Home > Hijack This > HiJack This - Log Post. My XP SP3 Is Getting Hacked.

HiJack This - Log Post. My XP SP3 Is Getting Hacked.

If you have questions, or if a program doesn't work, stop and tell me about it. Free Antivirus / Avira Free AntiVirus OnLine Anti-Virus: ESET / BitDefender / F-Secure Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster Firewall: Comodo Firewall Free / C:\Documents and Settings\Jennifer Klausner\Start Menu\Programs\Startup\Bat - Auto Update.lnk (Adware.Batco) -> Quarantined and deleted successfully. Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 6/15/2010 9:08:56 AM System Uptime: 3/20/2012 9:48:52 AM (3 hours ago) . his comment is here

RP23: 3/7/2012 3:00:16 AM - Software Distribution Service 3.0 RP24: 3/7/2012 3:03:04 AM - Software Distribution Service 3.0 RP25: 3/8/2012 3:25:00 AM - Software Distribution Service 3.0 RP26: 3/13/2012 9:43:37 AM Paste this log in your next reply. Observe these: [o] Don't follow directions given to someone else [o] Don't use any other cleaning programs or scans while I'm helping you. [o] Don't use a Registry cleaner or make A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm.

exe scan log:Rooter.exe (v1.0.2) by Eric_71.SeDebugPrivilege granted successfully ....Windows XP . (5.1.2600) Service Pack 3[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel.Error OpenService (wscsvc) : 1060[SharedAccess] RUNNING (state:4)Windows Firewall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully. My internet explorer keeps saying "internet explorer has encountered a problem and needs to close" and it is doing this repeatedly.

Hurm. Join the community here. I apologize for attaching the hijack this log, I wasn't sure what I was supposed to do so your information has been very helpful! What causes the Windows to think this version isn't legitimate?

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. it seems like its what happened). Let me know if this is the case. ZoneAlarm keeps on asking whether I can let in x and y program access the internet, and my family and I don't know what most of those are, though it's likely

Jennifer I did successfully run GMER in Safe Mode, but it didn't show much of a log. Please let me know what steps I can take to fix these problems, while I keep going with Step 2 of the main suggestions. If you need this topic reopened, please send a Private Message to any one of the moderating team members. O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe O8 - Extra context menu item: E&xport

HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully. Instructions on how to properly create a GMER log can be found here:How to create a GMER logElle Can you hear it?It's all around! I also downloaded Outpost Firewell Free as you suggested and turned off my XP Firewall. i looked some into running proxy ip's but most all of them say they are not usable for filesharing programs or chatting and designed primarily for web browsing.

Files Infected: C:\Program Files\Batco\bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully. http://exomatik.net/hijack-this/hijack-this-log-question-hoping-to-post-log-but.php When scan is completed, click Save button, and save the results as gmer.log Warning ! Back to top #3 TheJoker TheJoker Forum Deity Boot Camp Mod 14,365 posts Posted 03 August 2009 - 06:59 PM Hi Ess, and Welcome to SWISorry it has taken so long And I don't think the IE crashes are from hacking.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . O4 - Global Startup: LUMIX Simple Viewer.lnk = ? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:03:53 PM, on 5/25/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe weblink scanning hidden files ...

If Combofix asks you to update the program, always do so. Two excellent free firewalls are Outpost Firewall Free or Online Armor Free. C:\Program Files\Batco\X_bat.log (Adware.Batco) -> Quarantined and deleted successfully.


If you don't understand or have a problem, ask me. NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links. First, you should know that 'slow' can be caused by a lot of reasons other than malware. Freaky.Also, the desktop background no longer works, as Microsoft Windows tells me it's not a legitimate form of Windows--I'm guessing because I replaced the default Hosts file with the one from

Username Forum Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy

Thanks so much! Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure check over here Share this post Link to post Share on other sites AdvancedSetup    Staff Root Admin 63,890 posts Location: US ID: 7   Posted July 17, 2009 Due to the lack of

Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. By the power of truth, I, while living, have conquered the universe. ~Scratch~My help is always free, but if you want to donate to help me continue my fight against malware This allows us to more easily help you should your computer have a problem after an attempted removal of malware. Save the above as CFScript.txt 4.

Thanks again! or read our Welcome Guide to learn how to use this site. It has done this 1 time(s). 3/13/2012 9:32:18 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} You may also...

Anyway, so when I dragged the CFScript shortcut icon into Combofix, it started, but then gave me the error message "Were you trying to run CFScript? Either one would be a good choice. Several functions may not work. anyways i have comodo firewall installed and today it came up with file that it defined as a unclassifiedmalware (i had soulseek open during this time, which is further why i