Home > Hijackthis Log > HiJackThis Log -- I'm Infected

HiJackThis Log -- I'm Infected

Please re-enable javascript to access full functionality. I'm dealing with nasty virus! Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Sign In Sign Up Browse Back Browse Forums Guidelines Staff Online Users Members Activity Back Activity All Activity My Activity Streams Unread Content Content I Started Search Malwarebytes.com Back Malwarebytes.com Malwarebytes have a peek here

Please post the "C:\ComboFix.txt" for further review****Note: Do not mouseclick combofix's window while it's running. ComboFix 10-05-10.05 - User 2010/05/12 12:05:44.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.703.458 [GMT 2:00] Running from: c:\documents and settings\User.BITLINE-E153D3E\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\User.BITLINE-E153D3E\Desktop\CFScript.txt AV: avast! by TurboSuper / May 24, 2008 7:54 AM PDT In reply to: Help! A text file will open after the restart.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Next,Delete

Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dllO2 - BHO: (no name) - Back to top #5 drkmatter drkmatter Advanced Member Members 37 posts Posted 24 November 2007 - 04:52 AM Greetings!. http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=255339&messageID=2533167 Flag Permalink This was helpful (0) Collapse - Spyware & Virus invasion by tanguska / May 19, 2008 9:36 AM PDT In reply to: Please read this thread and follow

Using the site is easy and fun. HijackThis log included. Self Protection;c:\windows.0\system32\drivers\aswSP.sys [2010-1-28 114768] R2 aswFsBlk;aswFsBlk;c:\windows.0\system32\drivers\aswFsBlk.sys [2010-1-28 20560] R2 avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast!

IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2008/08/04 14:31:55 System Uptime: 2010/05/11 07:23:30 (2 hours ago) Motherboard: | | May 4, 2010 #5 Bobbye Helper on the Fringe Posts: 16,335 +36 Try running GMER in Safe Mode. Has that bee fixed? Download this file - combofix.exe2.

antivirus 4.8.1368 [VPS 100512-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FILE :: "c:\windows.0\system32\drivers\tmeter.sys" "c:\windows.0\system32\drivers\w900bus.sys" "c:\windows.0\system32\drivers\w900mdfl.sys" "c:\windows.0\system32\drivers\w900mdm.sys" "c:\windows.0\system32\drivers\w900mgmt.sys" "c:\windows.0\system32\drivers\w900obex.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Several functions may not work. but when i try to run gamer the computer starts acting up, freezes and shuts itself down. Since you now have an image of you machine, you can perform a complete reinstall in less than 1 hour anytime you suspect you have a problem or suspect you have

Now that you have identified some visible signs of infection for us, here are some instructions for removing older versions of Java and updating.Download the latest version of http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment self protection module/ALWIL Software) ZwOpenKey [0xF619864E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! If that doesn't work, uncheck 'Devices' on the right screen and try running. Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [ntiMUI] c:\Program

Canada Local time:06:07 PM Posted 12 January 2016 - 11:45 AM Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it http://softsystechnologies.com/hijackthis-log/hijackthis-log-infected.html Flag Permalink This was helpful (0) Collapse - My 6-pence worth - Format The PC! This 'Agent' is meant to respond to commands from the console. didn't require it anymore cos cellphone has been replaced.

Please try again now or at a later time. Sorry, there was a problem flagging this post. C:\WINDOWS\system32\svchost.exeNo streams found. http://softsystechnologies.com/hijackthis-log/hijackthis-log-am-i-infected.html Thanks!

c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows.0\system32\VTTimer.exe c:\windows.0\SOUNDMAN.EXE c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows.0\system32\wscntfy.exe . ************************************************************************** . Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\LANScope Agent\awServ.exe O23 - Service: eDataSecurity Service May 12, 2010 #10 MelissaP TS Rookie Topic Starter please ignore the 1st hijack this log.

Flag Permalink This was helpful (0) Collapse - look...

So, now I find it is best (for me, my friends and my family) to make sure you have Norton Ghost (I have version 14 but I know 12 and higher Please rescan with Combofix and leave a new log. Back to top #3 drkmatter drkmatter Advanced Member Members 37 posts Posted 16 November 2007 - 06:03 PM So sorrie for the delay.. SHOW ME NOW CNET © CBS Interactive Inc.  /  All Rights Reserved.

does gamer cause a computer to behave that way? I'm dealing with nasty virus! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! this contact form To learn more and to read the lawsuit, click here.

HijackThis log included. Greets Jurgenv. Open notepad and copy/paste the text in the code below into it: Code: File:: c:\windows.0\system32\drivers\w900bus.sys c:\windows.0\system32\drivers\w900mdfl.sys c:\windows.0\system32\drivers\w900mdm.sys c:\windows.0\system32\drivers\w900mgmt.sys c:\windows.0\system32\drivers\w900obex.sys c:\windows.0\system32\drivers\tmeter.sys Folder:: DDS:: mURLSearchHooks: H - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} it just sends out messages of the file link to my friends, automatically...

Run something like Avast Home (www.avast.com - free but very, very good) or AVG (also has a free version but slows your email down a bit)to protect your machine. Try uninstalling this in Add/Remove Programs. if i do a netstat -o and see which ports are open then go to task manager to see which apps are using those ports, the only 1 unknown to me ALA is a repackaging of software by Avocent called AdminWorks Agent.

What happened? Then reboot the computer and see if it has made a difference. ================================= There is some kind of problem with your system. and i got infected with the virus... some1 tried their best to recover all the info from the computer.

lax04s01-in-f100.1e100.net:http connected to the avast pid. Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the self protection module/ALWIL Software) ZwCreateKey [0xF6198574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! I'm dealing with nasty virus!

There's this facebook msn virus that is around that i juz got to know of... Join the community here. Double click combofix.exe & follow the prompts to run. sometimes when i'm on the net and i open netstat i see this...

TechSpot Account Sign up for free, it takes 30 seconds.