Computer Support Forum

Solved: Somethings wrong...020 - Winlogon Notify: mlljg

Question: Solved: Somethings wrong...020 - Winlogon Notify: mlljg

Hey everyone. Somethings wrong I think..

Logfile of HijackThis v1.99.1
Scan saved at 2:19:50 PM, on 10/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Relevance 100%
Preferred Solution: Solved: Somethings wrong...020 - Winlogon Notify: mlljg

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Solved: Somethings wrong...020 - Winlogon Notify: mlljg

13 more replies
Relevance 87.87%

with mlljg.dll, and I followe all of the above instructions, except when I run HJT, I do not have this entry:

020 - Winlogon Notify: mlljg - C:\WINDOWS . . . .

I do not have any winlogon entries showing up, in fact??? Any ideas on how I can get rid of this??
 

Answer:020 - Winlogon Notify: mlljg

14 more replies
Relevance 84.87%

20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

working on my brothers pc, these three entries came up in his hijackthis log, did a google search and it tells me, worry and no worries, lol. reading Merijin's hjt tutorial it states
O20 - AppInit_DLLs: msconfd.dll
What to do:
This Registry value located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows loads a DLL into memory when the user logs in, after which it stays in memory until logoff. Very few legitimate programs use it (Norton CleanSweep uses APITRAP.DLL), most often it is used by trojans or agressive browser hijackers.

In case of a 'hidden' DLL loading from this Registry value (only visible when using 'Edit Binary Data' option in Regedit) the dll name may be prefixed with a pipe '|' to make it visible in the log.

is it a concern or, isn't it.

Logfile of HijackThis v1.99.1
Scan saved at 8:42:48 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDO... Read more

Answer:Solved: winlogon notify

7 more replies
Relevance 84.87%

My Firefox has been hijacked and is spewing out popups.
I've already done what I can with my antivirus, adaware and what I know of HJT.
The only thing that seems to remain is a pesky dll file whose name changes every time I reboot and which I suspect is responsible for the popups.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:24:11 AM, on 1/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Fuzzy\Desktop\Things you need ... when you start again\Adaware\HijackThis.exe

O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nw... Read more

Answer:Solved: Help me fix an O20 - Winlogon Notify?

12 more replies
Relevance 82.82%

Hi guys, I'm having a problem removing these two. I've tried HJT/Killbox with no joy (I'm getting a "pendingfilerenameoperations registry data has been removed by external process!" message with killbox, so restart manually). I've started in safe mode, unchecked the hidden files options in folders options, cleared temp files, emptied recycle bin. I've turned off system restore and have run Cleanup and FixVundo as well. Here is my HJT log. Many thanks.
Logfile of HijackThis v1.99.1
Scan saved at 12:55:43, on 28/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUND... Read more

Answer:Solved: Msevents object/winlogon notify

6 more replies
Relevance 82%

Hi guys,

I have Windows 2000 5.00.2195. My web explorer appears to have been hijacked yesterday. There are no buttons at the top of the explorer box (above the address bar) and I now get pop ups, get redirected alot or sometimes get a blank webpage and hyperlinks on webpages don't often work. Plus, without a back button, it's a !*#@? pain to get around.

Ewido found and quarantined some cookies and mywebsearch stuff. It also logged the following entry:

[924] VM_029A0000 -> Trojan.Pakes : Error during cleaning

1) Aftwer the Ewido scan, I restarted and HJT found mywebsearch backups (HJT no.s: O2, O4, O8, O16, R3) and other, unidentifiable backups (HJT no.s: O4, O17). Deleting them and restarting does not seem to have had much effect, however, as the backups continue to appear on HJT logs even after successive deletions and restartings.

2) HJT has also found something called "Winlogon Notify" (see below). It suggested I delete the two files on reboot but I cannot find the files, even with Folder Options set to "view hidden files" and even after I searched C:\ with Windows Explorer . Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:18:57 AM, on 7/11/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\syst... Read more

Answer:Solved: Winlogon Notify, Trojan.Pakes and Mywebsearch

16 more replies
Relevance 81.18%

I recently started experiencing a LOT of problems with AVG detecting Trojans (most often IRC/Backdoor.SdBot.173.AU) with various filenames flagged (eg. itunes.exe and other apparently random filenames which didn't exist on my laptop) - AVG detected these both at start up and at various other times. I'm running XP Home with various critical updates installed but not SP2 - the original XP Home firewall is enabled on my broadband connection. SpywareBlaster and Ad-Aware running alongside AVG and all kept up-to-date with latest definitions files. I use Mailwasher to trap/delete spam and this started catching bounced e-mails from the AVG E-mail Scanner where typically the destination IP refused to accept the connection (usually an IP address close to/same as my own). E-mails were given a title consisting of what appears to be some random number string (eg. *1244506683*) and addressed to HAXOR <[email protected]> from my XP User Account with from details as <[email protected]>. Contents of the e-mail are logonids/passwords held in Protected Storage (yes that DOES worry me). Neither AVG nor Ad-Aware seemed able to get rid of the problems so I decided to try a few other routes - including online scans (eg Trend and Symantec) - running various cleaners - and also installing and running TrojanHunter 4, Spybot Search And Destroy, XoftSpy, CWShredder, NoAdware and clearing out unwanted files/fixing issues with CCleaner. These have detected and removed vario... Read more

Answer:Solved: Virus fix attempts and Winlogon Notify: avpx32 issue

12 more replies
Relevance 80.36%

Logfile of HijackThis v1.99.1
Scan saved at 2:42:27 AM, on 8/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Goog... Read more

Answer:Solved: HJT log review please ?(O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogo

that is a legitimate entry from Microsoft

however

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

 

2 more replies
Relevance 75.44%

Don't know what happened for sure.I downloaded IE8, and now I am missing my internet options in the control panel, I can't right click anything, Can't download anything, if i try to use the internet logo on the bottom of the page the internet encounters an error and has to close, am even missing the portion that has -File-Edit-View-Help.etc. I am also missing my favorites, the button is there but nothing happens when i click on it. I have tried Spybot,Avast antivirus, and malwarebytes anti malware, and system mechanic. I also tried all the stuff you have posted on your site that i could find or thought was relevant. Nothing seems to help. If anyone can help I would be extremely grateful. The only place i can download from is Windows update,and thats only when they are updates found by windows or microsoft . Please Help Am using XP SP3 on AMD Sempron Asus motherboard.
 

Answer:Solved: somethings wrong

15 more replies
Relevance 74.62%

Hi folks, I thought this problem might have been an IE7 problem at first but I'm beginning to have too many problems with Java as you can see from my post in IE Support Forum http://www.techsupportforum.com/f56/...ml#post1065466 so I thought I had better run a HJT log I've done the usual scanning to no avail.

Here's the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:06 AM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.e... Read more

Answer:[SOLVED] Somethings wrong with Java

I see no problems in your log....Try this.It may help...or not...as the case maybe.




From within Internet Explorer click on the Tools menu and then click on Options.

Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

==================

Clear the Java Runtime Environment (JRE) cache:


Click Start > Control Panel.

Double-click the Java icon in the control panel.
-The Java Control Panel appears.

Click Settings under Temporary Internet Files.
-The Temporary Files Settings dialog box appears.

Click Delete Files.
-The Delete Temporary Files dialog box appears.
-There are three options on this window to clear the cache.


Delete Files

View Applications

View Applets


Click OK on Delete Temporary Files window.
-Note: This deletes all the Do... Read more

4 more replies
Relevance 73.8%

I've got problems. I update and run Spybot, Ad-Aware, eTrust PestPatrol regularly. I have EZ Antivirus and EZ Firewall that I also keep up-to-date.
The problem is all the pop-ups, different web pages opened than requested, and my browsing has slowed to a crawl.
I use the pop-up blocker included with my firewall.
I've included my latest Hijack This log. Any help would be greatly appreciated!!!
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 9:50:12 PM, on 4/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\windows\system32\mpxusy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\P... Read more

Answer:Solved: Spyware Or Virus- Somethings Wrong

14 more replies
Relevance 72.98%

A strange bpalbpa.dll showed up in C:\windows\system32 three days ago and since then the machine has been running very slow, and internet explorer freaks out after a while. I can't see it listed under Manage Add-ons in IE, I cannot delete the file, or remove it from the registry under InProcServ32. Its also being used now by winlogon and explorer processes. So I tried to get it with killbox and got the message "PendingFileRenameOperations Registry Data has been removed by External Process!" after trying to delete file, then trying to delete file on reboot. And I tried VundoFix on the file that didn't work at all either. I need some prefessional advise for this! Thanks in advance.Here is a HiJackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:24:13 PM, on 10/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOW... Read more

Answer:O20 Winlogon Notify, Won't Die

Finally got it. it wasn't pretty but I made a BartsPE CD with PEBuilder and deleted the file from the prompt, booting from the CD. But doing that totally killed TCP/IP for some reason and net sh int ip reset didn't solve it so then I booted to safe mode and expand from C:/I386 the tcpip.sys into system32/drivers and system32/dllcache to restore the tcpip stack to default.. but thanks anyway.

