Computer Support Forum

Zeno Searc Assistant Removal And Other Popups

Question: Zeno Searc Assistant Removal And Other Popups

I have been working on my nephews computer for a couple of days now and Cox Security still finds zeno search assistant. Please help. Thanks in Advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:51:04 PM, on 2/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Cox\Applications\App\syssvcnt.exeC:\Program Files\Bonjour\mDNSResponder.exec:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exeC:\Program Files\Kodak\printer\center\KodakSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Cox\Applications\app\Console.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exec:\windows\system32\knwdw64s.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\qcntolwb.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dllO2 - BHO: (no name) - {63D2CD45-E76A-4520-9DDD-AD7922734FF7} - C:\WINDOWS\system32\vtstt.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: (no name) - {D253212F-4375-4EB6-93EB-620ACED9B0BE} - C:\WINDOWS\system32\pmkhi.dll (file missing)O2 - BHO: {f1f2bbb9-1ef1-8a29-8d24-f5f2233f73bf} - {fb37f332-2f5f-42d8-92a8-1fe19bbb2f1f} - C:\WINDOWS\system32\bmquyqhu.dll (file missing)O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exeO4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exeO4 - HKLM\..\Run: [{0B-B6-6D-D0-DW}] c:\windows\system32\knwdw64s.exe DWmhstO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qcntolwb.exe DWmhstO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\qcntolwb.exeO4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\knwdw64s.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?35b411c4a1474ecf99f9405aaa77e737O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?35b411c4a1474ecf99f9405aaa77e737O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{BA7C9C84-9ABC-48E9-BBE0-71EC735E6CB9}: NameServer = 85.255.113.205,85.255.112.66O17 - HKLM\System\CCS\Services\Tcpip\..\{E9D9E061-A192-426A-9DF4-A7762A8CDD16}: NameServer = 85.255.113.205,85.255.112.66O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.205 85.255.112.66O20 - Winlogon Notify: __c008230E - C:\WINDOWS\system32\__c008230E.dat (file missing)O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe--End of file - 11088 bytes

Relevance 100%
Preferred Solution: Zeno Searc Assistant Removal And Other Popups

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Zeno Searc Assistant Removal And Other Popups

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

10 more replies
Relevance 75.85%

Hiya All, I was wondering whether you can help me please. I have tried to remove the Zeno Search Assistant running in memory... I have tried: Spysweeper, Ad-Ware, Trend Micro, Counterspy and Spy Doctor...The problem is that is just starts from bootup and then as u use the internet. it just gives u annoying pop-ups, which Spysweeper does not block out, so your constantly closing them down. Also gettin pop-up about fixing the registry and WinFix, god, thats frustrating.... Any ideas to remove this would be so much appreciated, lm running Windows 2000, its a laptop, Dell D600. Any such help, would be so much appreciated. I tried to run spyswepper in Safe Mode, but it wouldn't allow me to do so, as it kept coming-up with a pop-up saying u have to make changes using Control panel. I dont quite recall the message, but thats wat l was getting. I was advised to post a log from Hijackthis, into this section, to get one of the experts to have a lok at this, so ladies and gents over to you, as lm not expert in this. I will follow exactly what you say. I know it may take time to lok at this, so l will patiently await for a response, thanks in advance. Derek.Logfile of HijackThis v1.99.1Scan saved at 17:53:12, on 27/10/05Platform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32&#... Read more

Answer:Zeno Search Assistant Running In Memory

Download this program:submit files packerHighlight the files listed below in bold and right-click and selecting copy.C:\zxinst_ms001.exeThen start the file packer program and right click in the white box and select paste to paste the copied file names in the field.Then press the Continue button.I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.Rename this file to yourmembername.cab (for example grinler.cab).Then go to:http://www.bleepingcomputer.com/submit-malware.phpand fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.Then,Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:O4 - Startup: Zstart.lnk = C:\zxinst_ms001.exeReboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\zxinst_ms001.exeReboot your computer to go back to normal mode and post a new log and tell me if your better.

1 more replies
Relevance 75.85%

Hiya All,

I was wondering whether you can help me please. I have tried to remove the
Zeno Search Assistant running in memory...

I have tried: Spysweeper, Ad-Ware, Trend Micro, Counterspy...The problem is
that is just starts from bootup and then as u use the internet. it just gives
u annoying pop-ups, which Spysweeper does not block out, so your constantly
closing them down. Also gettin pop-up about fixing the registry and WinFix,
god, thats frustrating....

Any ideas to remove this would be so much appreciated, lm running Windows
2000, its a company laptop, Dell D600. Any such help, would be so much
appreciated.

I tried to run spyswepper in Safe Mode, but it wouldn't allow me to do so,
as it kept coming-up with a pop-up saying u have to make changes using
Control panel. I dont quite recall the message, but thats wat l was getting.

Anyway, thanks for reading this, and l hope someone can

Answer:Zeno Search Assistant Running In Memory

Welcome to Bleeping Computer You could post a HiJackthis log in our HijackThis Logs and Analsis forum.Before you do, please read the intructions in the How to submit a Hijackthis LogPlease be patient while a member of the HJT team has a chance to analysis your log.It may take several attempts until your log is clean.Good-luck.

2 more replies
Relevance 75.85%

We seem to be infected with the three viruses above and have tried multiple ways of deleting them, but they will not go away. We get a flurry of pop ups everytime we're online, but particularly when we have used Google to search for something. We are running McAfee Anti-Virus, Firewall and Spam Filters - I've also tried the Ad-Aware, Stinger, Panda Security, etc. that is listed on the instructions of how to do this post. I'd appreciate any help!!! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:57:49 PM, on 9/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\drivers\dcfssvc.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exe... Read more

Answer:Virtumonde, Winfixer & Zeno Search Assistant

Hello poconno3,Welcome to Bleeping Computer Navigate to C:\Program Files\Internet ExplorerDelete the following file in bold:profsyxymi.htmlThen Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),Also remove the checkmark from the the Lock Desktop Items box if it is checked.Apply.Apply and Exit Display properties.1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

14 more replies
Relevance 71.75%

I keep getting popups from loads of different sites including searc-h, cash-coupon and all sorts. Problem started when i downloaded a crack and diddnt scan it then i was flooded with all sorts of viruses and spyware including spysheriff. Ive got rid of all it now but cant get rid of these goddamn popups and they keep interupting the matrixath of neo(excellent game)
SO CAN SOMEONE PLEASE HELP!!!!!
have followed all the standard removal guidelines(in safe mode too)
heres the hijack log


Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Answer:Keep getting searc-h popups? HELP!!!!!

Welcome to MajorGeeks.com, please follow the steps below:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis
 

14 more replies
Relevance 70.11%

We've had a problem the last week or so with these popups. They originate from searc-h.com but quickly change to a different address -- a poker site, adopt.hotbar, passion.com, icann, etc. I've done HJT and can't find anything. I've deleted a bunch of dll's that were suspicious but they keep coming back. Someone please help me!!! The popups are very irritating and occasionally verge on risque. They come up even if we don't have our browser up. We walk away from the computer, come back in 10 min., and there's 3 or more pop up windows sitting there. Our popup blocker catches some (especially the ones that try to popup as you close another) but no where near all of them. I'll post a HJT log but I don't think you'll find anything. Any help is appreciated. Thanks so much.

Jen Silverman

Logfile of HijackThis v1.99.1
Scan saved at 8:52:44 PM, on 8/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\UNLOAD\HPQCMON.EXE
D:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
D:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
D:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
D:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\AWS\WEATH... Read more

Answer:HELP!! searc-h popups are making us crazy!

Hi and Welcome to TSF!

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Save the next instructions in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers on.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

It is also important you don't miss a step and perform everything in the right order!!. .


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them unless instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

Please download Trend Micro? Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all it... Read more

9 more replies
Relevance 68.88%

Google basically does the well know re direct of a search, bringing up various marketing etc sites.

This is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:09, on 05/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

--
End of file - 920 bytes

Thankyou for any help, would just like the removal of these Search assistant bugs.

Answer:Google searc redirect, Search Assistant/Customize Search element.

Hello.Your Hijackthis log looks extremly small. Have you been fixing any entries?Hijackthis warningHijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself.If you do not have advanced knowledge about computers you should NOT fix entries using HijackThis without consulting an expert on using this program.Thanks for Understanding Backup Registry with ERUNTThis tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.Please download erunt-setup.exe to your desktop. Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.You can find a complete guide to using the program here:http://www.larshederer.homepage.t-online.de/erunt/erunt.txtHow to Restore from the ERUNT BackupOnly restore from the backups if instructed to, or you need to do s... Read more

3 more replies
Relevance 68.06%

Having problems with popups on my computer for Cyber Defender and popups with a title underneath that starts with Zeno and a message that states it did not originate with the site that was visited..

Here is the hijackthis log...

Logfile of HijackThis v1.99.1
Scan saved at 6:29:21 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1135986696\ee\AOLSoftware.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\pkdsregl.exe
C:\defender25.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\tfthot.exe
C:\WINDOWS\cfg32.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Jav... Read more

Answer:Popups for CyberDefender and a Popup called zeno

Welcome to TSF

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Before you begin, take a read through these instructions and download the programs that I've advised. Save the below instructions in Notepad or Word if you wish to reserve format. Alternatively, Print out the instructions because we require you work in safe mode without networking support, so this page wouldn't be available then.

If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below.

Please allow yourself a few spare hours. Below are instructions for a virus scan(s) that can take longer then 2 hours.

It is also important you don't miss a step and perform everything in the right order!! .

********************************FOR YOUR INFORMATION*************************

I notice that you have two anti-virus programs on your machine. That's not a good idea!!
Alike firewalls, anti-virus programs have conflicts co-existing with each other & may produce undesirable results. Please uninstall one of them.

********************************DOWNLOADS********************************

Please download these additional files/programs. Do not run them unless instructed to do... Read more

8 more replies
Relevance 67.65%
Question: Zeno removal

Please help!! I can't stop the zeno pop ups........what can I do??
 

Answer:Zeno removal

Hi and Welcome

Great 1st step is to follow our standard cleaning procedures, then once you have completed those tasks in getting your PC to a cleanish point we can deal with any mopup of the malware. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.





- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
Click to expand...


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

 

1 more replies
Relevance 67.24%

Logfile of HijackThis v1.99.1
Scan saved at 4:59:42 AM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\WINDOWS\System32\Ru... Read more

Answer:popups galore- Malware -Zeno Serch-HELP!!! hjt attached

Please do not start more than one thread for the same problem.

Closing duplicate.

Please continue here:

http://forums.techguy.org/malware-removal-hijackthis-logs/609590-need-help-removing-adware-zeno.html
 

1 more replies
Relevance 65.6%

Hi there.I ran everything in your "Preparation Guide Before Posting a HiJack this log"I have also run VirtumondeBeGone (in safe mode), VundoFix, McAfee Virus Protection and Spyware Doctor (which I purchased). Nothing has eliminated my problems completely. I could use your help! Thank you very much. ***********Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:46:58 PM, on 9/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Progr... Read more

Answer:Ad Popups/virtumonde/zeno/data Miners...dear God Make It Stop

Welcome to the BleepingComputer HijackThis Logs and Analysis forum bapow My name is Richie and i'll be helping you to fix your problems.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

20 more replies
Relevance 64.37%

help i think ive got a virus, ive got a super slow computer, and my internet spams me with new page popups telling me i need to get a reigstry scan. here is my hijack this log, ive tried ewido micro scanner, i have nod 32 as a home virus protection, and i have also ran spybot search and destroy. any help would be greatly apreciated Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:38:26 PM, on 12/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files ... Read more

Answer:help, slow computer, new browser page popups spam me while im in IE. Ive trie ewido micro scan, i have nod 32, and spybot searc...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

2 more replies
Relevance 54.94%

I can't seem to get rid of endless popups and every time I turn on my computer, I get "error loading stlb2.dll - the specified module can't be found". I also get a window with 180search Assistant Alert.

After reading your forums, I've done the following: Downloading Tools; Download the following tools and save in your favorite download folder or create one, for example C:\Temp or C:\Downloads. And then install, update, and configure as indicated below. While this may seem like overkill, there currently is no one perfect removal tool. Because of this, to properly find and fix your problem, you need to try a variety of programs.

Ad-Aware SE.......Install, click Check for Updates now and get any updates, then exit.
Ad-Aware VX2 Cleaner Plug-In.....Install only
CCleaner.............Install only, then exit
Spybot................Install, do the search for updates now and get any updates, then exit.
Spybot - Search and Destroy DSO Exploit Fix - Install this patch on top of Spybot to fix the DSO Exploit bug
SpywareBlaster...Install, click Download Latest Protection Updates, Check for Updates, and then Enable All Protection, then exit. It does a great job of blocking known vulnerabilities as well as known malicious websites.
McAfee AVERT Stinger.....No installation required! Ready to run as is.
CWShredder......No installation required! Just unzip it to a folder.
Kill2me..............No installation required! Just unzip it to a folder.
about:... Read more

Answer:stlb2.dll, 180 search assistant, popups

Hi hlewis,

Look in Add or Remove Programs for 180 Search and try to Uninstall it if found. Also look in your Program Files Folder. When you do this, make not of any other suspicious looking programs that you do not recognize and let us know what you find.

Also, go ahead and send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder ? C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I?m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP
 

9 more replies
Relevance 53.71%

Hi,I am having this problem - Helpassitant folder created in my document and settings folder, every time i reboot my computer.I have many problems because of this.. like slow booting up... freezing computer..Any help is really appreciatedThanks for you time and efforts in advance.Disha

Answer:Help Assistant Removal

Hello my name is Sempai and welcome to Bleeping Computer. *We apologize for the delay. Forum has been busy.* Please stay with me until I declare that your computer is clean as most users don't reply anymore once they found out that their computer is running smoothly, but absence of symptoms does not mean that a computer is free from infection.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.+++++++++++++++++++1. Download GMER Rootkit Scanner from here. Extract the contents of the zipped file to the desktop. Double click GMER.exe and if you are asked if you want to allow gmer.sys driver to load, please allow it to do so. If it gives you a warning about rootkit activity and asks if you want to run scan, please click on NO. In the right panel you will see several boxes that have been checked. Uncheck the following the following checkboxes: Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Now click on the Scan button and wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in ark.txt and save it to your desktop.Post the contents of that report when you reply.2. Download OTL to your Desktop.Double click on the icon... Read more

12 more replies
Relevance 53.71%

well I put it all in the topic ... I'm working on my parents computer (which they allow an 8 year old to use) and they are infected with crap ... IE is constantly poping up about security certificate errors ...
 
I would note that the computer is slow ... but it doesn't have enough memory so malware is only part of that problem.
 
Shrug... don't know what else to say ...
 
(I will probably proactively delouse my own computer later as well as optimising this one and look into getting more memory ....  but all that is another post for another day)
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by SHIELA at 13:46:44 on 2014-02-06
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2942.1328 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.... Read more

Answer:Have popups, live assistant, "Dell System Detect" and who knows what else ...

Hello smurfhandy,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.  I will be analyzing your log. I will get back to you with instructions.1.Please delete your copy of TDSSKiller and download the latest version from here and save it to your Desktop.Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button... Read more

12 more replies
Relevance 53.3%

Logfile of HijackThis v1.98.2Scan saved at 6:05:20 AM, on 8/23/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton Personal Firewall\NISUM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\WINDOWS\LTMSG.exec:\progra~1\... Read more

Answer:Search Assistant Removal

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bqqiwmqzjtdiaqd.net/YobkkBgtflu...pJ4cDxgrq5m.jpgO2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dllO2 - BHO: (no name) - {D851EA4E-FB53-1B72-AD35-D592E4700583} - C:\PROGRA~1\ERRORC~1\Hold this.exeO2 - BHO: TChkBHO Class - {F6E6D2FD-5AFD-4D35-91CD-3F09010EFD52} - C:\WINDOWS\system32\effje.dllO4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exeO4 - HKLM\..\Run: [Audio Noun] C:\PROGRA~1\OPENDO~1\Info Platform First.exeO4 - HKLM\..\Run: [support bird readme move] C:\Documents and Settings\All Users\Application Data\Proxy More Support Bird\heartfast.exeO4 - Startup: PowerReg Scheduler.exeO8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.htmlO16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} (SBITAX7Ctrl Class) - http://ultimateplugin.com/tl7000.dllO16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...f7... Read more

1 more replies
Relevance 53.3%

After having numerous problems with my machine locking up I discover the Help Assistant directory with a copy of my hard drive in it. After some initial research I tried to remove it by disabling the user and deleting the directory only to have it return. I found another topic regarding this but after reading decided to contact you first before doing anything more.DDS log file is below and Attach.txt is attached. When I tried to run GMER, after making the requested adjustments and then clicking scan, it began scanning and then displayed the blue problem detected screen and windows has been shut down. Pertinant information in blue screen was:======================================DRIVER_IRQL_NOT_LESS_OR_EQUAL======================================then the standard if first time restart message followed by:======================================Technical Information:*** STOP: 0x000000D1 (0x0000000C, 0x00000002, 0x000000000, oxEE0C2E52)Mpfp.sys - Adress EE0C2E52 base a EE0B9000, Date STamp 49de3cac======================================DDS logDDS (Ver_10-03-17.01) - NTFSx86 Run by Mommy at 13:15:06.03 on Sat 06/12/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.158 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\syste... Read more

Answer:Help Assistant Virus removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

16 more replies
Relevance 53.3%

Happy 4th of July Everyone!

Somehow I got this little bugger... can't figure out how to get rid of it.
You can't remove it from the "Add/Remove Hardware" screen.

I have a HijackThis log if you want to see it.
I ran AdawareSE but for some reason I don't think it's updating correctly.

Any help would be appreciated!
Thanks

 

Answer:My Way Search Assistant Removal

You should be looking at Add/Remove Programs not Hardware.

If you still have problems, follow the steps below. HijackThis is far from the first step. What version of Ad-Aware SE do you have. Make sure you compare to the one in the links below.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

13 more replies
Relevance 53.3%

Hi,

I have looked through a few forums on removing the Amazon Assistant virus but I still have not removed it from my machine. I'm continuously getting the blank, white pop-up. When I went to remove the program, the "uninstall" option is greyed out and I am unable to get into the actual file to delete it because it keeps saying that the file is open. I haven't been able to close the pop-up for long enough to remove the file. As I type this, the pop-up is coming up every 10-15 seconds. I just need this gone, it's getting to be too much and my machine is slowing down exponentially.

Here are the specifications of my machine.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, Intel64 Family 6 Model 78 Stepping 3
Processor Count: 4
RAM: 3969 Mb
Graphics Card: Intel(R) HD Graphics 520, 1024 Mb
Hard Drives: C: 930 GB (812 GB Free);
Motherboard: Acer, Ironman_SK
Antivirus: Avast Antivirus, Enabled and Updated

I also went ahead and ran a scan on my computer with the FRST (x64) program I saw in many other replies. I will include both scans below.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2017
Ran by Ethan Hughes (administrator) on HUGHES (06-12-2017 13:24:46)
Running from C:\Users\Ethan Hughes\Downloads
Loaded Profiles: Ethan Hughes (Available Profiles: Ethan Hughes)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Languag... Read more

Answer:Amazon Assistant Removal

Here is the additional scan:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-12-2017
Ran by Ethan Hughes (06-12-2017 13:26:14)
Running from C:\Users\Ethan Hughes\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-11-10 02:58:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-2008701448-1604200778-1345039759-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2008701448-1604200778-1345039759-503 - Limited - Disabled)
Ethan Hughes (S-1-5-21-2008701448-1604200778-1345039759-1001 - Administrator - Enabled) => C:\Users\Ethan Hughes
Guest (S-1-5-21-2008701448-1604200778-1345039759-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2008701448-1604200778-1345039759-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs s... Read more

1 more replies
Relevance 53.3%

Hello HijackThis Team and the Moderators!! You guys helped me out a couple years ago, which I appreciated. Now once again, am here asking for your help.Can't get rid of this &$#%$ Search Assistant Have scanned with Ad-Aware and Spybot - Search and Destroy but to no avail - it comes back up each time I do a Hijack This run. Not sure of this but I think it controls results on Google--sometimes I do a search, and the weirdest sites come up as results--just doesn't look right.Anyway, your help is much appreciated, as always!! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:44:24 AM, on 26/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exeC:\WINDOWS\system32\gearsec.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlcl... Read more

Answer:Please Help With Search Assistant Removal

Hello jaja67893,

Welcome back to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

3 more replies
Relevance 53.3%

Follwed instructions and the toolbar diappeared.. Now as I start browsing on firefox I get an alert from my Norton firewall asking to permit this connection. I block it.I permitted this before and the hijacker returned .This is the log from norton firewall log: Help is appreciated. Thanks Details: This one time, the user has chosen to "block" communicationsOutbound TCP connectionRemote address,service is (f15717.bins.lop.com(66.220.17.158),http(80))Process name is "C:\Program Files\Internet Explorer\iexplore.exe" Logfile of HijackThis v1.98.2Scan saved at 1:19:31 AM, on 8/26/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton Personal Firewall\NISUM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Microsoft Shared\Work... Read more

Answer:Search Assistant removal

Are you already being helped in another thread?

1 more replies
Relevance 53.3%

i original posted in security - as i dont have the machine
but will probably connect tomorrow

however, as i only really want advice from the experts here - i moved to the virus forum

I have just been helping a friend remotely on a laptop - windows 10 remove amazon assistant
which keeps popping up on the screen

usually adwarecleaner followed by malwarebytes gets rid of these

Adwarecleaner - listed it as an optional PUP and i made sure it was checked - also checked other amazon items WOW - etc
and removed and rebooted

Still came up

ran adwarecleaner again
this time it had removed other items - except amazon button1 (which is amazon assistant)
so removed it again and rebooted

still came up

ran malwarebytes

listed as a threat - quarantined
rebooted

still there

how do we get of this think
ALL google searches appear to indicate that Malwarebytes & Adwarecleaner - should remove
 

More replies
Relevance 52.89%

Hi. My mywaysearch assisant is gone rogue. I've attached my log of hijackthis so I just need help on what to do next. Already uninstalled myway and cleared the folders as well.
 

Answer:Myway Search Assistant Removal

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using ... Read more

1 more replies
Relevance 52.89%

It appears I have fallen victim to the Home Search Assistant hijack as so many others have. I downloaded the HSRemove tool and followed the instructions contained therein. After running the program in safe mode, I checked the add/remove programs and Home Search Assistant is no longer listed. When I restart my computer in normal mode, it reappears. IE opens with the message that the hijack has been removed, but once I close IE and reopen it again the hijack is back. The curious thing is that I stopped and disabled Network Security Services when in safe mode. When I restart in normal mode, I find that Network Secuirty Services has been changed back to "automatic". Any ideas??? I have Windows XP home edition. I have set up an administrator account and a personal account too if that makes a difference. Thanks for any help you can offer.
 

Answer:Home Search Assistant Removal

It does in that you need to remove it from both accounts. More importantly, you can not open internet explorer until you have done both. Double the pleasure
 

3 more replies
Relevance 52.89%

I'm sure you have all seen a lot of this lately. I am comfortable enough to follow someones wonderful instructions, but I am not confident in changing dll files without an expert opionion. I have attached my log file from hijack this. I have read all of the instructions from this site and downloaded all of the tools. I just need to know which files I should alter. Thank you very much.____________________________________Logfile of HijackThis v1.99.0Scan saved at 4:22:20 PM, on 1/25/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\AGRSMMSG.exeC:\PROGRA~1\QtVprMtx\QTVPRMTX.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\support.com\bin\tgcmd.exeC:\WINDOWS\system32\netts32.exeC:\WINDOWS\system32\Zrdhon.exeC:\WINDOWS\system32\Qlixmm.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Common Fil... Read more

Answer:Home Search Assistant Removal

Your logfile is being analyzed now, and a response will be posted shortly.

Thanks
daveai

6 more replies
Relevance 52.89%

I was infected on Sunday July 5th and ran the Superantispy software and that seem to clear the issue, but I still have the Myway Search Assistant as a listed program. I see a previous post with the same issue and followed all the instructions up to including the post from Chaslang on 07-05-05 14:43 (http://forums.majorgeeks.com/showthread.php?t=66855). I believe the threat has been removed, but like rookiegirl it still shows in my "add/remove programs" and I want to make sure the threat is completely removed.

I didn't know if the delmyway.reg given to rookiegirl would work directly for my PC. Attached are the log files. Please let me know if there's more to be done and how to get rid of the final traces of the Myway Search Assistant

Thanks in advance for you help!
(first time msg board, so please let me know if I've committed any faux paus!)
 

Answer:Myway Search Assistant Removal

Welcome to Major Geeks!

We cannot continue until you attach the last log that was requested which is the C:\MGlogs.zip file created by running MGtools.
 

19 more replies
Relevance 52.89%

I am trying to remove Home Search Assistant - CWS_NS3 and have a question about step 2 under the Begin Removal Procedure - specifically the services that are running. I do not have Network Security Service or Workstation NetLogon Service but have Remote Procedure Call (RPC) Locater NOT "HELPER" as described as the three. What should I do? Thanks.

Answer:Home Search Assistant Removal

The first thing I need you to do is download the file from here:ServiceFilter.zip - Get list of XP/2000/NT ServicesExtract the zip file to your C: drive. Once it is extracted there will be a directory on your C: drive called ServiceFilter. Inside the C:\ServiceFilter directory will be a file called ServiceFilter.vbs. Simply double-click on the ServiceFilter.vbs. When the script finishes a wordpad document should open with the unknown services listed in it. If the script could not access wordpad then you will see a message box telling you so. In that case you need to open POST_THIS.TXT by double-clicking it and pasting the contents as a reply to this topic. Please provide a brand new hijackthis log as well in this reply.

