping the house router from the shop computers.

each of the routers is a netgear router w/ firewall.

any help appreciated. thanks
 

Answer:Need to get through home router

First of all the router from the home, it is connected to the home pc and and modem. Let me ask you here it is the modem that connects you to the internet right. So lets say if this router you are linking a cable to the 2nd router in the shop. I guess this router must have extra ports which allow it to act like a switch right?

So does your shop router connect to another modem in the shop? If it does not its quite simple.The cable running from the home router to the shop router must be plugged into the switch port of the shop router, next the home router lets say if it is assigned an IP address of 192.168.1.xxx make sure the shop router is also assigned an IP address of 192.168.1.xxx take care not to make the "xxx" duplicate numbers if not you are going to hit to another problem.

Try this out man and make sure the pc are all on DHCP and the only the File Server is on static IP. So at the end of the day all pc and servers will have an ip of 192.168.1.xxx, followed with a subnet of 255.255.255.0 the gateway of all PC must be only pointing to one router the home router.

Dude if you have 2 router on 2 different IP segments example Home=192.168.1.xxx and Shop is 192.168.2.xxx than you would need to do a route add to connect them both. The solution I gave you is to make the shop router function like a switch.
 

2 more replies
Relevance 39.36%

Hello,
I recently found the CWS.Feads and PeopleonPage hijackers in my Ad-aware scans. The Spybot and Norton scans always come out clean. When I delete them from Ad-aware they magically reappear the next time I log on

I followed the instructions in the How to: Spyware, Trojan And Virus Removal thread, and everything came up clean. Although when I downloaded Pest Patrol from your site, it did find the hijackers plus a few more issues

Any suggestions?

Thanks!
D~
 

Answer:Please help! I can't kill these hijackers!!

Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).


Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

21 more replies
Relevance 39.36%

Gday Tech Support Guy,

After running Spybot and Ad-Aware countless times, the same viruses keep embedding themselves in my System (especially Virtumonde-related crap). A few suspicious processes always run from startup: one .dll file changes its name on every occasion and consists of about seven-or-so random letters. Furthermore, every time I try and end the process "eenuggml.exe" it restarts itself immediately; I can't get rid of it.

I know you're very busy but I would greatly appreciate your help in ripping these things out by the roots. At the moment, I reckon my system would go faster if it were operated by a crank, or a mouse in a wheel .

Here's my HijackThis log:
================

Logfile of HijackThis v1.99.1
Scan saved at 10:41:26 PM, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\eenuggml.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R0 - HKCU\Software\Microsoft\I... Read more

Answer:Self-restoring hijackers

7 more replies
Relevance 39.36%
Question: Hijackers on board

Any ideas out there to get rid of this nasty little guy that has jumped on board to give me problems here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:38:17 AM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comcast\Security Manager\app\Prism.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spdr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\system32\sys219.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Off... Read more

Answer:Hijackers on board

What scans have you done ? i.e. Spybot , Adaware ?
 

2 more replies
Relevance 39.36%

Hi, im having trouble with browser hijackers, each time i try to load a page (even this one), it redirects me to something else. This page actually doesnt load at all. Ive looked at my hosts files in windows\system32\drivers\etc\ and the only thing in the hosts file (now) is 127.0.0.1 localhost... (Spybot had added it appeared, quite a lot of redirects (immunities i s'pose), but i deleted them (seen as how spybot can always add them again later), and set all the files to read only. Still having the redirect problem. Netstat reports an established connection to akamaitechnologies and reverse.ltdomains

I tried to tskill the PID associated with them, but access was denied. (svhost was the image name or sumfin like that)

Anyways, heres my HJT log, i checked the obvious stuff and clicked fix, but still having problems. Tried coreforce to find out where the redirects were coming from but to no avail

Please, please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:53 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Windows Live\Mail\wlmail.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\Explor... Read more

More replies
Relevance 39.36%
Question: damn hijackers...

hey guys... here's my deal: I just purchased a new system so I'm giving my old one to my little brother. However, I get quite a few popups for no good reason and I'd like to take care of the problem before I turn this thing over to him. thanks for your help :)

Logfile of HijackThis v1.97.7
Scan saved at 12:30:56 AM, on 12/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\documents and settings\jake\local settings\temp\hwx.exe
C:\WINDOWS\System32\master39.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\... Read more

Answer:damn hijackers...

