 |  |  |  |  |  |  |  |
Search not working right...
 |
•
•
Join Date: Feb 2004
Posts: 10,009
Reputation: 
Solved Threads: 757
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or the desktop & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=
O1 - Hosts: 127.127.127.127 elite
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
Reboot into safe mode following the instructions here & navigate to & delete
C:\WINDOWS\SYSTEM\MSYSTEMM.exe< this one.
Reboot normally.
Disable system restore following the instructions given here & then set a new restore point. Note that all previous restore points will be lost.
Go & have another online scan & report back the results plz.
O1 - Hosts: 127.127.127.127 elite
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
Reboot into safe mode following the instructions here & navigate to & delete
C:\WINDOWS\SYSTEM\MSYSTEMM.exe< this one.
Reboot normally.
Disable system restore following the instructions given here & then set a new restore point. Note that all previous restore points will be lost.
Go & have another online scan & report back the results plz.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Apr 2004
Posts: 63
Reputation:
Solved Threads: 0
Junior Poster in Training
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
i cant find this one on the list
i cant find this one on the list
•
•
Join Date: Apr 2004
Posts: 63
Reputation:
Solved Threads: 0
Junior Poster in Training
also at the end, should i enable system restore? its already disabled i think from the beginning...
•
•
Join Date: Aug 2003
Posts: 9,632
Reputation:
Solved Threads: 499
•
•
•
•
Originally Posted by fitchfrog19
O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
i cant find this one on the list
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
>>>>>>O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe<<<<<
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Its right there in the middle of the last few 04's
You should not reactivate you system restore untill you get rid of all baddies !
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Apr 2004
Posts: 63
Reputation:
Solved Threads: 0
Junior Poster in Training
yeah... thats the text copy i pasted into this... its not on the actual hijack this thing for me to check off... im confused...
sorry im not smart with this kinda stuff... i need help!!!:cry:
sorry im not smart with this kinda stuff... i need help!!!:cry:
•
•
Join Date: Aug 2003
Posts: 9,632
Reputation:
Solved Threads: 499
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQ34HU7\HIJACKTHIS[1]\HIJACKTHIS.EXE
this could have something to do with that ,you are running hijack from the temp internet folder ,download it [link in my signature ]to you desktop and unzip it to a created folder like this c:\HJT folder,more info on how to !!
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.
this could have something to do with that ,you are running hijack from the temp internet folder ,download it [link in my signature ]to you desktop and unzip it to a created folder like this c:\HJT folder,more info on how to !!
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Apr 2004
Posts: 63
Reputation:
Solved Threads: 0
Junior Poster in Training
did i do it right this time? i saved it to a file in C called HJT... but it never told me to unzip anything... but the folder icon did have a zipper on it but when i clicked on the hijack this icon it just opened up
Logfile of HijackThis v1.97.7
Scan saved at 8:31:01 PM, on 4/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\AIM+\AIM+.EXE
C:\PROGRAM FILES\AIM\AIM95_C0\AIM.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\WINMX\WINMX.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSWP.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\MSWORKS.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKGDCACH.EXE
C:\WINDOWS\SYSTEM\SPP32M.EXE
C:\WINDOWS\TEMP\TD_0004.DIR\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 127.127.127.127 elite
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...039.3870833333
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
Logfile of HijackThis v1.97.7
Scan saved at 8:31:01 PM, on 4/30/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\AIM+\AIM+.EXE
C:\PROGRAM FILES\AIM\AIM95_C0\AIM.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\WINMX\WINMX.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSWP.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\MSWORKS.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKGDCACH.EXE
C:\WINDOWS\SYSTEM\SPP32M.EXE
C:\WINDOWS\TEMP\TD_0004.DIR\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 127.127.127.127 elite
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DJRegFix] regedit /s c:\hp\djregfix.reg
O4 - HKLM\..\Run: [HPLogiFinder] \WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...039.3870833333
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
•
•
•
•
Originally Posted by caperjack
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\OPQ34HU7\HIJACKTHIS[1]\HIJACKTHIS.EXE
this could have something to do with that ,you are running hijack from the temp internet folder ,download it [link in my signature ]to you desktop and unzip it to a created folder like this c:\HJT folder,more info on how to !!
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.
•
•
Join Date: Apr 2004
Posts: 63
Reputation:
Solved Threads: 0
Junior Poster in Training
there is a line called O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe right under the line called O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
BUT no line called O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
BUT no line called O4 - HKLM\..\Run: [MSYSTEMM] C:\WINDOWS\SYSTEM\MSYSTEMM.exe
•
•
Join Date: Apr 2004
Posts: 63
Reputation:
Solved Threads: 0
Junior Poster in Training
i just tried searching for something on yahoo... and it worked!!! i didnt fix anything through hijack this yet though... also when i type in www.google.com... it doesnt come up that stupid just templates thing before it like it used to... it came up normally!!!!!!
should i still fix things through hijack this?!?!
im so happy thank you so much... to everyone who left me instructions...
i just need to know about the hijack this part... thanks again!!!!!!
should i still fix things through hijack this?!?!
im so happy thank you so much... to everyone who left me instructions...
i just need to know about the hijack this part... thanks again!!!!!!
•
•
Join Date: Feb 2004
Posts: 10,009
Reputation:
Solved Threads: 757
You are still running hijackthis out of a temporary folder. Create a new folder on your desktop & call it whatever you like, (HJT) go to hijackthis.exe & drag it into the folder you just created. Then run hijackthis from there & do the following:
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=
O1 - Hosts: 127.127.127.127 elite
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe
Reboot into safe mode following the instructions here & navigate to & delete
C:\WINDOWS\SYSTEM\SPP32M.exe< this one
Reboot normally after doing the above then post a fresh log plz.
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=
O1 - Hosts: 127.127.127.127 elite
O4 - HKLM\..\Run: [HiJackThis3] WINDOWSUPDATER.EXE
O4 - HKLM\..\Run: [SPP32M] C:\WINDOWS\SYSTEM\SPP32M.exe
Reboot into safe mode following the instructions here & navigate to & delete
C:\WINDOWS\SYSTEM\SPP32M.exe< this one
Reboot normally after doing the above then post a fresh log plz.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- MySql full text search not working for words like Java (MySQL)
- 'Start Search' not working (Windows Vista and Windows 7)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: mshp.dll problems with home page & pop-ups
- Next Thread: Cool Web Search Trojan (HiJackThis Log Inside)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
