Computer Support Forum

If You Could Check This Log, Please...

Question: If You Could Check This Log, Please...

im not sure if there is an major problem, just wanted to be on the safe side...i had some problems a month ago with a trojan that blocked my msconfig, folder tools/options etc...i managed to solve that, reading thru this forum...i still have a little problem with quick launch bar, it deactivates from time to time at startup...so i checked my system as described in Preparation Guide...did a complete scan with adaware, spybot, stinger, trojan remover and nod32...they found some bleep and i deleted it all...and i use zonealarm firewall for some time now...finally i checked with hijackthis and this is its log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:43:36, on 11.12.2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG AntiSpyware 7.5\guard.exeC:\Program Files\Nod32\nod32krn.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\Program Files\Nod32\nod32kui.exeC:\Program Files\ZoneAlarm 7.0\zlclient.exeC:\Program Files\SpamBrave Lite\oewatcher.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SetPoint 3.10\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXEC:\WINDOWS\system32\LVComsX.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\uTorrent 1.6\utorrent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Logitech\WebColct\webcolct.exeC:\Documents and Settings\costa\Desktop\HiJackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd">O1 - Hosts: <html>O1 - Hosts: <head>O1 - Hosts: <script LANGUAGE="JavaScript">O1 - Hosts: <!--O1 - Hosts: if (window != top)O1 - Hosts: top.location.href = location.href;O1 - Hosts: // -->O1 - Hosts: </script>O1 - Hosts: <title>Site Unavailable</title>O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">O1 - Hosts: <style type="text/css">O1 - Hosts: body{text-align:center;}O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; }O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}O1 - Hosts: .bodywrap{display:block;height:470px;}O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}O1 - Hosts: .adcnt td {text-align:left;}O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}O1 - Hosts: .ybadge img {margin-top:6px;}O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;}O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;}O1 - Hosts: .adlink a {color:#008200; text-decoration:none;}O1 - Hosts: </style>O1 - Hosts: </head>O1 - Hosts: <body>O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->O1 - Hosts: <div id="maincnt">O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>O1 - Hosts: </div></div>O1 - Hosts: <div class="bodywrap">O1 - Hosts: <div class="bodycnt">O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div>O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p>O1 - Hosts: <p>Are you the site owner?O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit!O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>O1 - Hosts: </div>O1 - Hosts: <div class="adcnt">O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div>O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>O1 - Hosts: $25 Setup Waived</a></div>O1 - Hosts: <div class="addescr" title="Reliable plans include domain &amp; 24x7 support.">Reliable plans include domain &amp; 24x7 support.</div>O1 - Hosts: <div class="adlink" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="Reliable plans include domain &amp; 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding &amp; virus scanning.</div>O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="adtable">O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>O1 - Hosts: </div>O1 - Hosts: <div class="ybadge">O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>O1 - Hosts: </div>O1 - Hosts: </div>O1 - Hosts: </div>O1 - Hosts: <div class=ftr>O1 - Hosts: <hr size=1 width=100%>O1 - Hosts: Copyright &copy;O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br>O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a>O1 - Hosts: </div>O1 - Hosts: </div>O1 - Hosts: </body>O1 - Hosts: </html>O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1193168510&f=us-w79" ALT=1 WIDTH=1 HEIGHT=1>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Nod32\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm 7.0\zlclient.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime 7.2\qttask.exe" -atboottimeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [Digital Turtlets\SpamBrave Lite for Outlook Express] C:\Program Files\SpamBrave Lite\oewatcher.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Logitech SetPoint.lnk = ?O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1194970068953O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{16E567BB-F12D-43D7-BC81-489B7EA1D54E}: NameServer = 195.29.149.196 195.29.149.197O17 - HKLM\System\CCS\Services\Tcpip\..\{C4295665-32CB-4D9F-9D41-320821363C17}: NameServer = 192.168.1.1,195.29.150.3O17 - HKLM\System\CS2\Services\Tcpip\..\{16E567BB-F12D-43D7-BC81-489B7EA1D54E}: NameServer = 195.29.149.196 195.29.149.197O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG AntiSpyware 7.5\guard.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Nod32\nod32krn.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 14822 bytesnot realy sure about those various *.exe files that are starting in C:\WINDOWS\System32\ folder...i have them deactivated in my msconfig.exe startup tab (except ctfmon.exe) but they seem to be active...i read that they could be a threat...so, plese check my log and if you can help i would be happy... ))

Relevance 100%
Preferred Solution: If You Could Check This Log, Please...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: If You Could Check This Log, Please...

Hi costassAll I see is corrupted Hosts file:Download HostsXpert and unzip it to your desktop. Open HostsXpert that you earlier unzipped on your desktopClick "Make Hosts Writable?" upper right corner (if available)Click "Restore MS Hosts File" and then click OKClose HostsXpertNote; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually After that, please post back a fresh HijackThis log and post back any problems that are left

2 more replies
Relevance 33.21%

The problem start with my wife's PC. It started a few weeks ago she told me. She can't open Outlook Express (doesn't start), access My Space or get updates at Windows Update. Also some images on sites do not load.

I then checked my PC and found, I couldn't access Windows Update, My Space, Thunderbird fails to retrieve emails. I have not noticed any issues with images.

Given this sounded like some of the behaviors I have heard of trojans doing I thought I would post my logs here and see if anyone sees anything out of place. Normally I wouldn't consider a cross contamination but about two weeks I temporarily set up a home network between our PCs to share a few files. The next day I disabled NetBIOS on my PC but as we are both behind a hardware firewall, I guessing if it happened it must have happened then.

Nothing jumps out at me but I wanted to get a second opinion.

Any help would be appreciated.

Wife's PC
Logfile of HijackThis v1.99.1
Scan saved at 5:12:51 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sys... Read more

Answer:Hijack This Check (Can't Update Windows, Check Email or access My Space)

I ran SuperAntiSpyware and found nothing but 10 tracker cookies. Running Panda Virus Scanner online. I couldn't run F-Secure because IE7 Active X controls prevent it from running.

Zero clue as to what is going on so far.
 

3 more replies
Relevance 33.21%
Answer:how do i change ms word's spell check to check for british spelling?

is there a british version of office xp? i dont know if you can do that


 

6 more replies
Relevance 33.21%

Hello, My PC is disk usgae is at 100%  and somtimes the CPU usage jumps up to. I tested my system and recived- Hard Drive Short DST Check and Long DST Check: Warning  How do I determine what the warning is? Do this mean my hard drive is on the verge of failing? 

More replies
Relevance 33.21%

Hi, i have hp pavilion g6 laptop and its upgraded from windows 8 to 8.1 then windows 10.  From last few days i was getting "Memory_Management", "Kernel_Data_Inpage_Error" and so many other errors with blue screen. Due to this i have to power off the system from main power button by holding for few seconds. Now i was getting hang problem. I saw in task manager that DISK UTILIZATION was 100%. I did a hardware test where i got below results : HARD DRIVE SHORT DST Check : WARNING HARD DRIVE Optimized DST Check  : FAILEDFAILURE ID: 9U3UWX-6KT85B-MFPWWJ-61Q003 Can anybody tell me how to resolve this or i need to replace the hard drive. -ThanksPankaj 

Answer:Hard Drive Short DST Check : WARNING and Optimized DST Check...