Hi and Welcome to TSF

Your getting these because your IE settings are too low, no firewall, no antivirus software (in your log) and your OS and IE have not been updated with the latest service packs. Consider installing SP1/SP2 service packs for both XP and IE6. Anyway..on to the fix. Please update your version of hijackthis as your using an old version.

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..

You have the Peper infection. Download PeperUninstall. Make sure you are connected online to run this program. Run it once and reboot. Then run it again for the second time. Download PeperFix and save it to your Desktop. Run it and click Find and Fix (reboot if prompted).


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following an... Read more

6 more replies
Relevance 39.36%

I am following through the tutorial on how to analyze a HJT log and I've come to the section O18 - Extra protocols and protocol hijackers. It says to delete anything in here. I have a log that has about 70 entries for what looks like something from Logitech, (there is a logitech keyboard/mouse combo on this system). For example this is the first one:

O18 - Protocol: offline-8876480 - {2DB4C761-7D9D-11D9-9287-0008C7226EE4} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL

I've been googling the dll name trying to confirm that they are or are not evil things but I've got conflicting information.

Most of what I'm finding are log analysis threads. None say directly to remove the entries using HJT but most do not show them present after running a variety of tools.

However I also found a thread that advised the originator that their log was clean and all of the O18 entries were still there.

Are these valid Logitech entries or ?????

Thanks ...weeG
 

Answer:Are these protocol hijackers?

Add remove programs - remove logitech desktop messenger
 

1 more replies
Relevance 39.36%

To all-

I came here before to help remove A hijacker from my computer, and Cokkiegal helped me do it, and I've been free since! (Thanks again, Cookiegal!) Now I'm helping a friend with their computer. Here is the Hijack this Log:

Logfile of HijackThis v1.99.1
Scan saved at 2:33:33 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JOHNSO~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3... Read more

Answer:Solved: Help with Hijackers, Please!

14 more replies
Relevance 39.36%
Question: Speedial hijackers

I've run everything. Malwarebytes, rkill, etc. but the hijacker keeps coming. Nothing seems to detect it. Any help would be great, I'm at wit's end and I'm tempted to gamble on combofix. I'm in Win7 64-bit I'll post some logs as instructed from a similar thread: Security Check:  Results of screen317's Security Check version 0.99.83   Windows 7 Service Pack 1 x64 (UAC is disabled!)   Internet Explorer 11  ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled!  ESET NOD32 Antivirus 5.0    Antivirus out of date!  `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300   JavaFX 2.1.1     Java 7 Update 51   Java version out of Date! Adobe Flash Player 13.0.0.214   Adobe Reader 10.1.4 Adobe Reader out of Date!   Mozilla Firefox (29.0.1) Google Chrome 34.0.1847.131   Google Chrome 34.0.1847.137  ````````Process Check: objlist.exe by Laurent````````   ESET NOD32 Antivirus egui.exe   ESET NOD32 Antivirus ekrn.exe   Malwarebytes Anti-Malware mbam.exe  `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7%````````````````````End of Log``````````````````````

 Farbar: Farbar Service Scanner Version: 14-05-2014Ran by Aaron (administrator) o... Read more

Answer:Speedial hijackers

Welcome aboard   Download Temp File Cleaner (TFC)Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exeDouble click on TFC.exe to run the program.Click on Start button to begin cleaning process.TFC will close all running programs, and it may ask you to restart computer. Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Scan button.When the scan has finished click on Clean button.Your computer will be rebooted automatically. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Please run a free online scan with the ESET Online ScannerDisable your antivirus programClick on "Run ESET Online Scanner" button.Tick the box next to YES, I accept the Terms of UseClick StartAccept any security warni... Read more

1 more replies
Relevance 39.36%

I followed the steps you listed and download the hijackers log but one of the following malware's I have on my computer is currently blocking me from installing ANY programs.