7 more replies
Relevance 72.16%

Attached if my HijackThis log. Can you please help in finding any spyware in it? I am particularly cautious about O20: WinLogon Notify group.

Thank You
******************************************

Logfile of HijackThis v1.99.1
Scan saved at 10:59:48 AM, on 7/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Docto... Read more

Answer:WinLogon Notify and other spyware

Hello, vopatel and welcome -

The O20's are all legit. Most have to do with your IBM/Lenovo laptop.

O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll

Another is Norton,

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

another is SpySweeper,

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

and another is MS Windows Genuine Advantage

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

I see no malware in this log. If you're experiencing any issues, we can dig deeper. HJT is just a starting point.

If you have no issues, you appear to be clean, and seem well protected.

Let us know.

1 more replies
Relevance 72.16%

I have been recently infected with this annoying .dll that won't leave me alone!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:00:41 AM, on 10/30/2007Platform: Windows 2000 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\Explorer.EXEC:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exeC:\WINNT\system32\S3apphk.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Program Files\IDA\ida.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Zero Knowledge\Freedom\Freedom.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program File... Read more

Answer:Winlogon Notify Issue

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Lilyodi My name is Richie and i'll be helping you to fix your problems.It appears you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeAvira AntiVir Personal Edition Classic http://www.free-av.com/You've also no firewall installed.You may be behind a hardware firewall(router),but it would'nt hurt to install a third party software firewall to henhance protection.I suggest you download\install one of the following freeware firewalls from below:Sygate Personal Firewall Free Edition:http://www.filehippo.com/download_sygate_personal_firewall/Zone Alarm Free:http://download.zonelabs.com/bin/free/1001..._737_000_en.exeComodo Personal Firewall:http://www.personalfirewall.comodo.com/Outpost Firewall Free:http://www.agnitum.com/products/outpostfree/index.phpYou should read the following if you're not familiar using a firewall:Understanding and Using Firewalls:http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Clo... Read more

7 more replies
Relevance 72.16%

Hi guys,

I have run HjT, etc.... i have this dll in my winlogon notify.. this thing just can't be deleted.. i tried delete on boot etc..

i'm going to put the whol log on here but come on.. whats up with this line?
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\nnnnmmk.dll

O20 - Winlogon Notify: nnnnmmk - C:\WINDOWS\SYSTEM32\nnnnmmk.dll

anyone have this nnnnmmk.dll ? who would name a dll like this?

any help would be appreciated - i am currently on in safemode, and haven't seen any popups since i ran HjT along with all other utils i could...

so i wait for a reply from this forum before i reboot ... thnx

Splavik
 

Answer:strange DLL using winlogon notify (help?)

Welcome to Majorgeeks!

We require standard cleaning procedures to be followed before we will work on HijackThis logs. These procedures are in the READ & RUN ME FIRST Before Asking for Support sticky thread.

If you want to try to fix this on your own and feel you are capable of doing that, see other similar threads like below:

http://forums.majorgeeks.com/showthread.php?t=96201

You will have to figure out the appropriate things to put in the registry patch and file names to use in all spots yourself.

Your problem is referred to by a few names, like winlogonhook and ConHook.
 

1 more replies
Relevance 72.16%

Hey all!I'm trying to delete this trojan and/or virus and/or adware from my computer....I've tried everything to get rid of the entry in winlogon\notify but if I delete the key, it just comes right back... even tried in safe mode (command prompt)... anyway, I keep getting pop ups like crazy, and I'd love for that to stop!!!!!!! Thanks for the help in advance!!!!So, here's my HJT log:Logfile of HijackThis v1.99.1Scan saved at 11:49:31 PM, on 6/8/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\... Read more

Answer:I Can't Delete From Winlogon\notify

Welcome to BC, what have you used to try to get rid of this? What antivirus are you running?Here is a list of programs that are freeware that you should try.? Ad-Aware SE from http://www.lavasoft.de/There is a tutorial on how to run this here: Ad-Aware Tutorial? Spybot Search & Destroy from http://www.safer-networking.org/index.php?page=downloadThere is a tutorial on how to run this here: SpyBot S&D Tutorial? SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.htmlThere is a tutorial on how to run this here: SpywareBlaster Tutorial? A-squared complements anti-virus software by specializing in detecting Trojans, Dialers and Spyware.It is free for private use but registration is required. Download it from here: A-squared? Ewido Security Suite complements anti-virus software by specializing in detecting Trojans, Dialers and Spyware and lots of other stuff. It is free for private use.Download it from here: Ewido downloadThanks should go to whoever posted this list originally, I copied and saved it with out the authors name.

1 more replies
Relevance 72.16%

Hello, I've seemed to encounter a problem that another user has had. Here is the link. He also finished up his inquiries into the problem with another forum here. Like him, WinPatrol picks up this unknown process where it lists no information on the company it's from or description of the new startup program. When I click 'no' to not allow it, it brings up the message "This setting is in a key location for your operating system. We do not recommend removal unless you are absolutely sure it's causing problems. Are you sure you want this removed?". From there I click no. However, it keeps coming up asking for permission.

The person in the forum did a HiJackThis scan and found the line 020 -WinLogon Notify (and a bunch of random numbers/letters). However, mine says 020 - WinLogon Notify: !SASWinLogon - Invalid registry found. When I asked for more info on HiJackThis it says "This way of loading .dll is hardly ever used, except by trojans.

So basically I think I can fix this WinPatrol/startup program problem, but I was just wondering if someone could read my logs and make sure that I should fix that, or if there are other suspicious programs that might keep this problem/virus/trojan alive; cause I would really like it dead!

I will post the HiJackThis log, but I had Firefox and a bunch of stuff running, so I am not sure if I should post a shorter log with less stuff running? If you need me to do this, thanks.

Much thanks,

Daniel.
&nb... Read more

Answer:WinLogon Notify: !SASWinLogon

7 more replies
Relevance 72.16%

Please help...

Unable to remove Notify objects... (they keep coming back)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:49:03 PM, on 03/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\program files\syslogd\syslogd_service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\AtomTime Pro\AtomTime.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Syslogd\Syslogd_Manager.exe
C:\WINDOWS\KL\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\WINDOWS\regedit.exe
C:\Downloads\HiJackThis_v2.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Inter... Read more

Answer:Help with Winlogon Notify objects

Hi and welcome

Download and run VundoFix: http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK.
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HijackThis log.
 

1 more replies
Relevance 72.16%

I wasn't completely sure about this entry in my HJT log -

O20 - Winlogon Notify: ComPlusSetup - C:\WINDOWS\System32\catsrvut.dll
- but maybe this is nothing to worry about? I've posted the full log below. Also because when I tried to research it there seemed to be some relation to Look2Me, I've posted my l2m fix log following the HJT log.

Many thanks for any advice on whether there is anything suspect here.

Logfile of HijackThis v1.99.1
Scan saved at 16:33:13, on 09/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~3\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~3\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~3\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System3... Read more

More replies
Relevance 72.16%

Here is my hijack log...Holdapi.dll seems to be the problem....but please reviewThanks so much!Logfile of HijackThis v1.99.1Scan saved at 7:44:30 PM, on 3/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\QuickTime\qttask.exeC:\Program File... Read more

Answer:Holdapi.dll Winlogon Notify

Hi,First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.So I strongly advise to unzip/extract hijackthis.zip.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlCreate a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on Program Files.In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.holdapi.dll is indeed the cause, and we'll deal with it, but first I want to have some more information, since this variant may have an uninstaller.So do next please..Open HijackThis, click Config, click Misc ToolsClick "Open Uninstall Manager"Click "Save List" (generates uninstall_list.txt)Click Save, copy and paste the results in your next post.

8 more replies
Relevance 72.16%

I recently suffered an attack. I have been able to clean out all of the files I believe to be infected except for c:\windows\system32\awtrrom.dll. The attack seems to have changed my port settings and I now get prompted to connect to the internet every 15 minutes or so. Any help would be much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 4:44:04 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {9476B23E-74F5-4A22-B701-5D19562301FB} - C:\WINDOWS\system32\awtrrom.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Cnswspg] C:\WINDOWS\system32\?ecurity\lsass.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk... Read more

Answer:Winlogon Notify: Awtrrom.dll

Welcome to the BleepingComputer HijackThis forum landondonnofan First of all you've no virus protection installed on your pc.Download\install one of the following,update its virus definitions and run a full system virus scan:AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeActive Virus Shield There's a nice setup tutorial Here:http://www.activevirusshield.com/antivirus/freeav/********************************Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Please post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.********************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/ComboFix.exehttp://www.techsupportforum.com/sectools/sUBs/ComboFix.exeNote:... Read more

2 more replies
Relevance 71.34%

I set Threatfire to kill and quarantine this process. It wants to start with my PC every single time. Is there a way to make a registry modification and wipe it out completely?

NOTE: My XP OS is legitimate.
 

Answer:WinLogon Notify altered (wgatray.exe)

Try RemoveWGA

Enjoy!!
 

3 more replies
Relevance 71.34%

Hello,

I've been working at trying to remove a stubborn BHO after a ZLOB virus infection about a month ago. The machine runs fine, but for the life of me I cannot seem to rid this computer of BHO & corresponding Winlogon Notify entry in Hijackthis. Virus scans are good, several antispyware programs show no issue (webroot, AVG, Housecall, Kaspersky)

Running Webroot spyware/antivirus on the computer. Was running Free AVG, but while this quickly caught the Zlob virus...obviously some damage had been done.

The entry is:
O2 - BHO: (no name) - {308EB170-C0C3-4BEF-B07F-9277A7408D8F} - c:\windows\system32\capicomw.dll (file missing)

O20 - Winlogon Notify: bldntsfz - capicomw.dll (file missing)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:21 AM, on 01/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\... Read more

Answer:Cannot remove stubborn BHO / Winlogon notify

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

3 more replies
Relevance 71.34%

Logfile of HijackThis v1.99.1Scan saved at 3:44:09 PM, on 2/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\AntiVir PersonalEdition Classic\sched.exeE:\Program Files\AntiVir PersonalEdition Classic\avguard.exeE:\Program Files\LogMeIn\RaMaint.exeE:\Program Files\LogMeIn\LogMeIn.exeE:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\ZoneLabs\vsmon.exeE:\WINDOWS\system32\MsPMSPSv.exeE:\WINDOWS\Explorer.EXEE:\Program Files\Microsoft IntelliPoint\point32.exeE:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeE:\Program Files\Muiltmedia keyboard utility\1.3\KbdAp32A.exeE:\WINDOWS\system32\ctfmon.exeE:\Program Files\MSN Messenger\msnmsgr.exeE:\Program Files\Mozilla Firefox\firefox.exeE:\Program Files\AntiVir PersonalEdition Classic&#... Read more

Answer:Dpf: , Service: , Hklm\..\run: , Winlogon Notify:

Hello,

What's the reason why you posted this log? Because I can't see anything suspicious here.

2 more replies
Relevance 71.34%

I am attempting to cleanup a PC that was badly infected with viruses, trojans, and various malware. Actually, the process has gone quite well and nearly everything has been restored/cleaned. I've run all the cleanup software (Ad-aware, Spybot S&D, etc.), and have Microsoft Anti-spyware current and running (no items detected during daily scans), have upgraded to SP2 and have the firewall running, have Norton Antivirus 2005 installed and up-to-date (no items detected during daily scans), etc . However, there are three entries in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify that simply won't go away. If I delete them manually with Regedit, or with HijackThis, they immediately come back. Obviously, something running on the system is restoring them. This even happens in Safe Mode. The entries all point to non-existant .dat files named the reverse of the entry names (e.g., mocitna.dat for anticom, sarlld.dat for dllras, etc.). I have verified (repeatedly) that the .dat files don't exist, but cannot get these entries to stop generating. At this point, I'm not sure it's doing any harm, but I'd like to sort it out just to make sure the system is clean. The other entries in Hijackthis (v1.99.1) seem okay, but these three are the ones that won't go away:

O20 - Winlogon Notify: anticom - C:\DOCUME~1\SANDRA\LOCALS~1\Temp\mocitna.dat
O20 - Winlogon Notify: dllras - C:\DOCUME~1\SANDRA\LOCALS~1\Temp\sarlld.dat
O20 - Winlogon N... Read more

Answer:Help removing Winlogon notify entries

Oh, by the way, I know this smells like Vundo, but none of the CATLEvents BHO's or RUN entries are there. The only keys that show up in Hijackthis are the three I listed in my post. It may be a partial Vundo infection (in which case, I hope I somewhat neutered it), but I can't root out this last bit...
 

10 more replies
Relevance 71.34%

I need help to remove a winlogon Notify file named baccf.dll. I'm able to clean up all the negative effects from it but every few months it gets accessed, and I start having browser redirection, popups, and my /system32 directory starts filling up with .tmp files until the hard drive is full.

I've tried HiJackThis and also Killbox in both regular and safe mode, and to "remove on reboot" but nothing seems to work. I've also been unable to copy or upload this file for analysis.

I had a previous thread on this forum started August 2007 that I recently marked solved to close because I've lost contact with my helper.

http://forums.techguy.org/malware-r...-browser-hijack-superantispyware-problem.html

Here's my latest HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12 PM, on 2008-09-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.... Read more

More replies
Relevance 71.34%

I'd like some advice, please. My Symantec anti-virus scanner detected a virus, but I am unable to remove it. I booted in safe mode to do the scan, but I still get the message that the file is being used by another program/user when I try to delete. I found the file in the registry and in the HJT log (in red below), but it just comes back when I try to clean it. Any idea what I have and how to get rid of it? Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:22 PM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program... Read more

More replies
Relevance 69.29%

Hello MG?s,
I have a problem of new processes and multiple iexplore.exe processes. Also wmpnscfg.exe showed up just recently and is disabled in services and it?s still running; and winlogon.exe (Windows Logon Application) won?t end process through task manager.I have run scans and they found a few things but did not fix the problems (this has been going on for over a week and I have not been able to resolve it). Browsing is slower than usual. F-Secure online scan found a backdoor Trojan. My recent scans are reporting as nothing found however I was not able to run combofix because I received the error message that it conflicts with AVG Internet Security (paid version) and I don?t want to uninstall it because it is also my firewall. Is there another program I could use like Avenger or what should I do? Also, when one tab of IE8 is open it shows two processes in task manager (one high cpu usage and one low), and if I end process of one it will close IE but if I end process on the other nothing happens. If I have two tabs open (therefore 3 iexplore.exe running in TM) and end process, then one tab will start to close but open back up over and over. I Reset IE thinking it might help but it did not. I read that the winlogon.exe windows Logon Application is malware, but my programs are no longer finding malware though it won?t stop in TM. I?ve attached the logs and I included Panda activescan. Root Repeal ran for 4 hours and never finished so I stopped it thinking it s... Read more

Answer:Somethings taken over my IE8 - multiple iexplore.exe, winlogon.exe persistent

Winlogon.exe is a needed windows process. Remove it and your computer is a brick. It is not unusual for IE to have multiple processes running.

You still need to attach the C:\MGLogs.zip from running the C:\MGTools.exe.

wmpnscfg.exe is a process associated with Windows Media Player Network Sharing Service Configuration Application from Microsoft Corp.. It is used to share Windows Media Player libraries.
 

5 more replies
Relevance 65.6%

Today I started getting a strange application showing in my task manager. It said AOL Notify. I have no way to get rid of it and cannot seem to find where it is coming from. I did a search and the only thing I could find on my computer that may be related is Notify.dll. Do you think these are related and is it a Hijacker?

I have attached my hijackthis log. Any help would be greatly appreciated. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:31 AM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1132100969\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Progra... Read more

Answer:Solved: AOL Notify or Notify.dll Hijacker - Please help...

8 more replies
Relevance 65.19%
Question: Solved: mlljg.dll

Yesterday when I rebooted my computer, on the reboot Spyware Blaster and MS Anti-Spy both popped up with a message about mlljg.dll and a trojan error. I ran HiJackthis and tried to remove the noname entry about this file. BUt it isn't removing. I ran AntiSpy and removed and rebooted but the error came back.
- So I went into safe mode. Ran anitspy and removed the entry about this. Then ran HiJack and the noname was still there. Tried to remove, but nothing worked.
- Went to WinExplorer and tried to remove it manually while still in safe mode and it says it was in use.
- Went to DOS Prompt and tried removing it there and still no luck.

What else can I do?

Logfile of HijackThis v1.99.1
Scan saved at 12:09:06 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
... Read more

Answer:Solved: mlljg.dll

10 more replies
Relevance 65.19%

I need some help. A couple of days ago I started to get pop ups from Internet Explorer. This was interesting to me as I do not use that browser. I downloaded and ran several adware/virus programs (windows defender, spybot, antivir, and spyware blaster). Several problems keep reappearing. I have mlljg.dll in my system32 folder which I cannot get rid of and virtumonde keeps showing up. Any help would be very much appreciated. I'll post a screen shot of a pop up the next time it shows.

My hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:02 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wuhffmvs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
... Read more

Answer:Solved: mlljg.dll help?

11 more replies
Relevance 65.19%
Question: Solved: mlljg.dll

Yesterday when I rebooted my computer, on the reboot Spyware Blaster and MS Anti-Spy both popped up with a message about mlljg.dll and a trojan error. I ran HiJackthis and tried to remove the noname entry about this file. BUt it isn't removing. I ran AntiSpy and removed and rebooted but the error came back.
- So I went into safe mode. Ran anitspy and removed the entry about this. Then ran HiJack and the noname was still there. Tried to remove, but nothing worked.
- Went to WinExplorer and tried to remove it manually while still in safe mode and it says it was in use.
- Went to DOS Prompt and tried removing it there and still no luck.