Yes you need to replace the hard drive. Since you have upgraded to Windows 10 it is very easy to get recovery media directly from the Microsoft Media Creation Tool. For most people, the problem is not physically swapping out the hard drive, but restoring the operating system since they do not have recovery disks. Post back if you want a service manual and/or video showing the replacement, purchase options for a new hard drive and step-by-step for restoring Windows 10. We would need the full model...g6-???? 

2 more replies
Relevance 33.21%

Is verifying files by check sum / content after transferring (copying, moving) indeed unreliable?

Since "ever" I - if I checked files at all - checked files by content or check sum after transferring them, so this information sounds very astonishing to me now, I hadn't had any clue about what I read here: http://blogs.msdn.com/b/oldnewthing/archive/2012/09/19/10350645.aspx

Obviously meaning in many cases checking files by content / check sum checks the data in the buffer, if I see it right.

So, is it like that? Does it refer to all of the synchronizing / backup / copying, check sum, etc. programs?

And what is the best / easiest way to (automatically) check files after transferring. E.g. when copying all of the files of a 4TB drive to another one.
 

Answer:Verifying files by check sum / content after transferring unreliable - how to check?

Re: Verifying files by check sum / content after transferring unreliable - how to che

Kletus...

I'm not in my league with this, but could this make sense?

I think the article is referring to times when you are seeking to verify data across a network span between two systems (operating systems), where system b (copy destination) requests a checksum from system a (file original location). I believe the author is saying that in that particular situation checksums would be created from the cache/buffer on both computers. In the case of you copying to a secondary disk connected to a single computer I think the checksum should work fine. Sounds like one of those programmer's dilemmas to me.

Sorry if I am off on this. I know you are looking for some programming expertise. I'll just say that reading this, it made sense to me about the author's comments:



This really sounds like you're overthinking it.

First, what possible reason would there be for giving someone write access but not read access to a certain location? That's screwed up on so many different levels...

Second, you're right that having the sender compute a checksum of the destination file is a bad idea for all the reasons mentioned. But why did you even think of doing that in the first place?!? If I was implementing a system like that, I'd have the *destination* system compute the checksum on the file it received and send it back to the sender for verificati... Read more

5 more replies
Relevance 32.8%

My daughter called me and asked what was wrong with her monitor. She said that when she starts her computer she gets this message "Self check, check your PC and signal cable, monitor is working" and no other display...

kds x-flat monitor, onboard video, XP, AMD

She has unplugged and replugged the video cable several times... any ideas why this is?
 

Answer:Self check, check your PC and signal cable, monitor is working

That suggests that the computer is not booting, or if it is, there is no video output.

The monitor is simply saying "I am OK, but the computer isn't sending me anything"

A simple check to see if the computer is booting is to try the CAPS Lock key. Pressing it will toggle the CAP light on and off each press, if the PC is running.
 

2 more replies
Relevance 32.8%

I have what I believe is a probably Hard Disk failiure; however, the Windows utility provides different output than the error codes provided by the System level check. The below is from my OS check:Microsoft Windows [Version 6.1.7601]Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Users\user>wmicwmic:root\cli>diskdrive get statusStatusOKwmic:root\cli> It seems to indicate status as OK. However, the system level Hardware Test before booting shows the following:Failiure ID is: 9PMPKK-5B284T-XD002K-60QS03Product ID is XG809UA#ABA  I assume the OS level SMART Test is less reliable, then?Thanks!

More replies
Relevance 32.8%

i have a panasonic toughbook cf 53 running windows 7 pro.my computer works fine. when i turn the computer on it states that there is a media test failure check cables. the only thing that is not working on my computer is the sound. i have checked the control panel and the settings, nothing is muted. im confused why the sound will not turn on. i pressed fn f4 to mute the volume and now it seems to be stuck on mute? any help would be greatly appreciated.thanks, jason

Answer:media test failure check check cables.

Check in Device Manager. Are there any yellow exclamation points?You've been helped by a 14 year old.

6 more replies
Relevance 32.8%

Hi all

I have been trying to create an Excel macro that deletes only the check mark inside the check box albeit with no success. Is there a way to do this?? I have plenty of check boxes and it is taking me a lot of time to go into each one and delete only the check marks. It would be would be pretty neat to create a macro to delete the check marks in every single check box. If someone out there has figured out how to do it, it would be a great help.

Thanks

Mario
 

Answer:Deleting the Check mark only inside the check box using VBA in Excel

6 more replies
Relevance 31.98%

What is the best check -in check-out asset management software? A list of what's out there would be appreciated because I cant seem to find an authoritative one of what's best for asset management (game development). I hear Alien brain is good and there's one that starts with a 'p' that I can't remember the name of it to save my life... Alien brain is too expensive and hard to find. It's an open source project so I know the 'p' one would work because they offer open source licenses so if anyone knows what Im talking about feel free to enlighten me.

Something similar to Project but with asset management and check in/check out functionality would be great if anyone could suggest something. A step beyond that would be real time preview of maya scenes, psds, and xsi files. But maybe I want too much with the latter...

edit: Oh and it doesn't have to be free, Im just curious as to what's out there...
 

More replies
Relevance 31.98%

Hey guys,

The company I'm working for has grown a lot and now I'm no longer the only programmer. We're looking for an app that lets us do code check-in/check-out that'll also store all the changes.

All the files we need monitored are plaintext, and we do most of our development in Notepad or Notepad++. The app must work in Server 2003.

Any suggestions?

Thanks!
 

Answer:Code Repository/Check-in/Check-out system

I think subversion should handle your needs...
 

13 more replies
Relevance 31.98%

I have listbox with check box as listbox items, i need to select to checkox dynamically. help me to do this.

Answer:Unable to check the check box dynamically in listbox in wp7

sorry but I clearly didn't get your question here. Could please give me some more details ? :)

2 more replies
Relevance 31.98%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des

Answer:Check Disk \ Auto Check Alternatives

There isn't any such software??

-Des

3 more replies
Relevance 31.98%

So I have this problem, I have a user that have to check that box every time he open outlook for always check spelling before sending, it won't save the setting when I close it, my last resort would be a new profile but I want to try get help here first since google wasn't very helpful

We use outlook 2010 and the PC is part of a domain, I also tried checking the web outlook but the option is not there.

He is the only user having this problem and to be honest I have never seen this problem before.

More replies
Relevance 31.98%

Hello.

I have a SuperMicro server with windows 7 32bit. I am using a specialized hardware that can understandably may cause machine check errors because I have a pcie device that can stop responding to cpu non posted transactions for long pepriod of time. I have disabled the pcie timeouts in the hardware, but some other cpu exception occurs due to this long waiting time for the pcie transaction to complete. I get the BSOD with WHEA exception 124.
Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR

Reported by compenent: Processor Core
Error source : 3
Error type: 9
Processor ID: 36

Event ID 18

How do I disable this machine check in windows 7 ?