Trojan.Perffcoo
Hacktool.Rootkit
Downloader.MisleadAPP
Antivirus Pro 2009

I even tried to re install my entire C drive but when I tried to boot from the CD the following errors comes up informing me that their are virus preventing me from being able to proceed.

Stop: 0x0000007b, 0xc0000034, 0x00000000

At this point I am ready to dump my entire C drive but it seems like I need help in removing some viruses before I can do that. Please any help you can give me is greatly appreciated.
 

Answer:Malware so bad I can't run Hijackers Log

16 more replies
Relevance 39.36%

Ever since I switched to IE7, I have had a bad case of the spywares. =[

I am suffering from url.cpvfeed.com and toseeka.com and I think I got rid of the ad.doubleclick.net stuff by deleting temp files and cookies.
Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:37:12 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\program files\steam\steam.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\APPLIC~1\YSTEM~1\wuauboot.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGR... Read more

More replies
Relevance 39.36%

It seems I've ended up with at least 2 hijackers; the one that redirects from Google search results, and another one that randomly seems to pick several links on a page (but not all) and redirect them as web searches. Even if I copy/paste the shortcut to a new browser window, it still ends up redirecting those specific links.
Logfile of HijackThis v1.99.1
Scan saved at 11:01:10 AM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Dell Photo A... Read more

Answer:Solved: Yay, Hijackers!

6 more replies
Relevance 39.36%

Hey everyone, i have a friend on Facebook that seems to have some type of Hijacker take over. It seems to be posting links to many other friends pages without her knowledge. It always goes something like "(the link) helped me knock out 8lbs in 8 days". I have seen many others all through Facebook like "I won a free Ipod, here is how i did it. (link)".

First off i know Facebook can also be a rather risky site as i have read of different viruses being spread on it. I know better than to click on links that are strange or sound too good to be true. I stay away from Farmville and all the other games and apps that need access to your information to be able to run.

I would like to learn a little bit about what this might be and how to get rid of it so that i may be able to direct her on what to do.

I'm guessing there may have been some talk about things like these on this forum but my searches all bring up non relevant information. Anybody know much about this?

Thanks, Jerry.
 

Answer:Facebook and Hijackers

This is something that is within the facebook site. Your friend needs to report it to FB. She should also check her security profile.
 

1 more replies
Relevance 39.36%

Hello,

I am running Microsoft Windows XP Professional SP2. I am currently using the Microsoft Firewall, AVG and Spybot S&D. I have read through the read & run me and just about everything else pertaining to this topic in the forums.

First of all, when I would open up IE it would redirect to the safeiepage that said I had [email protected] and numerous system warning messages would pop up through the yellow triangle sign at the bottom right hand corner and porn popups. I tried to system restore a couple of different dates and it wouldn't do it. So I turned off the system restore and restared in safemode. Then I ran hijack this and had this program take off an RO-HKLM (search assistant called as.starware.com/dp/search), 02-BHO (c:\Program Files VideoKeyCodec\isaddon.dll) and 021-SSODL:contrabandists. Then I ran the smitRem.exe. After I did this I logged back into normal mode and ran Panda ActiveScan. I've attached all 3 reports.

The highjack this was able to take care of the IE redirection to the safeiepage and I haven't received any more popups and warning messages, but Panda is still reporting hijackers, spyware and possible viruses.

Would you please help me lol ? If you need anymore information please let me know.

Thank you soooooo much!!
 

Answer:Need help with hijackers and possible viruses

Your HJT log looks as if it was run from safe mode or that you are editing startup entries with another program.

Please run HJT from Normal Mode and post a new log.