What else can I do?

Logfile of HijackThis v1.99.1
Scan saved at 12:09:06 PM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
... Read more

Answer:Solved: mlljg.dll

poste din the wrong spot sorry
 

1 more replies
Relevance 65.19%
Question: Solved: mlljg.dll

I would i get rid of it since it only occurs once and not twice like the solved thread shows? Also here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 11:20:31 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bi... Read more

Answer:Solved: mlljg.dll

13 more replies
Relevance 63.55%
Question: somethings wrong!

Im not very good on computers so i will try to do my best and discribe what is going on. Something has a hold on my computer and internet connection now for about a month now. most of my internet activity is facebook and just general surfing the web. i can not download ANYTHING it kills the download after connection is made. it took my 30 hours to download Baidu Antivirus and it still found nothing, when i play my game on facebook (pearls peril) it takes 20 minutes to load the program after refeshing 4 times. i have had my internet company out here to the house 5 times in 2 months and 4 times a week tech support escalating tickets so you are my last hope. someone told me i have the edge-chat.facebook.com virus which is something new going on. I have seen this url pop up with different numbers in front of the name (0-edge-chat.facebook.com...numbers i have see personally are 2, 4, 5, 6)
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU B970 @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 3988 Mb
Graphics Card: Intel(R) HD Graphics, 1802 Mb
Hard Drives: C: Total - 595370 MB, Free - 532382 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Panda Cloud Antivirus, Disabled
also I have tried to uninstall Panda over 2000 times and cant get rid of it, my current antivirus is Baidu and my current browser is White Hat Aviator. can you please help? If i ha... Read more

Answer:somethings wrong!

16 more replies
Relevance 63.55%

Once again a computer in my family has a problem and once again the problem solving has been palmed off on me!

Here's what's happened...

Windows Vista Laptp, worked fine yesterday. Today it says it has no internet connection through it's built in wireless.
After a few goes at trying to get it working we give in, and restore the system to two days ago.
The intenet connection is back! Yay - but Avira AntiVir won't update, scan (It comes up with the message 'The specific modules cannot be loaded) and the AntiVir Guard has been deactivated and it now doesn't give an option to reactive all it says is 'services' and 'help'.
Help indeed!
So I went off and tried Windows Security Centre, everything is happily green except for Malware Protection, which is RED. When you try to 'Turn on now' it does nothing, the laptop just sits there looking back at you.

I ran spybot and it kicked up 3 cookies trackers but nothing unusual. I tried HijackThis, it brings up a log but I don't know what it means.
Something is going on but I don't know what.

Is this something you guys could help me with.

Thanks in advance.

Answer:I Know Somethings Wrong, But I Don't Kow What.....

Hi Fido Dido can you run this...Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, cl... Read more

5 more replies
Relevance 63.55%
Question: somethings wrong

everytime i click a program that is not mozilla firefox on my computer i get the message "windows cannot acess that file or device.you may nedd appropriate permissions to use the device" how do I stop it because i need to be able to use my desktop computer again
 

More replies
Relevance 63.55%

I need some help, my computer starts playing music at random. Whenever I try to do any search, ie: google, yahoo, ect.., it takes me to a dell/google screen that says some website I never tried to get to in the first place is unavailable. I have run a ton of virus stuff as you can tell from my log. Some of the things that were found and possibly removed were: win.32.netsky, trojanzlob, and a bunch of other zlob stuff. Something is still definitley up and any help I can get would be much appreciated. Here is my log.Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:34:25 AM, on 3/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:�... Read more

Answer:Somethings Gone Wrong

Hello snowslider75,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new, and complete, HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 63.55%

If anyone here could help me i would really appreciate it. Im running windows xp service pack 2.

When i started my pc up today it froze at the windows start up screen and my screen went black.

I restarted my computer in safe mode. In safe mode its starts up fine. I ran a thorough virus scan using avast home edition, it came back clear. I then did another scan using spybot search and destroy which also came up clear. I then did an online virus scan at www.bitdefender.com which came back clear.

I decided to try a system restore, i did this and windows managed to boot up. I then restarted the computer to see if the problem was fixed, but again my pc froze at the same point.

I restarted and did another system restore to get windows back up again. I had recently installed winamp, so i decided to uninstall and delete it just in case it was causing a problem, i deleted several other programs i don?t use anymore as well. I did a disk clean up to get rid of all my temporary files. I then decided to do a defrag, my drive was very fragmented but the defrag fixed it. I restarted my pc to see if it would work.

This is what now happens:

It gets up to the screen which has the windows icon and a loading bar underneath.

Screen goes black, freezes, switches off, then comes back on again at the windows welcome screen, the computer freezes on this screen, if i leave it for 5 to ten minutes windows will eventually boot up.

Thanks for taking the time to read this. An... Read more

More replies
Relevance 63.55%
Question: Somethings wrong!

I don't know what is going on, but I am having a hard time using the internet. It keeps freezing up on me. I had a virus at the beging of the month, but my anti-virus suppose;y took care of it. I have run Adaware, Spybot, AVG in safe mode and here is my HJT log in safe mode.I currently run AVG as my antivirus and Zone Alarm as my fire wall.Please help thanks!Logfile of HijackThis v1.99.1Scan saved at 11:33:51 PM, on 9/20/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dslR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ht... Read more

Answer:Somethings wrong!

Hello rmaries and welcome to the BC HijackThis forum. Running HijackThis in Safe Mode can hide many of the running processes that might be causing problems I need you to do the following.Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.I will review your log when it comes in.DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTEROT

7 more replies
Relevance 63.55%

Hi. I had some previous help from this forum and thought I might try again. I posted my hijackthis log a few days ago and someone helped me with that. Now my computer is running really slow again, keeps freezing and every time I start up again, it won't let me open anything until I've run RegCure. I just keep getting an error message, but it doesn't ask to send an error report. Something else I've noticed, when the computer's running like c**p, I bring up the task manager and it says wmpnetwk.exe NETWORK SERVICE 50 and it's using anywhere from 100,000K to 200,000K mem usage to run it.I also have lost saved passwords.This is my techexpress link from pc pitstop, which teacup said to post if I needed any more help.http://www.pcpitstop.com/techexpress.asp?id=ABD9SW6L88GSPVTGI'll post the link to my past post as well in case it's at all useful.http://www.bleepingcomputer.com/forums/t/130207/not-sure-what-type-of-infection-i-have/Any help would be great.Thankyou.

Answer:I Know Somethings Wrong

By the way, I just thought I'd add, all my problems seemed to start when I installed Optus Internet Security Suite. It has since been unistalled as I did a system restore a few days before I found this forum.

P.S. The system restore didn't help.

2 more replies
Relevance 63.55%

somethings wrong with my PC, can someone help?Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\1125976713\ee\aolsoftware.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\BearShare\BearShare.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\hphmon06.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\program files\valve\steam\steam.exeC:\WINDOWS\System32\MsPMS... Read more

Answer:Help, Somethings Wrong

That's not a full log.

After Hijack This scans and opens in Notepad...
Do Edit>Select All
Edit>Copy
Come back to this thread
Edit>Paste

David

1 more replies
Relevance 63.55%
Question: Somethings wrong

the pictures on my computer shows very fuzzy i think its maybe the video the picture got fuzzy after my failed attempt to install a web cam.help plz.
 

Answer:Somethings wrong

Sounds like you messed up your video drivers. If you have the install set on the hard drive run the install again.

If you are using the original drivers from your installation CD, then insert it and run them again.

If you are using updated drivers you got from the web, then you need to download the installation set to a folder you create (name it VidDrivers) and then remove your existing screwed-up drivers using Add/Remove and reboot and then goto that VidDrivers folder and execute the install.
 

5 more replies
Relevance 63.55%

Hey everyone. Im pretty sure there is something definately wrong on my computer. I dont see any virus or spyware sytoms but i used to be able to run photoshop like instantly and now it takes a good 5 minutes to get through the loading screen. Same with dreamweaver. And especially firefox even the page loads are slow this is my biggest issue cause i need speed on my net. The data transfer happens fast the test at 2wire.com says im 1.6 mbps but the page display by the program is slow

Help would be sooo awesome thanks everyone

Answer:Somethings wrong :(

So i just ran "malwarebyetes anti malware" and also "SUPERAntiSpyware" and i was infected i have the logs. But I notice my computer is still slow. Here are the logs:

I ran SUPER first then malware. I have logs should i post?


