Home > Hijackthis Log > Hijackthis Log - Lots Of "01 - Hosts"

Hijackthis Log - Lots Of "01 - Hosts"

exe 023 - servi ce: WAN Mi ni port (ATW) servi ce (WANMi ni portservi ce) - Ameri ca Onl i ne, Inc. - C: \WINDows\wanmpsvc. EXE/3000 09 - Extra button: Create Mobile Favori te - t2EAF5BB1-070F-11D3-9307-00C04FAE2D4F1 page 3 hi jackthi s.l og C: \PROGRA~l \MICROs~4\INetRep 1 . and click the CleanUp! When it is finished close CCleaner.Step #6Run CWShredderDouble-click on CWShredder.exe.Click "Fix ->" and click "OK" at the prompt.CWShredder will scan and clean your system of CWS files.Click "Next->" and then "Exit".Step Source

On the main screen under Your Computer's security Click on Change state next to Resident shield. It is extremely dubious and commercially sponsored:First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. So please do not use slang or idioms. Right-click the AVG Anti-Spyware Tray Icon and select Exit. read the full info here

Hijackthis log - lots of "01 - Hosts" This is a discussion on Hijackthis log - lots of "01 - Hosts" within the Inactive Malware Help Topics forums, part of the Extract it from the zip file to your desktop.Start Killbox, copy and paste each of the following lines into the "Full Path of File to Delete" box in Killbox, and click Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. Back to top #15 KMorris KMorris Member Members 11 posts Posted 30 April 2007 - 01:50 PM I won't.

I went to the link you provided http://p2p.malwarere....com/index.html but it looked like Kazaa's homepage so I backed out. and install.Start CleanUp! Back to top #7 KMorris KMorris Member Members 11 posts Posted 28 April 2007 - 10:50 PM I removed WhenUSave from the Add/Delete. Every time I reboot, all the warnings start blowing up again.

Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll O3 - Toolbar: It seems like it's changing the permissions of the guest acccount (even though it's deactivated) to create it's own user accounts with higher privileges. Yes, the scans were made at that time. http://www.techsupportforum.com/forums/f284/hijackthis-log-lots-of-01-hosts-66993.html Next, please reboot your computer in SafeMode by doing the following: 1.

I want to see if the 01s come back. User Name Remember Me? exe" -os boot 04 - HKLM\..\Run: (orderReminderJ c:\Program Fi 1 eS\Hewl ett-packard\orderRemi nder\orderRemi nder. Backing Up: C:\WINDOWS\system32\sqimeng.dll 1 file(s) copied.

Backing Up: C:\WINDOWS\system32\o0ro0a93ed.dll 1 file(s) copied. anchor If you wish to show your appreciation, then you may donate to help keep us online. com/i nsta 11/00015/ chm. Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to

Thanks for your understanding.***Did you set Group policies?GroupPolicyScripts\User: Restriction <======= ATTENTIONDid you install Chrome there:HKU\S-1-5-21-3683815079-3417825062-3341043080-500\...\ChromeHTML: -> C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION*** Download Security Check by screen317 from here or here.Save it this contact form Backing Up: C:\WINDOWS\system32\dageng.dll 1 file(s) copied. Kmorris Hijackthis Log Started by KMorris , Apr 28 2007 04:19 AM Please log in to reply 17 replies to this topic #1 KMorris KMorris Member Members 11 posts Posted 28 When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc.

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read BUILTIN\Users (ID-IO) ALLOW Read BUILTIN\Users (ID-NI) ALLOW Full access BUILTIN\Administrators (ID-IO) ALLOW Full access BUILTIN\Administrators (ID-NI) ALLOW Full access NT exe c: \WINDOWs\system32\svchost. Check the following entries (make sure you do not miss any) O1 - Hosts: 62.75.224.159 www.bns1.net O1 - Hosts: 62.75.224.159 www.bns2.net O1 - Hosts: 62.75.224.159 www.bns3.net O1 - Hosts: 62.75.224.159 www.bns4.net have a peek here I remove them, reboot and when I surf they come back again ..

Back to top #13 KMorris KMorris Member Members 11 posts Posted 30 April 2007 - 01:02 PM try to delete them manually, by the normal method. org 01 - HostS: 127.0.0.56 unwantedlinks.com 01 - Hosts: 127.0.0.57 webattack. exe 04 - HKLM\.. \Run : (ACTX1J C: \WINDOWS\ v1201.

exe 023 - servi ce: Intel (R) NMS (NMSSvC) - intel corporati on - C: \WINDOWs\system32\NMSSVC.

Back to top #17 KMorris KMorris Member Members 11 posts Posted 30 April 2007 - 10:22 PM Re-ran Dr Web Cureit - NO VIRUS' FOUND! Backing Up: C:\WINDOWS\system32\svs.dll 1 file(s) copied. Before Windows loads, press F82. No luck.

Several functions may not work. com 01 - Hosts: 127.0.0.49 spywarenuker. It says that cannot write selected changes to host file. Check This Out PKI (SSL Certificate) Trying to install Mint 18.1 MATE...

exe" -atbootti me 04 - HKLM\..\Run: (webHancer AgentJ "e:\program Fi 1 es\webHancer\programs\whAgent. Backing Up: C:\WINDOWS\system32\wapcd.dll 1 file(s) copied. Backing Up: C:\WINDOWS\system32\p84ulih9184.dll 1 file(s) copied. Password Register Forgot Password?

net 01 - Hosts: 127. EXE 09 - Extra 'Tool s' menui tern: Messenger - tFB5F1910-F110-11d2-BB9E-00C04F7956831 - C: \program Fi 1 eS\Messenger\MSMSGS. Here is my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 9:04:52pm, on 4/27/07Platform: Windows 98SE (Win9x 4.10.2222A)MSIE: Unable to get Internet Explorer Version!Running Processes:c:\WINDOWS\SYSTEM\Kernal32.DLLc:\WINDOWS\SYSTEM\MSGSRV32.EXEc:\WINDOWS\SYSTEM\MPREXE.EXEc:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exec:\WINDOWS\SYSTEM\MSTASK.EXEc:\WINDOWS\SYSTEM\mmtask.tskc:\WINDOWS\EXPLORER.EXEc:\WINDOWS\TASKMON.EXEc:\WINDOWS\SYSTEM\SYSTRAY.EXEc:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXEc:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_0B\REALSCHED.EXEc:WINDOWS\SYSTEM\LVCOMS.EXEc:WINDOWS\SYSTEM\STIMON.EXEc:WINDOWS\SYSTEM\QTTASK.EXEc:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALENDAR.EXEc:\SMARTDSK\FLASH\SDSTAT.EXEc:\PROGRAM FILES\WINDOWS MEDIA You should 'not' have any open browsers when you are following the procedures below.

Thanks a lot! exe 04 - HKLM\..\Run: (internet optimizerJ "e:\Program Files\internet opti mi zer\opti mi ze. The new user accounts then creates a task called "ngm", this task starts every evening at 11:00 PM.