1 more replies
Relevance 52.89%

Please help--I have been infected by the Home Search Assistant. I am running Norton antivirus and "Alert Spy"--any help is greatly appreciated. By the way, this is a work computer. Here is my most recent HJT LOGLogfile of HijackThis v1.99.0Scan saved at 2:06:41 PM, on 1/19/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\NavNT\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NavNT\Rtvscan.exeC:\oracle\Ora_Client\bin\omtsreco.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exeC:\WINDOWS\System32\tp4serv.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\P... Read more

Answer:Home Search Assistant Removal

Sorry about a new log being posted, but I got booted from the laptop (battery died).Logfile of HijackThis v1.99.0Scan saved at 4:43:53 PM, on 1/19/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\NavNT\DefWatch.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NavNT\Rtvscan.exeC:\oracle\Ora_Client\bin\omtsreco.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exeC:\WINDOWS\System32\tp4serv.exeC:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXEC:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\AClient\Bin\XCDiffCache.exeC:\windo... Read more

38 more replies
Relevance 52.07%

Before I pestered you with my HijackThis log - I've seen these things before and they're not pretty - I followed your Home Search Assistant Removal Guide, and I no longer get the annoying symptoms. You guys rock!

Answer:Home Search Assistant Removal Guide Did The Job!

Thank Grinler, the guy who created the tutorial
I'm glad we could help.
David

1 more replies
Relevance 52.07%

Logfile of HijackThis v1.98.2Scan saved at 4:51:33 AM, on 8/24/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton Personal Firewall\NISUM.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\WINDOWS\LTMSG.exeC:\Program Files... Read more

Answer:Searh assistant removal- I didn't see it at reboot

Scan with Hijackthis again and mark the following items. Make sure you have all browser windows closed and click"Fix Checked"R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.sszikvhzgyff.com/YobkkBgtflu3A7...ZJ4cDxgrq5m.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKCU\..\Run: [Workout] C:\Program Files\WorkoutGenerator\\RSSAD.exe <-do you know what this program is?Reboot, scan with HijackThis again and post a fresh log please.

1 more replies
Relevance 52.07%

Hi everybody,

my problem is that i just don?t seem to be able to get rid of that damn Search Assistant that appears beside the clock-tray on the taskbar.
Everytime I turn on my computer it is back, I?ve run AdAware 6, SpyWareDoctor etc. You just name it. So this is kinda my last call for help.. i?m going nuts over this :evil: Search Assistant.

So here below i?m going to post the log from Hijack This and hope someone can lend me a helping hand

--------- HijackThis ---------
Logfile of HijackThis v1.97.7
Scan saved at 16:02:00, on 14/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\AS***ent.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\j2re1.4.... Read more

Answer:Search Assistant Removal problem (HJT included)

Hi,
Go to http://www.greyknight17.com/spyware.htm
Its a KRC Anti-Spware Tutorial..Very helpful.
Do follow everthing suggested.
Great start for security team in digesting your problem.
Upgrade your HJT to latest version.
Repost new HJT LOG.
Marty

1 more replies
Relevance 52.07%

Forgot to add I tried ewido as well... and my hijackthis log is...

Logfile of HijackThis v1.99.1
Scan saved at 3:05:09 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\HijackThis.exe

R1 - HKLM\Software\Microsoft\Inter... Read more

Answer:Awtsp.dll And 180search Assistant/zango Removal Help

Hello Darkmindzero, and welcome to Bleeping Computer. My name is Charles and I will be helping you to clean up your computer.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Charles

2 more replies
Relevance 52.07%

I've tried numerous programs including avg, xoftspy, trojanhunter, adaware, spybot, avast, fixvundo, cwshredder, smitrem, everything. There's this file awtsp.dll which is impossible to delete no matter what I have tried (force deleting it, killbox, safe mode.. even though safe mode explorer doesn't seem to want to run). Also.. there's a pesky devldr32 file. Even after I did a complete uninstall of creative and used driver clean professional. Can someone help me?

Answer:Awtsp.dll And 180search Assistant/zango Removal Help

Hello Darkmindzero I'm EVAN198.I'm going to ask you to download ewido. You can download it here. * Install ewido security suite * Ewido will automatically run at the end. * The program will now open to the main screen. * When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. * You will need to update ewido to the latest definition files. o On the top row of the main screen click update. o Then click on "Start Update". * The update will start and a progress bar will show the updates being installed. (the status bar at the top will display ("Update successful")If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesDon't run it yet.Reboot into SAFE MODEBy pressing the F8 key right when Windows starts, usually right after you hear your computerbeep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)you will be brought to a menu where you can choose to boot into safe mode.Open Ewido anti-malwareClick on the scanner button in the top row. * Click Complete System Scan and the scan will begin. * During the scan it will prompt you to clean files, click OK * When the scan is finished, look at the bottom left of the screen and click the "Save Scan Report" button. * Click on "Save Repo... Read more

2 more replies
Relevance 51.66%

Hey guys.....................I have recently encountered CWS home search assistant in spyware doctor and as you already know Im sure........it wont remove it. Ive ran all the scans with the CW and Home search programs includding CWShredder, virus scans, asquared, adaware, spybot,ect, ect. My problem is...........I followed the guide to removing it and when I get to the part where you look for bogus network processes.......I dont find anything. I saw names of newtork service programs that were similar but not exact, so I ran the "get active services" file to see which were bogus and which werent, and all of them came back without the funny characters following the name that are supposed to differentiate the bogus service from the real service. What should I do now? Do I continue with the removal guide even though I can find bogus network service names? This is what I came up with:These are the Current Active Services: Adobe Active File Monitor V4: AdobeActiveFileMonitor4.0C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe Application Layer Gateway Service: ALGC:\WINDOWS\System32\alg.exe Windows Audio: AudioSrvC:\WINDOWS\System32\svchost.exe -k netsvcs Computer Browser: BrowserC:\WINDOWS\System32\svchost.exe -k netsvcs Cryptographic Services: CryptSvcC:\WINDOWS\system32\svchost.exe -k netsvcs DHCP Client: DhcpC:\WINDOWS\System32\svchost.exe -k... Read more

Answer:Cws Home Search Assistant Removal..........tutorial Problem

Anyone out there?

18 more replies
Relevance 47.97%
Question: How do I SEARC

Answer:How do I SEARC

How do I search for what?

1 more replies
Relevance 47.56%
Question: searc-h popup

I keep getting popups linking to Searc-h.com and cash-coupon.com.
tried adaware, MSFT Anti Spyware and
Please Help

Here is my latest hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 4:51:23 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link\D-Link DWL-650 Control Utility\Config.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Home Director\MONITOR.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvt... Read more

Answer:searc-h popup

15 more replies
Relevance 47.56%

Hello. Thanks for this great forum. I've read a lot of the postings and everyone seems very helpful... I hope you can help me too.

The other day I downloaded a file I knew was going to cause problems, and predictably, it did. Ever since, I cannot get some freakin adware out of my system that keeps opening windows or changing windows to searc-h.com or some sports website.

I printed out the instructions from the READ ME FIRST, and followed them very carefully. I've been at it two days (I had to stop to go to work), and have done everything I can think of to clean out the system.

I already had Pc-Cillin and Spybot Search and Destroy running on my system when this whole problem started (neither did anything to catch the problem), and subsequently added Panda's TruPrevention, which is supposed to compliment the Pc-Cillin by adding additional adware protection.

Anyway, I ran the two online scans (bitdefender and TrojanScan) which cleaned out some adware and hidden viruses.

I ran Ccleaner, Ad-Aware, reran Spybot Search and Destroy, ran the Microsoft Antispyware, CWShredder (which keeps finding Look2Me, but cannot clean it out. It crashes on the reboot), and Kill2Me, which doesn't do anything.

I've erased all my temporary files (breeding ground for viruses), gone through the task manager, ran a F-Secure's backlight program to remove a hidden directory, and even went line by line in my taskmanager using procexp.exe, a suggestion I ... Read more

Answer:I hate www.searc-h.com

I attached the log... Sorry for pasting it in the previous message.
 

9 more replies
Relevance 47.15%

Like others here I have a problem with some malware. "It hi-jacked my IE and Mozilla, in specific, all kind of pages are called, like searc-h.com or the like." Help!

Logfile of HijackThis v1.99.1
Scan saved at 2:47:04 AM, on 10/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\RunOnce: [CleanUp!] C:\PROGRA~1\CleanUp!\CleanUp.exe /WindowsRestart
O... Read more

Answer:Solved: Searc-h Attacking me

16 more replies
Relevance 47.15%

How do I delete search history from Google 6.3 tool bar using win 7 and IE 8.0? There is no longer a "clear history" button.Thanks, eddie460

Answer:How to delete searc history

Click the dropdown arrow on the Google Searchbox and the first item should be Clear Search History

6 more replies
Relevance 47.15%

Hi sorry if someone posted on this but i'm having a huge problem with cl-searc.com, whenever I open mozilla to any site it says at the bottom of the page "waiting for cl-searc.com" then "done" and the page is just blank and it's not set on "about:blank". I also have a myriad of other problems like smitfraud, fraud XP antivirus, rundll32.exe error when shutting down and I can't fix those unless I download prog which I can't do since I always get a blank page. So I'm posting this using my school internet. I would really appreciate the help!!! It's an hp pavilion zv6000, and unfortunately I don't have the reformat cd, it was a hand-me-down laptop

Answer:cl-searc.com blank webpage

You can usually purchase Recovery CD's from HP for a nominal fee, but you have to have proof of ownershipDo you have access to another computer and can burn a CD or download a flash drive?We need to get some tools downloaded starting out with MbamThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan ... Read more

4 more replies
Relevance 47.15%

I installed Windows Desktop Search and now when I try and open a folder it opens the search program. How do I make the folders open with Windows Explorer or file manager? Thanks for your help.
 