I want to also defrag my computer but I've never done that really

8 more replies
Relevance 63.55%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:00:19 AM, on 7/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\HP\KBD\KBD.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exeC:\WINDOWS\ALCXMNTR.EXEC:\WINDOWS\System32\igfxtray.exeC:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exeC:\Program Files\Lexmark 3300 Series\lxccmon.exeC:\WINDOWS\System32\gearsec.exeC:\Program Files\CA\PPRT\bin\ITMRTSVC.exeC:\Program Files\Verizon\McciTrayApp.exeC:\Program Files\Verizon\VSP\VerizonServicepoint.exeC:\WINDOWS\Sys... Read more

Answer:Log Help Somethings Wrong

Someone please help!!!!!!!!!!!!!!!!!!

7 more replies
Relevance 63.55%

i recently built my own computer, and have installed diablo2.
the introduction screen "blizzard" and "blizzardnorth" sound and look perfectly fine but as soon as the main choice screen comes up the sound becomes slightly choppy with a touch of static.
if i continue on to the actual game it increases from slightly to constantly and the static is fairly constant, as well as gameplay progressing to becoming unplayable from unnatural lag. all of my peripherals seem to work fine unless in diablo mode. my cd player plays cd's with no chop my mp3 player gives great sound wether on classical or hip hop and at any volume level. I have adjusted visuals as well as audio in the actual game to no avail, I down loaded the latest mouse drivers for my intellipoint imouse. and also the latest drivers for my legacy sound card,am using a gforce2 graphics accelerator,pentium4 1.5 gig cpu,20 gig hard drive,256 mb of ddr ram 350 watt power supply and a 52x cd rom drive. Is there something i should check and adjust in the computer.... clock speed or anything in the usual settings that may clarify this problem??
thanks for any time and effort you may use to assist me

------------------------foo--------------------------------------------------------
 

Answer:somethings wrong somewhere

Have you checked your Direct X to see if you have the most up to date version?
Also is there any other application running on your computer that may be trying to access your sound/video at the same time as the game?

I to at first had problems running D2, but I found that once I made sure I hade no un-needed programs running that most of the bugs worked out, as far as your lag problem I cant help, you much there, I use a HSP56 MicroModem and it runs everything fine.
hope some of this helps but if not maybe someone else can offer better info..
 

3 more replies
Relevance 63.55%
Question: somethings wrong.

my laptops been getting this kavo.exe problem. now everytime i switch on, there will be this "Hard drive detected imminent failure ID-05" message. ive ran the hdd self test but there wasnt any error. i've ran hijackthis and this is the log. is there anything i could do? the start up is really slow and theres "breaks" on the sound. as if the computer is really slow. thanks for much for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:57 AM, on 2/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Pr... Read more

Answer:somethings wrong.

Please download SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Please download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this ... Read more

11 more replies
Relevance 63.55%
Question: Somethings Wrong!

Hi guys,my laptops working really slow at the minute.And theres 2 entries in my log i dont recognise.Heres the log,thanks.Logfile of HijackThis v1.99.1Scan saved at 03:36:51, on 13/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.5.0_09\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SpywareGuard\sgmain.exeC:\Program Files\SpywareGuard\sgbhp.exeC:\WINDOWS\System32\svchost.exeC:&#... Read more

Answer:Somethings Wrong!

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

Your log is clean. I don't see anything malicious at all.

1 more replies
Relevance 63.55%

I'm having a huge problem and im hoping someone can help me out... when i boot my computer up to windows xp i dont get any icons or anything. I cant see any files nor does it load anything. The only thing that pops up is "can not load c:/windows/sdrive" and my background is the only thing that is showing. I manage to run hijack this and got a log of it. Hopefully someone can help me out i really dont want to format my drive thanks in advance

Answer:Wow Somethings Wrong... Help Please

ok i ran an antivirus and still have the same problem.... i also found this thread http://www.bleepingcomputer.com/forums/ind...desktop+missingwhich my case is the same.... thanks again

11 more replies
Relevance 63.55%

Okay, I?m running a Compaq Presario 5000 with XP Home Edition, SP3.Norton 2009, Spybot search & destroy and CCleaner.I had some strange little things happening in the last couple of days, example: When I open a window, it opens and then minimizes immediately (not normal) and does this with all newly opened windows.Some windows open, minimize and when you try to maximize them they won?t allow it and blink on the Taskbar about 10 times before finally allowing you to maximize them.Programs like Word, open up fine, but say I want to look at the desktop, minimize Word? but no; it pops right back up not allowing you to move it, which leaves you with closing it as the only option.Task Manager is doing the same thing, but worse! Open Task Manager, it opens in the maximized position and immediately goes to Taskbar, then continuously back and forth between Maximized window and Taskbar. The only way to stop it is to right click and close.CCleaner opens in maximized size and then bounces between small and large.I use WinRAR for work quite often and have the same ?bouncing? effects while downloading or uploading.I?ve run Spybot & CCleaner ? cleaned everything, then afterwards ran Norton.I?ve also run Ewido & BitDefender scans in Safe mode over night (yes, separately).Nothing seemed to help and I?m not finding any obvious viruses or Trojans.Any suggestions would be great.Thanks!

Answer:Okay, somethings wrong, not sure what...

OK the first thing that may be wrong here is Ewido. That application was taken over by AVG some 2 + years ago. Hence that scanning engine is just too outdated. Please uninstall it from the Control Panel. Please download and scan with MBam..Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.T... Read more

8 more replies
Relevance 63.55%

I have installed NHL '99 on my CPU at home and it works to an extent. Every now and then the screen goes crazy. It starts flipping like the tracking is off on a VCR. Is there something that I need to add to the computer or take off or whatever. I don't know I used it before on my old computer and it worked fine. I have Windows XP and that's about all I can tell you right now without looking at the PC. Let me know any info needed and I will get it for you.
 

More replies
Relevance 63.55%

Im on my parents computer at home and internet explorer randomly shuts off. In fact, I had to type this reply in word so I wouldnt lose everything I typed. Also, when searching under google and clicking a link...it sends me to another sort of search engine(But not common ones) Hopefully someone can help. I ran Mcafee virus scanner...found nothing. I also ran Ad-Aware 2007. Found many infections but the problems I am facing is still present. Please help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:13:27 PM, on 11/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\System32\GEARSec.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\P... Read more

Answer:Somethings Wrong, Not Sure What. Please Help :(

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Bravo534 My name is Richie and i'll be helping you to fix your problems.Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exePost the contents of the logfile C:\fixwareout\report.txt in your next reply.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on ... Read more

1 more replies
Relevance 63.55%
Question: Somethings Wrong

Something is wrong and not sure what it is, but here is my log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:39:50 PM, on 11/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exec:\Program Files\Pure Networks\Network Magic\nmsrvc.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Wina... Read more

Answer:Somethings Wrong

Welcome to the BleepingComputer HijackThis Logs and Analysis forum codsmith My name is Richie and i'll be helping you to fix your problems.Please disable Spybot S&D?s protection,or it will interfere.You can enable it later once you're system is clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmIt appears you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.Avira AntiVir Personal Edition Classic http://www.free-av.com/AVG7 Free Edition Antivirus:http://free.grisoft.com/filedir/inst/avg75free_503a1171.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeViewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed in 2006,read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the p... Read more

7 more replies
Relevance 63.55%
Question: Somethings Wrong!!

Alot of programs on my start menu are highlighted. Usually this happens only with newly installed software but these programs are old. This just happened suddently. I've run AVG and it found no viruses. Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 6:02:30 PM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firef... Read more

Answer:Somethings Wrong!!

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

Thank you for your patience.

4 more replies
Relevance 63.55%
Question: Somethings Wrong

I keep having a reoccuring blue screen problem with my computer and also it will not let me get through a lot of software installations. There also seems to be a problem when I share media between my computer and other computers on my network. THANKS IN ADVANCE FOR THE HELP!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:45:19 AM, on 11/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Pure Networks\Network Magic\nmsrvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files\Micro... Read more

Answer:Somethings Wrong

anybody?

2 more replies
Relevance 63.55%
Question: somethings wrong

Hello. I think I may be in need of a little help. My computer is running very slow, it won't shut down on its own. It freezes upmost of the time on start-up. When it dsoesn't freeze up, I get illegal opps onstart up on {WINTASK} n' {Exp}.When I hit Alt-Ctrl-Delete I have all kinds of things on there such as...*Pacis*Maed*Qhayxe*Lgipcb*mdcef*Wsup*Wtoolsa*Cxtpls_loaderSometimes there are tons more, those are just a few examples. I am running Windows 98.Any suggestions or help would be greatly appreciated.Thank You-CherylMod Edit: This will be moved to a more appropriate Forum.

Answer:somethings wrong

Hi Cheryl,Your system is infested with spyware and Trojans.Do you have a current anti-virus program? if so update it.If not download AVG Free from www.grisoft.com Here is the US link:http://www.grisoft.com/us/us_dwnl_free.phpwhen it is downloaded run an update.Do you have any anti-spyware installed? If not download and update all of the following:Ad-Aware SE from http://www.lavasoft.de/Spybot Search & Destroy from http://www.safer-networking.org/index.php?page=downloadSpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.htmlWhen all that is prepared reboot your computer in safe mode and run all the program, starting with the anti-virus scan. Allow the programs to delete anything they find. If you are not sure how to boot in safe mode there is a tutorial here: Safe ModeLet us know how you go.