Thanks

Rayyan

Answer:how to DISABLE Machine Check, WHEA bug check

Hello and welcome to the sevens forum. You said you are getting BSOD"s can you do the following because the BSOD team will need it to help you.

Blue Screen of Death (BSOD) Posting Instructions

1 more replies
Relevance 31.98%

If it ain't one thing, it is another with this computer.
My spell check is having a nervous breakdown. It checks and offers alternatives for almost every word. This check can include words such as A or An, It, etc. At times I get spellings for words nowhere similar
In a paragraph similar in length to the preceding one, I might have suggetions for practically every word.
Plus, the auto check feature is not working
Anyone help? Appreciate any

Sarge
 

Answer:Spell check doesn't check correctly

You need to tell us what OS you are using and where this is happening - in a browser, in a word processor etc.
 

4 more replies
Relevance 31.98%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des
 

Answer:Check Disk \ Auto Check Alternatives

Well...? I'm sure there must be some available.

-Des
 

7 more replies
Relevance 31.16%

just wanted to see if anyone noticed anything out of the ordinary.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:04 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\SYSTEM32
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTune... Read more

Answer:*not urgent* can someone check my HJT to make sure everything is in check?

Looks fine
 

1 more replies
Relevance 31.16%

greetings,
when I try to enter checks in the check register, I cannot set the check date to anything other than today's date (ie, the day I am trying to enter the check).

I have googled, etc, but cannot find the cause of this problem.

Anybody have an idea ?

thanks in advance.
 

Answer:Check dates in check register

What program
 

2 more replies
Relevance 29.11%

Hi -Have you changed or added anything recently, or had any type of infection on the computer ? ?Go > Start Accessories > Command Prompt and Right click on it > Select Run as Administrator > Then type scf /scannow and press Enter -This "should" only take about 20 to 30 mins and will check your System Files -Next do the same, but type chkdsk /r and follow any prompts and reboot your computer - The 5 stage check may take from 1 to 2 hours depending on your system, but please let it finish -Thank You -

Answer:auto check program not found-skipping auto check

If sfc /scannow doesnt help then try thisDownloadAutorunsExtract and launch autoruns.exeAllow the scan to run,click on FILE-SAVE Filename:Autoruns.txtsave as type:textUpload the file to wwww.filedropper.com and post the link here

3 more replies
Relevance 29.11%

I get this blue screen error "Auto Check Program not found - Skipping auto check" each time that I boot up. What's the cause and how can a fix it?

More replies
Relevance 26.24%

Running the Computer Check Disk Function
Step 1
Determine whether you are using Windows XP or Windows Vista. XP users can simply click on the "Windows Start Button" and then go to the "Run" link. Once run pops up type in "CMD" and hit enter which will cause the MS DOS prompt to appear. Type in "CHKDSK /r" which will check for hard disk errors. Vista users need to click on "Start" then go to "Accessories" followed by "System Tools" and then run the MSDOS program followed by "CHKDSK /r"
Step 2
Insert your restore CD if errors are found and not fixed by the check disk function listed above.
Step 3
Turn your computer off and then back on. You'll be asked to hit any button to boot from your CD; press any key. You will then be asked if you want to install a fresh version of your OS or "Repair" a current copy. Choose the "Repair" option and allow the computer to go through the necessary steps.
Step 4
After the repair function has run, turn your computer off and then back on. Wait and see if the computer shuts down again. If it does not shut down, your computer's restore function has fixed the file, which was probably caused by a bad system file.
Fixing Computer Shut Downs Via The Power source
Step 1
Check if your power source is properly connected inside your computer. Your power source is the large box that your computer's power cable plugs into. If this connection becomes loo... Read more

Answer:How to check for disk errors using Check Disk

Very useful share angelcotty

2 more replies
Relevance 26.24%

Today, I was online, reading the news and noticed that the pages were loading slower and slower. Using IE 8. Anyways, I got the Blue Screen of Death with (this is the first time I've seen this message):

Hardware Malfunction
Call hardware vendor for support
NMI: Parity Check/Memory Parity Error
The system has halted

I have a Dell Inspiron E1705 laptop
Win XP, Svc Pack 3
RAM: 1GB
BIOS version: Dell Inc. A03 (2006)
Recent changes to computer: Upgraded from IE 7 to IE 8 12 Apr 09, Windows Auto Update 15 Apr 09, Reg Fix Pro Update 16 Apr 09

After rebooting, I came to your site and checked out some similar posts, I've blown away the dust and went to the link for memtest86, downloaded, installed and updated drivers.

So, far have not received this msg again, but there were some other suggestions I'd like to try. How do I clear CMOS & set BIOS? (And years ago I heard the term - flash the BIOS is this the same thing? Or something else & do I need to do it?) Can you give me guidance on opening up a laptop to reseat & switch memory (I've only opened a desktop)? I did try to go into Setup (F2), but most fields were unchangeable. The battery is 100% charged and performing normally.

Any other things I should do?

Thanks so much!
 

Answer:parity check/memory parity check

There should be a slot on the bottom to get to the memory. Laptop memory sits flat, you will press 2 clips on the RAM holder and the memory will come up about 45 degrees. You can then lift it out of the slot. To install new memory, you slide it into the holder then press it down so it lies flat and you will hear it click in place.

As far as BIOS, avoid flashing it. If this is the first problem you've had and the error seems to point to memory, you do not need to do anything with your BIOS.
 

8 more replies
Relevance 22.96%
Question: just check it out

I added my combofix file, just look and check it out. thanx

Answer:just check it out

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424599 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 22.96%

Hey! I've noticed a few things in my HJ This log that I don't remember being there before. (I use it a lot). Would someone mind taking a look for me? Thanks in advance!

Logfile of HijackThis v1.98.0
Scan saved at 2:36:06 AM, on 7/26/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-B NOTEBOOK ADAPTER\WPC11CFG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [S... Read more

Answer:HJ This Log -- Could someone check this for me?

6 more replies
Relevance 22.96%
Question: PLz check my log

Can someone please look at this hijack this log. see if it needs to be cleaned up a bit. Someone else who uses the comp said something was wrong with it and dll another virus scan prograhm. figured it was a good time to check on my hJT log.
thx in advance
Logfile of HijackThis v1.97.7
Scan saved at 1:08:06 PM, on 7/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\AIM95\aim.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Stephen\My Documents\My Deliveries\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.cl... Read more

Answer:PLz check my log

Questionable process:?!?
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

Questionable:?!?!

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
 

1 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 3:17:18 PM, on 7/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\program files\steam\steam.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DV Series\Console\Watch.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 My Custom Edition\CalCheck.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\PROGRA~1\Grisoft\AVG6\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Defau... Read more

Answer:can someone check my log please

Log looks fine.
 