Answer:Windows Desktop Searc

Check your registry to see if you have none as Value data.
HKEY_CLASSES_ROOT\Directory\shell
Instructions from Microsoft.
 

1 more replies
Relevance 47.15%

I am being buried with popups! I ran Lavasoft adaware, spybot S&D, cwshredder, and Ewido. nothing seemed to help. I ran hijack this and then HijackThis Analyzer program and I'm posting it here to hopefully get some help. Thanks !

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:25:17 AM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\PMJ151LA.BIN
C:\hijackthis\HijackThis.exe
... Read more

Answer:searc-h.com, ad-w-a-r-e.com Popup Problem

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)
When SpySweeper starts, please accept any prompts to update definitions. Exit the program after you have updated.

Download and install CleanUp!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

O1 - Hosts: feroptimizer.comm
O3 - Toolbar: (no name) - {42AA13B5-E30D-98ED-EDDD-75EB7DD9BD92} - (no file)


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:Delete Newsgroup cache
Delete Newsgroup Subscriptions
Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.
* CleanUp! will not create any backups!!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Launch & use the diagnostic version of SpySweeper & confi... Read more

17 more replies
Relevance 47.15%

Hi

Model No- HP Pavilion dv6330ea Notebook PC. Refer to the link http://h10025.www1.hp.com/ewfrf/wc/product?cc=us&d

my OS is vista home premium 32-bit.

Everytime i run Hp Support Assistant i get an error of CASLExec has stopped working. recently downloaded sp52110.exe for vista os. http://ftp://ftp.hp.com/pub/softpaq/sp52001-52500/sp52110.exe
but everytime i run hp support assistant i get this error.

Even Hp Wireless Assistant is not working or not opening at all. Recently just flash bios, then installed wireless drives and finially installed wireless assitant but still now solution. same problem not opening at all. but wireless card is working fine and i can easily connect to the internet, therefore there is no wireless problem.

Because of hp wireless assistant, i am unable to turn on Bluetooth because previously when hp wireless assistant was working at that time i had ennabled wireless and disabled bluetooth. Now i am unable to turn on the bluetooth because of this.
Can anyone suggest me any alternative way to enable the bluetooth without hp wireless assistant.
---------------------------------------------------------
If any user are looking for hp support assistant for windows 7 or 8 or vista then download the latest version from this link

http://http://h18021.www1.hp.com/helpandsupport/hp-support-assistant.html

-------------------------------------------------------

please reply soon.

Answer:Problem Wireless Assistant & Support Assistant, How Turn On manually WLAN & Bluetooth

Almost one weak passed away.... and still no reply to this post.

2 more replies
Relevance 46.74%
Question: Zeno

I have had some success in reducing pop-ups, but one keeps coming back. Does anyone know anything about "zeno"?
 

Answer:Zeno

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 46.74%
Question: what is zeno

i keep on scanning for spyware and something called zeno keeps coming back what is it?

Answer:what is zeno

Zeno Search Assistant adware.

What keeps finding it, and where exactly?

3 more replies
Relevance 46.33%

Hi there, I have read other people have experienced this pop up window or frame that calls itself search enhancer. It only seems to exist when in at google home, but the system is really slow, avg anti virus and anti spy ware cant get it, i notice as well a lot of words in text become green links to a sponcered link. I have run hijack this and here is the result. Can anyone help please thanks in advance
Logfile of HijackThis v1.99.1
Scan saved at 6:32:04 PM, on 11/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program ... Read more

Answer:Solved: searc enhancer in google

7 more replies
Relevance 46.33%

Okay then, been battling with these pop-ups for about the last 6 days and I ain't had any success, so I figured I'd talk to you guys. I've read a couple of other threads on gettin' rid of the pop-ups mentioned in the title of the thread, but they didn't work for me. So I was hoping that you could figure out what is specifically wrong with my comp, so that I can stop freekin' out about my internet.

I'm running:

. Internet Explorer
. AMD Athlon 1700+
. Windows XP SP2
. And...that's about it...I think...

Oh yeah, and on top of the 'Searc-h, Ad-w-a-r-e, Discount-Nation etc.' pop-ups, these little Flash pop-ups keep apearing and doing these annoying little animations about how 'My Computer May Be Infected With AdWare' - and i'm like...what the hell!?

So if anyone knows what be going on here, t'would be much appreciated - and here's the log:


Logfile of HijackThis v1.99.1
Scan saved at 13:31:32, on 24/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\... Read more

Answer:Searc-h / Ad-w-a-r-e / Deal-Pro / Discount-Nation etc. Pop-ups won't go away!!

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)

When SpySweeper starts, please accept any prompts to update definitions.

Then configure it as followed: From the left pane, click Options
Select the Sweep Options tab & ensure the following are ticked: Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All Users accounts
Do Not Sweep System Restore Folder
Enable Direct Disk Sweeping
Sweep For Rootkits

After that's done, select Sweep from the left pane & click on the Start button
Allow Spysweeper to reboot your machine to remove the infected files.
After rebooting, launch SpySweeper & select Results from the left pane
Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply along with a new HJT log.

8 more replies
Relevance 46.33%

My problem is that when I am browsing the internet using Firefox (latest version) I get redirected to another page which is often searc-h.com but not always, and sometimed ads pop-up that are in flash, I scanned my pc with Bug Doctor, Registry Mechanic, History Kill, Lavasoft Ad-Aware, Microsoft Anti-Spyware, Spyware Doctor and I have Mcafee as a virus scan and have zonelabs as firewall.

The other problem is on startup, which I get an error about DLL and the directory is always different like eg: (123.dll, abc.dll etc...) I dont know what this problem is.

Can anyone please assist me?

Thank You.

Brian.
----------------------------------------------------
MY HIJACKTHIS LOGFILE

Logfile of HijackThis v1.99.1
Scan saved at 10:50:40 AM, on 10/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x8... Read more

Answer:Problem with searc-h pop-up and error on startup

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)
When SpySweeper starts, please accept any prompts to update definitions. Exit the program after you have updated.

Download and install CleanUp!


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs: NewNet / NewDotNet

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab. Tick - Show hidden files and fo... Read more

11 more replies
Relevance 45.92%
Question: Zeno Search

Thanks for any help. I called my tech support and they stated that f secure let it through because I was also running spybot. They were full of it I went through removing everything and reinstalling F secure and it doent not evenfind it.Here is my hyjack log ogfile of HijackThis v1.99.1Scan saved at 6:35:34 PM, on 5/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Intel Application Accelerator\iaanotif.exeC:\WINDOWS\system32\Rundll32.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXEC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXEC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exeC:\Program Files\Charter High-Speed Security Suite\Anti-Viru... Read more

Answer:Zeno Search

Welcome to the BleepingComputer HijackThis Logs and Analysis forum cbrzoska Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.*********************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. *********************Now go to: C:\Program Files\HijackThis\HijackThis.exeRight click on Hijackthis.exe and select 'Rename', rename it to abc.batDouble click on abc.bat... Read more

7 more replies
Relevance 45.92%
Question: Adware-zeno

hi i was wondering if anyone could help i believe i have a trojan. ive ran mcafee an it keeps finding this program (adware-zeno) and asks if i want to remove it i say yes and then it sas cant be removed. i keep getting annoying pops about search engines bogus security software and border line porn. i dont knopw wht to do could anyone help please.

More replies
Relevance 45.92%
Question: Zeno And Vundo

I'm trying to deal with my computer. My recent firewall program keeps blocking a "DW" and a "NDIS" from accessing the registry and the internet. I've tried Stinger and Ad-Aware but it's not really helping. I did get a lot of issues cleaned up with Spybot S&D but a couple seem to be lingering. Particularly the Mal_vundo and Troj_zeno.bx . Any advice?

Answer:Zeno And Vundo

Hello orangerocky ...I see you have your HJT log posted here:http://www.bleepingcomputer.com/forums/ind...mp;#entry765902Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 d... Read more

1 more replies
Relevance 45.92%
Question: Deewoo And Zeno..?

Limewire is the root of all evil! i downloaded a file and opened it and ever since my computer has been very slow and whenever i search on google i get a pop called "Think-Rdz" (i cant make out the title but im pretty sure thats it) its a search assisant generated by deewoo. i ran multiple adware scans but i may still need assistance.here is my Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:32:14 PM, on 9/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnas... Read more

Answer:Deewoo And Zeno..?

to BleepingComputer.comI want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .If you would still like help, please follow the instructions below:We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.Save it to your d... Read more

11 more replies
Relevance 45.92%
Question: Zeno Search

I got hit wit zeno search and smithfraud-c toolbar888 yesterday. I and using F secure and spybot both show this but will not fit it. I need help to remove these from my computer.

