Skip to content
View in the app

A better way to browse. Learn more.
Coldplaying

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Hidrag.A Virus! Arghhhhhh!!!

Eagle131
in The Lounge

Featured Replies

Bloody viruses...I was told to download Hijackthis and post the log somewhere to have a 'knowledgable' tech to have a look at it...here goes...

 

Logfile of HijackThis v1.97.7

Scan saved at 3:41:29 AM, on 2/22/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\America Online 9.0\aolwbspd.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Sonic Foundry\Sound Forge 6.0\forge60.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\WINDOWS\SynCor.exe

C:\WINDOWS\svchost.exe

C:\Program Files\BitTorrent\btdownloadgui.exe

C:\WINDOWS\system32\ntvdm.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Eagle\Desktop\emo\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [PhilipsRemote] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\PhilipsRemote.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [winsys] syschost.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Run DAP (HKLM)

O9 - Extra button: Research (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{0D75711C-E59E-4ECC-92F7-29129B0EA8A8}: NameServer = 67.87.97.10,77.133.120.9

O17 - HKLM\System\CCS\Services\Tcpip\..\{C816399F-2A2A-4BCA-B799-D9D883FB23FF}: NameServer = 205.188.146.145

O17 - HKLM\System\CS2\Services\Tcpip\..\{0D75711C-E59E-4ECC-92F7-29129B0EA8A8}: NameServer = 67.87.97.10,77.133.120.9

O17 - HKLM\System\CS3\Services\Tcpip\..\{0D75711C-E59E-4ECC-92F7-29129B0EA8A8}: NameServer = 67.87.97.10,77.133.120.9

 

Also, AVG scans and finds hidrag.a but it can't delete it. It also shows that there were a buncha files saved to plain old C;\ that I never put there that were all infected with the Hidrag.A. Well I need help fast cause this freakin virus "ate" up almost all my freakin exe's on my HD, and I'm not going to reformat as I have too much important stuff with no money to buy resources to back it up. Please help!!

how did you get this virus?? :huh: maybe Ian can can help you.. but I havent seen him in a bit... :(

is he dead? :lol: (no seriously) :(

who's that?, i dunno him. is she online

C:\WINDOWS\system32\LEXPPS.EXE

hit me if im wrong, but isn't this something to do with lexmark printers?

ouch fuck

what was that for?

I havent a clue!! ask his fiance!! :P

 

He wasn't last time I checked!! :D

C:\WINDOWS\system32\LEXPPS.EXE

hit me if im wrong, but isn't this something to do with lexmark printers?

 

you were wrong! :rolleyes:

Actually I think it DID have something to do with Lexmark, but its just an advertisement. Along with Hewlett Packard and Phillips remote controls, it seems like a pop up virus.

well that means i just hit jak for nothin' haha

 

@jenjie person: where the hell is ian?, i miss him :cry:

well that means i just hit jak for nothin' haha

ahh great, thanks :thumbsup: :dozey:

 

 

:P

I havent a clue!! ask his fiance!! :P

 

He wasn't last time I checked!! :D

 

:stunned: wait a minute... you are his fiance.. and now, no?? :cry: :huh:

I ought to quote better!!! He wasn't dead last time I checked :D

And, if I play my cards right, I think is still marrying me!!

I think she meant he's not dead, silly cammy. :kiss:

I think she meant he's not dead' date=' silly cammy. :kiss:[/quote']

 

*phew* oh my! I got scared there for a minute!! :embarrased:

 

@jenjie person: where the hell is ian?, i miss him :cry:

 

 

that's an excelent question

i thought ian was marrying me!!!!????? :cry: :cry: :cry:

 

guess ill return my dress and the ring tomorrow.... :( :cry: :embarrased:

Create an account or sign in to comment
Go to topic listing

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.