Please also post the other 3 logs we requested in the Read and Run Me

ShowNew
RunKeys
Bitdefender Online​
 

6 more replies
Relevance 39.36%
Question: Desktop Hijackers

A while ago this computer got infected with numerous desktop hijackers. I ran CCleaner, Smitfraudfix, and Antivir (in that order).As far as one can tell, the malware is gone. However, the malware had made the system excruciatingly slow, and this is the sole symptom I could not treat.I tried to run Kaspersky. It got to 3% after about 30 min, and remained there for about the net 24 hours, until I killed it.log.txt:Logfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-11-30 16:06:02Microsoft Windows XP Home Edition Service Pack 3System drive C: has 21 GB (54%) free of 38 GBTotal RAM: 190 MB (38% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:06:24, on 11/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Pro... Read more

Answer:Desktop Hijackers

Hello 10nitro,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Relevance 39.36%

I have been trying to get rid of this browser hijacker for a week now. It has created an .exe file (htmlsync.exe), changed my browser homepage and search pages, and added stuff to my favorites. I have tried removing it from registry, startup menu, and deleting the .exe itself. It keeps coming back. I used HJT for the last few days, and it removes it until I reboot. Please help. Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 12:09:42 PM, on 3/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\WEATHE~1\weathertray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.... Read more

Answer:Can't get rid of browser Hijackers!

9 more replies
Relevance 39.36%
Question: browser hijackers

alright, I did a hijackthis scan a few days ago and I saw I had 2 brower hijackers. they didn't really have any effect on me because of my host file, but I just want to be safe. I deleted them with hijack this but they came back.I tried spybot sd, avg-free and eset online scanner but nothing is comming up.my friend told me to use combofix, is this what I should do?

here's a dds log to help you guys out.Thanks!

Deckard's System Scanner v20071014.68
Run by Kathy Borgfjord on 2008-03-10 10:59:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 93% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Kathy Borgfjord.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:10 AM, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\... Read more

More replies
Relevance 39.36%

Hi,

I don't know much about the kind of virus hence I have to resort to using the title of the thread. I used to have pop up stopper to block pop ups but recently I noticed that that pop-ups were not being blocked so I tried to open the program again and it turned out it was deleted from my system. Not only that but Yahoo messenger was gone as well. I also noticed that my Task Manager was disabled as I was getting message "Task Manager has been disabled by the Adminnistrator". A couple of days letter browser hijackers started to their magic making my life difficult. Here is log of the required files. Please help.

ComboScan.txt

ComboScan v20070221.16 run by buddah on 2007-02-25 at 08:58:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as buddah.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:58:42, on 25/02/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Inte... Read more

Answer:Help with Browser Hijackers

Hi, I am not trying to bump my thread but I have also installed a secondary hard disk and moved my data over there. I can see 2 drives now and have transferred my work files over to F: drive while I would format my C: drive (old drive) if I didn't sort this browser problem soon.

Is there anything I should take care of in doing that?

A little more about the problem. The browser opens pop up for loopylove.com or some porn sites and some time movies sites. The speed of the internet seems very slow.

I can't open explorer after connecting my internet connection as my first page is directed to open hotmail.com but it gives an error that window encountered some problem and if I want to report it or not. As soon as I choose one option it closes down the explorer window. Therefore, I open the explorer and press esc immediately afterwards. Then I choose other links but not hotmail. I open hotmail by using messenger and then click email option from there and it doesn't give the previous problem.

My HijackThis has started to hang as well since my removal of files from C drive. I can't see any images as Microsoft Image viewer is deleted nor even the preview in folders.

Please Please help soon.

Thanks

18 more replies
Relevance 39.36%

Please help me get rid of a search portal hijacker and other ads that are interfereing with my Internet access.

Yesterday I found flrman1's response to FADEDrocks's request for help on 21 July and followed those instructions. I already completed the Adaware review and fixed all of the bad files from my Hijackthis scan, using the guidance provided in the Hijackthis tutorial and the info on Tony Klein's page. But even after I follow all of steps in the safe boot mode, I can't get rid of this search.portal.info homepage hijacker! I've gone through this drill four times in the last 24 hours

Would greatly appreciate any assistance in resolving this frustrating problem!

Here's my latest HJT logfile. From using the Tony Klein info, I put a mad smilie next to the items I want to get rid of but:

Logfile of HijackThis v1.98.2
Scan saved at 7:50:42 AM, on 8/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Netwo... Read more

Answer:Need help to get rid of homepage hijackers

12 more replies
Relevance 39.36%

Hello to everyone. I have just recently found out that i have too many hijackers (about 4 or 5) on my system.Is there any freeware program that can get rid of them without having to pay for it? I know this because i downloaded a program called STOPzilla which is a program that searches for ad-ware/spyware, worms, hijacking and so forth. It has a free version that doesn't clean anything though until you buy it. So thats why i'm asking if any of you guys out there can help me with this because i am so desperate to get rid of them and speed up my computer to its origional speed.Thanks. Matt

Answer:MY COMPUTER HAS TOO MANY HIJACKERS!!!!!

