Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Hothotmodels virus - hijackthis report inside
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Hothotmodels virus - hijackthis report inside  
Forum Quick Jump
 
New Topic Post reply to : Hothotmodels virus - hijackthis report inside Printable version of : Hothotmodels virus - hijackthis report inside
[ << Previous Thread | Next Thread >> ]

Shivia
New Member


Date Joined Mar 2007
Total Posts : 1
  		   Posted 3-28-2007 11:25 (GMT +1)    Quote: Hothotmodels virus - hijackthis report insideAlert an admin about: Hothotmodels virus - hijackthis report inside
I was given a link to a hothotmodels website and since then ive had a lot of trouble with popups, computer crashing/ running slow etc. I have a log of hijackthis below. Can someone please tell me how to get rid of this nasty virus? :
 
Logfile of HijackThis v1.99.1
Scan saved at 23:21:32, on 28/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinAntiSpyware 2007 Free\uwas7cw.exe
C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasers.exe
C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasdc.exe
C:\Program Files\WinAntiSpyware 2007 Free\was7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Mel\Desktop\VundoFix.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Mel\Desktop\alternative\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4635CC18-0CE2-4870-96DF-34F9B15576F1} - C:\WINDOWS\system32\gebca.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\hwbkjgug.dll
O2 - BHO: (no name) - {6A711EAB-19C4-4757-A491-F1A73527BCDd} - C:\WINDOWS\system32\ghgxlsqy.dll
O2 - BHO: (no name) - {7D064D71-DD76-4596-90C0-921766AD560A} - C:\WINDOWS\system32\xxyabxx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\caskgdpu.dll",setvm
O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007 Free\was7.exe" /min
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007 Free\uwasers.exe"
O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\WinAntiSpyware 2007 Free\uwas7cw.exe" -c
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [ccube_Cleanup] "C:\DOCUME~1\Mel\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKLM\..\RunOnce: [ccube_Uninstall_Lock] "C:\DOCUME~1\Mel\LOCALS~1\Temp\cazz_001.exe" /null
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: WIKI.DLL
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyabxx - C:\WINDOWS\SYSTEM32\xxyabxx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Back to Top
 

antispy
Junior Member


Date Joined May 2005
Total Posts : 93
  		   Posted 5-5-2007 11:00 (GMT +1)    Quote: Hothotmodels virus - hijackthis report insideAlert an admin about: Hothotmodels virus - hijackthis report inside
hello, your hijackthis log contains WinAntiSpyware 2007 application which is created to mislead user with fake warnings about system infection. 
WinAntiSpyware 2007 removal method.

 

Back to Top
 

Immrgy
New Member


Date Joined May 2007
Total Posts : 1
  		   Posted 5-10-2007 7:24 (GMT +1)    Quote: Hothotmodels virus - hijackthis report insideAlert an admin about: Hothotmodels virus - hijackthis report inside
When I check my processes log and I find a file I'm not sure of, I use this site. It's been incredibly helpful.

http://www.file.net/process/_s.htm

Processes are listed in alpha order. You'll be able to get a description, the software company the process belongs to, how
to uninstall, registry location and whether or not it's okay to disable.
Back to Top
 
New Topic Post reply to : Hothotmodels virus - hijackthis report inside Printable version of : Hothotmodels virus - hijackthis report inside
 
Forum Information
Currently it is Friday, January 09, 2009 11:30 PM (GMT +1)
There are a total of 66.009 posts in 16.187 threads.
In the last 3 days there were 18 new threads and 109 reply posts. View Active Threads
Who's Online
This forum has 27804 registered members. Please welcome our newest member, revmrf.
52 Guest(s), 2 Registered Member(s) are currently online.  Details
castleclan, papy1
5 Latest Threads
Windows antivirus 2009 (4)09-01-2009 22:25:35 (castleclan)
Google redirect virus help (6)09-01-2009 20:36:39 (phinfan)
Connection to server timeout (0)09-01-2009 20:35:36 (revmrf)
Hijackthis (2)09-01-2009 19:41:14 (fingers101)
Need help with removing viruses ∼tmpa and ∼tmpc!!! (4)09-01-2009 19:26:11 (Strummer89)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard