Computer Support Forum

help with malware pop ups..... (hijackthis log file inside)

Question: help with malware pop ups..... (hijackthis log file inside)

hello everyone im having numerous pop ups and its slowing down my machine big time for virus scanners and random pop ads. Here is the Hijackthis log file. What do you think?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:21 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/?r191=1197892732
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program

Files\Outlook Express\msimn.exe"
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -

C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtss.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop

Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User

'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org

2.2\program\quickstart.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and

Settings\Owner\Local

Settings\Temp\{52858F48-C15D-4283-A648-99272B827965}\{907B4640-266B-4A21-92FB-CD1A86CD0F63



}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar

2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search -

http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) -

http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) -

http://www.albatross18.com/season2/cabs/A18X.ocx
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -

http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -

http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -

http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common

Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file

missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) -

http://i17.photobucket.com/albums/b75/SkullieRoze/Signatures/aj019.jpg

--
End of file - 7841 bytes

More replies
Relevance 100%
Preferred Solution: help with malware pop ups..... (hijackthis log file inside)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 67.65%

I get an error message saying "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." whenever I right-click on my desktop or click on my clock and my control panel disappeared. This started happening a month ago but I sought no help to fix it seeing as I did not need to change anything at the time. Now it has become a burden and I found this website by researching on Google.

Norton Anti Virus also found 6 High-Risk Trojan virus's when I did a scan in Safe Mode. Supposedly they've been deleted or quarantined for now.

Below is my hijackthis log. Help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:14 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.e... Read more

Answer:Possible Malware? Hijackthis Log Inside!

bump
 

3 more replies
Relevance 67.65%

Hi there. The issue I am having is with the new version of WindowsLiveMail. It will not open. After 20 emails with MS, they tell me it is a malware problem. It works in Safe Mode but not in regular mode. I have killed all processes in regular mode, but it still doesn't work. I don't know where to start. I ran AdAware and have found nothing. My hijackthis log is below. If you have any insights, let me know. Thanks!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:30:48 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_... Read more

Answer:HijackThis Log Inside - Malware?

Bump. Anyone? Please.
 

2 more replies
Relevance 65.6%

I have noticed all the applications have been going slow on my PC. I decided to run spybot search and destroy but everytime I try and run it the computer shuts down.

Can anyone please help because my computer is going painfully slow and spybot search and destroy just makes the computer close down.

Hijack this log below

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:09, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WIND... Read more

Answer:Serious malware problem-computer shutting down (hijackthis inside)

Can anyone help with this please, sorry for being inpatient but it's hard to navigate around sometimes because it's going so slow and shutting down.
 

1 more replies
Relevance 65.6%

I'm at my limit of frustration! I somehow got adware from just browsing on my new laptop. I keep getting freaking popups!I have Symantec AV, which I used to scan for and resulted in nothing. Microsoft Defender found some, but did not get rid of them. I also tried Ad-Aware, which found some, but did not fix the problem. I also tried Serch and Destory, which found one, but did not fix the problem. I gave up, and here is my HiJackthis log:

note: if someone can fix this issue, I'll do ANYTHING!





Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:10:16 AM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C... Read more

Answer:FREAKING popup malware! Someone have a solution? (hijackthis log inside)

Use some better antivirus and anti-ad/spyware products. Symantec AV and Defender can't find flies in a pile of horse dung.

First, disable system restore. Also..once the below tools are installed, also run scans in safe mode.

Spybot S&D is OK...update, immunize, scan.

SuperAntispyware is fantastic, IMO the best free one out there...actually IMO the best anti-ad/spyware program out there. It's the first program I use now on an infected system, after running CCleaner. I run CCleaner first...because it removes the majority of temp junk files. On some systems that have LOTS of temp junk files (sometimes in the gigs)..it can save HOURS off of your scanning time.
http://superantispyware.com/
http://www.snapfiles.com/reviews/CCleaner/ccleaner.html

Run this at the beginning, and once again when you're done..just to make sure your winsock/tcp stack is clean. Some adware can infect it with sneaky dns stuff...
http://www.snapfiles.com/reviews/WinSock_XP_Fix/winsockxpfix.html

I'd run some online scans at
Trend Micro Housecall
BitDefender
Kaspersky

Also replace your antivirus with a good one. Of the freebies, Kasperskys AVS offering through AOL is the best. Yes...through AOL..but it's the Kaspersky engine, and it doesn't come with AOL bloatware....just make sure when installing, you remove the checkbox for the toolbar, that's all..ends up being a clean install.

http://www.activevirusshield.com/antivirus/freeav/index.adp?

Second ch... Read more

2 more replies
Relevance 65.19%

ok i have windows vista home premium. i am having link redirect problems. not just from google. basically any link i click redirects me. i ran gooredfix.exe deleted what came up still have problems. ran malwarebytes and still having trouble. so i am posting a log file from hijackthis. i would love it for someone to please check it out and give me some advice thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:18:28 PM, on 7/15/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:Windowssystem32sdra64.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Windowssystem32taskeng.exeC:Windowstemp1154251.tmpC:Windowssystem32taskeng.exeC:WindowsSystem32igfxtray.exeC:WindowsSystem32hkcmd.exeC:WindowsSystem32igfxpers.exeC:WindowsRtHDVCpl.exeC:Program FilesSynapticsSynTPSynTPEnh.exeC:WindowsSystem32rundll32.exeC:Program FilesDropboxDropbox.exeC:Windowssystem32igfxsrvc.exeC:Program FilesSynapticsSynTPSynTPHelper.exeC:Program FilesMozilla Firefoxfirefox.exeC:Program FilesTrend MicroHijackThisHijackThis.exeR1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.comcast.net/R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5... Read more

Answer:HiJackThis Log file please help info inside

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 64.78%

A few days ago my computer (a Dell running Windows 7) was infected with malware calling itself "Security Shield." This happened to me once before, about a month ago, and I had the virus professionally removed by HP technical support, but it seems to have come back. Eventually I ran HijackThis in hopes of finding malicious files. After the scan, all signs of the virus mysteriously disappeared, and everything is functioning normally. However, I suspect the infection is still there. I ran Malwarebytes in Safe Mode but it didn't detect anything. I just ran HijackThis again and am including the log below, in hopes that you can diagnose what it means.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:16 PM, on 12/10/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Soft... Read more

Answer:Potential Security Shield malware infection (HijackThis log inside)

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

2 more replies
Relevance 64.37%

Hello folks. I'm trying to fix my mother's computer and needless to say it's in bad shape. The memory is being hogged like crazy and the only form of virus scanner i have at my disposal atm is housecall. What's weird is the terms don't load for me to continue, but hijack this works. Here's the log from safe mode. I'm going to restart and run it normally and see if there are differences. ty in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:23 PM, on 8/2/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Mahnaz\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,... Read more

Answer:Mess of a system (Hijackthis file inside)

not on safe mode:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:28 PM, on 8/2/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mahnaz\Downloads\HijackThis(2).exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:... Read more

2 more replies
Relevance 62.32%

Logfile of HijackThis v1.99.0
Scan saved at 6:09:01 PM, on 1/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Desktop\New Folder\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Softwar... Read more

More replies
Relevance 58.63%

Hi, I have tried everything to get rid of this malware, from system restore to scanning it with five diffrent anti-virus. I have no where else to turn to. Below is the Hijackthis log. Please help me.

Thank you in advance, ShadowDusk

List of problems I have seen:

google redirecting me to unsafe or advertisement sites
Firefox needing to be clicked multiple times for it to load up once
Firefox freezing ever so often for anything from 30 seconds to a minute
on log in there only being no start menu or desktop (task manager appeared when I loaded it though)
all round slowdown
Also part of the Windows interface have become classic instead of the normal Windows 7





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:56:56, on 23/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.Click to expand...


 

Answer:Bad infection notes inside (Hijackthis log inside)

Welcome to Major Geeks!

A HijackThis log is of no use to us.

Please read ALL of this message including the notes before doing anything.

Make sure you uninstall ALL but one antivirus. You have Panda and AVG installed.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide



and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives ar... Read more

1 more replies
Relevance 56.99%

Hello, We have gone to the website
http://www.salonrenovationmaisonneuve.com/en/exposants
and download the file to open Inside of IE. Once the file is open, none of the links either e-mail or web site works. However, if we open the same file Inside of Google Chrome, the links work. So, we want to know if we are missing something in IE or a plugin.
The PDF file opens with no problem but the links are not enabled. The file works in an Apple Machine and Google Chrome. However, if we download the file physically inside of the computer and then open the file with Adobe Reader, the links all work! Any ideas
how to solve this issue? Thanks Miguel Moreno

Miguel A. Moreno Alfa Logos inc. Tel. 514-253-2548

Answer:UNABLE TO OPEN AN HYPERLINK INSIDE OF A WEB PDF FILE OPENED INSIDE OF IE 11

Internet Options>Security tab, click "Reset all zones to default" (there's a setting for scripting of ActiveX controls)
Start>Adobe Reader>Edit Preferences>there are setting for how embedded links are handled.
Chromium uses its own pdf reader plugin.Rob^_^

3 more replies
Relevance 54.94%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:49 PM, on 12/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\system32\crypserv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program F... Read more

Answer:Hijackthis Log File - Not Sure What The Malware Is...

Hi ZSmallone21,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

P.S. Please copy/paste the log into this thread using the Add Reply button.

3 more replies
Relevance 54.53%

I run avira and malware bytes every few days and a few times a month they find infections but it seems like I still have something slowing my computer down. Could someone look at my HiJackThis log below and tell me if anything looks suspicious?? thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:56:07 AM, on 11/1/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Windows\system32 ... Read more

Answer:Think I have some malware, someone check out my HiJackThis log file please!!

Hello Brandon_6667Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click CloseCopy the entire contents of the report and paste it in your next reply.Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"

13 more replies
Relevance 53.71%

Hello all,Since I've been infected with a computer virus, a friend of mine recommended that I run a shareware program called HijackThis to check out my computer registry. The "HijackThis" program instructions recommended that i post my "log file" of that analysis on a forum like this. It said that users on the Forum would recommend which registery entries I need to remove/fix.Can you help me?Here is the log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:43:14 PM, on 12/18/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18294)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Program Files\Co... Read more

Answer:Malware removel: please help me interpret HijackThis log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 53.3%

Hi,

Im attaching a file from HijackThis and ccCleaner about applications that Im running on my Dell laptop
Precision M20
Intel Pen M, 2.0 GHz, 798 MHz, 1,0 GB RAM, 80GB Harddrive,
Win XP Service Pack 2

My computer is running incredibly slow, maybe because I have to much on it, but please look through my attachments to see whether you think I could delete some of the things that arent important.

Many of the files I have no clue about.

Thanks for helping.


Regards Nicolai, CPH DENMARK, Europe
 

Answer:please check my hijackthis file and ccCleaner report for malware

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat[/B]
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

1 more replies
Relevance 50.02%

I have been to a few different forums looking for someone to give me some help with my hjt log. So far I haven't got any replies and only a handful of looks. A friend recommended this site so I thought I'd give it a shot.
This log is after a scan of Norton '04 and Spybot S&D
Thanks in advance - Adam

Logfile of HijackThis v1.97.7
Scan saved at 11:59:56 PM, on 5/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\syml... Read more

Answer:Looking for help; HiJackThis log inside

The "about:blank" issue has proved difficult and complex in some cases. But for now try this.

1 -- reboot the computer in Safe Mode:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

2 -- In Safe Mode run HijackThis and check and fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)

3 -- Still in Safe Mode, go to the Control Panel > Internet Options applet and select Programs > Reset web settings.
Reboot and post a fresh scanlog.
 

3 more replies
Relevance 50.02%

Hi,

My computer has been almost useless on the internet due to a bunch of adware and spyware. Please check my log and let me know what to fix. Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 8:54:45 PM, on 5/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lycos\IEagent\Loader.exe
C:\DOCUME~1\Johnny\LOCALS~1\Temp\bundle.exe
C:\windows\temp\p9N8jM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~... Read more

Answer:Please Help - HijackThis log inside

Download and save these freeware/donationware programs to a permanent folder. Remember to check
for updates and run them weekly.

***NOTE***A new version of SpyBot's been released (v1.3...it's no longer in beta). Click on "Immunize" and unload ALL the immunizations first before uninstalling.)

Ad-aware

http://www.lavasoftusa.com/support/download/#free

SpyBot:

http://majorgeeks.com/download3957.html

Run one. Restart you computer. Run the other. Restart.

I also highly recommend you install and update SpywareBlaster:

http://www.javacoolsoftware.com/spywareblaster.html

Tutorials for all 3 programs:

***NOTE*** The Ad-aware tutorial shows how to configure Ad-aware for a DEEP scan, the default settings are are ALWAYS changed
per advice from the security experts on these forums. If you already know the basics of Ad-aware skip to Step #4 and configure
it accordingly.

http://www.bleepingcomputer.com/forums/index.php?showtutorial=48

Spybot Tutorial:

http://www.bleepingcomputer.com/forums/index.php?showtutorial=43

SpywareBlaster Tutorial:

http://www.bleepingcomputer.com/forums/index.php?showtutorial=49

Re-start your computer and post another HJT log in this thread.

Hope this helps. A little.
 

1 more replies
Relevance 50.02%

Everytime I try to click a .exe file it seems, I get "The requested resource is in use", and the path to the file.

I think its also causing FireFox not to update, as the upload process never works (even for any other program that does an automatic update) . I can't even access anything in Administration Tools (in Control Panel). In Google I kept finding stuff about ASP, but I'm not entirely sure thats it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:30 PM, on 2/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft... Read more

Answer:Need help... HijackThis log inside...

Last attempt for help before I leave this site and look elsewhere...
 

1 more replies
Relevance 50.02%

Hello,

I'm so lost! I receive numerous pop-ups when opening Foxfire and Internet Explorer. Since this has been happening, my computer has been running very slowly. I have scanned my computer with many different Spyware programs, however none seem to fix this problem. I recently scanned my computer using Hijack This, and here is my log...

Please Help

Thanks,
Jeyh87

------------

Logfile of HijackThis v1.99.1
Scan saved at 10:48:08 PM, on 4/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Vi... Read more

Answer:Please help HijackThis log inside

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your log is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


P2P - I see you have P2P software (i.e. Bearshare) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information. Note: Even if you are using a "safe" P2P program, it is only the pr... Read more

1 more replies
Relevance 50.02%

Hi, I dont know very much about computers, so I was wondering if anyone would help me with a problem I have. The problem I have wont let me change my Homepage in Internet Explorer. It keeps taking me to a webpage called http://letgohome.com.

Here's the log file(thanks in advance ):

Edit by chaslang: Unrequested, incomplete, inline log removed
 

Answer:Need Help (HiJackThis log inside)

Please read the Announcement at the top of everypage in the Spyware Forum. Also please read and follow the sticky thread guidelines. Do not post HJT logs unless requested and then do not post them inline.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

Now download the following tool: L2MeFix Tool

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log. Post that log later after completing the remaining steps.

NOTE: Please do not run any other options or files in the l2mfix Folder!

After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run ... Read more

4 more replies
Relevance 50.02%

ok well all of a sudden i started getting spyware on my computer and adaware couldnt erase it and it just stared building and building i tried installing norton but i think it just messed it up even more... let me know if you see anything that needs deleting in the hijackthis log...some of the programs that i want deleted or uninstalled that do not matter are spysweeper spyware doctor any norton product, or anything that i can safely delete from running in the back ground without messing up the proformance....like i know something with ipod is started in the background everytime the computer starts but i dont use the ipod that much...so it is taking up my computers proformance, but if its something like the ipod service that you can delete from running in the background but it opens up once you click on it to use it post-startup id like to get rid of those type of items to avoid unnessasary use of my computers resources. so like here O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINDOWS\System32\TSIRCSRV.EXE something with laplink. i dont need it everytime i start my computer but if i can delete this and have it still open when i decide to use laplink id like to delete it out of the background on startup if anyone gets what im saying. i dont want to remove anything that has to do with nessasary items such as the wireless internet programs that automaticly start etc. and of course trash all the spyware/viruses you can find... thanks a... Read more

Answer:Help Please Hijackthis Log Inside

bump....anyone wanna give me some help?

16 more replies
Relevance 50.02%

Alright, well somebody sent me a virus or my computer flipped out and it made about 45-50 pages of my internet pop up, i let it finish spazzing out then cleared them with my task manager. The original page i was on is exited out but stuck on my computer like a background, its like the page isnt even their and its really annoying to see it everytime i come on my computer. Please Help me!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:29 PM, on 12/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Techno... Read more

Answer:Please Help.(hijackthis log inside)

8 more replies
Relevance 50.02%

Something is causing my CPU processing time to be pegged and I'm pretty sure it's spyware, I've already ran Ad-Aware and Spybot which removed a bunch of stuff but there must still be an issue because if I boot into anything other than safe mode my CPU processing is pegged to 100%

Please help...

Logfile of HijackThis v1.99.1
Scan saved at 11:14:00 AM, on 2/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\tthreadgill.cmka\Desktop\Virus-Spywar... Read more

Answer:Help, hijackthis log inside

6 more replies
Relevance 50.02%

I installed IE8, and it worked for a while.

Haven't installed anything new, but suddenly whenever I launch IE8, The window opens and immediately closes, sometimes before the window even rezzes on the screen.

Uninstalled IE8, going to IE7- same thing.

Browser works in Safe Mode.

Made a new user account-- same situation. I'd thought maybe my profile was corrupt.

HiJackThis Log follows:

****************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:13 AM, on 7/24/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal


Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
*************************************************

I've run Spybot, AdAware, CCleaner, Super Antispyware, found some stuff and cleaned it- mostly cookies, nothing serious- no change.

I know most would say just run Firefox. I can't do that--what I need to view doesn't view properly in FF.

Help!!
 

Answer:IE won't run- Hijackthis inside.

Welcome to Major Geeks!

Most likely not a malware problem. You appear to have multiple antivirus applications running (McAfee and Symantec) and you should NEVER do this. Uninstall all but one immediately. Also disable Spybot's Teatimer and then reboot. See how things work then.


If you wish to check for malware anyway, you need to do the below as stated in the email received when you signed up. DO NOT do any of the below unless you have already uninstall all but one antivirus and Teatimer has been disabled.

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the sc... Read more

3 more replies
Relevance 50.02%

Norton Found IEfeats but couldnt Delete. I followed Instruction on there site to remove but the registry locations they suggest do not contain the entries suggested.I was unable to update hijackthis..It said it couldnt connect to the server..and either i have no connection or the server is down.Here is the log..Logfile of HijackThis v1.98.0Scan saved at 2:34:33 AM, on 6/30/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\EXPLORER.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXEC:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\PROGRAM FILES\OPERA7\OPERA.EXEC:\WINDOWS\DESKTOP\HIJACKDE... Read more

Answer:Please Help..HijackThis Log Inside.

NEW LOG...After running spybot 1.3Logfile of HijackThis v1.98.0Scan saved at 4:27:11 AM, on 6/30/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXEC:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\OPERA7\OPERA.EXEC:\HJT\HIJACKTHIS\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\iigde.dll/sp.html#96676R1 - HKLM\Software\Microsoft\Internet... Read more

2 more replies
Relevance 50.02%

Hello,

Recently my laptop has been running extremely, and I know I am infected with Spyware as my Spybot scans consistently turn up things which cannot be removed. Also, in the past few days I have had several "blue screens of death" upon boot up. Your help would be much appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 2:21:39 AM, on 4/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\iPod\Bin\iPodSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Progr... Read more

Answer:Please help -- HijackThis log inside

Hi airjumpman, Welcome to TSG!!

Run HJT again and put a check in the following:

O2 - BHO: poke bend show - {709B4F86-C9B4-F558-355A-AC294B4B87CB} - C:\PROGRA~1\BYTEDV~1\memohide.dll (file missing)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [jonmlmz] C:\WINDOWS\jonmlmz.exe
O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/D...e/bridge-c9.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19303f9ae638fb...ip/RdxIE601.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://wdownload.weatherbug.com/min...uginstaller.cab

Close all applications and browser windows before you click "fix checked".

Restart in safe mode

Open Windows Explorer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders" Click "Apply" then "OK".

Delete these files:
C:\WINDOWS\jonmlmz.exe
C:\WINDOWS\system32\ap9h4qmo.exe

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to ... Read more

3 more replies
Relevance 50.02%

I just tried to instull a new anti virus trial ,but it froze.
So i restarted my pc and now it is stuffed!
I try to reinstill the anti virus but it says it is already there please remove and sart agian.But i cant find it.

Im running Windows Vista.

Heres my log
----------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:50:18 p.m., on 25/09/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Chris Kahui\Documents\HiJackThis_v2.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xt... Read more

More replies
Relevance 49.2%

hello. i was playing this one gaming private server and the owner said that he was going to send me 2 trojans and a backdoor. he can since heknows my ip. i have ran like 5 scans so for but nuthing came up. my computer is now running slow. my friend told me to give u this and u could help. plz and ty.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:29 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common File... Read more

Answer:PleaseHelp!(Hijackthis log inside)

Hi Welcome to TSG!!

You have two anti-virus programs running, McAfee & AVG, which will cause trouble. Uninstall one of them.
The P2P programs you have installed expose you to risks because of the nature of the P2P file sharing process. File sharing/P2P programs rely on members giving and gaining unrestricted access to computers across the P2P network. This practice can make you vulnerable to data and identity theft. It also exposes you to very malicious worms and trojans. You change those risky default settings to a safer configuration but the act of downloading files from an anonymous source greatly increases your exposure to infection.

I suggest you go to add/remove programs and remove all P2P programs!
Go to Add/Remove Programs and remove these if you did not install them.
These programs are known as Foistware
ViewpointService
Viewpoint Manager
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Please download Malwarebytes Anti-Malware and save it to your desktop. alternate link 1 alternate link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes&... Read more

1 more replies
Relevance 49.2%

Hi, I have a few trojans on my computer. downloader.Generic4.zqi, Generic5, Dialer.hye, and some others. Here's the hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:21:06 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,... Read more

Answer:Trojan help please. Hijackthis log inside.

13 more replies
Relevance 49.2%

Hello,

A friend having problems with IE, lots and lots of porn adds(the usual stuff), I cant seem to find a way to get rid of them . Have ran spybot and adaware.
Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:20, on 16.6.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

After taking the log, I tried removing IE7, it went OK. But now as soon as I open IE(6) it shuts down, prompts "save file ______"(=name of the page I'm trying to access).

Thanks
 

Answer:IE acting up, hijackthis log inside

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support
 

1 more replies
Relevance 49.2%

I was on my laptop today and little error windows was popping up with text that looked like someone was seeing what I was doing and making comments on what I did so I downloaded Hijackthis and got a log but have no idea what to do, can someone help me out? Here is the log.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:37:14 PM, on 7/24/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Windows Media Player\wmplayer.exeC:\Windows\ehome\ehmsas.exeC:\Windows\explorer.exeC:\Program Files\Apoint\ApMsgFwd.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Common Files\Teleca Shared\logger.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exeC:\... Read more

Answer:Need help with problem, Hijackthis Log inside.

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 49.2%

Logfile of HijackThis v1.99.1
Scan saved at 4:13:14 PM, on 6/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\SoundBlasterLive\Surround Mixer\CTSysVol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\PC-CILLIN\PCCClient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\?hkntfs.exe
C:\Program Files\cots\susr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\PC-CILLIN\Tmntsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Softwa... Read more

Answer:(yet another...) SpySheriff ! hijackthis log inside

read ad-aware website about item.
http://www.lavasoftresearch.com/spywareno.shtml
 

1 more replies
Relevance 49.2%

My computer has been pretty slow lately, and when I reboot I find that automatic updates has been switched off everytime. Also when i'm on msn i'll send random messages to people when I havent typed them. Any help is appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:59, on 27/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tydytyb.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files... Read more

Answer:I think I have a virus =[ (Hijackthis log inside)

Hello and Welcome to TSF.

The machine would appear to be, or have been, infected, however...

We no longer use HijackThis as our initial analysis tool. It is not detailed enough for today's infections.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 49.2%

Logfile of HijackThis v1.97.7
Scan saved at 5:23:34 PM, on 5/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\AzhGa.exe
C:\WINDOWS\System32\Uellw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ryan Hart\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\SearchBar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.net/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yaho... Read more

Answer:Please help w/ my spyware (HijackThis log inside)

6 more replies
Relevance 49.2%

Hello ,please can someone check if i have any problums?

I have been downloading stuff from rapidshare and megaupload and many other sites.
When i download i get speeds of around 100 KBs.

But in the last 2 days im not even getting 10KBs.Is there something wrong here.

I have Windows Vista and broadband (jetstream)

Thanks a lot to who ever may help.

Logfile of HijackThis v1.99.1
Scan saved at 11:50:31 a.m., on 15/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Users\Chris Kahui\Videos\Magic\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI... Read more

More replies
Relevance 49.2%

Hello:I've been hijacked. I get a dialog box in the ceneter of my screen saying "Save! Repair" it say I have a game installed, which I don't. I try to kill the process in task manager it recreates a process. The process use one of 4 names.But aways one of those 4. If I try to exit w/ the exit button on the dialog box, it just repairs itself and I get more popups and this tool bar. Ad aware does not take care of it. spybot hangs on my XP machine.Any help would be appreciated as this dialog box is stuck on my desktop.Thanks,LoTechHijackthis log below:Logfile of HijackThis v1.98.1Scan saved at 7:55:57 AM, on 8/31/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\PackethSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\pctspk.exeC:\Program Files\WZCBDL Service\WZCBDLS.exeC:\Program Files\Compaq\Easy Access Button Support\StartEAK.exeC:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXEC:\COMPAQ\CPQINET\CPQInet.exeC:\Compaq\EAKDRV\EAUSBKBD.EXEC:&... Read more

Answer:Got Hijacked. Hijackthis log inside

Your log shows that you are seriously behind on windows updates. It is essential that you update your windows before we continue to help you as the infections could reoccur. Go to http://www.windowsupdate.com and if it asks to install software, let it. Then click on the Scan link and let it do its thing. When its done you will see on your left a section called critical updates. Click on that section and install everything that you can. When it prompts you to reboot, do so. Then repeat this process again until there are no more critical updates listed. You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download Site #1or HijackThis Download Site #2Then post a new log

9 more replies
Relevance 49.2%

Thanks for your help and time in advance!!!
I have been reading your forums and have downloaded and installed the hijackthis program.

I have norton antivirus installed and it does a scan of out going and incoming email and it keeps saying it is scanning outgoing email and I dont even have outlook running. What's this mean? I suspect I have some thing going on in the background some program or something.

I have run:
AdAware 6.0 with current definitions
Webroot Spy Sweeper with current definitions
The Cleaner with current definitions
Norton AV with current definitions
Trend Micro PCcillin with current definitions

All of these came up empty or saying there were no problems.

Here is my hijackthis log file:

StartupList report, 6/9/2004, 12:12:13 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Owner\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WIND... Read more

Answer:Noob help please - HijackThis log inside - can you help me?

::bump::
 

2 more replies
Relevance 49.2%

Hi - I feel so embarrassed that I downloaded and installed a dodgy file pretending to be IE6.

The most obvious and annoying behaviour on the infected PC is now I can't type in text boxes in IE, (eg the google search box, or the one that I'm typing in now)

Another behaviour is that I can't select text or images off a website using my mouse.

I am now unable to install a Windows update (Cumulative security patch for Outlook Express, I think.)

Also, the Add/Remove control panel feature is doesn't show the names of the installed applications, but it does show their icons.

Here's the log - I've already got rid of a couple of references to www.savewealth.com, and I've ran the HiJack this cleaning app. From what little experience I have, this log doesn't look like it's hiding any nasties, but I think my PC suggests otherwise... (Does anyone know what 'bdoscandel.exe' - it might be Bit Defender?)

Thanks,

Richard


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:31:16, on 22/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MD... Read more

More replies
Relevance 49.2%

I have always been careful with my computer with what to visit. But recently I went back home on vacation and well ... my little cousins managed to get a something on my computer(I think)....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:30:58 AM, on 12/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\AppleOSSMgr.exeC:\WINDOWS\system32\AppleTimeSrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Digidesign\Drivers\MMERefresh.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Webroot ... Read more

Answer:Please help me guys :< HiJackThis log inside!

DDS (Version 1.1.0) - NTFSx86 Run by TheTurk at 3:11:48.43 on Wed 12/31/2008Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2028.1364 [GMT 2:00]AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)FW: Webroot Internet Security Essentials *disabled*============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\AppleOSSMgr.exeC:\WINDOWS\system32\AppleTimeSrv.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:\Program Files\Digidesign\Drivers\MMERefresh.exeC:\Program Files\Hotspot Shield\bin\openvpnas.exeC:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\Webroot\WebrootSecurity\SpySweeper.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\... Read more

26 more replies
Relevance 49.2%

I get lots of illegal operations when I'm on AIM and I got a IEXPLORER illegal op today too. Please review my log, it's very weird, it's kinda out of order, but it's straight from the log.

Logfile of HijackThis v1.97.7
Scan saved at 11:02:56 AM, on 9/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explo... Read more

Answer:Please help! HijackThis Log inside(WEIRD)

13 more replies
Relevance 49.2%

I have been having problems with viruses and popups that I can not get to leave... Please advise on the way to remove, below is the log file. Thanks for your help.

Scan saved at 7:50:18 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\DOCUME~1\Kevin\MYDOCU~1\CROSOF~1.NET\csrss.exe
C:\Program Files\Utilities\Ad aware\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Utilities\Alcohol120\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kevin\Desktop\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office 2007\Office12\OUTLOOK.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/... Read more

Answer:I've been jacked... hijackthis log inside

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------


Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

Please ensure that you include all the header information when posting a HijackThis Log. The header contains important information about your system critical to our review. When HijackThis o... Read more

7 more replies
Relevance 49.2%

Logfile of HijackThis v1.96.0
Scan saved at 9:18:29 AM, on 8/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\DownloadWare\dw.exe
C:\WINDOWS\System32\msbb.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ClientMan\mscman.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ebkrdr\mediaman.exe
C:\Program Files\ClientMan\msckin.exe
c:\program files\clientman\run\ause3.exe
C:\WINDOWS\System32\SahDownloader.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mdm.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Inte... Read more

Answer:Help Needed HijackThis log inside

16 more replies
Relevance 49.2%

Hello, I have been getting pop ups for awhile now. Running ad-aware I find that something named virtuemonde or something similar is always detected, but if I delete it it comes back next time. I know from reading on the internet that this item is connected to spyware or popups.

Also in my report you will see something for logitech desktop messenger over and over. I kept on getting errors every time I would boot up my computer. I uninstalled the desktop messenger and it still shows up on my hijackthis report.

I don't use Norton anymore and I tried to uninstall/delete all symantec products but as you can see some are still on my computer I guess.

Any other things that need to be cleared up would also be appreciated, THANKS!



Logfile of HijackThis v1.99.1
Scan saved at 11:34:19 AM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AlienAutopsy\TEK... Read more

Answer:Pop ups, Hijackthis report inside

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt at the end of this fix.
----------------------... Read more

8 more replies
Relevance 49.2%

So I connect to the internet, it says that a program named "Vsmon" or something has performed an illegal operation. I try to press "close" but the computer's dead. Responds to nothing. So I manually shut down and start up..try again..same thing..
after I manually shut down and start up again, I close VCatch first before I enter internet, and no problems now..I'm not sure if it is VCatch's problem? Do I need to get rid of it? (It's a Virus-Catcher)
Please check for problems:
Logfile of HijackThis v1.99.1
Scan saved at 4:02:48 PM, on 7/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\NETZERO\EXEC.EXE
C:\PROGRAM FILES\NETZERO\EXEC.E... Read more

Answer:Peculiar...HijackThis Log inside

12 more replies
Relevance 49.2%

I ran CWShredder before i ran HijackThis, so i ran CWShredder and then i rebooted the computer. Here is the new log.

Logfile of HijackThis v1.97.7
Scan saved at 7:10:50 PM, on 6/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HistoryKill\histkill.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\My Shared Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\robert\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\robert\LOCALS~1\Temp... Read more

Answer:CoolWebSearch, please help me-Hijackthis log inside

6 more replies
Relevance 48.79%

I have been noticing that most programs will start then not respond lately. I also notice that when I try to open Mozilla, it will try to open then stop trying. I wonder if this HiJackThis Logfile will help solve these issues? I hope someone can help me. It says it's from 9/24/09 but I just ran it on 1/30/10 at 7:50PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:53 AM, on 9/24/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Nero\PhotoShow 5\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Pro... Read more

More replies
Relevance 48.79%

Hi Files calles winXX.tmp.exe keep popping up in my Windows/Temp folder. I've done various scans and some have found the problem and attempted to fix it, but it seems to keep coming back. any help is greatly appreciated.Also, this is a Dell Inspiron E1505 with integrated graphics. Which makes me wonder if I can get rid of these....C:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeLogfile of HijackThis v1.99.1Scan saved at 9:23:03 PM, on 01/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC... Read more

Answer:Winxx.tmp.exe Trojan (hijackthis Log Inside)

Hello,

Can you rename Hijackthis.exe to Analyse.exe
Then scan with Analyse.exe and post the log in your next reply (which will be a hijackthislog ofcourse)

2 more replies
Relevance 48.79%

Well the other day I downloaded a file online and it ended up infecting me...I am using Eset Nod32 and Comodo Firewall with PC Tool Spyware Doctor running in the background...

I keep getting this pop-up when I click files on my computer like my computer or other things...it sometimes pops up and sometimes doesn't but it is defiantly annoying. I posted my HiJackThis Log below and here is a pic of the pop-up...Please help me fix I scanned with Spybot S & D/Ad-Aware/Spyware Doctor/and Nod32...Please help me fix.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:37:30 AM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PC Auto Shutdown\AutoShutdown.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\N... Read more

Answer:HiJackThis Log Inside!! Pop-up keeps appearing am I infected?

I ran SDFix and HiJackThis v2 again and here is my results am I finally Clean??
SDFix: Version 1.187
Run by Gus on Fri 05/30/2008 at 04:08 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting
Checking Files :

Trojan Files Found:

C:\smp.bat - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 04:28:45
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:81,2f,59,a7,4f,5d,6f,ed,c1,f4,b5,1a,f5,d5,ce,af,5b,b8,93,30,d0,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:2d,0a,77,a2,47,6d,99,8d,8f,21,61,dd,c6,74,11,f9,34,bc,00,e2,73,..
"a0"=hex:20,01,00,00,25,a9,ed,4a,12,ac,88,9b,6d,3d,a5,60,e3,06,08,5e,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\... Read more

1 more replies
Relevance 48.79%

The first main issue we noticed a couple of months ago. It was that the computer started up very slow. It comes to a tealish green screen after selecting the login name, and then it's a waiting game for it to start up. A full start up will be about 5 minutes.

More recently we've noticed how slow some of the usual functions have been. Opening a new tab in explorer, typing in a search box, opening and closing pages. It all seems to be going way too slow and very frustrating.

i've downloaded Hijack this, adaware, cw shredder and a couple others that may help. I am familiar with most of these from using this forum before.

Any help is appreciated. Thank you for your time.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:01 PM, on 1/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Q... Read more

Answer:Slow Computer - HiJackThis log inside

Just thought I would see if anyone can help or if they see anything out of the usual. Thanks.
 

1 more replies
Relevance 48.79%

Hello all,

I'm having a heck of a time ridding my computer of pop-ups and all sorts of annoying things. Could you please review the log below and provide me with some direction. I would certainly appreciate it! Thanks in advance....

Logfile of HijackThis v1.98.0
Scan saved at 11:08:49 AM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HOLEBO~1\mediafree.exe
C:\WINDOWS\Fonts\acmc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ntorecst.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siMain.exe
C:\Documents and Settings\Tony\My Documents\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Mi... Read more

Answer:[Solved] Need some direction - Hijackthis log inside

16 more replies
Relevance 48.79%

Logfile of HijackThis v1.97.7Scan saved at 10:01:05 PM, on 6/15/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\Program Files\CasinoOnline\CsRemnd.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\progra~1\steam\steam.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\Program Files\SpywareGuard\sgmain.exeC:\WINDOWS\System32\svchost.exeC:\Program F... Read more

Answer:Browser Hijacker *hijackthis log inside*

Fix these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\user\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
Reboot and post a new log. We will probably have to try another step.

15 more replies
Relevance 48.79%

I recently got a msn virus on my laptop, it keeps sending rar files to all the people on my list after ive been signed in a bit.

Any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:13 PM, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Prog... Read more

Answer:Solved: Msn Virus - HijackThis log inside

10 more replies
Relevance 48.79%

Got a problem with popups on internet explorer, every minute a popup pops up, getting kinda annoying. popup blocker is on full etc, but still it flows over with popups. Malware antibytes doesent find anythingLogfile of HijackThis v1.99.1Scan saved at 23:40:54, on 12.05.2011Platform: Unknown Windows (WinNT 6.01.3505 SP1)MSIE: Internet Explorer v8.00 (8.00.7601.17514)Running processes:C:\Program Files (x86)\AVG\AVG9\avgtray.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Windows\Mmokia.exeC:\Users\Preben\AppData\Local\Temp\Mlx.exeC:\Users\Preben\Downloads\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\... Read more

Answer:PopUp Problems HijackThis Log inside

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 48.79%

Hi. I'm infected with the module32.exe ?keylogger?

One quick question before the Hijackthis log...
As long as I don't let it get access to the internet (Zone Alarm) it won't be able to log my keys will it?

Here's the log:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RFV\MODULE32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\task... Read more

Answer:Infected! module32.exe Hijackthis Log inside

Please DO NOT post duplicates.

I have replied here:

http://forums.techguy.org/showthread.php?p=1611857#post1611857
I'm closing this one.
 

1 more replies
Relevance 48.79%

Hi, my brother downloaded a virus through msn. Now everytime I go on msn it sends something along the line of this to all my contacts.

''my sexy photos at http://membres.lycos.fr/photosummer/photos-webcam2007 :$ '' It is a zip file and is really annoying me. Could anyone please help. Here is my hijackthis log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:39:26, on 06/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Pr... Read more

Answer:Solved: PLEASE help with this virus (HijackThis log inside)

15 more replies
Relevance 48.79%

hi my latop just started going very slow for some reason, i ran spybot and ad-aware before HJT, heres the log..

Logfile of HijackThis v1.98.2
Scan saved at 22:42:55, on 26/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search ... Read more

Answer:Very slow Laptop, please help. Hijackthis log inside

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..

If you have a highspeed connection please Run an online virus scan from TrendMicro Please select the ?autoclean? option when prompted to do so.


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed.

MessengerPlus3
NavExcel
Advanced Searchbar

MessengerPlus3- Program is adware/spyware and generates ADs and reports your browseing habits back to MSN.

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\Program Files\Messenger Plus! 3\MsgPlus.exe

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R... Read more

11 more replies
Relevance 48.79%

i recently have been having crazy problems...it all started when a popup apeared telling me i should download some spyware thing...it kept popping up as different programs tho so ex. 1) Spyware Helper then it would pop up as 2) SpyHelpDoc stuff like that so finially being an idiot i installed one. then the problems began..i started getting crazy popups then my homepage would go to this thing telling me i have a virus and such whenever i opened internet explorer then stuff started doing things by itself on my computer i would be sitting there then my virus program would open and start disabling itself.. :| same with my ad aware se program it would open and buttons are getting clicked and im not doing anything so i ran all scans i could and a hijackthis....heres my log i have no clue whats happening help would be much apreciated.

and a link to my first problem if it helps :S : http://www.techsupportforum.com/showthread.php?t=121947

Logfile of HijackThis v1.99.1
Scan saved at 5:24:47 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Progra... Read more

Answer:Virus or Hijacker - Hijackthis log inside

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Download AVG Anti-SpywareInstall AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.On the top of the main screen click Shield
Click the word active... Read more

7 more replies
Relevance 48.79%

not sure if it matters but i am running windows on an imac using boot camp. thanks inadvance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:08 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IRW.exe
C:\Program Files\Boot Camp\KbdMgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\mrofinu572.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Web Buying\v1.8.8\webbuying.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Syma... Read more

More replies
Relevance 48.79%

About 5/10 times I click on a link from a search page like google I get redirected to sites like clickinfo.cz and not the site I want. I must have malware. I have run the programmes and quarantined a few trojans, but it hasn't resolved the problem.

attached is a hijackthis log, what should I delete? Thanks
 

More replies
Relevance 48.79%

This is kinda weird. Random pop-ups just pop up no matter what site I am on. I think I'm infected with spyware, or adware, but none of my scans show anything.
Here is my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 8:17:17 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Micr... Read more

Answer:Weird Numerous Pop-Ups HijackThis Log inside

16 more replies
Relevance 48.79%

Hello,

Below is my hijackthis log. Thanks in advance!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:02:08 AM, on 3/13/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat... Read more

Answer:Help please!! Infected with WormRadar? Hijackthis inside

6 more replies
Relevance 48.79%

Hi guys. My pc has an infection that I haven't been able to find. Please help me. Here's the hijackthis log! Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:11 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
g:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
g:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\user\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/... Read more

Answer:PC acting up... weird..?? Hijackthis log inside

Please help! I'm still having problems with this PC! I've tried to scan system, but it's freezing.

Thank you.
 

1 more replies
Relevance 48.79%

My trend micro officescan has foud a virus which I can not remove.

jkkljkl.dll in the system32 folder
TMP2.tmp, TMP4.tmp, TMP8.tmp in the temp folder
ddaba.exe in the system32 folder

Here is the hijackthis log. Thank you for your help.

----- hijackthis start -----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:39 AM, on 1/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\IBM\Tivoli\TPMX\ADAgent\callhome2.exe
C:\Program Files\IBM\Tivoli\TPMX\Agent\callhome2.exe
C:\Program Files\IBM\Tivoli\TPMX\Agent\exe2svc.exe
C:\Program Files\IBM\Tivoli\TPMX\Agent\Java142\jre\bin\javaw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\oracle\ora920\bin\omtsreco.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
c:\_integra\bin\ccmagent.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\GR1692.EXE
c:\_integra\bin\shstart.exe
C:\WINDOWS\Explorer.EXE
C:\WIN... Read more

Answer:Need help removing a virus. Hijackthis inside.

This looks like a corportate machine and should be referred to your IT department. The tools we use could damage propritary software.
 

1 more replies
Relevance 48.79%

Hey guys and gals,

My PC is horribly slow and loaded with spyware. Could someone please take a look at the hijackthis log and help me out.

THANKS !


Logfile of HijackThis v1.99.1
Scan saved at 8:47:28 AM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\DOCUME~1\Parm\APPLIC~1\CROSOF~1\regedit.exe
C:\DOCUME~1\Parm\APPLIC~1\CROSOF~2\ERINIT~1.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Parm\LOCALS~1\Temp\Rar$EX05.172... Read more

Answer:Solved: Please Help! My PC is infected. hijackthis log inside

9 more replies
Relevance 48.79%

I'm helping my friend with his laptop and trying to remove the popups and spyware. I ran spybot and adaware and still am getting popups. also, EZ-trust keeps popping up with and infection "win32/Clearch.a" well here is the hijack this log. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:36:19 PM, on 6/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\thiselt.exe
C:\PROGRA~1\Yahoo!\brow... Read more

Answer:Help cleaning laptop. *Hijackthis log inside*

* Click here to download Webroot SpySweeper.

(It's a 2 week trial.)

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
 

1 more replies
Relevance 48.79%

my pc is acting real crazy.I have micrsoft antispyware avg07 and pc-cillin 2000 with updates.I just got a trojan that avg picked up and pc-cillin didnt.
i hit the delet button when the message popups that i have a virus is says successfully deleted but i keep gettin the message every 5 minutes.I also got somthing called spysheriff that i never installed acting like software that i downloaded.Microsoft antispyware picked up the trojan when i deleted it microsoft spyware said to reboot when it rebooted it replaced my wallpaper with a bluebackground and in the middle was a black screen with red letters saying that im infected with spyware please remove.I also get alot of popups and i downloaded adware removal spybot and still pc acting pls help thank you!