2 more replies
Relevance 22.96%

Im on my work computer, and it appears to be something running in the bckgroud. whenever i have a program opened, the title bar keeps flickering from blue to grey, and back. also, when i click the mouse to open a menu, be it the start menu, or the file menu it closes immeadiately after it opens.Logfile of HijackThis v1.98.0
Scan saved at 10:59:10, on 05/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS FOR WORKSTATION\AVPCC.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS FOR WORKSTATION\AVPM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS FOR WORKSTATION\AVPCC.EXE
C:\PROGRAM FILES\UMSD 2.3\UMSD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\MY DOCUMENTS\GLYN\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hse.gov.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cardiffitec.com:3399
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.... Read more

Answer:Can someone please check my HJT log?

rtescan and insert a check next to each of these then close all browser windows and click "fix chedked"

O4 - HKCU\..\Run: [Chea] C:\WINDOWS\Application Data\esrs.exe

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
Then reboot your system into safe mode and delete:
C:\WINDOWS\Application Data\esrs.exe

Then you need to get your critical updates so go to windows update and get all critical updates for that system especially Internet explorer 6.
 

1 more replies
Relevance 22.96%
Question: HJT log check

Hi, first time posting

Conhost.exe, Dwm.exe, randomnumber.exe, Csrss.exe

Apparently, I had these viruses for quite sometime without noticing despite running malwarebytes, spybot, and avira on a relatively consistent basis (once a month). After google-ing and removing each of these viruses manually I'm pretty sure I'm clean. However if someone could take the time and look over my HJT log it would be much appreciated!

Operating System: Windows XP Home Edition SP 3

----------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:22 PM, on 5/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC-Protection\Avira\AntiVir Desktop\sched.exe
C:\Program Files\PC-Protection\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\PC-Protection\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC-Protection\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\svc... Read more

Answer:HJT log check

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

7 more replies
Relevance 22.96%

I have windows XP. I get redirected to other searches ie (can not find www.....) a lot! Lots of pop ups hope this helps.
thanks!
Logfile of HijackThis v1.98.0
Scan saved at 9:29:07 AM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\acvbcx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SYSTEM~1\soap.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\POPO\My Documents\hijack... Read more

Answer:Please check H/T log!

Hi - Welcome to TSG!!

Click on the link below to download CWshredder.
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.

Reboot:

Download Spybot http://www.spybot.us/spybotsd13.exe

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot

Download AdAware http://www.lavasoftusa.com/support/download/

Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect. After the updates are installed click "Finish".

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest reference files.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select "Unload recognized processes during scanning". Under Cleaning Engine select "Let windows remove files in use at next reboot".

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan... Read more

1 more replies
Relevance 22.96%

Hi I just got this website and was wandering if any you could check out and give some feedback and if you like it could you sign up at my forums! http://www.guru-nobz.tk
 

Answer:Hi all check this out!

Taken From your Website
You dont need to sign up to post in guest board.

Please No Spam Here



Moderators Eric, Azn_Sowsage, FarCry 1 1 Thu Jul 22, 2004 6:44 pm
eric

Please Post one website at a time and remember not to double post

New posts No new posts Forum is locked
 

3 more replies
Relevance 22.96%

Hey, I had lots of trojans, but when I used combofix it deleted all of them. (I know this because the places I scanned earlier with a virus scanner showed as a virus but couldn't delete it but now it doesn't show anymore). I still want to post this.And.. Can we use combofix any time we want or isn't it healthy for the laptop to be using it frequently? Just want to use it just in case...Running from: c:\users\Alive\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exeSP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active.((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 ))))))))))))))))))))))))))))))).2010-11-03 09:13 . 2010-11-03 09:13 -------- d-----w- c:\users\Default\AppData\Local\temp2010-11-03 08:11 . 2010-11-03 08:11 -------- d-----w- c:\program files\Your Uninstaller 20102010-11-03 07:43 . 2010-11-03 07:43 -------- d-----w- c:\program files\InCode Solutions2010-11-03 07:17 . 2010-11-03 07:17 -------- d-----w- c:\program files\CCleaner2010-11-03 03:38 . 2010-11-03 03:38 -------- d-----w- c:\program files\Common Files\Microsoft Games2010-11-03 03:38 . 2010-11-03 03:38 -------- d-----w- c:\programdata\Microsoft Games2010-11-03 02:05 . 2010-11-03 02:05 -------- d-----w- c:\program files\Microsoft Silverlight2010-11-03 00:28 . 2010-11-03 00:35 -------- d-----... Read more

Answer:Please check my log

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 10:07:34 AM, on 7/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\BIN\IMAPP.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOW... Read more

Answer:Can Someone Check My HJT Log Please?

Hi.........

Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows including this one and "fix checked"

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWay\SearchAt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWay\bar\1.bin\MWSBAR.DLL

Re-boot and uninstall "MyWebSearch" in Add/remove programs.
 

3 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 7:43:10 PM, on 07/12/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Inte... Read more

Answer:Please Check My HJT Log

6 more replies
Relevance 22.96%

Could someone check my HJT log to see if anything is wrong? My computer has been running slow and I've noticed a lot of programs that I've never installed. Please help...

thanks

Logfile of HijackThis v1.98.2
Scan saved at 12:13:54, on 05/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\WINDOWS\System32\MMTray.exe
C:\Program Files\Fichiers com... Read more

Answer:Please check my HJT log

8 more replies
Relevance 22.96%
Question: HJT log check

Hej

I just took on a new laptop ... I have downloaded and run the latest versions of AdAware, SpyBot, SpywareGuard, SpywareBlaster and CWSShredder, and got rid of a lot of nonsense through that ... Now I am wondering if one of the experts could glance over the Log below and see if anything else can go. I would be really grateful for your help so I can start with a clean machine!

Thank you for all your time -

.....
Logfile of HijackThis v1.97.7
Scan saved at 01:25:42, on 01/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain... Read more

More replies
Relevance 22.96%

Can anyone please tell me what needs to be fixed???

Logfile of HijackThis v1.97.7
Scan saved at 12:08:43 PM, on 14/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\WINDOWS\system32\ps2.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\System32\msrexe.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\mslagent\mslagent_.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\WINDOWS\System32\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Brad's Folder\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Int... Read more

Answer:Can Someone please Check my Log???

Download FindnFix at the following link and extract it
(it should autoextract to C:\FindnFix when you double click it)
http://www3.ns.sympatico.ca/c.bennett03/FINDnFIX.exe

Go to the C:\FindnFix folder and doubleclick on !LOG!.BAT and let it run.
It will generate a log.txt file. Copy and paste log.txt back here in your next reply.
 

3 more replies
Relevance 22.96%

I (FLRMan1) recently corrected the about:blank business and I switched my browser to Mozilla Firefox because I read it was a bit more secure.I actually like it! Computer is running fine except when I try to piece wave files together in sound recorder,I get a "not enough memory" prompt saying I should quit some applications. I have an 80GB primary w/ a 30 GB slave.Shouldn't this be enough? Thanks for the consideration.