3 more replies
Relevance 63.55%

Hey... something has happened to my computer!! I'm using Windows XP Proffessional. The problem started about 2 days ago. Everytime i turn on the computer.. the screen goes straight to this menu where it asks "safe mode, last working, and normal mode".. sorry i don't know what that page is called but if you press f8 u normally get there... well i don't know why its happening.. but everytime i select "normaly mode" the computer then goes to the "Windows XP loading window".. and then a couple of seconds later it popps up showing the blue screen of death and after about 2 seconds the computer restarts and takes me back to the window asking me "safe mode, last working, and normal mode." its a continous cycle and i need my computer for school work!!!! please help urgently
 

Answer:Somethings wrong :(

12 more replies
Relevance 63.55%

My computer is acting odd lately. its much slower than it normally is and the desktop is freezing and wont let me click icons. its strange, maybe you guys can help me out.heres my hjt log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:15:37 PM, on 10/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Documents and Settings\joe\ppbmirt.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\iTunes\iTunesHelper.exeD:\comp\ATI Tray Tools\atitray.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\joe\Local Settings\... Read more

Answer:think somethings wrong

anything look fishy? Hello joewcarson,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)

3 more replies
Relevance 63.55%

ok when i restart my computer and open my task manager there is over a hundred files under "processes" that all have random numbers like 351231243.exe, 1254252191.exe and so on. i havnt actually counted but there must be atleast 200. i took the time and end tasked them all but when i restarted again there seemed to be more. when i went to the file location it took me to the AppData > Local > Temp folder. what are these files and how can i get rid of them

Answer:Somethings Wrong :S

  
Quote: Originally Posted by Keith Flood


ok when i restart my computer and open my task manager there is over a hundred files under "processes" that all have random numbers like 351231243.exe, 1254252191.exe and so on. i havnt actually counted but there must be atleast 200. i took the time and end tasked them all but when i restarted again there seemed to be more. when i went to the file location it took me to the AppData > Local > Temp folder. what are these files and how can i get rid of them


Sounds like you have some malware on your computer which is replicating like mad. The random number.exes are basically copies or variants of the malware/virus trying to ensure you can't remove it or slowing down your machine with crap processes.

You currently have two options:

1) Wipe and reinstall - Some viruses/malware will screw up your system and sometimes it is better to just do a clean install to avoid the headaches.

2) Try and clean it - The reason this is number two is without identifying the root cause of the problem, you can try and download Malwarebyte's Anti-Mallware and Super Anti-Spyware from a clean computer, reboot your current computer into safe mode and try installing those two programs to see if they can clean it out. If it is a rootkit infection, it may be difficult to remove in general and in some cases, if you haven't set up a secondary administrator account on the system, you may still have some pro... Read more

1 more replies
Relevance 63.55%
Question: Somethings wrong

Hi I am new here and I have problem,because my computer is turned on almost 24 hours and I am always on internet I think that I have picked up some kind off harmful program or something.I think this because my computer is slower then before and he lags much.Please if somebody can help me I would be very grateful.Thanks in advance.

Answer:Somethings wrong

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

4 more replies
Relevance 63.55%

Logfile of HijackThis v1.99.1Scan saved at 2:34:01 PM, on 10/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\cisvc.exec:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccApp.e... Read more

Answer:Please Help Somethings Wrong

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Also, tell me exactly what problems you are having.

2 more replies
Relevance 63.55%

Hi everyone,when ever I log into my pc, my boot HDD keeps on running for like 10-15 mins on 100% (i have a hdd monitor widget). I just dont understand whats going on cos its not the anti virus, its not windows update... am not even sure if its a malware as i checked on task manager but theres no suspicous activities...can anyone help please... heres my spec:AMD Phenom X4 2.5ghz4gb RamRadeon X1800150gb Velociraptor hdd500gb WD hddWindows Vista Home premium 64bitthanks in advance!!

Answer:somethings wrong with HDD

"am not even sure if its a malware as i checked on task manager but theres no suspicous activities..."You need to run an up to date malware scanner, task manager will not lert you to malware that is disguised as a valid process.

2 more replies
Relevance 63.55%
Question: Somethings Wrong

Recently whenever I've been resuming from Hibernation on my laptop, my HD has serious activity mysteriosuly and I am not running anything. Here's my HijackThis log:

Logfile of HijackThis v1.96.2
Scan saved at 9:28:40 AM, on 8/30/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\Program Files\iPod\bin\iPodManager.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Tiny\tiny.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\YAHOO!\PARENT~1\ypc.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
c:\program files\internet explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 ... Read more

Answer:Somethings Wrong

16 more replies
Relevance 63.55%
Question: Somethings Wrong..

hey im new to these forums, im just wondering if someone can help me out. ive searched around the internet about the solution to my problem except im not sure what it is.

My problem is ever since i moved my computer it seems to be going very very slowly. I have an Intel Celeron 2.8ghz (yes i know crappy) with 768mb of ram and Windows XP SP2 Pro installed. I had to de-dust my computers guts basicly as it was full of dust, now i did this all carefully and i have broken anything. The whole problem started about 3 days ago when i was playing this game and my computer just turned of suddenly, no shutdown message kinda like if u pull the power plug. So i started it back up again and after the tab screen ( mobo bios screen ) it shutdown again. so i powered it up once more and once again it did the same thing. so i left the computer for about 10 minutes to see if that helped, so basicly after the 10 mintues i turned it back on and it all booted well. i went into the device manager to make sure it was all there and it was, nothign was fried . anyhow i went on to install this music program when i noticed a major lag in my system. i checked all the programs running and it was usual, nothign chewing up to much ram or cpu but i dont know what the problem is. now everything i do my whole computer comes to a freeze. so i reinstalled windows after backing up thinking maybe it was my windows that was corrupt. windows took longer than average to install, bout 45 mins or so. after that i th... Read more

Answer:Somethings Wrong..

Possibly a bad stick of RAM. Try this.
http://hcidesign.com/memtest/MemTest.zip

8 more replies
Relevance 63.55%

Are there any diaignostic tools available in Win 7 Ultimate and if so where do I find them and maybe a tutorial on the use of them..I'm not a computer geek and there is something wrong with my system..

Answer:Somethings wrong Win 7 X 64

If you post your actual issue in the relevant forum here, I'm sure someone will be able to suggest suitable diagnostics software, either built in or third party, or even solve your issue directly.

there are a lot of tools available and it's important that you use the correct one.

Also if you complete your system specs in the user control panel here (UserCP) it will help us to help you

9 more replies
Relevance 63.55%

Im not sure that this is the right forum to start this thread, so please move if appropriate. I have asked for advice on a couple different sites in the past to no avail. I go through the steps that they want done first and then post my HJT this log. Everyone says everything looks good though. I have for a long time now been convinced that I have a virus or something on my PC but neither HJT or the multiple anit-virus programs I have run turned anything much up. For some reason I still was convinced and continued trying differnt things. A cople of days ago I decided to reinstall Norton anti-virus and give that a try again. I did however stop explorer.exe from running while I installed it. I ran the scan and it actually found a virus.... W32.Alcra.D. All of the files were found here.. C:\Program Files\Ares\My Shared Folder\..... What worries me is I uninstalled this P2P program, maybe a year ago. It makes me believe my original thoughts were right. I have multiple viruses that have been here for sometime. Now Norton seems to be not running properly again and not detecting anything. So Im at a loss and I dont know if a HJT log is going to help...

Answer:Not Sure What Going On? Somethings Wrong

to BC r350z, You have two options as I see it: You can submit an HJT log to our expert team of analysts to receive step-by-step instructions on ridding your machine of malware. To post an HJT log please read the 'Preparation Guide' before posting to: http://www.bleepingcomputer.com/forums/Hij...alysis-f22.html Alternatively you can post specifics in this forum and members will advise you ways to resolve your problems. (Please do not do this at the same time as having your log analysed.) Note: members are not permitted to advise on HJT logs in the open forums. We need to know some information about your system such as CPU type, RAM capacity, hard drive make and size, graphics card type, what version of windows, what anti-virus or anti-spyware you have and some details about your applications. Use 1 Anti-Virus program, 1 Firewall and many Anti-Spyware programs, supplemented by occasional online Anti-Virus scans. Start by following this guide: Is your Anti-virus program current and updated? If not you can download a free anti-virus program here (US Link): AVG Free When you have downloaded and installed it you need to go online to register it and update it. (It will probably prompt you to do this.) Once you have installed AVG uninstall your old Anti-Virus software because you should only have one running on your system. Do you have any anti-spyware installed? If not download and update all of the following: Ad-Aware SE from http://www.lavasoft.de/
There is a tutorial ... Read more

1 more replies
Relevance 63.55%
Question: Somethings Wrong

I got some kind of adware or virus the other day. It seems that the system restore took care of the virus except one thing. I use firefox and I use the search tool in the upper right hand corner alot. Now when I do my innitial search it takes me to a page like I will put below. Its just a page that tries to sell me stuff and then when I do another search from there I get google like I wanted to begin with. I have a feeling I have something still infecting my cpu. My cpu is also fairly slow so if you see something in the hijack log that I dont need please let me know so I can remove it. Thanks in advance for your help . I am posting a fresh hijack log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:12:28 PM, on 7/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Pro... Read more

Answer:Somethings Wrong

anyone?

