 |
 |
 |
 |
|
|||||||
| [Fixed] Hijackthis! Logs - Browser Hijack/Sagipsul.com virus? posted in the Security & Safety forums; Unfortunately, I cannot access any of the five sites linked to by Pancake in safe mode. The result is the same - a page load error.... |
|
01-04-2009
|
#8 |
|
Bronze Member
 Join Date: Jan 2009
Posts: 15 PC Experience: Some Experience
|
Re: Browser Hijack/Sagipsul.com virus?
Unfortunately, I cannot access any of the five sites linked to by Pancake in safe mode. The result is the same - a page load error.
|
|
|
| Advertisement - Register to Remove | |
|
|
01-04-2009
|
#9 |
|
Senior Security Analyst
 
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 6,865 PC Experience: Elite PC Guru
|
Re: Browser Hijack/Sagipsul.com virus?
Can you download them onto another computer using a flash/thumb drive and transfer them to yours..?
__________________
My real name is Eddy
|
|
|
|
|
01-04-2009
|
#10 |
|
Bronze Member
Join Date: Jan 2009
Posts: 15 PC Experience: Some Experience
|
Re: Browser Hijack/Sagipsul.com virus?
Originally Posted by Pancake
I can buy a flash drive and find a computer to use, but now I wonder if the programs will even load.
I manged to access a CNET download site and tried to download the HijackThis setup file, got the "Opening HJTInstall.exe" message, clicked "save file", but it never downloaded. So like I said, I'm wondering................ |
|
|
|
|
01-04-2009
|
#11 |
|
Tech Support Team
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Browser Hijack/Sagipsul.com virus?
try renaming the hjt.exe to something like xxx.exe
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
01-04-2009
|
#12 |
|
Bronze Member
Join Date: Jan 2009
Posts: 15 PC Experience: Some Experience
|
Re: Browser Hijack/Sagipsul.com virus?
Originally Posted by Crush
Do you mean rename it if I manage to download it via a flash drive? Because when I try to save it from the download site on my infected computer, no dialogue box opened.
Also, is it normal on this site to be logged out after every post even when checking the keep me logged in option? |
|
|
|
|
01-04-2009
|
#13 |
|
Tech Support Team
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,112 PC Experience: Always Learning New Things
|
Re: Browser Hijack/Sagipsul.com virus?
No, don't rename it if you do end up getting a flash drive and putting it on a flash drive. I was referring to your query that you could not get it to run.
No, being logged out after every session is not normal. I'd imagine that is the malware. Should be fixed once the infections are gone.
__________________
Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this |
|
|
|
|
01-05-2009
|
#14 |
|
Bronze Member
Join Date: Jan 2009
Posts: 15 PC Experience: Some Experience
|
Re: Browser Hijack/Sagipsul.com virus?
I'm Baaaaaack.
For some reason, I am now able to access the sites and download the requested programs. The log files follow. Thanks for your help, folks.  Malwarebytes' Anti-Malware 1.32 Database version: 1619 Windows 5.1.2600 Service Pack 3 1/5/2009 3:32:17 PM mbam-log-2009-01-05 (15-32-17).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 139050 Time elapsed: 32 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 6 Registry Keys Infected: 19 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 32 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\himguwif.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\urqqoNgH.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\nxhfho.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\tuvTljJY.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\pqipxcmq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\yxpwhn.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{46b6e4b3-7a04-43d6-9bff-3ef86c61b128} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{46b6e4b3-7a04-43d6-9bff-3ef86c61b128} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{b0720b62-d8f7-4ad3-b31f-4cc13383e524} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b0720b62-d8f7-4ad3-b31f-4cc13383e524} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvtljjy (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{b0720b62-d8f7-4ad3-b31f-4cc13383e524} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{46b6e4b3-7a04-43d6-9bff-3ef86c61b128} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\3cf96f5e (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\urqqongh -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqongh -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\yxpwhn.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\urqqoNgH.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\HgNoqqru.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\HgNoqqru.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\himguwif.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fiwugmih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pncdiccc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cccidcnp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nxhfho.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\tuvTljJY.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\pqipxcmq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temporary Internet Files\Content.IE5\IVD0YFE6\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temporary Internet Files\Content.IE5\OEUSS15N\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Joan\Local Settings\Temporary Internet Files\Content.IE5\OEUSS15N\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cdaglojf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fevayr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nyaftr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekaylqeevxu.dll (Trojan.Seneka) -> Delete on reboot. C:\WINDOWS\system32\ynpddeml.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ujryerec.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekanbgknsmp.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\senekarubxhopx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekayqvdyiuw.sys (Trojan.Agent) -> Delete on reboot. ================================================== ==== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:40:13 PM, on 1/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\FpLogonServ.exe C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\PM Agent\WisFnCtrlSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BisonCam\BsMnt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\AMSG\amsg.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Joan\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Comcast.net Home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Comcast.net Home R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\sw g.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [BsMnt] C:\WINDOWS\BisonCam\BsMnt.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: yxpwhn.dll O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: WisFnCtrlSvc - Wistron Corp. - C:\Program Files\PM Agent\WisFnCtrlSvc.exe -- End of file - 12270 bytes ================================================== ==================== |
|
|
|
|
| Bookmarks |
| Tags |
| browser, fixed, Fixed:, hijack or sagipsulcom, virus |
Similar discussions...
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Browser hijack/ adware | topcat989 | [Pending] HJT Logs | 2 | 04-03-2009 05:49 PM |
| Pending: Browser Hijack/Sagipsul.com virus? Cimag Trojan? | StarDreamer | [Pending] HJT Logs | 15 | 04-03-2009 03:43 AM |
| Fixed: Browser Hijack / trojan virus | snappleman75 | [Fixed] Hijackthis! Logs | 7 | 01-17-2009 01:14 AM |
| Fixed: HJT log - re browser hijack | warrencrew | [Fixed] Hijackthis! Logs | 11 | 01-03-2009 01:53 AM |
| Browser Hijack | torquesteeruk | Security Watch | 2 | 09-17-2008 08:01 AM |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