Answer:Zeno Search

Hello and welcome to Bleeping Computer.Please follow this guide:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/and post back a hijackthis log here:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

3 more replies
Relevance 45.92%

Hi and thanks for reading this. I recently downloaded a program to be able to play certain types of music files, and ever since then, I've been plauged by pop-ups. Can anyone please tell me how to get rid of them?Thanks in advance!Logfile of HijackThis v1.99.1Scan saved at 10:03:51 PM, on 8/28/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Creative\... Read more

Answer:HiJack Log - Pop-ups/Zeno

Hello,Can you do me a favour please?I need a file from your system.. so search for next file in your system32-folder: C:\WINDOWS\System32\qlink32.dlland submit it here: http://www.bleepingcomputer.com/submit-malware.phpPlease, submit it first before you proceed with next steps. Then, uninstall ViewPoint (Viewpoin Manager) from your software > add/remove programs.Also look if Zeno or Zstart is present and uninstall it.REBOOT afterwards.It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Download and install CCleanerDo not use it yet.* Please set your system to show all files; please see here if you're unsure how to do this.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R3 - Default URLSearchHook is missingO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (file missing)O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dllO4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeO4 - HKLM\..\Run: [ZStart] C:\windows&#... Read more

7 more replies
Relevance 45.92%

I got an "Antivirus software alert" stating that I had several infected files, trojans, malware, etc. I thought the alert was a Microsoft alert (looks the same) and clicked on the link. I was then directed to a website offering free download of Antispyware Soft (it looked very convincing) I researched it and discovered that it was actually a virus (malware). I looked around and found out how to remove it (i thought)several forums had suggested taht I:restart cpu, go to Boot Menu, select my harddrive, then run in Safe Mode with Networking. Once the cpu started up, I ran Malwarebytes and found 1 infec ted file, i "fixed" it and then restarted in normal mode--this seemed to fix the whole problem...but.I restarted my cpu about 4 hours later and when it powered up the virus (or whatever it is) was back stronger than ever.This virus will NOT allow me to open, run, install, unintall or alter any files or software. Each time I try to access iTunes or Word or even run a program like HiJack This, it pops up a window stating that the "Application cannot be executed. The file is infected. Do you want to activate your antivirus software now?"Also, Now I'm getting a lot of pop-ups and window opening for Porn sites, Viagra online and other nonsense.I also have a seperate issue of being redirected every time I click on a link in a Google search.For example: If I google San Fransisco Giants, get the results and then click on the offical Giants team site, I... Read more

Answer:Antispyware Soft / redirected from google searc

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.92%

Okay i get ad pop ups evreytime i open up IE6

i assume one of my family members decided to install somthing on accident or somthing.

I've already tried Ad-aware

suggestions/help appreciated
-Snake
 

Answer:Removal of ad popups

9 more replies
Relevance 45.92%

Hi there people. First of all, Happy New Year!

Ok, now to business.

I have popups, I have tried what some of yur other users have tried without any luck at all. With AVG Anti-Spyware, they always come back.

I have tried in Safe mode, NailFix, AVG Anti-Spyware (Ewido), AVG Anti-Virus, Registry Cleaners like CleanMyPC! and Registry Booster, HiJackThis but Im not sure If I did it right with HijackThis, but my comp still works fine though.
I still get various popups, trojans, malware, spyware, I delete them in safe mode and they come back. I really need someones knowledge and help to get rid once and for all of this junk. Please help!

I will follow all of your instructions to the T.


Thank you.

PaulB1979 :major
 

Answer:Need some help, removal of popups and others

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to a... Read more

1 more replies
Relevance 45.51%

I don't know what all I have. Pretty sure I have the zeno search assistant thing. It just won't go away!
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:49:24 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Avid\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx2\PXAgent.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyw... Read more

Answer:Will Donate for Help-Zeno-Maybe Others-Log Atached

11 more replies
Relevance 45.51%

Hello, lately I have recieved messages about an Adware-Zeno on my computer and some trojans called Downloader-BEC and BackDoor-CVT. They have caused my computer to run much slower and freeze from time to time. I ran ComboFix and here is the log that it produced:

C:\Documents and Settings\All Users\Application Data\PCPrivacyTool
C:\Documents and Settings\All Users\Application Data\PCPrivacyTool\Abbr
C:\Documents and Settings\All Users\Application Data\PCPrivacyTool\ProdCode
C:\Documents and Settings\Bryan Bohme\Application Data\PCPrivacyTool
C:\Documents and Settings\Bryan Bohme\Application Data\PCPrivacyTool\Logs\update.log
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\luwrlujr.dll
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rjulrwul.ini
C:\WINDOWS\system32\uycxfyqq.dll
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 16:13 . 2007-12-02 16:13 <DIR> d-------- C:\Program Files\Spruce
2007-12-02 16:12 . 2007-12-02 16:12 106,510 --a------ C:\WINDOWS\system32\dwdsrngt.exe
2007-12-02 16:12 . 2007-12-02 16:12 37,376 --a------ C:\WINDOWS\system32\xxyxvuv.dll
2007-12-02 16:12 . 2007-12-02 16:13 17 --a------ C:\WINDOWS\system32\msnav32.ax
2007-12-02 16:11 . 2007-12-02 16:12 119 --a------ C:\WINDOWS\system32... Read more

Answer:Adware Zeno and Trojan

9 more replies
Relevance 45.51%

Last night I was using yahoo search engine, and suddenly Sophos picks up a trojan. Ever since I have found strange background processes running, and periodically pop-ups come up. I've used Spybot Search & Destroy, AdAware and Ewido, but I don't think things have gotten any better. I uninstalled a few things from the control panel, but here's my HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 12:58:54 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\syst... Read more

Answer:Strange trojan / Zeno?

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before we do anything else, please ensure that you have already patch your system against the recent WMF exploit. Please refer to my sig. No point we fix anything only for it to return tomorrow.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install - CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)


'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - C:\WINDOWS\system32\ngsh35.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O4 - HKLM\..\Run: [KernelFaultChe... Read more

14 more replies
Relevance 45.51%

Don't know what else to do. Ran Panda, Ewido, Adaware SE, AVG. Nothing gets rid of these. Here is my current HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 10:18:38 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMPAQ~2\Presario\XPHNARS4EN\plugin\bin\pchbutt... Read more

Answer:Solved: Zeno, Click2Begin - want them gone

10 more replies
Relevance 45.51%

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:13:07 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\Program Files\TOSHIBA\Battery Checker\BtryChkr.exe
C:\WINDOWS\system32\vidmon\vidmon.exe
C:\WINDOWS\system32\ha3v3sou.exe
C:\windows\system32\wwdxregq.exe
C:\WINDOWS\system32\nfomon\nfomon.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\WINDOWS\system32\ysysys6d.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program ... Read more

Answer:Surf Sidekick and Zeno... help please!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Have each fix whatever problems they may find. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Dest... Read more

3 more replies
Relevance 45.51%

hiya, ive followed all the steps as guided in the other forum and done it a good few times now, but even if i delete the threats i seem to have no joy, bit of a noob so please be patient with me below is a highjack this report so hopefully you will be able to point me in the right direction, sorry if im missing something or am just being stupid but iff i see one more ad for a casino or viagra market im gonna scream!


Logfile of HijackThis v1.99.1
Scan saved at 16:29:34, on 24/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\apps\ABoard\AOSD.exe
C... Read more

Answer:Zeno hijacker ,got me rared up!!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download the file attached - Purity.zip
Save it on your desktop. We shall be needing it in Safe Mode

Download and install Ewido Security SuiteWhen installing, under "Additional Options",uncheck - Install background guard

Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding.
It is IMPORTANT that you don't miss a step & perform everything in the correct order.


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...ww.yah... Read more

4 more replies
Relevance 45.51%

I have Vistas home premium on my computer 64 bit with Internet Explorer 7. For several months now I notice that when I do a google search the topics appear fairly quickly except for when I click off and try to go back to the list google has put out. There is usually at least a 10 second wait before the new topic can be clicked and opened. There is an Internet Explorer not responding message, the screen sometimes fades to white and I get a box saying that I could close the program, restart the program or go to my home page. When I click on a google image, the images appear but if I try to click the image to view it without all the background, the program immediately stops responding. I can no longer choose a photo and separate it from the background media and print it out. Any ideas on what I could do? I have run scans with Microsoft Security Essentials and all seems to be fine there. I have been seeing a lot of that blue spinning circle which appears every time I try to "go back" on a google search and often I have to click the google magnifying glass icon in the google search bar in order to get back to the list that google generated on the topic of my search.

Answer:Internet Explorer not responding and also very slow especially with google searc

Have you tried the latest IE version which is more stable and or using other browsers if its only known to your IE7 browser? Most likely outdated versions and unwanted toolbars are installed.Try clearing your cache files : Free Ccleaner Ignore the registry options as it is not needed/recommended.Remove Adware : http://www.bleepingcomputer.com/download/adwcleaner/Click on Search then Delete. Copy/paste the result on your next reply.