41 more replies
Relevance 63.55%

Okay, I?ve already posted in the Security section and got some great advice from ?boopme? then it was recommended that I post in this section, so here?s the issue;I?m running a Compaq Presario 5000 with XP Home Edition, SP3.Norton 2009, Spybot search & destroy, CCleaner, Malwarebytes' Anti-Malware, ATF Cleaner and SuperAntiSpyware.I had some strange little things happening in the last few days, example: When I open a window, it opens and then minimizes immediately (not normal) and does this with all newly opened windows.Some windows open, minimize and when you try to maximize them they won?t allow it and blink on the Taskbar about 10 times before finally allowing you to maximize them. ? Programs like Word, open up fine, but say I want to look at the desktop, minimize Word? but no; it pops right back up not allowing you to move it, which leaves you with closing it as the only option.? Task Manager is doing the same thing, but worse! ? Open Task Manager, it opens in the maximized position and immediately goes to Taskbar, then continuously back and forth between Maximized window and Taskbar. ? The only way to stop it is to right click and close.? CCleaner opens in maximized size and then bounces between small and large.? I use WinRAR for work quite often and have the same ?bouncing? effects while downloading or uploading.I?ve run Spybot & CCleaner Malwarebytes' Anti-Malware, ATF Cleaner and SUPERAntiSypware under Safe Mode over night (yes, separately). Noth... Read more

Answer:Okay, somethings wrong...

minimization and window focus changes are usually a program running in the background, i have heard of norton doing this for games but not general windows, however, try disabling norton just to see what it does.

Otherwise click on start then run and type in
msconfig
and click ok, then go to the startup tab and uncheck all the items there and click OK and restart the pc, this will usually rule out extra programs doing its

(it could also be something as simple as a stuck key on your keyboard as well, or mouse if you have a mouse with multiple buttons)

6 more replies
Relevance 63.55%

I installed Apache and PHP cause I thought thats how you can load PHP pages from your comp but it didn't work.

So I uninstalled Apache and then PHP and it wanted me to restart my comp so I did.

Then when Windows loads it has this wallpaper with some stuff about active desktop which I didnt have any active desktop things.

And I did a Spybot S&D scan and it came up with heaps of missing shared DLLs.

Can anyone enlighten me on whats going on?
 

Answer:Somethings gone wrong

16 more replies
Relevance 63.55%
Question: somethings wrong

Hi i need someone to tell whats going on i bootup my system and it freezes just before the ram count starts. After about 2 minutes it starts up then takes another 2 to3 minutes before it loads your settings. Im running windows xp sp2 if anyone can help i would be very happy.
thanks.

Answer:somethings wrong

Have you changed your RAM recently (added or removed or just changed at all)? Sounds like a bus/RAM incompatibility issue. Also, are you hearing any beeps at all? 3 short, 1 long????

5 more replies
Relevance 63.55%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:30:47 John AM, on 7/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\NCH Swift Sound\Talk\talk.exeC:\WINDOWS\StartupMonitor.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Vista Drive Icon\DrvIcon.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\... Read more

Answer:Somethings Wrong With My Pc

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

2 more replies
Relevance 63.55%

Hey,
Okay there is something seriously wrong with my laptop. A couple of days ago it started displaying error messages and windows defender started giving me trojan warnings. Like an idiot I had allowed my norton internet security subscription to expire. So then i downloaded spybot search and destroy and got a norton antivirus subscription for 12 months. I scanned my computer with both and removed all the evils within my laptop, or so it seemed. Now whats happening is that on startup i get a RunDLL error message. Random webpages open up while im browsing the internet. Spybot keeps alerting me of registry changes which i am forced to approve because they keep popping up a mile a minute if denied. Both windows defender and Norton antivirus keep alerting me to different trojans and 'threats'. However, when i scan my pc with these 2 softwares, they declare it COMPLETELY HEALTHY?!
here are some of the things that windows defender spybot and norton alert me to but are unable to detect later on:
W32.vundo
W32.fotomoto
W32.small
a number of different "trojans" (thats all norton says)
and according to norton my computer keeps doing something called WebDir activity by pinging something called everer.com .
please help!
theres something seriously wrong here.
 

More replies
Relevance 63.55%
Question: somethings wrong

Hi all....My problem is when i have to reboot ( my pc is on all the time)it takes some time to reboot but when it comes back on...when i can see the desktop and the icons on the right side next to the clock it looks like it takes about 5 minutes and then my task bar goes to clasic view.So i go to properties/appearance and select any kind of apareance and hit ok and it goes back to new taskbar..i had this problem b4 but got fixed by itself so no idea what might be.....the other thing is that my pc got really slow..checked for spyware..viruses..hjt loc nothing..found a virus but the av got rid of it..i even checked the folder where it was and it was gone....tryed disk defr...and it only takes like 30 seconds or less cuz i did it so many times....i run clean up,adware,spybot (regular Mode) and ewido on safe mode cuz it would freeze everithing on regular mode..didn't find anything....any ideas?

Answer:somethings wrong

Plz quote ur system configuration !!!

7 more replies
Relevance 63.55%
Question: somethings wrong

when i minimize my windows it leaves streams all the way downLogfile of HijackThis v1.99.1Scan saved at 10:08:03 PM, on 3/27/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v5.50 (5.50.4134.0100)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\TV VIEWER\TVWAKEUP.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\TV VIEWER\ANNCLIST.EXEC:\PROGRAM FILES\SYGATE\SPF\SMC.EXEC:\WINDOWS\SVCHOST.EXEC:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\CREATIVE\SURROUNDMIXER\CTSYSVOL.EXEC:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\AHEAD\INCD\INCD.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\ARES\ARES.EXEC:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INT... Read more

Answer:somethings wrong

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.4C\NHELPER.DLLO2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLLO3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLLO4 - HKLM\..\RunServices: [PowerManager] C:\WINDOWS\SVCHOST.EXEO4 - HKCU\..\Run: [ares] "C:\PROGRAM FILES\ARES\ARES.EXE" -hReboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\PROGRAM FILES\NAVEXCEL\C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\C:\WINDOWS\SVCHOST.EXEReboot your computer to go back to normal mode and post a new log.

1 more replies
Relevance 63.55%

For a while my computers been acting wierd. Takes a VERY long time to shut down/restart and runs poorly. I dl'ed new iTunes and AIM the other day and it went wack. iTunes installed and wont start up, but is "running" in the task manager. Uninstalled, reinstalled, no change. AIM never installed, because it just sat in limbo waiting to start - still runs fine as old version. I suspect other things arent how they should be, thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:21:49 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\... Read more

More replies
Relevance 62.73%

ok, so today, i have a balloon that keeps popping up saying my computer is infected, and i need to let "windows" download and install up to date anti spyware...but it was unsigned program that tried to download, so i blocked it....then i started spybot, but it wont even load/open...and this balloon keeps popping up! just the day before yesterday, i updated spybot, and my security program (att internet security) and i also updated windows with service pack 3 and 2 security updates...what do i do?! i am running windows xp...thanks for any suggestions.

Answer:i KNOW somethings wrong..cant run spybot...what do i do?

Hello can you run this..run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top.... Read more

17 more replies
Relevance 62.73%

Something is wrong with my pc..........i just can not run spybot....heres my hjt log.......LDTATE (senior member here) helped me...spybot had started working ...now its all screwed up again.......It keeps freezing when i press on "fix"!!!!!

Ran it in safe mode....reinstalled it thrice......doesnt seem to work..
I have adaware and spyware blaster too...and they work fine

heres my hjt log

Logfile of HijackThis v1.98.2
Scan saved at 1:41:34 PM, on 10/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\progra~1\mcafee.com\vso\mcvsfts... Read more

Answer:somethings wrong...heres HJT log

Do you use Kontiki?

O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe

http://www.liutilities.com/products/wintaskspro/processlibrary/khost/

Also, Download Accelerator Plus can be adware.

http://www.windowsstartup.com/wso/detail.php?id=779

Are you using the registered version?

When you've uninstalled SpyBot, have you un-immunized beforehand? Try that and using add or remove after. Then reboot.
 