Logfile of HijackThis v1.97.7
Scan saved at 5:01:06 AM, on 7/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\... Read more

Answer:HJT log check ,please?

6 more replies
Relevance 22.96%
Question: just a check

hello everyone , just out of curiosity I scanned my pc using HijackThis , the log looked normal except for the O17 line so i thought i should report it here just in case
thanks in advance for your precious help !!
here's the log file : http://pjjoint.malekal.com/files.php?id=501b5fcb9a568

up up !!

Answer:just a check

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

20 more replies
Relevance 22.96%

Logfile of HijackThis v1.98.0
Scan saved at 12:36:52 AM, on 7/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NORMAN\Nvc\BIN\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\program files\support.com\client\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINDOWS\kaxulnqat.exe
C:\WINDOWS\System32\dp-him.exe
C:\Program Files\SmartDisk\FlashPath\sdstat.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\npfmsg2.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MsiExec.exe
C:\WINDOWS\System32\MsiExec.exe
C:\Documents and Settings\Ty.HOMEOFFIC... Read more

Answer:Please check my log

Hi - Welcome to TSG!!

Make a folder on your hard drive, like My Documents\HJT
Download Hijackthis.
Unzip the file to the folder on your hard drive.

Restart in safe mode
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK".

Now empty these folders.

C:\documents and settings\%profile%\local Settings\Temp --> folder
C:\documents and settings\%profile%\local Settings\Temporary Internet files\content.IE\ --> folders

Do this for every profile on the machine!

Reboot to normal mode.

Download Spybot http://www.spybot.us/spybotsd13.exe

This is a new version, if you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.

Make sure to check for updates prior to running the scan.

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware http://www.lavasoftusa.com/support/download/

Before you scan with AdAware, check for updates of the reference file by clicking on "Check for updates now", connect. After the updates are installed click "Finish".

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for ... Read more

1 more replies
Relevance 22.96%

Thanks guys for doing this......
Logfile of HijackThis v1.97.7
Scan saved at 3:54:38 PM, on 7/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\windir.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\NCLAUNCH.EXe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\Pro... Read more

More replies
Relevance 22.96%
Question: please check HJT

Please check my HJT log. I know some of these things are not normal but I'm not sure about all of them.
Thanks a lot
nbnurse

Logfile of HijackThis v1.97.7
Scan saved at 10:22:58 PM, on 7/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/servlet/Weather?query=Bathurst,NB&go=Go
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hispeed.rogers.com
R1 - HKCU\Software\Microsoft\Internet Exp... Read more

More replies
Relevance 22.96%

thanks

Logfile of HijackThis v1.98.0
Scan saved at 10:42:59 AM, on 13/07/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\mfplay.dll/sp.html (obf... Read more

Answer:please check my log

11 more replies
Relevance 22.96%

I've started a new thread because i didnt seem to be getting anywhere. can someone check this log to make sure its ok? i keep having to run adware every morning to clear up some cool web search and i just want it gone for good! im on windows 2000 and its an office machine so im only here to 5pm (uk time)

Please help!!!!!!!!!!

Logfile of HijackThis v1.97.7
Scan saved at 14:08:51, on 06/07/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\PSG\PSG.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\PSG\PSG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet ... Read more

Answer:Can someone check this please??????

No problems that I see in the log. Perhaps after you do this the problem will return, if so don't fix anything, just post the log.

Restart in safe mode
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK".

Now empty these folders for every profile on the machine.

C:\documents and settings\%profile%\local Settings\Temp
C:\documents and settings\%profile%\local Settings\Temporary Internet files\content.IE\
 

2 more replies
Relevance 22.96%
Question: Check Out My Log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\TEMP\q1272325.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rafe\Local Settings\Temp\Temporary Directory 27 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://imdb.com/
F0 - system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\netdc.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_3_11_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe028.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Progr... Read more

Answer:Check Out My Log

16 more replies
Relevance 22.96%
Question: HJT check?

Hey guys, thanks for all the info from past threads about getting rid of Odysseus Marketing. Now all I need is someone to check my log. Thank you!

Logfile of HijackThis v1.98.0
Scan saved at 9:05:33 AM, on 7/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\dhbrwsr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Crista\Desktop\hijackthis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microso... Read more

More replies
Relevance 22.96%

Did a check on my home computer and just wanted to verify that it is good. I ran cwshredder, ad-aware and spybot s&d, all good. Please check this log for anything strange.

Logfile of HijackThis v1.98.0
Scan saved at 10:58:46 PM, on 7/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Iomega\Iomega Backup\dtsc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Sierra Imaging\... Read more

Answer:Please check my HJT log

anyone?
 

2 more replies
Relevance 22.96%
Question: check my log

Hello, just wondering if someone could take a look at this.Thanks!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:58:19 AM, on 7/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\PROGRA~1\A... Read more

Answer:check my log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 22.96%
Question: Check this out

Here is my log. I got some warning messages from forum moderator and need to be sure that everything is o.k. with my comp. Thanks.

Answer:Check this out

Am I going to get an answer this year please ???===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has b... Read more

3 more replies
Relevance 22.96%

Here is my HiJack log. Can you guys help me out?

I have ran Ad aware, SPybot, and CWShredder before this also.
Logfile of HijackThis v1.98.2
Scan saved at 12:34:43 AM, on 8/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Y4J\Desktop\HiJackNEW\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mugglenet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://db105.com:81/cgi-bin/index.cgi?c=0
R1 - HKLM\Software\Microsoft\Int... Read more

Answer:Can you check out me log?

You were getting excellent help here: http://forums.techguy.org/showthread.php?t=261472

Post your log in that thread and continue to let dvk01 and/or flrman1 assist you.
 

1 more replies
Relevance 22.96%

I haven't had anyone check this for a while...Let me know if im clean

Logfile of HijackThis v1.97.7
Scan saved at 1:26:43 PM, on 8/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Sd Juke\sdjbmgr.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\SERVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\gwxgch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Chad Mueller\Desktop\Misc\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ... Read more

Answer:Someone please check my HJT log

anyone
 

2 more replies
Relevance 22.96%

Hi again, guys,

Would someone please check out the following log for me ? Thanks in advance.
RK

Logfile of HijackThis v1.98.2
Scan saved at 2:03:12 PM, on 8/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\documents and settings\administrator\local settings\temp\GOHK.exe
C:\documents and settings\administrator\local settings\temp\Gvgc.exe
C:\WINDOWS\System32\pifsink.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\algndmgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\YxlE.exe
C:\WINDOWS\System32\YxlE.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Ex... Read more

Answer:Need help. Please check HJT log for me

7 more replies
Relevance 22.96%

Logfile of HijackThis v1.98.2
Scan saved at 3:44:12 PM, on 8/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\oksqfpne.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS... Read more

Answer:Please check my log!

Hi and welcome to TSG,

Download the LPS Fix:

http://cexx.org/lspfix.htm

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of lspak.dll and cdlsp.dll
(and nothing else), and move them to the "Remove" pane.
Then click Finish.