Logfile of HijackThis v1.99.1
Scan saved at 11:01:11 PM, on 8/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative... Read more

Answer:Major problems pls help hijackthis log inside!

13 more replies
Relevance 48.79%

Hey Gang,
1st time poster BUT I always lurk if I have a prob & usually find
the answer on my own. I didn't this time so i'm trying here on
this post.

I DL'ed the latest Windows Updates after the Blaster scare but
now my Internet Explorer is running slow. I notice this MOST
when I click on the Toolbar & especially with Favorites. It all
opens up in stages & not instantly like before.

Any help is GREATLY appreciated.
Here's my Hijackthis log:
Logfile of HijackThis v1.96.0
Scan saved at 2:54:34 PM, on 8/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Admin\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\Hijac... Read more

Answer:Slow Explorer / HijackThis Inside

6 more replies
Relevance 48.79%

Lots of popups, XP running Firefox with all the bells and whistles. I run AVG have Malware Bytes, Spybot, and have tried others, to no avail.

=========================================
=========================================

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:28 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologi... Read more

Answer:Popups and other fun: HijackThis and Kasp inside

9 more replies
Relevance 48.79%

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 3:53:20 PM, on 8/19/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Digidesign\Drivers\MMERefresh.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\Program Files\NetZero DSL\Connectio... Read more

Answer:Wireless not working. HijackThis! log inside. Please help.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 48.79%

my pc is acting real crazy.I have micrsoft antispyware avg07 and pc-cillin 2000 with updates.I just got a trojan that avg picked up and pc-cillin didnt.
i hit the delet button when the message popups that i have a virus is says successfully deleted but i keep gettin the message every 5 minutes.I also got somthing called spysheriff that i never installed acting like software that i downloaded.Microsoft antispyware picked up the trojan when i deleted it microsoft spyware said to reboot when it rebooted it replaced my wallpaper with a bluebackground and in the middle was a black screen with red letters saying that im infected with spyware please remove.I also get alot of popups and i downloaded adware removal spybot and still pc acting pls help thank you!

Logfile of HijackThis v1.99.1
Scan saved at 11:01:11 PM, on 8/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\News\NewsUpd.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative... Read more

Answer:Major problems pls help hijackthis log inside!

Patience munchkin.....one post is enough. There are only a handfull of folks who can assist and it could be awhile, if no one has responded in a FEW HOURS, then post BACK to the same thread and that will get it back to the top again

Closing this one, reply here:

http://forums.techguy.org/showthread.php?t=389098
 

1 more replies
Relevance 48.79%

i think i have a trojan horse virus, basically i have two new icons on my desktop, that, when deleted just come back. if im connected symantec mail just starts sending rapidly, norton sent me a warning saying it couldnt repair the virus, but now it cant even recognize it when i scan. after about 20 minutes of computer use everything crashes and reboots, please somebody help me!!!!! heres logfile

Logfile of HijackThis v1.99.1
Scan saved at 4:34:48 PM, on 6/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\christopher\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKL... Read more

Answer:Solved: how do i get rid of this?????? (hijackthis logfile inside)

13 more replies
Relevance 48.79%

Logfile of HijackThis v1.96.2
Scan saved at 6:54:33 PM, on 3/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\msreg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\TEMP\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R0 - HKLM\Software\Microsoft\In... Read more

Answer:IE browser hijacked, hijackthis log inside

9 more replies
Relevance 48.79%

I am getting constant popups. I run firefox and get constant ie and fox popups. I get a ton of them when using googe or any other search engine. The popups seem to correspond with what I am searching as well.Any help is greatly appreciated.Here is hijackthis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:58 PM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\App... Read more

Answer:Constant Popups, plz help, hijackthis log inside

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are alwaysvery busy and we do are best to keep up. If you no longer require any help could you let me no please, so this topic can be closed.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.First I would like to see a new log since alot could have changed since your origional post.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

2 more replies
Relevance 48.79%

Hey everyone, the computer I am on keeps freezing up while running Internet Explorer and other things.

Here is the Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:15:50 PM, on 10/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\p... Read more

Answer:Computer Keeps Freezing Up - HiJackThis Log Inside

bump
 

2 more replies
Relevance 48.79%

I am getting constant popups. I run firefox and get constant ie and fox popups. I get a ton of them when using googe or any other search engine. The popups seem to correspond with what I am searching as well.

Any help is greatly appreciated.

Here is hijackthis log:

Quote:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:58 PM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\P... Read more

Answer:Constant Popups, plz help, hijackthis log inside

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 48.79%

ok, here is my sob story. Last night, computer is running fine, and I get a popup for winsyware 2007 or something like that. I tell it NOT to download, and I search the program. by time I see that this is an issue, I get something that says it is now scanning. ARGGGG.

i installed and ran SyBot, and Ad-Aware. Also Avast, and AVG and zone alarm firewall. I find a ton of crap, get rid of it. I am seeing nothing relating back to that winspyware program. I decided that since Avast and AVG seems to find things, but be able to fix them, to try a trial of ZoneAlarm suite.

Right now, no antivirus is installed except ZoneAlarm suite, and it is off because the computer was so slow as to be totally unuasable. I also went into MSCONFIG and disabled a lot of start up services and processes to see if that make it faster.

That is all I know to do. try a couple different adware/mlware programs, try a couple diffrent anti viru's (not at the same time) and disable unneeded progams. computer still very slow ( I also ran SFC /scannow ) a if I have ZoneAlamr suite, then it is crippled...I chose that one because it was supposed to be one of the least resource intensive. I have a 3 year old Presario...AMD Athlon. I ust dont know what else to do. Thanks.
I installed Hijack This, and here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:20 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: No... Read more

Answer:Solved: At wits end...tried everything i know of...Hijackthis log inside

13 more replies
Relevance 48.79%

I downloaded this freeware and it came with some garbage. And now I think my computers got some crap on it. Need some helping cleaning it up. Here's my log (I should also add that I HAVE a keylogger called Free Keylogger... so thats alright.):

Logfile of HijackThis v1.99.1
Scan saved at 2:15:42 PM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Me... Read more

Answer:Need help cleaning computer (HiJackThis log inside)

Please download Webroot SpySweeper from here: http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

(It's a 2 week trial.)

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
 

1 more replies
Relevance 48.79%

Here is the problem. I had noticed some viruses that decided to attach themselves to my system32 and all that thanks to my anti-virus. This virus only becomes active when I start up my computer. I am only now able to us my pc because the program crashed during one of my restarts. When I log onto my computer it starts to load windows normally but then a window pops up or "security tools" but I know its not that. Then "Security tools" proceeds to tell me a worm is trying to send my credit card info to someone. If I were to go along with the virus it pulls up a "scanner" that in return trys to pull up a web page to get me to buy the "security tools" product. Usually my computer crashes from the overload right at startup so it never gets too far into whatever it wants to do. If I try and close out of the "program" to go on about my business because I know its BS it keeps popping up and eventually my computer crashes. Other things you might want to know. I can locate this file I can do without on my computer but it wont let me delete it because I "Don't have permission". I use the admin profile on my computer so I am peeved about that. Last I can not remember my password to log into safemode to debug myself because I have become lazy and just use my fingerprint reader. If you need more info please let me know and please help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:52 AM, on 5/4/2010
Platform: W... Read more

More replies
Relevance 48.79%

Logfile of HijackThis v1.97.7
Scan saved at 1:52:52 AM, on 7/31/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\prowler\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0002.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F... Read more

Answer:MSN Apps possible virus? hijackthis log inside

Try the tutorial here it will explain your log.
good luck.
 

