Home > Hijackthis Log > HiJackThis Log & Yoog Search Virus

HiJackThis Log & Yoog Search Virus

When the scan completes, it will open two notepad windows. If you accept cookies from this site, you will only be shown this dialog once!You can press escape or click on the X to close this box. Jump to content Sign In Create Account Search Advanced Search section: This topic Forums Members Help Files Calendar View New Content Forum Rules BleepingComputer.com Forums Members Tutorials Startup List To learn more and to read the lawsuit, click here. http://exomatik.net/hijackthis-log/hijackthis-log-due-to-google-search-virus.php

Completion time: 2009-02-18 18:18:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-19 01:18:49 Pre-Run: 139,750,825,984 bytes free Post-Run: 140,684,570,624 bytes free 276 --- E O F --- 2009-02-11 05:03:58 Back to top #4 AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF). Please re-enable javascript to access full functionality.

Please perform the following scan:Download DDS by sUBs from one of the following links. Thank You ! If you need this topic reopened, please contact a staff member.

Thank you. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and If you don't, check it and have HijackThis fix it. scanning hidden autostart entries ...

Below is the post from the DDS program and I added the zipped attachment per the instructions. One of the best places to go is the official HijackThis forums at SpywareInfo. So far only CWS.Smartfinder uses it. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged

I'm assuming you fully uninstalled it. Several functions may not work. If it is not, let me know, I'll see if I can find a better way to get rid of it.Also, please do this as well:Download OTListIt2 to your desktop.Double click scanning hidden autostart entries ...

Thanks again! 0 #4 handhfan Posted 15 January 2009 - 02:10 PM handhfan Trusted Helper Expert 13,659 posts You should be able to install Mozilla again. However, since only Coolwebsearch does this, it's better to use CWShredder to fix it.O20 - AppInit_DLLs Registry value autorunWhat it looks like: O20 - AppInit_DLLs: msconfd.dll What to do:This Registry value If it's not on the list and the name seems a random string of characters and the file is in the 'Application Data' folder (like the last one in the examples The same goes for the 'SearchList' entries.

uStart Page = hxxp://www.google.com/ IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Wakka\Application Data\Mozilla\Firefox\Profiles\yyxhfxx2.default\ FF http://exomatik.net/hijackthis-log/hijackthis-log-search-assistant-etc.php If not please perform the following steps below so we can have a look at the current condition of your machine. Start a new thread instead and someone will help you asap.Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with This to avoid confusion.

Items listed at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad are loaded by Explorer when Windows starts. Nevertheless just to be on the safe side, I've a) carefully read the instruction b) do as were told c) and these are the logs p/s: do you think it's okay Now what?????Thanks,DavidI've separated each scan with a horizontal line. this content BleepingComputer is being sued by Enigma Software because of a negative post of SpyHunter.

However, recently I got a virus/malware on my computer. Run the scan, enable your A/V and reconnect to the internet. scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1156) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . ------------------------

My computer is slow!---My Blog---Follow me on Twitter.Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.DO NOT

It has completely jacked my search engines and is continually flooding me with pops-ups from a "contextual ads" service whenever I open a new browser. scanning hidden files ... Antivirus"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter"CCleaner" = CCleaner (remove only)"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00811025" = SoftV90 Data Fax Modem with SmartCP"Combined Community Codec Pack_is1" = Combined or read our Welcome Guide to learn how to use this site.

Current Boot Mode: NormalScan Mode: Current userOutput = MinimalFile Age = 30 DaysCompany Name Whitelist: On ========== Processes (SafeList) ========== C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)C:\WINDOWS\system32\WLTRYSVC.EXE ()C:\WINDOWS\system32\BCMWLTRY.EXE (Broadcom Corporation)C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)(avast! Contents of the 'Scheduled Tasks' folder 2009-02-18 c:\windows\Tasks\Ad-Aware Update (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-17 18:17] 2009-02-18 c:\windows\Tasks\Daily.job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2008-09-30 16:38] . . ------- Supplementary Scan ------- . http://exomatik.net/hijackthis-log/hijackthis-log-please-help-uc-search-more-toolbar.php Let it scan your system for files to remove.

Inc.)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 If the IP does not belong to the address, you will be redirected to a wrong site everytime you enter the address. Even for an advanced computer user. This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546I suggest you remove the program now.

uStart Page = hxxp://www.google.com/ IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Wakka\Application Data\Mozilla\Firefox\Profiles\yyxhfxx2.default\ FF Please do so before attempting to browse it. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. Click here to Register a free account now!

Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes Contents of the 'Scheduled Tasks' folder 2009-02-18 c:\windows\Tasks\Ad-Aware Update (Daily).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-17 18:17] 2009-02-18 c:\windows\Tasks\Daily.job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2008-09-30 16:38] . - - - - ORPHANS REMOVED - If we have ever helped you in the past, please consider helping us. Prefix: http://ehttp.cc/?What to do:These are always bad.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\NMSU\VPN Client\cvpnd.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.Orange BlossomAn ounce of prevention is worth a pound of cureSpywareBlaster, WinPatrol Plus, ESET Smart