Now start your computer in Safe Mode and delete:

The C:\windows\system32\lspak.dll and cdlsp.dll
- files

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Restart your computer.
SPYBOT SEARCH & DESTROY

http://majorgeeks.com/download2471.html

Open Spybot Search & Destroy (Click Start, Programs, Spybot S&D (Advanced Mode). Click online, Search for updates, Download all available updates. Close all Browser windows, Click ''Check for Problems''. Anything that needs to be fixed it will show in red and have a green check... Read more

2 more replies
Relevance 22.96%

Could someone please check my hjt log?Also how do I get rid of Huntbar:Btieim permantly.It's in my registery and I can't delete it, also I can update spybot and adaware and everthing else but cwshredder,Why?Any help will be greatly appreciated.
Logfile of HijackThis v1.97.7
Scan saved at 8:16:33 PM, on 8/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE... Read more

Answer:HJT log Please Check

16 more replies
Relevance 22.96%

Ok, I have the about:blank homepage and I can't change that. Also all the check boxes, the minimize/maximize buttons are numbers now, and all of the text on my computer is real small cursive. Now this is a work computer, so the person who had this before me ****ed it up I guess, but I am getting the blame for it. So any help is greatly appreciatted. I have already ran Ad-aware and Spybot, and those are both green.

Here is the log:

Logfile of HijackThis v1.97.7
Scan saved at 11:02:37 AM, on 8/25/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\WINDOWS\SYSTEM\HPZTSB02.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM... Read more

Answer:Please check my HJT log!

9 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 3:47:34 AM, on 8/27/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Essdc] essdc.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Ru... Read more

Answer:please check this hjt log

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Close all applications and browser windows before you click "fix checked".
 

1 more replies
Relevance 22.96%

Hi,I think I got a virus from some random site. I have comodo firewall and Avast antivirus both did not signal a threat, but the site itself seemed unsafe because I got a pop up from that site that said I should scan my computer because it had viruses and asked me to click ok. I immediately closed the browser and did a Malware Byte scan.Malware byte scan result : No malware detected.I did a HJT log soon after the Malware byte scan:Here's the HJT Log, what do you see in this? This HJT was done before I scanned with F-secure online scannerLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:44:48 AM, on 1/15/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\ALWILS... Read more

Answer:Please check ths HJT Log :(

Today, I did a DDS and Root Repeal report. Please take a look at itAttaching 3 reportsDDS.txtAttach.txtArk.txtAlso copy pasting DDS.txt:DDS (Ver_09-12-01.01) - FAT32x86 Run by abc at 22:00:18.75 on Sat 01/16/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.39 [GMT 5.5:30]AV: avast! antivirus 4.8.1368 [VPS 100116-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32 ... Read more

5 more replies
Relevance 22.96%
Relevance 22.96%

I have run all my antiviral scans and such and all is neg, but computer is still newly sluggish. Would someone please review my log?Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:17:45 AM, on 12/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.e... Read more

Answer:looking for a check up

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 22.96%
Question: log check

i am clean?i dont know also whats UniFSService.exethanks Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:39:32, on 02/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Acer\Acer VCM\RS_Service.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\UnisonPlay\UniFSService.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\PROGRA~1\LAUNCH~1\LManager.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\WINDOWS\WebCam\M3000\M3000Mnt.exeC:\WINDOWS\sys... Read more

Answer:log check

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 22.96%

Update: I stopped Antivirus System Pro from starting by deleting O4 - HKCU\..\Run: [tsbyrqgs] C:\Documents and Settings\REP.YOUR-27E1513D96\Local Settings\Application Data\dxhoqi\sjnfsysguard.exe. If there are any other issues I'm missing please let me know.This is my computer at work and do not have access to the host files currently but I am working on it. Thank you in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:33:27 PM, on 11/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxpers.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\WINDOWS\system32\hkcmd.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\AVG\AVG8\avgui.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\AVG\AVG8\avgscanx.exec:\windows\system\hpsysdrv.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\I... Read more

Answer:Check my log please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Relevance 22.96%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:06:27 AM, on 11/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\DISC\DISCover.exeC:\Program Files\DISC\DiscUpdMgr.exeC:\Program Files\HP DigitalMedia Archive\DMAScheduler.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\TechSmith\Snagit 9\Snagit32.exeC:\Program Files\Updates from HP\9972322\Program\Updates from HP.exeC:\Program Files\TechSmith\Snagit 9\TSCHelp.exeC:\Program Files\Common Files\Apple\Mobile Device Suppor... Read more

Answer:Can someone please check my log

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

7 more replies
Relevance 22.96%
Question: Please check log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Executive Software\SiteKeeper\Sitekeeper.exe
C:\Program Files\Executive Software\SiteKeeper\LServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Charley\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/... Read more

More replies
Relevance 22.96%

HiI have been having problems with my IE google links also running slow and other bits and annoying pieces. I have run combofix and it is certainly running faster but could someone be kind enough to review the log and tell me if I need to do anything else ComboFix 10-03-29.03 - Ann 30/03/2010 11:44:37.1.2 - x86Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3062.2144 [GMT 1:00]Running from: c:\downloads\ComboFix.exeSP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\$recycle.bin\S-1-5-21-3956336972-812259086-2518084299-500c:\program files\Downloaded Installersc:\program files\Downloaded Installers\{8FFA5A26-4D51-473F-A8CF-C7166925726A}\setup.msic:\program files\FlashGet Networkc:\program files\FlashGet Network\FlashGet 3\adns.dllc:\program files\FlashGet Network\FlashGet 3\btcoreu.dllc:\program files\FlashGet Network\FlashGet 3\BugReport.dllc:\program files\FlashGet Network\FlashGet 3\BugReport.exec:\program files\FlashGet Network\FlashGet 3\cd1.icoc:\program files\FlashGet Network\FlashGet 3\ckcore.dllc:\program files\FlashGet Netwo... Read more

Answer:can someone check my log please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 22.96%
Question: Log check

Hi there, I am running a fresh upgrade of windows 7 from Vista, Both 32 Bit. Having some issues and not fixable with the basics wondering if you could look over the log i ran and fill me in on what to do about em. Thanks. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:23:09 PM, on 3/14/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Motorola\Moto... Read more

Answer:Log check

Sorry about the posting in the wrong place, please get to it as soon as possible. and let me know if you need any other info. thanks again.

3 more replies
Relevance 22.96%

I cannot get "easy search" off my machine. I have run CW shredder, ad ware, and spybot s&d, all updated, I restarted my computer, and this is the log from hijack this. Any and all help would be appreciated. As a note I got infected when I went to miniclip.com

Logfile of HijackThis v1.97.7
Scan saved at 1:40:45 AM, on 8/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\Twain_32\ScanWiz5\SDetect.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ogbflkr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUME~1\WARREN~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.d... Read more

More replies
Relevance 22.96%

I dunno if somethings's wrong? This is my bro's comp and I'm just helping out.
Logfile of HijackThis v1.95.0
Scan saved at 11:28:53 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\carrie\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://ca.rd.yahoo.com/slv/ycheck/as/*http://
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn5... Read more

Answer:can someone check this log...