I would suggest that you post this request on the CH "viruses and spy-ware" forum where there are experts that can assist you to deal with this issue.truenorth

4 more replies
Relevance 39.36%

Dear friends,
everytime I start my computer, I get Best Search as my start page. I tried to change this. I used HijackThis, Spybot, Ad-aware, WinPatrol, EasyCleaner and Norton Anti-virus. Some of these have located and fixed the problem, but it is still there on every reboot. I even ran regedit and changed the values manually (Current Users/Microsoft/Internet Explorer/Main) back to my preferred start page. Nothing. What can I do?
something else worth mentioning is that ever since that happened, I can't open html files that have been stored to my disk. The Windows explorer crashes displaying the message that explorer.exe encountered a problem and mentioning something about the file mshtml.dll. How can I deal with this?
I am running Windows XP Professional, Office 2000 Professional, Internet Explorer 6.

Thank you in advance,
Maria
 

Answer:[Solved] IE hijackers

12 more replies
Relevance 39.36%

Logfile of HijackThis v1.99.1Scan saved at 4:17:08 PM, on 5/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallSh... Read more

Answer:Need Help With Hijackers And Popups, Please

1. Please download Ewido Anti-MalwareInstall ewido anti-malwareLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")Exit Ewido, do not run the scan yet!If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates2. Please download Brute Force Uninstaller to your desktop.Right click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU).Do not do anything with these yet!Re... Read more

8 more replies
Relevance 39.36%

During the last week of Dec. 2004, I got accidentally invaded with spyware/malware. I have spent many days trying to reverse this personal tragety, but some of the problems persist; here is a list:1-Computer boots up randomly without my command, about once every few hours;2-Program shortcuts (like Dating Online and Block Spyware to name a couple) keep appearing on my desktop especially after reboot;3-When in Internet Explorer, I still get a few annoying popups, but I also get browser redirects after I try a search.And here is what I have done so far:1-Ran Spybot S&D and Adaware 6.0 several times, before and after updating them to the latest available free versions;2-installed a couple of freeware popup blockers, but discovered that those too had spywares built in, and promptly removed them (but I don't know how completely);3-Installed a purchased copy of Spyware Doctor, and ran it; then I updated it to the newest online version and re-ran it; I clean up in excess of 100 problems found by the software. I also turned the immunization and spyguard utilities on;4-after all of this work the computer seemed back to normal, but much to my chagrin, the listed problems above persist.I finally broke down and ran HijackThis after carefully reading an associated tutorial on the subject. Below is the log (I am running a Windows 2000 Professional machine)---------------Logfile of HijackThis v1.99.0Scan saved at 3:15:51 PM, on 1/3/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE:... Read more

Answer:The latest Hijackers

Hi You have a Look2Me infection and your recycle bin is damaged. If you delete a file it will be lost forever.Please Download LSPFix from: LSP-FixDisconnect from the Internet and close all Internet Explorer windows. Run then program, check the "I know what I'm doing" button and place all listings ofaklsp.dllcalsp.dllinto the remove section by clicking on the button that points to the right. Do not remove any others. When all instances of this dll are in the Remove section. Press the Finish button.Reboot your machine.To see a tutorial on how to use this program click the link below:Using LSP-Fix to remove LSP Spyware & HijackersDownload Find It NT-2K-XP.zip.Unzip the contents of Find It NT-2K-XP.zip to a folder, for example c:\findit Navigate to the c:\findit folder and double-click on find.bat.A command prompt will open and it will search your computer for malicious files.Once it has finished a Notepad window will pop up with output.txt.Copy the entire contents of output.txt into your next post.From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the files will have changed and the fix provided will not work.My timezone is GMT +2. I think you can run find.bat and post the log tomorrow morning or tomorrow afternoon/evening. It's 3 am now and I'm going to sleep ...

