Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!
Learn how Concerto can help you.
Solved
Hijackthis Log Analysis
Posted on 2011-09-24
Hi, There.
I have a machine that keeps getting passwords on it compromised.
This is the hijackthis log.
Anyone here see anything out of order that I've missed? I don't use this tool much.
Thanks.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:28 PM, on 9/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.ex
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.
C:\Program Files (x86)\Ask.com\Updater\Upda
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.e
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.e
C:\Users\Ben\Downloads\Hij
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceMana
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Upda
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.
O4 - HKLM\..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMoni
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.ex
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [cdloader] "C:\Users\Ben\AppData\Roam
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-A
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-A
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-8
O23 - Service: @%SystemRoot%\system32\Alg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.ex
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponde
O23 - Service: @%SystemRoot%\system32\efs
O23 - Service: @%systemroot%\system32\fxs
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.e
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.
O23 - Service: @%SystemRoot%\System32\net
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc
O23 - Service: @%systemroot%\system32\psb
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Loc
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snm
O23 - Service: @%systemroot%\system32\spo
O23 - Service: @%SystemRoot%\system32\spp
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.e
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O23 - Service: @%SystemRoot%\system32\ui0
O23 - Service: @%SystemRoot%\system32\vau
O23 - Service: @%SystemRoot%\system32\vds
O23 - Service: @%systemroot%\system32\vss
O23 - Service: @%SystemRoot%\system32\Wat
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: @%Systemroot%\system32\wbe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12131 bytes
I have a machine that keeps getting passwords on it compromised.
This is the hijackthis log.
Anyone here see anything out of order that I've missed? I don't use this tool much.
Thanks.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:28 PM, on 9/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.ex
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.
C:\Program Files (x86)\Ask.com\Updater\Upda
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.e
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Program Files (x86)\ImgBurn\ImgBurn.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.e
C:\Users\Ben\Downloads\Hij
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceMana
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Upda
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.
O4 - HKLM\..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMoni
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.ex
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [cdloader] "C:\Users\Ben\AppData\Roam
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-A
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-A
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-8
O23 - Service: @%SystemRoot%\system32\Alg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.ex
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponde
O23 - Service: @%SystemRoot%\system32\efs
O23 - Service: @%systemroot%\system32\fxs
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\Google
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.e
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.
O23 - Service: @%SystemRoot%\System32\net
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc
O23 - Service: @%systemroot%\system32\psb
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Loc
O23 - Service: @%SystemRoot%\system32\sam
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snm
O23 - Service: @%systemroot%\system32\spo
O23 - Service: @%SystemRoot%\system32\spp
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.e
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\Sw
O23 - Service: @%SystemRoot%\system32\ui0
O23 - Service: @%SystemRoot%\system32\vau
O23 - Service: @%SystemRoot%\system32\vds
O23 - Service: @%systemroot%\system32\vss
O23 - Service: @%SystemRoot%\system32\Wat
O23 - Service: @%systemroot%\system32\wbe
O23 - Service: @%Systemroot%\system32\wbe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12131 bytes
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
2- +1
7 Comments
Active today
Have you done a scan with MalwareBytes?
Http://www.MalwareBytes.org
I don't see anything obvious in the hjt log...
Aside from the ask toolbar, which I don't like.... Usually bundle ware ....
And this is questionable. If you know what it is, then you might have it installed intentionally...
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
Http://www.MalwareBytes.org
I don't see anything obvious in the hjt log...
Aside from the ask toolbar, which I don't like.... Usually bundle ware ....
And this is questionable. If you know what it is, then you might have it installed intentionally...
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
Yes. I have scanned with Malwarebytes, found nothing.
I do know what that service is, it's part of Wireshark. I've been using it to troubleshoot some things.
I do know what that service is, it's part of Wireshark. I've been using it to troubleshoot some things.
There are a large number of 023 entries that have (file missing) against them, you may want to 'fix' these. And i agree with johnb6767's description of the Ask Toolbar, which would mean 'fixing' these two entries>
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4
But please be aware that HJT can no longer detect a number of the more recent, damaging Malware, and the MBAM scanner was a good choice.
In addition to Malwarebytes(MBAM) you could also try running TDSSKiller.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Download the file TDSSKiller.zip and extract it into a folder
Execute the file TDSSKiller.exe.
Wait for the scan and disinfection process to be over.
Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial:
http://support.kaspersky.com/viruses/solutions?qid=208280684
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4
But please be aware that HJT can no longer detect a number of the more recent, damaging Malware, and the MBAM scanner was a good choice.
In addition to Malwarebytes(MBAM) you could also try running TDSSKiller.
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Download the file TDSSKiller.zip and extract it into a folder
Execute the file TDSSKiller.exe.
Wait for the scan and disinfection process to be over.
Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial:
http://support.kaspersky.com/viruses/solutions?qid=208280684
BM360,
Please do not attempt to "fix" the 023/Missing entries that are shown. They are simply caused by the inability of HJT to function properly in a 64 bit environment.
Details here:
http://www.experts-exchange.com/A_3178.html - HijackThis reports missing files on 64-bit Systems:
Please do not attempt to "fix" the 023/Missing entries that are shown. They are simply caused by the inability of HJT to function properly in a 64 bit environment.
Details here:
http://www.experts-exchange.com/A_3178.html - HijackThis reports missing files on 64-bit Systems:
@ BM360
Apologies for the earlier 023 file entry suggestion, and hope it hasn't inconvenienced you.
@ younghv
Thanks for the correction. There's no excuse, i read rpggamergirl's article a few months ago and even signed it ...i should have remembered it!
Apologies for the earlier 023 file entry suggestion, and hope it hasn't inconvenienced you.
@ younghv
Thanks for the correction. There's no excuse, i read rpggamergirl's article a few months ago and even signed it ...i should have remembered it!
Featured Post
WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
OfficeMate Freezes on login or does not load after login credentials are input.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc.
This will be demonstrated using Windows 7 operating system.
Suggested Courses
Course of the Month10 days, 22 hours left to enroll
719 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.