9 more replies
Relevance 22.96%
Question: please check this

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:32:27 PM, on 4/19/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17023)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program F... Read more

Answer:please check this

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

37 more replies
Relevance 22.96%

Does this look OK

This is for Work Computer 1,

--------------------------------------------------
Logfile of HijackThis v1.98.0
Scan saved at 17:00:41, on 05/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.freedomnames.co.uk
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [... Read more

Answer:Please could you check this HJT log

Clean!
 

3 more replies
Relevance 22.96%

i have run adware and spy bot but i am infected i think. please help
Logfile of HijackThis v1.97.7
Scan saved at 01:27:08, on 05/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\beusva.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RDSHOST.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\... Read more

Answer:please check this 4 me

6 more replies
Relevance 22.96%

I found a URL.IE.APP in my programs menu. I was weary of this, and scanned and didn't get anything. Please check if any of this is bad stuff. Thank you for your time!

Logfile of HijackThis v1.97.7
Scan saved at 1:19:23 PM, on 8/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\WINDOWS\RUNSERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ZMUD\ZMUD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\NECUTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2... Read more

Answer:HJT Log. Just a check-up

Hi, Don't see anything really bad in your log...you can check in Add/Remove Programs or in the running processes for URL.IE.APP I have seen only a few posts about this entry, and it seems to come and go. It is seen with P2P file sharing users often...if you are using P2P, but have it "turned off" somehow, well expect things to be found on your computer from time to time! If not using P2P, never mind my comment, OK?
If you do an online antivirus scan, say at Housecall, and scan clean, I would not worry very much.
If you have AdAware or SpyBot Search and Destroy, and have them set up correctly and fully updated, and scan with nothing found, I would relax. There are also some programs you can get that will help prevent a great deal of the hijacks around, and of course>> visit Windows Updates to install all the critical patches for the system..((While you still can!))
 

2 more replies
Relevance 22.96%
Question: Check up ^_^

Assuming m0le is going to help me, like I said in the message firefox is slow and froze few times, rainmeter did earlier today, acrobat shutdown/timed out few times the other day and feels like the compy is a little slow. Dunno maybe I'm paranoid. T___T Also desktop freezes and it won't let me open up anything...:/ I dunno I have a wierd feeling...Also noticed my on the attachment for DDS it said ACER computer tried to connect or something. Which would be the laptop my dad bought like 2 days ago, was curious why its trying to connect to my computer or w/e?DDS (Ver_10-03-17.01) - NTFSx86 Run by NETI at 22:42:07.47 on Tue 05/04/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2814.1685 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k rpcssC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k secs... Read more

Answer:Check up ^_^

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

7 more replies
Relevance 22.96%

So this is my HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:52:59 PM, on 4/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Kaiser\VPN Client\cvpnd.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exeC:\WINDOWS\system32\ICO.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\system32\EXSHOW95.EXEC:\Program Files\Dell\AccessDirect\dadap... Read more

Answer:Can someone check my HJT log?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

2 more replies
Relevance 22.96%

I've run Avast boot virus scan, Adaware and Spybot. Got new version of HJT, please advise on following log:

Logfile of HijackThis v1.98.2
Scan saved at 7:56:54 AM, on 8/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\documents and settings\john\local settings\temp\6S.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Prog... Read more

Answer:Please check my HJT log

6 more replies
Relevance 22.96%
Question: log check please

i had a problem with logging into my admin account http://www.bleepingcomputer.com/forums/t/214345/logging-in-twice/ and was posted there but it has seem to be resolved as of now.it was also said i may want to check for malware so i'm posting a HJT log here to see if someone see's something i dont.thank you for your continued support.D_N_MLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:30 AM, on 4/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\hphmon06.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\COMODO\SafeSurf\cssurf.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system... Read more

Answer:log check please

it's been 5 day's since my original post

i know you folkes are busy and appreciate any input as to the log i posted.
thank you again for the continued support.

D_N_M

10 more replies
Relevance 22.96%

Logfile of HijackThis v1.98.2
Scan saved at 12:00:38 PM, on 8/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\TANGOMANAGER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redire... Read more

Answer:hj log please check

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...archbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...=search&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/...archbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...=search&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/...archbar&LC=0409

Do you try to remove the above links?
 

1 more replies
Relevance 22.96%
Question: check up

ogfile of HijackThis v1.98.2
Scan saved at 2:35:57 AM, on 8/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\TANGO MANAGER\APP\TANGOMANAGER.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirect... Read more

Answer:check up

 

2 more replies
Relevance 22.96%

Last time I received help, I was quick to donate. I truly appreciate your help! Life was great until recently. I went through the basic removal steps, and here is my HT log.....

Logfile of HijackThis v1.97.7
Scan saved at 11:18:45 AM, on 8/15/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\MOUSE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\XL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\ICONS\SETICON.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUNOTIFY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: CitiUS Shared Browser Helper Obj... Read more

Answer:Please check my HT log...Thanks!!!!

Hi A new version of HijackThis has come out, could you download it and post a log from v.198.2 of Hijackthis.

Get it here:

http://spywarewarrior.com/files/HijackThis.exe

you can simply delete the old HijackThis.exe and get the new one, I see you have it on the desktop...might be better in it's own folder. I usually just create a new folder called HJT right on C:

In Windows Explorer, with the C: drive at the top highlighted, click at the top File>New>folder and rename the new folder HJT. When you download, save Hijackthis.exe TO the HJT folder and run hijackthis.exe from there so the backups HJT makes will be put there instead of all over your desktop.
 

2 more replies
Relevance 22.96%

Hi, I have been in a long and hard struggle against some trojans and worms in my computer.I have the following security programs:Avast 5Advanced System Optimizer Protecter 3Spybot SDSpywareBlasterMalwarebytes AntimalwareHere is my log:-------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:43:46 PM, on 3/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Microsoft Application Virtualization Client\sftvsa.exeC:\WINDOWS\system32\... Read more

Answer:Can someone check my HJT log?

Hey WindowsTutorialsify,Welcome to Bleepingcomputer! I'm Ltangelic and I'll be helping you fix your computer problem.Before we proceed, here are some things that you can take note of so that the cleaning up process will be more smooth and efficient. Do not worry, the points below are not any form of rules, it's just a few pointers that can ensure that you will get the best help from me. To ensure that you are informed of the latest replies to your thread, you may like to right click on Options at the top right hand corner of this page and select "Subscribe to this forum". That way, you will be notified via email when a reply was posted to your thread. If you have any doubts or uncertainty about any part of my instructions, feel free to post on here and ask me about them. Please do NOT attempt to run any tools or do any fixing on your own unless I tell you to, this will avoid any confusion that can occur during the cleaning process. Furthermore, fixing malware problems without sufficient knowledge can be dangerous at times and you can mess up your own computer without knowing. Please do not PM me for malware removal assistance, any request for malware removal assistance should be posted in this thread only. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message to me on here. ;) Please do not start multiple top... Read more

14 more replies
Relevance 22.96%

I think this looks good but thought I could use a second opinion.