3 more replies
Relevance 39.36%

I have run spybot, winpatrol, and several others, and it isnt gettng rid of them. Here is my hijack log, please help!

Logfile of HijackThis v1.99.1
Scan saved at 11:43:31 PM, on 2/27/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SmVycnkx\command.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\system32\ntvdm.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\klsx9e.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Softwa... Read more

Answer:cant get rid of browser hijackers

7 more replies
Relevance 39.36%

Here's my log, please helpLogfile of HijackThis v1.99.1Scan saved at 8:40:32 PM, on 5/25/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\KB891711\KB891711.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXEC:\WINDOWS\SYSTEM\HPSYSDRV.EXEC:\PROGRAM FILES\MOTIVE\MOTMON.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXEC:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXEC:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXEC:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXEC:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXEC:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXEC:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXEC:\WINDOWS\... Read more

Answer:Hijackers, spyware, oh my

Hi fas8253 and welcome to the BC forums. Let's start with a special scan that will show us if there are any files that are not showing up in the HijackThis log.Download PFind.zip and unzip the contents to its own permanent folder.Important! Reboot in SAFE MODE !!Start in Safe Mode Using the F8 method:Restart the computer in Safe Mode.As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Locate the pfind.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.Now:Download FindQoologic2.zip save it to your Desktop.Unzip Find-Qoologic2.zip to its own folder and then use Windows Explorer to navigate to that folder.Double-click the Find-Qoologic2.bat file to run it. It will take some time so be patient.When Notepad opens with the results in it copy/paste the entire contents of the document back here.Post the contents of C:\pfind.txt alongwith the information from the Qoologic2 scan back here and I will review it when it comes in.OT

7 more replies
Relevance 39.36%

Hello,
 
I'm pretty sure that hijackers have remote control ability of my laptop. For the past few days my lptp has been running unusually slow. Also for the past two days my webcam light at the top of the screen had been coming on and staying on for hours. I looked in my task manager to kill the camera and did not see it running. I even deleted the webcam app that came with this lptp to kill it and the light still comes on. Then yesterday while in Chrome all of my tabs started flickering and the lptp froze until i shut it down. When I reopened I could see someone was accessing control settings, a dialog box popped up asking about audio settings, and it seems they had turned on the audio command for the blind to have all keyboard moves vocalized. So im guessing they couldnt see so needed to hear what i was doing? Then it started to read out the website i was on which was Amazon! The lptp again started freezing as I struggled to gain control and prevent take over of my lptp. Different items began to be moved around by another cursor.
 
So I ran a few antiviruses.  It is hard to know which one I have.  I know that there has got to be many on here. I ran Anvi smart defender which told me I had 65 malicious extensions. Unfortunately, I don't know if it was the hijackers, but it took almost a day to run the complete Full scan for some odd reason.  On the next day just as I was approaching 70% scan completion. The system froze out and threw me out in the mi... Read more

Answer:Hijackers and Trojans! Help

hi emperative,
 
If you still need help you can do two things. First download and run the free version of Malwarebytes. Second create a log with FRST and copy/paste the logs in your reply.
 
Iam usually only on this site once or twice per day so you may not get a response back from me until the following day.
 
1)  Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
     http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe
 
    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish     the scanning and removal  capabilities of the program.
    Click Finish.
    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
    A Threat Scan will begin.
    With some infections, you may see this message box.
        'Could not lo... Read more

1 more replies
Relevance 39.36%

Hello to everyone. I have just recently found out that i have too many hijackers (about 4 or 5) on my system.Is there any freeware program that can get rid of them without having to pay for it? I know this because i downloaded a program called STOPzilla which is a program that searches for ad-ware/spyware, worms, hijacking and so forth. It has a free version that doesn't clean anything though until you buy it. So thats why i'm asking if any of you guys out there can help me with this because i am so desperate to get rid of them and speed up my computer to its origional speed.Thanks.   Matt

Answer:MY COMPUTER HAS TOO MANY HIJACKERS!!!!!

