Rugged Notebooks Guide

I’m not sure what the problem is with my computer, but recently there have been random pop ups from internet explorer and mozilla, depending on which I’m on. (usually mozilla) I’d like to get rid of this virus or bug or whatever it is ASAP! I would greatly appreciate anyone’s help :)

here’s the HIJACK this log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:51:43 ?.?, on 2010/01/29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/?.redir=ymmapi9&.clntymver=2004.6.13.1&.cldefstat=Def2
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: (no name) – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – (no file)
O1 – Hosts: ::1 localhost
O1 – Hosts: 91.212.65.122 browser-security.microsoft.com
O1 – Hosts: 91.212.65.122 spyware-protector-2009.com
O1 – Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 – Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 – Hosts: 91.212.65.122 knocker
I can’t add the rest :/
What I just did was open the hosts file, delte those links and then save it. hopefully that works.

Tags: adobe acrobat, apple mobile device support, c program, cfp, common files, ctfmon exe, emachines, explorer v8, hijackthis exe, hkcu software, internet explorer, mobile device, platform windows, pop ups, running processes, software microsoft, spoolsv exe, svchost exe

This entry was posted on Friday, September 3rd, 2010 at and is filed under Mobile Computer Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.