Check out my HJT log - Printable Version +- Support Forums (https://www.supportforums.net) +-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87) +--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56) +---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48) +---- Thread: Check out my HJT log (/showthread.php?tid=1763) Pages:
1
2
|
Check out my HJT log - andrewjs18 - 10-18-2009 It looked clean to me, but please take a peek..my google search results are F*cked up and malwarebytes is coming up clean... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:51:32 PM, on 10/18/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\TetherBerry\TBService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TetherBerry\TetherBerry.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\Program Files\Digsby\lib\digsby-app.exe C:\Program Files\Digsby\lib\aspell\bin\aspell.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - Startup: ScreenHunter 5.1 Free.lnk = C:\Program Files\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9E38634D-67B7-4EAC-A41B-82F66E1C1225}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TetherBerry - Unknown owner - C:\Program Files\TetherBerry\TBService.exe -- End of file - 2740 bytes RE: Check out my HJT log - Skawke - 10-18-2009 Hello, I will be your helper today. Your computer seems completely clean. Are you experiencing any odd errors, or/and activity? RE: Check out my HJT log - andrewjs18 - 10-18-2009 (10-18-2009, 07:37 PM)HaruhiSuzumiya Wrote: Hello, I will be your helper today. yes...I'll search something in google say.... these forums for example and it'll show results as apartmentfinder.com and other random, non-related sites...that's the weird thing. I'd automatically assume it's a hijacked browser, but in my case it doesn't appear to be. RE: Check out my HJT log - Skawke - 10-18-2009 (10-18-2009, 08:34 PM)andrewjs18 Wrote: yes...I'll search something in google say.... these forums for example and it'll show results as apartmentfinder.com and other random, non-related sites...that's the weird thing. I'd automatically assume it's a hijacked browser, but in my case it doesn't appear to be. I assume it's because you're using OpenDNS? RE: Check out my HJT log - andrewjs18 - 10-19-2009 (10-18-2009, 08:50 PM)HaruhiSuzumiya Wrote: I assume it's because you're using OpenDNS? that can't be the problem. I've been using opendns for years without any problem. RE: Check out my HJT log - Skawke - 10-19-2009 (10-19-2009, 11:12 AM)andrewjs18 Wrote: that can't be the problem. I've been using opendns for years without any problem. Can you show us a screenshot of it happening? Also, OpenDNS redirects Google traffic: http://www.labnol.org/software/browsers/prevent-opendns-google-redirects-firefox-address-bar-ie/2662/ http://forums.opendns.com/comments.php?DiscussionID=226 RE: Check out my HJT log - andrewjs18 - 10-20-2009 (10-19-2009, 05:17 PM)HaruhiSuzumiya Wrote: Can you show us a screenshot of it happening? yep, on Friday when I'm back in work. it's happening on my personal work computer. RE: Check out my HJT log - ktmrider530 - 10-20-2009 This happened to me. When you do a search, a new page pops up. Look at the url of that page www.xxx1xxx.com. So you would put "www.xxx1xxx.com virus" into google. Click on the one that best suits you. And click "view cached page" or something of the like, it will provide removal instructions. RE: Check out my HJT log - Kutmustakurt - 10-20-2009 Please Post a fresh HJT log, Update MBAM to latest version and perform a full system scan. Post both the logs in your next reply. Please run a free online scan with the ESET Online Scanner Note: You will need to use Internet Explorer for this scan.
RE: Check out my HJT log - andrewjs18 - 10-23-2009 (10-19-2009, 05:17 PM)HaruhiSuzumiya Wrote: Can you show us a screenshot of it happening? |