Ive actually now used some of the auslogics programs, an updated java platform and HijackThis.But when i did use HijackThis, it says something like i don't have sufficient privelages to ???access??? these files???Im not exactly sure what it said but this information im giving you is quick cause ive got other things to do.So anyone who helps will be thanked. Matt.

8 more replies
Relevance 39.36%

Hello! i have a dell xps m1330, windows vista home. I went to best buy today and was told i have hijackers. i installed superantispyware, malwarebyte's anti-malware, and avg free edition. together they found cookies and i deleted them. i don't know how to recognize a hijacker, though. i was told that i should run hijackthis and i did, but i don't know what any of it means, and i'm afraid of deleting things that could crash my computer.
hijackthis gave me a combofix log.

what do i do?

thank you!

emily

Answer:Have Hijackers in my PC. Help!?/ Moved

Hello emily. and welcome to BC As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.i was told that i should run hijackthis and i didWho told you?Good instinct not to 'delete' things with HiJack This as "fixing" the wrong things could render your system inoperable, and at best would make the disinfection process more difficult as some signposts would have been removed.hijackthis gave me a combofix log.This is quite surprising, as Combofix is a completely different program. This is like saying your cherry tree produced a crop of apples.In case you DID run Combofix or are tempted to, please note that ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be ... Read more

2 more replies
Relevance 39.36%

I threw away an old computer because hijackers and tracking cookies had taken over to the point of no return...so I got a Dell Dimension XPS T600r..I have Windows 98. Not sure what other information you need. Well, after looking at an Eminem website I notice that I'm getting hijacked on the new computer (BullsEye Network was the first I saw)...I ran Yahoo Spyware and deleted several hijackers and adware programs...then I ran Spyhunter (from Enigma Software Group), which was already installed in the Dell...it said it cleared out the bad stuff...however, when I got back online, I checked out what programs were running and saw Tsm2, mpbtn, and ybrwicon running, which I don't recognize. Please help as soon as you can. Thank you.

Answer:Been attacked by hijackers...again

Greetings!

mpbtn is associated with AT&T Broadband.

ybrwicon is a yahoo broadband file

mpbtn is a hijacker.

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it in the forum. Do not fix anything in HijackThis since they may be harmless.

I will move your thread to HJT Help.

1 more replies
Relevance 39.36%

I have been battling these hijackers most of the day and after reading a number of your other threads I decided to try hijackthis and see if you could give me some assistance.

The following is my hijackthis log file.

Logfile of HijackThis v1.98.0
Scan saved at 3:25:55 AM, on 11/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\AL JOYNER\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mor...on/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_p...ount_id=153636
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_p...ount_id=153636
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=153636
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet ... Read more

Answer:Have browser Hijackers

Hi
You will need to put HJT in a folder of its own and not on the desktop.

After that...
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=153636
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=153636
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.slotch.com/?&account_id=153636
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=153636
O2 - BHO: (no n... Read more

3 more replies
Relevance 39.36%

I am having a hell of a time trying to kill this hijacker.Any help would be greatly appreciated. I have tried multiple scanning tools and come just short of getting rid of it.I believe the main one is called look2me,at least that is what spyware Dr. said it was. Here is my hijack this log:Logfile of HijackThis v1.99.1Scan saved at 12:29:40 AM, on 4/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeC:\windows\Explorer.EXEC:\windows\system32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\windows\system32\svchost.exeC:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exeC:\Pro... Read more

Answer:Look2me And Other Hijackers Please Help

Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.If you receive a message from your firewall about this program accessing the internet please allow it.If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

14 more replies
Relevance 39.36%
Question: I hate Hijackers

Following is a log from HJt. I had my puter hijaked by internet-optimiser and I thought I had fixed it, now I can't search from the address bar, every time I try it trys to look for a http://"search phrase" of whatever I search for.

Logfile of HijackThis v1.97.7
Scan saved at 19:55:15, on 25/01/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\CREATIVE\WEBCAM CONTROL\CAMTRAY.EXE
C:\PROGRAM FILES\LEXMARKX73\ACMONITOR_X73.EXE
C:\PROGRAM FILES\LEXMARKX73\ACBTNMGR_X73.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\SSC\SSC.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:... Read more

Answer:I hate Hijackers

Hi Morian,

C:\PROGRAM FILES\SSC\SSC.EXE

This one looks iffy. SSC as a Program File is not uncommon, as it's an installation file for Nav. But SSC.EXE isn't a recognised file. I would be pretty sure that any file associated with Norton is going to turn up somewhere in Googleland, but this one doesn't.

