Skip to content
View in the app

A better way to browse. Learn more.

Tip.It Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

new virus taking over friends comp help with log!!

Featured Replies

i was just able to get him the hijackthis program he ran it here's his log please tell all he should get rid of.....thanks alot you guys have helped me out tremendously.<<<<<

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:11:55 PM, on 5/1/2005

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N[Caution: ExecutableFile]

 

 

 

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile]

 

 

 

C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\j2re1.4.2_05\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\j2re1.4.2_05\bin\jucheck[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Grisoft\AVG Free\avgcc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Grisoft\AVG Free\avgwb.dat

 

 

 

C:\Program Files\Grisoft\AVG Free\avginet[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

 

 

 

C:\DOCUME~1\JOHNKI~1\LOCALS~1\Temp\Temporary Directory 1 for

 

 

 

hijackthis.zip\HijackThis[Caution: ExecutableFile]

 

 

 

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

 

 

http://red.clientapps.yahoo.com/customi ... ch/ie.html

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

 

 

http://red.clientapps.yahoo.com/customi ... .yahoo.com

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

 

 

http://www.paomaha.com/

 

 

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

 

 

http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop

 

 

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

 

 

 

http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

 

 

 

C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

 

 

 

O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -

 

 

 

C:\WINDOWS\vgadb.dll

 

 

 

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

 

 

 

Files\Norton AntiVirus\NavShExt.dll

 

 

 

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

 

 

 

C:\Program Files\Norton AntiVirus\NavShExt.dll

 

 

 

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

 

 

 

Shared\ccApp[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz[Caution: ExecutableFile]"

 

 

 

/GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"

 

 

 

O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1[Caution: ExecutableFile]

 

 

 

/P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"

 

 

 

O4 - HKLM\..\Run: [ePrint 3.0 Service] C:\PROGRA~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc[Caution: ExecutableFile] /STARTUP

 

 

 

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

 

 

C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

 

 

- C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

 

 

 

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

 

 

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

 

 

 

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

 

 

C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

 

 

 

- C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

 

 

 

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop

 

 

 

O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) -

 

 

 

http://campaignlogic.truelogic.com.au/d ... fxIEAx.cab

 

 

 

O20 - Winlogon Notify: vgadb - C:\WINDOWS\vgadb.dll

 

 

 

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr[Caution: ExecutableFile]

 

 

 

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

 

 

 

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

 

 

 

O23 - Service: EPrint III Service - Unknown owner - C:\Program Files\LEAD

 

 

 

Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N[Caution: ExecutableFile]

 

 

 

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company,

 

 

 

L.P. - C:\Program Files\HPQ\SHARED\HPQWMI[Caution: ExecutableFile]

 

 

 

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

 

 

 

Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec

 

 

 

Corporation - C:\Program Files\Norton AntiVirus\navapsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec

 

 

 

Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor[Caution: ExecutableFile]

 

 

 

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

 

 

 

AntiVirus\SAVScan[Caution: ExecutableFile]

 

 

 

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

 

 

 

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation

 

 

 

- C:\Program Files\Common Files\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

 

 

 

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -

 

 

 

Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

 

 

 

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc[Caution: ExecutableFile]

 

 

 

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common

 

 

 

Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

 

 

 

Files\Common Files\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

Fix the following after closing all the browsers.

 

 

 

 

 

 

 

O2 - BHO: MSEvents Object - {44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} -

 

 

 

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c =Q105&bd=pavilion&pf=laptop

 

 

 

 

 

 

 

 

 

 

Also to get rid of the virus scan with an updated anti-virus (I see there is AVG on there). Use housecall for a free online scan.

sig2ho7.jpg

BEFORE you delete the entires phil mentioned, move Hijackthis to its own folder (Eg: C:\Program Files\Hijackthis\Hijackthis[Caution: ExecutableFile])

BEFORE you delete the entires phil mentioned, move Hijackthis to its own folder (Eg: C:\Program Files\Hijackthis\Hijackthis[Caution: ExecutableFile]

 

 

 

 

 

 

 

Yuppers, other wise it won't create back ups... so if you end up needing those for some reason or another you are spit out of luck

...

oops, I was going to mention that but forgot, good spot :oops:

 

 

 

 

 

 

 

(we have the edit button back?) :?

sig2ho7.jpg
oops, I was going to mention that but forgot, good spot :oops:

 

 

 

 

 

 

 

(we have the edit button back?) :?

 

 

 

 

 

 

 

Yea I noticed that too... maybe the people just can't edit the very first post? Doubt it though...

 

 

 

 

 

 

 

In any case I think that the 1st response to the post should be a quote... that way even if they do edit it and say "thanks, fixed!" it would still be in writing 1 post down. Whaddya think?

...

I think that the 1st response to the post should be a quote... that way even if they do edit it and say "thanks, fixed!" it would still be in writing 1 post down. Whaddya think?
Nah because when people search if they set it to just display the topic titles then all they see is "thanks, fixed" which is kinda useless.

 

I think that the 1st response to the post should be a quote... that way even if they do edit it and say "thanks, fixed!" it would still be in writing 1 post down. Whaddya think?
Nah because when people search if they set it to just display the topic titles then all they see is "thanks, fixed" which is kinda useless.

 

 

 

Stop correcting me... lol

 

 

 

*shakes fist* :wink:

...

Create an account or sign in to comment

Important Information

By using this site, you agree to our Terms of Use.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.