Logfile of HijackThis v1.95.1
Scan saved at 12:18:42 PM, on 8/29/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Internet Explorer\iexplore.ex... Read more

Answer:HT Log Please check

6 more replies
Relevance 22.96%

I have about 5 viruses and I can't figure out how to remove them. Can someone check my HJT log, I'm assuming the viruses will show up here?

Thanks, Danna


Logfile of HijackThis v1.97.3
Scan saved at 9:03:47 PM, on 2/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\0VGJS1AZ\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.degrassi.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\... Read more

Answer:Could you check my HJT log please?

16 more replies
Relevance 22.96%

Is everything okay? I just want to know if Spybot S&D's missed any bugaboos hiding out on my computer

Logfile of HijackThis v1.97.7
Scan saved at 9:34:18 PM, on 4/5/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\[email protected]\[email protected]
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\MAXMEM\MAXMEM.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\PROGRAM FILES\GETRIGHT\GETRIGHT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\KAZAA LITE K++\KAZAALITE.KPP
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\START MENU\PROGRAMS\SYSTEM TOOLS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wolfpcsystems.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wolfpcsystems.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wolf PC Systems
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E71... Read more

Answer:Is everything okay? (HJT log-please check)

Clean!
 

1 more replies
Relevance 22.96%

Hi

It seems that over the last few weeks I haven't had a dull day at work! So many issues coming through.......

If I open internet explorer the cpu usuage shoots to 100% and the webpage eventually times out. I've run spybot and adaware.

Here is my log. Any nasties?

PS: This is a work pc so expect to see a few strange entries.

Logfile of HijackThis v1.97.7
Scan saved at 11:18:38, on 06/04/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Visual IP InSight\AirProducts\ARUpld32.exe
C:\Program Files\Visual IP InSight\AirProducts\ARMon32a.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\mqsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec... Read more

Answer:Hi, can someone check this new log please?

this is a semi unklnown, O2 - BHO: (no name) - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
I know what it does and who makes it ,but don't know anyone else who uses it. Any BHO will take IE memory and could cause IE instabilities, I am not saying it's the cause but it is one possibility.

to eliminate it or confirm it as the cause then doewnload BHO demon from http://www.definitivesolutions.com/bhodemon.htm

that allows you to easily enable & disable bho's without any propblems, disable it, see if IE problems stop and you have your answer.
If it isn't the cause, then re-enable it again

I can't find anything about these so I don't know

Have you installed them and know what they are, II think they are part of your IP Insight program and have seen several reports of difficulties seting up that program, causing loss of connections
O4 - HKLM\..\Run: [WinMsg50RegSet] C:\winnt\regedit.exe /s "C:\Program Files\AirProducts\WinMsgr50\HKCUSettings.reg"
O4 - HKLM\..\Run: [WinMsg50IMSet] C:\WINNT\System32\wscript.exe "C:\Program Files\AirProducts\WinMsgr50\IMSetting.vbs"
O16 - DPF: {CDBD9968-7BF1-11D4-9D36-0001029DEBEB} (Loader Class) - http://testdir/tdbin/Spider.ocx
 

2 more replies
Relevance 22.96%

just wanted to do a check up on my computer.....

Logfile of HijackThis v1.97.7
Scan saved at 6:50:54 PM, on 4/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\progra~1\steam\steam.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOW... Read more

More replies
Relevance 22.96%

My boss is having some weird problems with her Outlook Express...disappearing mail, and so forth. Virus scans turned up nothing, and Ad-aware and Spy-bot found it clean as well. Maybe something hiding in here...

Logfile of HijackThis v1.97.7
Scan saved at 2:52:18 PM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mc... Read more

Answer:check this log please...

10 more replies
Relevance 22.96%

I hate to be a pain in the buttock, seeing as I have already asked this question already...but.... I'm REALLY anxious to get this trojan horse thing resolved as it has been on my computer for over a week already, and I really need to do some emailing. Don't want to share this with anyone. My log is at:

http://forums.techguy.org/showthread.php?t=219714

Thanx again, and sorry to be a pain, but, like I said before, I'm getting a tad anxious to resolve this. Driving me to distraction.

Hmmmm, I wonder if this is why my computer won't scan or defrag?? OR this is a good one....anytime I try to type in an address in the address bar the whole computer shuts off. Sweeet.
 

Answer:Could someone check my HJT log

From your HJT log, be wary of the following lines:

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWAY\SEARCHAT\2.BIN\MWSSRCAS.DLL

Realsched is RealOne Player updater --- which is ok but may slow the computer down unnecessarily.

MyWebSearch is the annoying "SearchBar" at the top of the browser. I would get rid of it. Even though they say it isn't spyware, SpyBot S&D will pick it out as such.

Goodluck.
 

2 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 12:32:12 PM, on 4/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\QUICKENW\QWDLLS.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\DOCUME~1\WARREN~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS... Read more

Answer:please help check this log

Click on the link below to download CWshredder.
http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.

Post another HJT log after you have rebooted.
 

3 more replies
Relevance 22.96%

I'm still having problems running the updates for Ad-Aware and SpyBot. Also, all the links in the sticky posts and all the links in the emails I've received seem to be broken, or at least IE thinks they are broken. Every single one I click on results in a "This page cannot be displayed" message in IE.

Here is my HJT log, for what it's worth.

Logfile of HijackThis v1.97.7
Scan saved at 1:50:15 AM, on 4/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AWS\WEA... Read more

Answer:Please check this HJT log!

You have been hit by a hijacker or other form of malware that has used the "hosts" file to redirect a multitude of security related urls to your own system.

c:\windows\system32\drivers\etc\hosts

Find this file and delete it or open it and remove all the entries you see in it that are under this line:

127.0.0.1 localhost

Then connect to those sites and install and run those programs. You should also run the CoolWebShredder, CWShredder.exe from this site, have it fix problems and then reboot. Do that after correcting the Hosts file.

http://www.spywareinfo.com/~merijn/downloads.html
*
 

3 more replies
Relevance 22.96%

i have been working on a system running win 2000, and I have been having fits with it. After installing new memory, and finally being able to run a virus scan, 17 infected files were found and repaired. I ran Ad-Aware and Spy-bot, and everything seems fine now, but I would like to have someone check the log out and make sure for me.

Logfile of HijackThis v1.97.7
Scan saved at 1:07:01 PM, on 4/18/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\HEWLET~1\HPPSC7~1\bin\hpoevm07.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\HPOSTS07.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usawide.net
R1 - HKCU\Software\Microsoft\Inter... Read more

Answer:Please check this log

14 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 7:49:40 PM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\America Online 9.0a\aolwbspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Setti... Read more

Answer:Help,plz Check My Log

16 more replies