Could you please find it, and rename it from...

SSC.EXE

to

SSC.txt

and send a copy to [email protected]

Then, could you please try this to fix the problem..

Go to Start | Settings | Control Panel | Internet Options, click on the Programs tab, and click Reset Web Settings.

Let me know if that has helped. That's two logs in a row, where searches have gone to pot, and the search bar of choice is..

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01

Probably coincidence, but I'm off to see if there are any more occurences of it.

Cheers

Liam
 

1 more replies
Relevance 39.36%

Hello!

I'm ripping what's left of my hair out! I've apparantly picked up several hijackers including searchmyrequest and myexexex. My computer has slowed down so much and my home page keeps changing, it's like I'm living with Sybil! My wife is ready to kill me and the children thinking that we're somehow downloading this porn!

I've run Adaware, CWShredder, Spybot S&D and my Norton AV (all most recent and up to date, but I can't get rid of the blasted things. Can anyone help?

Here's the Hijack file

Logfile of HijackThis v1.97.7
Scan saved at 6:53:26 PM, on 6/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WIN... Read more

Answer:So Many Hijackers-So Little Patience

Welcome to TSG, skyejaz

Close all windows, restart Hijack this and put a check mark against the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = <none>
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmyrequest.com/sp.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.237.45.18 ad.doubleclick.net
O1 - Hosts: 64.237.45.18 aff.weatherbug.com
O1 - Hosts: 64.237.45.18 www.burstnet.com
O1 - Hosts: 64.237.45.18 oz.valueclick.com
O1 - Hosts: 64.237.45.18 a.tribalfusion.com
O1 - Hosts: 64.237.45.18 servedby.advertising.com
O1 - Hosts: 64.237.45.18 my.search
O1 - Hosts: 64.237.45.18 pagead2.googlesyndication.com
O1 - Hosts: 209.87.155.230 date.com
O1 - Hosts: 209.87.155.230 dating.com
O1 - Hosts: 209.87.155.230 freedating.com
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: Elitum EliteBar - {FA6548E9-78F5-4025-9D7B-FC1367789C38} - C:\WINDOWS\EliteBar\EliteBar.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - H... Read more

2 more replies
Relevance 39.36%

I was hoping that someone could please help me out. I am trying to help a friend out who's computer has been hijacked. Here is the log, please help if you can. Thank you.


Logfile of HijackThis v1.99.1
Scan saved at 5:09:44 PM, on 4/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Spyware Nuker 2004\swn2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE... Read more

Answer:Computer taken over by Hijackers

Hello Synapseguru and welcome to TSF...

In order to assist you better, we recommend that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Desktop. This is required because HijackThis will create backups and we don't want them to be deleted.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro http://uk... Read more

1 more replies
Relevance 39.36%

Hi, a few days ago you guys helped me out, but now it seems the spyware is back. Every now and then, none of my broswers will work, but occassionally it does, it's very strange. I'm tired of it, so here's my new log, thanks!Logfile of HijackThis v1.98.2Scan saved at 20:58:14, on 20/09/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exeC:\Archivos de programa\Norton SystemWorks\Norton Ghost\GhostStartService.exeC:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exeC:\ARCHIV~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\Archivos de programa\Norton SystemWorks\Norton Antivirus\SAVScan.exeC:\ARCHIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\Archivos de programa... Read more

Answer:Return of the hijackers!

Hi valeria_nick,

There is nothing suspect in in your log.

Did you have the same problem before installing XP SP2 ?

3 more replies
Relevance 39.36%

Your assistance is appreciated, Thank you.

Logfile of HijackThis v1.97.7
Scan saved at 6:56:48 PM, on 7/15/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\MCTOOL.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\DESKTOP\SECURITY\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=1c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Inter... Read more

Answer:Pop-ups, Virus's & Hijackers OH MY!

10 more replies