Home > Hijack This > Hijack This Log For Checking Please

Hijack This Log For Checking Please

Click on the Cleanup button to remove any threats and reboot if prompted to do so. OK! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:45:04, on 6.12.2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Rising\Rav\CCENTER.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Rising\Rav\RavTask.exeC:\Program Files\Rising\Rav\RavMonD.exeC:\Program Files\Rising\Rav\rsnetsvr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Java\jre6\bin\jqs.exec:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exeC:\Program Files\PC Do not reboot until instructed. http://splodgy.org/hijack-this/hijack-this-log-needing-checking-please.php

Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8b31c500, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8afa64c0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8b31c500, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8afc3508, DeviceName: HKCR\Interface\{B5A33C35-7298-4D15-8753-A2E851E2EAB3} (Adware.Gdown) -> Quarantined and deleted successfully. Similar Topics Please check my HijackThis Log. C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Ralink\Common\RaRegistry.exe C:\Program Files\Serviio\bin\ServiioService.exe C:\Program Files\Serviio\bin\ServiioService.exe C:\WINDOWS\System32\StkASv2K.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

If really won't run, rename it to winlogon.exe (or winlogon.com) and try again Create new restore point before proceeding with the next step.... AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . Close all open programs, including browsers.

They can conflict with each other.Edit for clarity Edited by dsilvers - 06 December 2009 at 9:20pm Bomb123 Members Profile Send Private Message Find Members Posts Add to Buddy List Senior colt24Member Since: June 3, 2003Posts: 545colt24FollowForum Posts: 545Followed by: 0Reviews: 0 Stacks: 0Forum Karma: 0#4 Posted by colt24 (545 posts) - 8 years, 10 months agovirus, spyware :Oanything?sorry about the smilesha Jun 21, 2013 #2 Mike Franklin TS Rookie Topic Starter Posts: 20 Broni, Thanks for the reply. Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 Noviciate Noviciate Malware Response Team 5,277 posts OFFLINE Gender:Male Location:Numpty HQ Local time:10:08 PM Posted

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-22 56336] R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-16 70296] R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-31 28600] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600] R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-6-21 46792] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys User = LL2 ... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Log in with Facebook Log in with Twitter Log in with Google Your name or email address: Do you already have an account?

Partition starts at LBA: 63 Numsec = 128457 Partition 1 type is Primary (0x7) Partition is ACTIVE. You can use sc delete to remove them if they are sysinternals files. Please note that many features won't work unless you enable it. Many of the same wierd services running from a temp file.

C:\Documents and Settings\Mike\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> Quarantined and deleted successfully. have a peek at this web-site FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\rtll58r7.default\ FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox|http://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - component: c:\documents and settings\mike\application data\mozilla\firefox\profiles\rtll58r7.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll FF - component: c:\documents Let it finish. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.

If I closed your topic and you need it to be reopened, simply PM me. have a peek at these guys Partition starts at LBA: 128520 Numsec = 302616405 Partition file system is NTFS Partition is bootable Partition 2 type is Other (0xdb) Partition is NOT ACTIVE. If you're stuck, or you're not sure about certain step, always ask before doing anything else. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Click on this link to see a list of programs that should be disabled. It has done this 1 time(s). 14/06/2013 17:32:30, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot HJT log enclosed: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 8:54:14 a.m., on 15/01/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) FIREFOX: 26.0 (en-US) check over here Then i posted a message in hi's blog for revenge stating that spamming is not allowed at thoughts.com and then i received death threat from someone called PhantomAvengers saying that he

Name: VMware Virtual Ethernet Adapter for VMnet1 PNP Device ID: ROOT\VMWARE\0000 Service: VMnetAdapter . ==== System Restore Points =================== . C: is FIXED (NTFS) - 144 GiB total, 32.17 GiB free. RP338: 7/01/2014 8:26:56 p.m. - Removed PassIt4sure Questions and Answers for Microsoft MB2-868 RP339: 7/01/2014 8:28:07 p.m. - Removed Microsoft Web Platform Installer 4.5 RP340: 7/01/2014 8:30:26 p.m. - Removed Microsoft

C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully. (end) DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_39 Run by Mike at 22:39:33 on 2013-06-21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1611 [GMT 1:00]

Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Ask a Question See Latest Posts TechSpot Forums are dedicated to computer enthusiasts and power users. Removal finished Jun 22, 2013 #6 Broni Malware Annihilator Posts: 53,147 +349 Create new restore point before proceeding with the next step....

So long, and thanks for all the fish. Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: VirtualBox Host-Only Ethernet Adapter Device ID: ROOT\NET\0000 Manufacturer: Oracle Corporation Name: VirtualBox Host-Only Ethernet Adapter PNP Device ID: ROOT\NET\0000 Service: VBoxNetAdp . Will you also include a brief explanation of why you think that your PC is poorly-sick. this content ByMike Franklin ยท 34 replies Jun 21, 2013 Page 1 of 2 1 2 Next > Guys, I'm sure you've seen lots of these.

Physical Sector Size: 512 Drive: 2, DevicePointer: 0xffffffff8ad01030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8afbd340, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8ad01030, DeviceName: \Device\Harddisk2\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8ab6d578, DeviceName: TechSpot is a registered trademark. OK! Ask a question and give support.

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318} Description: Mobile Intel 4 Series Express Chipset Family Device ID: PCI\VEN_8086&DEV_2A42&SUBSYS_30DD103C&REV_07\3&21436425&0&10 Manufacturer: Intel Corporation Name: Mobile Intel 4 Series Express Chipset Family PNP Device ID: PCI\VEN_8086&DEV_2A42&SUBSYS_30DD103C&REV_07\3&21436425&0&10 Service: igfx Instead, open a new thread in our security and the web forum. IFEO: bitguard.exe - tasklist.exe IFEO: bprotect.exe - tasklist.exe IFEO: bpsvc.exe - tasklist.exe IFEO: browsemngr.exe - tasklist.exe IFEO: browserdefender.exe - tasklist.exe IFEO: browsermngr.exe - tasklist.exe IFEO: browserprotect.exe - tasklist.exe IFEO: browsersafeguard.exe - Wait until the Status box shows Deleting Finished.

Download Rkill (courtesy of BleepingComputer.com) to your desktop. Use AppRemover to uninstall it: http://www.appremover.com/ We can reinstall it when we're done with CF. **Note 3: If you receive an error "Illegal operation attempted on a registery key that has dsilvers Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 22 January 2008 Status: Offline Points: 53 Post Options Post Reply Quotedsilvers Report Post Thanks(0) Please download AdwCleaner by Xplode from here and save it to your Desktop.

Click on SCAN button. Using the site is easy and fun. Pick one and uninstall the others. Torrents can be a cess pool of infections.

D: is CDROM () L: is FIXED (NTFS) - 298 GiB total, 95.107 GiB free. Malwarebytes is a good on demand scanner. If Combofix asks you to install Recovery Console, please allow it. Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.