14 more replies
Relevance 45.51%

When clicking on a hard drive a search window opens. Have to click on folders to get to a window listing My Computer, bring up hard drives and click on one of them again to get a listing of folders on hard drive. Wish to get rid of this glitch.

Answer:searc window opens when I click on hard drive

Welcome to TSF

Click on Start, Run then type regsvr32 /i shell32.dll and click Ok.

1 more replies
Relevance 45.51%

Below I have the reports that I have kept. I have ran avast!, tdsskiller, iexplore, hitman pro, rogue killer, JRT, and I ran the eset scan for at least 3 and 1/2 hours before I killed it. So far I have removed a good portion of the infected files, however my computer is still slow, and the browser (chrome) is still coming up with pop ups from ad click track and s.m2pup.
I have no idea where to go from here and is super frustrating.
Please help me.

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Tyler [Admin rights]
Mode : Scan -- Date : 05/11/2014 09:21:00
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 6
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 0 ... Read more

Answer:Followed the s.m2pup removal...still have popups

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

12 more replies
Relevance 45.51%

Hello, I've been getting IE popups whenever I have a browser open for the last week or so, and just today there's an "XP Security Tool 2010" in my system tray that keeps giving me (presumably) false warnings. I've attached the DDS logs, but when I can't seem to save the GMER log. Whenever I run it, it seems to go through the scan, and then when I hit "save" it freezes the computer. Any advice/help etc..would be much appreciated. thanks!ps: quick update....this morning the computer is now mostly inaccessible, whenever I try to run a program I get an error message saying I have insufficient privileges to access the program...help!

Answer:Help...popups/malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

2 more replies
Relevance 45.51%

I've never had a problem with popups before, until my husband was playing with MSN radio station and agreed to something he shouldn't have. Now we get never ending popups. I have three computer linked together on a wireless network, and don't seem to have this problem on my other two computes. I was reading some of the other posts where they use the Hijack This program to get rid of popups. Should I download this and send the log file here to interpret? Please help.
 

Answer:HELP Removal of Infinite Popups

12 more replies
Relevance 45.51%

I got this popup ever few minutes and it's getting on my nerves. Please help me with this. Thank you. Below attached is the log file from HijackThis.

Logfile of HijackThis v1.99.0
Scan saved at 9:26:27 AM, on 2/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svhost33.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\sst4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Documents and Settings\Jacob\Application Data\etco.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Wizet\MapleStory\MapleStory.exe
C:\Program Files\Wizet\MapleStory\MapleStory.exe
C:\WINDOWS\System32\servic.exe
C:\Documents and Settings\Jacob\Desktop\HijackThis.exe

O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Hitware Popup Killer Lite - {604B283A-4E26-4504-98E7-... Read more

Answer:<b>Help with SearchMiracle Popups Removal

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

If you have a fast internet connection (broadband), run an ... Read more

1 more replies
Relevance 45.51%

I used nolog to try and find a way to get rid of the CiD popups, but it didn't work. They keep showing up in IE even though I only use Firefox :/

Here's my HJT log, any help would be very appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:32, on 2007-10-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program\Dell\QuickSet\... Read more

Answer:Solved: need help with CiD popups removal

8 more replies
Relevance 45.51%

Hello,

Lately I have been getting annoying popups asking me to purchase Winantivirus Pro or Error Safe. Please show me how to remove these popups because they are starting to get on my nerves.

Thank You
 

Answer:Removal of Annoying Popups

11 more replies
Relevance 45.51%

I am having trouble with sysprotect and other popups, please help!!. I have already downloaded HJT. Here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 11:04:47 AM, on 4/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Micro... Read more

Answer:sysprotect and other popups removal

I made you a thread of your own here: http://forums.techguy.org/all-other-software/457198-sysprotect-others.html

Please stick to that one only.
Closing duplicate.
 

1 more replies
Relevance 45.51%

Hi, was wondering if anyone could help me with this problem. Have tried many different methods of removal but with no success.

I should also point out that I am probably not too PC literate compared to other posters on this forum, so any reply must be put in layman's terms!

Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 17:26:41, on 22/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Common ... Read more

Answer:Removal of 540filost popups

Welcome to TSF

Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - Choose YES when informs you the file will be deleted on Reboot. Choose NO when it asks if you want to reboot):

C:\WINDOWS\system\RESTORE.INS
C:\WINDOWS\system32\mshlpa.exe

Run HJT and fix the following:

O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} - http://www.www2.p0rt2.com/files/777.cab
O16 - DPF: {33331111-1111-1111-1111-611111193429} - http://www.www2.p0rt2.com/files/_ipsec_.cab
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl29bd.cab

Next

Fix ALL BUT THE FIRST of those 018's

Reboot your computer now, and re run HJT and the Online Scan.

Post the results when you're done.

11 more replies
Relevance 45.1%

Description of Problems:I clicked on an Active X pop-up download and became infected.Following this a Mirar toolbar is on Internet Explorer along with green hyperlinks all over any webpage. When ghosting over the green links a small box is displayed with "Best 'and whatever the text is'."I have done all of the previous 8 steps to remove the malware. Ad-ware and Spybot were able to remove the Mirar toolbar, but the pop-ups continue and the green hyperlinks still exist. ZenoSearch continues to show up when I run the Ad-ware.Before clicking on the Active X pop-up, the windows pop-up blocker was able to handle all most all pop-ups, so thats why I think something is still wrong.The scans have shown malware locations in system32 and WINDOWS, but I think they have been removed thus far.I am at a complete loss as to how to get rid of this stuff. I really appreciate any help at all.The following is my LOG File.Logfile of HijackThis v1.99.1Scan saved at 2:38:38 PM, on 1/29/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisof... Read more

Answer:Pop-ups And Green Hyperlinks Came With Mirar And Zeno

Hi Kwood 59 ,Welcome to BC. You seem to have several issues. I'll work on your log tonight and come back with some suggestions tomorrow.

16 more replies
Relevance 45.1%

Above are just some of the above that have come up. This is my sisters laptop, and although I've done just about everything I can think of before I let her have it, somehow she still managed to get junk on here.

Upon starting up, popups just start comin up, non-stop. Spybot scan and Ad-aware both find things, delete them, then upon restart they're right back. McAfee keeps finding things with its On-Access scan (some of which are listed in title).

Here's the HJT log:


Quote:




Logfile of HijackThis v1.99.1
Scan saved at 1:05:03 PM, on 2/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Pr... Read more

Answer:Zeno, Adware-Look2Me, Qoolaid

Please do the following:

Download & immediately run - L2MFix.exe
Click "Install" to extract the contents to a newly created folder.

Close any programs you have open since this step requires a reboot.From the l2mfix folder, double click l2mfix.bat
Select option #2 for Run Fix by typing 2 and then pressing enter ONCE.
Do NOT depress any keys on your keyboard until the tool request you to "press any key to reboot"

On the reboot notepad will open with a log. Copy/paste the contents of that log back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

If after the reboot the log does not open double click on it in the l2mfix folder to locate log.txt.

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

12 more replies
Relevance 45.1%

Hello,

I have a PC that is running Windows XP and is infected. I continue to get popups from localsrv.net and other sites. The programs that I have run so far have identified me as being infected with:
Virtumundo (VUNDO)
Zeno Search Assistant
Think-Adz Search Assistant - When I remove this in "Add/Delete Programs" it always comes back.
PSYME

I ran "SpyBot Search and Destroy", but it was not able to remove the Virtumundo or Zeno -- the machine went to a blue screen when the process got to the point where it was trying to remove them. I ran this several times and always got the same result.

Please Help -- I would greatly appreciate it.

Thank you.

-------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:08 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.... Read more

Answer:PC Infection - Virtumundo, Zeno, PSYME, Think-Adz, etc.

Hi and welcome.

Please download VundoFix.exe to your desktop.


Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
 

1 more replies
Relevance 45.1%

Please Help,

I deleted zeno in my remove programs folder and some files for surf sidekick but the repairs.dll seems to be integrated into the XP operating system from startup actions. Below are my startup files, Ewido.log, and hijackthis.log
please help me to get rid of this file so my computer will run faster and I will feel that my computer is not sending out personal information to the web.
Thanks,
Dan
-----------------------------------------
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: repairs.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
------------------------------------------------------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:10:12 PM, 10/8/2005
+ Report-Checksum: 7F9A91F1

+ Scan result:

[532] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[580] C:\WINDOWS\system32\repairs.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[592] C:\WINDOWS\sy... Read more

Answer:Zeno-surfsidekick-repairs.dll-logfiles-here

16 more replies
Relevance 45.1%

Logfile of HijackThis v1.99.1
Scan saved at 4:59:42 AM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\WINDOWS\System32\Ru... Read more

Answer:Need help removing adware zeno HJT attached

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum
=====================
NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file... Read more

1 more replies
Relevance 45.1%

Followed all of your directions for spy bot, ad-aware, ran McAffee scan. Did not remove these issues. Still getting random pop-ups online. Mostly ads. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:19:59 PM, on 12/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\nvsvc32... Read more

Answer:Psguard, Virtumonde, Zeno Search

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved.Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter.Use fluffybunny.exe from now on.Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.Thanks,Charles

17 more replies
Relevance 45.1%

Hi,

IE seems to keep opening popups even when it's closed, and firefox keeps redirecting my search. Overall, the computer seems MUCH slower. Here is my HIJACKTHIS log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:24 AM, on 12/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp... Read more

Answer:WINDOWS XP - combination of IE popup when IE isn't open and FireFox redirect on searc

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 45.1%

Problems:
1) Firefox search redirects over and over
2) internet explorer (when not even open), creates little popup windows taking me to random sites.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Run by Pinny at 14:51:30 on 2012-01-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
svchost.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\eFax Messenger... Read more

Answer:WINDOWS XP - combination of IE popup when IE isn't open and FireFox redirect on searc

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log... Read more

19 more replies
Relevance 44.69%

Ive looked for ways to handle this guy using your remove PcCleaner instructions, but it came back. Heres my logfileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:28:44 PM, on 3/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AlienGUIse\wbload.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\twfunipw.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS&... Read more

Answer:Hijackthis Log: Popups For Spyware Removal

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2 more replies
Relevance 44.69%

I downloaded a file that I shouldn't have and got the Smitfraud malware. I have taken a lot of steps to get rid of the virus, but one thing that I cannot get rid of is the "Spyware Removal Wizard" popup. Later, other websites pop up and it becomes very frustrating. Could you please take a look at my log and give me any suggestions on how to clear this virus out. I feel like I've done a lot already.--------------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 10:50:35 PM, on 10/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Wave Systems Corp\Common\DataServer.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\WINDOWS\system32 ... Read more

Answer:Spyware Removal Wizard Popups

I still have this problem. I've been working on this for like 2 weeks.

2 more replies
Relevance 44.69%

I am getting pop - ups on my sons Windows XP - attaching the hijack this file. I know nothing about XP but have also found the JS/Noclose & JS/seeker.gen virus please tell me where to go to delete & fix these problems! Thanks!
Logfile of HijackThis v1.96.4
Scan saved at 4:57:46 PM, on 9/7/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\PROGRA~1\BEARSH~1\BEARSH~1.EXE
C:\PROGRA~1\BEARSH~1\BEARSH~1.EXE
C:\WINNT\System32\qttask.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\America Online 7.0\waol.exe
C:\WINNT\System32\wuauclt.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.... Read more

Answer:Windows XP popups & virus removal help

Run HijackThis again and selct and remove the following components:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchassistant.iwon.com/srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchassistant.iwon.com/srchlft.html

O2 - BHO: iWon Search Assistant BHO - {08E1C8E1-E565-44fc-A766-C9539BB3ABB7} - C:\Program Files\iWon\SrchAstt\1.bin\I1SRCHAS.DLL

O2 - BHO: iWon BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL

O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) -
 

3 more replies
Relevance 44.69%

here is my hijackthis log, can anyone tell me what i need to remove. thanks.

Logfile of HijackThis v1.98.2
Scan saved at 11:03:06 AM, on 9/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\hk\hk.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wisptis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\RL\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.senecacollege.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = h... Read more

Answer:Xlime optimizer popups removal?!

can anyone help?
 

1 more replies
Relevance 44.69%

I am using an Asus X552E
AMD dual core E1-2100 1.0ghz
4 GB, 500 GB HDD
Windows 8.1
Browsers: Internet Explorer,Chrome, FireFox

I have a malicious attack when web browsing, ads are popping up every time I click on a page,text,link, etc.
Sometimes 4-5 new pages popup after clicking on my original page, redirecting to "spam sites."

I tried spybot,stinger,windows defender, norton[/B] and nothing is able to find where this is coming from. " It only happens when web browsing" on all three browsers mentioned above.

Does anyone know of any free software that can remove this adware/malware?
And really need a free software to clean deleted files as I have learned that they can still be there, any help with this matter is appreciated. I'm a student and currently unable to do proper research because of all the popups and redirecting.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD E1-2100 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
Processor Count: 2
RAM: 3524 Mb
Graphics Card: AMD Radeon HD 8210, 512 Mb
Hard Drives: C: Total - 190423 MB, Free - 136077 MB; D: Total - 264546 MB, Free - 98396 MB;
Motherboard: ASUSTeK COMPUTER INC., X550EA
Antivirus: Windows Defender, Disabled
 

Answer:Adware Removal,popups,redirects,etc.

Hello, please inspect all of your browsers for add-ons which could be causing this problem, and make sure to also check your list of installed programs for anything you don't recall installing yourself.
Also pm the moderators and ask to have this thread moved to the Malware Removal forum.
Good luck
The Cleaver
 

2 more replies
Relevance 44.69%

I have been trying to remove DNS unlocker for a few days without success. The problems seem to have started after I went on to a charity website to find out how to make a donation.

I do not understand how it is still affecting my internet browsing as I've uninstalled the programs and run adware cleaner. Any / advice would be appreciated. I've attached the reports as advised.

Regards
Elaine
 

Answer:Still getting DNS unlocker popups after following removal advice

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

8 more replies
Relevance 44.69%

I'm still getting Relevant Knowledge popping up on my computer. I removed it from the Control Panel ( I thought). I understand that it is probably attached to some other program. How can I find the other program. I also understand that it is NOT spyware or virus. Thanks in advance for any help on this. Frustrating

Answer:Still getting Relevant Knowledge popups after removal

have you tried to search for an entry under msconfig?click start > search for msconfig > under the startup tab look for an entry relating to the software, untick its box, click apply, restart the computer.

2 more replies
Relevance 44.69%

As of yesterday, my computer became infected with malware that serves ad popups during web browsing, and generally slows down the computer performance to unacceptable speeds.

Unfortunately, the days when a reasonably adept user could fix his or her own problems using a combination of HijackThis and Google now appear to be gone. Thus, I humbly ask for your assistance in cleansing my system of whatever it is that has taken over.

Below is the DDS log and attachments, as requested in the "New Instructions" post.

Your prompt assistance is greatly appreciated.

-grb

-----------------


DDS (Ver_09-03-16.01) - NTFSx86
Run by Karlsson at 11:11:58.76 on Fri 05/01/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1504 [GMT -4:00]

AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: Norton Internet Security 2006 *disabled*

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acronis\TrueImage\True... Read more

Answer:Need assistance with malware removal (ad popups)

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

... Read more

19 more replies
Relevance 44.69%

Hello,I use mozilla firefox browser but keep getting popups from internet explorer. I have tried using many different spyware removal tools such as avg, spydoctor, adaware, and such... It won't get rid of this and i followed the direction on your site and downloaded hijackthis. Here is what it gave me when i ran it. Thanks in advance!Logfile of HijackThis v1.99.1Scan saved at 1:49:45 PM, on 4/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Bradford Networks\Client Security Agent\bnpagent.exeC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Pro... Read more

Answer:I Keep Getting Popups After Using Spyware Removal Tools

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Joe12345678910 Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. ******************************Run 'BitDefender Online Scanner' using Internet Explorer:http://www.bitdefender.com/scan8/ie.htmlRead the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.You'll be prompted to install the activex control,please do so.Once installed,disable your current antivirus program,then click the 'Click here to scan' button.The virus signatures will then load.Once loaded the scan will start.The scan will take quite some time so please be patient.Once the scan has finished select the 'Detected Problems' tab.Click on 'Click here to export scan'.Save the file as an HTML file to your desktop.Then click on the saved file and allow it to open with your browser.Go to 'Edit'/'Select All' then copy and paste that log into your next reply.*Note*Don't forget to re-enable your antivirus program.Restart your pc,post the C:\ComboFix.txt,the BitDefender Online Scanner log,and a new Hijackthis log into your next reply please.

8 more replies
Relevance 44.69%

Used antivirus software to remove vundo, seneka, and several variants. I'm still getting random popups. I've disabled several startup programs as well. I do have internet access now, and can access antivirus websites (previously could not). Posted RSIT log below:Logfile of random's system information tool 1.05 (written by random/random)Run by Katherine's Desk at 2009-01-03 13:30:16Microsoft Windows XP Professional Service Pack 3System drive C: has 95 GB (83%) free of 114 GBTotal RAM: 1918 MB (57% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:30:29 PM, on 1/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\WINDOWS\Explorer.EXEC:\P... Read more

Answer:popups following trojan virus removal

Hello,I have merged the topic you created 3 minutes ago with your previously existing topic here: http://www.bleepingcomputer.com/forums/t/191821/infected-with-trojan-virus/Please note: you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open th... Read more

1 more replies