2 more replies
Relevance 48.79%

Hello everyone, thanks in advance for your help.

I'm having some issues with this computer, it was fine then all of a sudden after downloading search and destroy and spydoctor to clean things up (because it was acting up, and i thought that would help) it has been crashing after a few minutes. Ill get a window that says -- Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. -- Then it has a button to debug, send info or not send info.
Debugging does nothing, after opening my homepage again, it happens again. Im surprised it hasnt done it while im typing this.
AND i have a whole bunch of restricted sites that i NEVER added in my tools > security tab.
I know after running a hijackthis scan and looking over it a bit--not really knowing what im looking for-- but i see somehting that says wormradar. I dont know if thats a bad thing but im sure i have ALOT of bad stuff on here. So heres the log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:30 PM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDO... Read more

More replies
Relevance 48.38%

Ugh. My computer is so slow and pop ups are everywhere.

Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:15:59 AM, on 7/22/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\emwvajtn.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Nikon\Pictu... Read more

Answer:Solved: IE pop ups, very slow computer, hijackthis log inside

9 more replies
Relevance 48.38%

here is the hijackthis log, i have a combofix log if needed, just wondering if i should still be worried about anythingLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:27:56 PM, on 3/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgfws8.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\Program Files&#... Read more

Answer:Psw.onlinegames - Combofix And Hijackthis Logs Inside

Hello diggity2Welcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

1 more replies
Relevance 48.38%

I've tried posting on here a couple of times now and never get a resonse. If one of you guys could please take a little time of your day to help me that would be greatly appreciated. Here's the log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:36 AM, on 7/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Prog... Read more

Answer:Please Help Me Tech Support Guys (HijackThis Log Inside)

10 more replies
Relevance 48.38%

Ok..so I can start these programs from my desktop and I can also work within my programs, but when I try to do something like minimize it, a notice will pop up and say that "an error has occured in your program". Then it gives you Ignore and Close as two options...but the Ignore button does not work no matter how much I press it so I have to press close. Afterwards a blue screen covers the screen and says "Fatal exception OE has occured at 0177:BFF9DFFF and current program will terminate"..so I press a key to terminate and then I come back to my regular screen, but it's black and a notice says "general protection fault in module MMSYSTEM.DLL at 0004:00000db3" so I press close and then I'm back to my regular screen except for a couple dark spots.

Thanks for your help!
Here's my Hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 8:50:42 PM, on 1/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\OFFICE51\SOINTGR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\EASY KEYBOARD\EASYKEY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCH... Read more

More replies
Relevance 48.38%

Someone please help me.

Logfile of HijackThis v1.99.1
Scan saved at 2:44:14 PM, on 7/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\AOL\1131224136\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.E... Read more

Answer:Solved: CPU usage always at 100%. Winlogon.exe is using it up. [Hijackthis log inside]

12 more replies
Relevance 48.38%

Recently I have been attacked by massive amounts of spyware. I went through all the steps I could on the thread you are supposed to follow before posting. Attached are my newfiles.txt, runkeys.txt and hijackthis.txt. To be brief, my problems include: after pressing ctrl alt delete the window automatically closes, pop-ups, firefox automatically being told to close, and weird error messages. Thank you for all your help.
 

Answer:Major Spyware Problems, hijackthis log inside

We also need:





When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
And HJT downloaded to C:\Program Files\HJT\analyse.exe ----not the desktop!
Click to expand...


 

15 more replies
Relevance 48.38%

so heres the deal, basically i was on the net and norton started going crazy saying i had a trojanhorse virus, than when i looked on my desktop there were two new icons. i tried to delete them but they would just come back, there is also a new connection in my network connetions folder, which is constantly trying to connect even when modem is off. if im connected my comp just starts sending shitloads of symantec mail. how can i get rid of this???? heres my highjackthis logfileLogfile of HijackThis v1.99.1
Scan saved at 9:15:07 PM, on 6/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Documents and Settings\christopher\Application Data\Microsoft\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\christopher\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.... Read more

Answer:please help, i think i have a trojan horse (hijackthis logfile inside)

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

2 more replies
Relevance 48.38%

Hi all,
I was hoping someone maybe able to come up with some ideas for me here of what to do next. (I am starting this in the Operating Systems forum, but it might be a Security issue?) We have a machine here in the office that has begun acting strangely.
Machine Specifications:
Gateway Pentium 4
CPU : 1.4 GHz Intel Pentium 4
Memory: 128 Mb
Network Card 3Com EtherLink PCI
Network Speed: 100 Mb/s
OS Version: Windows 2000
Service Pack : SP3
IE Version 6.0.2800.1400
Volume: C:\ 35.54 Gb NTFS
Free Space: 24.67 Gb NTFS
As of yesterday morning, the machine is hanging (screen freezing, no response to keyboard or mouse) for up to five minutes at a time. The machine then returns to normal. This is happening every 2, 5 or 7 minutes (frequently enough to be a complete pain).

I downloaded a stinger.exe from McAfee which ran successfully – nothing appeared on this. The Virus checker is up to date. All the machines, including this one are online 24/7 via an ADSL connection coming through a router – a third party company installed and maintain the ADSL so I have no details on the firewall, but apparently (?) we are locked down tight.

One other thing though – user says this problem began yesterday after an automatic Windows update.
Right click “My Computer” , System Properties – General indicates Service Pack 3.
But Control Panel – Add / Remove Programs indicates SP4 is installed? (or at least available for removal)

I have already run Hijack This but I am not sure if it indic... Read more

Answer:Windows 2000 Hanging {Hijackthis log inside}

12 more replies
Relevance 48.38%

Hi, i've recently aquired a virus which i cannot get rid of. i randomly see my mouse start to move, click the start menu icon and run programs such as paint, notepad and calculator. Could you look through this hijackthis.log and tell me what to do to get rid of it. Thank you.

<><><><><><><><><><><><><><><><><><><><><><><><><><><>

HIJACKTHIS.LOG

Logfile of HijackThis v1.99.1
Scan saved at 6:24:52 PM, on 13/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Daemon\daemon.exe
C:\Program Files\CyberLink DVD Sol... Read more

Answer:i'm 99.9% sure i have a trojan horse virus, please help. hijackthis log inside

7 more replies
Relevance 48.38%

So, I had a problem or something with a wininet.dll that was missing...I was able to replace that...and run all my scans and delete viruses/spyware. However, there was on thing..kinda like a full screen webpage, behind my desktop icons, but above my own background. It used to say SPYWARE detected. Click here to see the top anti-spyware products. I found that it was coming from C:/Windows/warnhp.html. So I deleted that. Then, when I restarted, the background was not gone, it was simply blank...I have a background, but it is covered up by this website thing... Can anyone help? Here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:29:45 PM, on 2/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDV... Read more

Answer:Weird background/warnhp? Hijackthis log inside

7 more replies
Relevance 48.38%

I've tried everything I know how but this must be a new problem I am unware of how to fix. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 12:45:58 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nteg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\d3wk32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Outlook\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\tdupriest.cmka\Desktop\Virus-Spyware\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDO... Read more

Answer:Spyware/virus issue, hijackthis.log inside, please help

11 more replies