3 more replies
Relevance 62.73%

OK, my computer just got done being used by my brother and i came back and plugged in my wireless mouse and now it keeps saying USB device not recognized witch still goes off even when nothing is plugged in plz help

P.S. My mouse wont work due to this problem

Answer:Somethings wrong with vista!

Try rebooting. Current config should be recognized.

6 more replies
Relevance 62.73%

my pc has sound but it sounds scratchy and is upsetting me can anyone help?
i formated the hard drive and reinstalled xp. then had a conflict with the pci modem 'that is now resolved but the sound is'nt
 

Answer:somethings wrong with my sound

do you have a second pair of speakers?
 

2 more replies
Relevance 62.73%

Hellow, I have widows xp sp3. I am not sure if something is wrong, but I noticed some wierd behavior on pc.

mouse pointer gets stuck
internet browser takes too long
pc suddenly freezes
sudden system errors

I ran HJT and I got the following log:

Logfile of HijackThis v1.99.1
Scan saved at 10:28:00 AM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\New Boun... Read more

Answer:somethings are wrong with browsing

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 62.73%

So basically heres the deal.. im tryin to fix my mom bf's computer (im on right now) i cannot download anything bcuz it says it cannot find the url for any dl, so i've put avg free, and AdAware, on a disk uploaded scanned all that good stuff.. the pc has a total of 84 viruses :[. So im gonna make this as easy as possible anmd put it into 2 catagories.

1. The problems/symptoms.
2. The llist of known viruses in their sub catagories.
The problems.. at begining of startup when everythings beginign to load up on desktop a program tries to instal but says cant install need a disk, another problem is when i try to search a page on the net, well when i type in www.blah.com something like that it will gve me a message saying C:\Documents and Settings\Owner\Destop is not accessible. Access is denied. The only option i have is to click ok, these are the problems.

The list of known viruses, im getting from avg virus vault.

Ms-Dos viruses..
Downloader.Tibs
that file was in 6 different locations..
C:\Systerm Volume Information\_restore ( same spot 2 more times)
C:\WINNT\system32\serdpfax.exe
C:\WINNT\system32\shuomrks.exe
C:\WINNT\system32\maeqbbym.exe

Windows Viruses..
Win32/PEPatch
C:\System Volume Information\_restore (5 times)
C:\WINNT\system32\dnjomuuc.exe
C:\WINNT\system32\gdaloous.exe
C:\WINNT\system32\jkygrxld.exe
C:\WINNT\system32\uecxtwoo.exe

Gah and as of right now unl;ess i have to i will list trojans..
theres A L O T of trojans.
If anyone can even begin to hel... Read more

Answer:HELPP!! Win 2k... somethings wrong and idk what:[

Format and reinstall Windows
 

2 more replies
Relevance 62.73%

-Both firefox and google chrome both crash when I open them.
-Malwarebytes crashes and gives me a dll error or something
firstcrash: ntdll
second crash: mambcore or something
-computer reboots by it's self. I don't have any time to try and fix it. (in safe mode as well)
any advice? :/

Answer:Somethings wrong with my computer

I cannot log in when in safe mode.
It never reaches the login, just stays at the black screen with "safe mode" at each corner. I can see the mouse, but I can't open task manager or anything

18 more replies
Relevance 62.73%

hello new to the forums. cant figure out what is wrong so here is dds log and hijackthis log. any info would be very helpful. Thanks

HiJackThis Log----

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:17:01 PM, on 8/1/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
Z:\Program Files (x86)\Mozilla Firefox\firefox.exe
Z:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Z:\Program Files (x86)\vlc-1.1.7\VLC\vlc.exe
Z:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
z:\Program Files (x86)\uTorrent\uTorrent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pa... Read more

Answer:not sure where to start...somethings wrong

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412406 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

2 more replies
Relevance 62.73%

I just found out today that my sis visited a site and now I have some spyware. I removed the spyware using malwarebytes. But when I visit google.com, it redirects me to google.de and then when I try to login it says something about invalid security certificate and then 5 minutes ago while online, another virus pop up popped up and I exited the browser. Ive scanned with avir antivirus, malware bytes, super antispyware, and it still cant find it. Can anyone help me? Ive checked date and time and they are correct, cleared cookies, and I even downloaded spybot but it wont run for some reason just like my antivirus did a while ago until I ran malware bytes and got some of the malware off my computer.

I have a hijackthis log and I think a malware bytes log if I can find it. Let me know what I need to do. Thanks

Answer:Somethings Wrong, Virus - Help?

Hello ....please post the MBAM (MalwareBytes) logThe log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Post the SAS logTo retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

3 more replies
Relevance 62.73%

I am unable to modify power plans, and change the effect that closing the lid on my laptop does:
Here are some of the symptoms:
1) DOS mode command "Net Start Power" results in "System error 5 has occurred. Access is denied" when issued from an id with Administrator privileges.
2) DOS mode command "runas /noprofile /user:Administrator 'cmd /k net start power'" produces the error message "RUNAS ERROR : unable to run cmd /k net start power. 1327: Logon failure: user account restriction. Possible reasons are blank
passwords not allowed, logon hour restrictions, or  a policy restriction has been enforced."
3) Device Manager Batteries + Microsoft Composite Battery "Device status: This device cannot start (code 10)."
Thanks in advance for any help you may be able to provide.

More replies
Relevance 62.73%

i got on my computer then other day and tried to get on my messenger but it didnt open. this screen pop up sayin open with... i tried clickin on ne of them and it doesnt wont i tried to download the hijackthis1991 it downloads i just cant open it.. this is making me very upset. im not very good with computers but im learning the best i can. if neone could help me i would be very happy ...
 

Answer:somethings wrong with my computer help....

my desktop was moved around and i didnt do it. i also can open nothing on my desktop or newhere i have to go through history to even get here....
 

2 more replies
Relevance 62.73%

I have a virus but AVG can't seen to remove it.(moderator edit: moved log to the appropriate forum. jgweed)Logfile of HijackThis v1.99.1Scan saved at 17:20:11, on 09/08/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\WINDOWS\System32\CTHELPER.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {5... Read more

Answer:Help! somethings wrong but I dont know what

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.

3 more replies
Relevance 62.73%

i have a toshiba laptop 4 gb ram 2.66 processor 9800mgt video card
this week i have installed windows 7 and whenever i open a new window my computer seems to slow down like the window comes but slower
and in flash games whenever i play a flash game it's slows down like when you get low fps on normal games

Answer:Somethings wrong with my computer

If you can fill out the rest of your computer stats that will help. As for what you have said it sounds like a video driver. Make sure you have the latest drivers from Nvidia for your video card.

9 more replies
Relevance 62.73%

umm im new at this website and my hard drive isn't working
i try to put in a cd to run this program that would get my printer to work but it won't run
i tried to burn cds and it wont't burn and i end up having to throw a brand new cd away i really need someone's expert advice on this problem...now my printer won't work and i can't print out my papers for class please help me i even tried disk clean...but it doesnt work

please help

Answer:Help Somethings Wrong With My Harddrive

Hello,

The problem sounds like it could be a number of things, if you right click on my computer select properties then select the hardware tab and click device manager. Can you see any conflicts listed on the page?

Can you go into a bit more detail about what happens when you try and install the printer software?

5 more replies
Relevance 62.73%

Heya my friend ordered alll the parts for his new PC, and i built it all today. Went to start it up first time and black screen, no output from vid. card...tried card in another computer and it worked fine...The card was getting power (i also tried another card in the same slot, no video) but i think the pci-e x16 slot was bad or just the mobo in general...Does it seem like the mobo is whats at fault here? Everything else works fine, cept no picture, or no beeps...the mobo is a gigabyte ga-p35-ds3l s series. We got a geforce 8800gts card in with 4gig of DDR2 pc2 6400 (4sticks) and a lga775 core2 duo e6850 3gig. Any help would be appreciated!

Answer:Somethings Wrong! Bad Mobo? Plz help!

Did you plug in the CPU power connector? video power connector?

5 more replies
Relevance 62.73%

Weird error when my computer attempts to connect to the internet. I use wireless. And i've tested other wifi signals to troubleshoot, and my error is when im connected to any internet source.

Once it connects reactions seem slower, like my computer can't handle what evers happening and i get the error

"service and controller app stopped working..."
or
"windows has had a critical error and must restart imediately"

I've seen both, and it always tells me i have 1 minute before it restarts.

But if i stay disconnected I haven't been getting the error "yet"

Please is there someone who can look at my HiJack this Log. I dont know what to do about my laptop. I dont know how to look at the log. Someone help, id apreciate it. I can't get a response from anyone. Thats a bad sign. Dont tell me everyone doesnt know and im skrewed.

Note: I am running Vista

Logfile of HijackThis v1.99.1
Scan saved at 2:19:01 AM, on 9/13/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Users\Tiffany\AppData\Local\Temp\Rar$EX00.028\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://... Read more

Answer:Malware? Somethings wrong, Please help.

OK i finally got the error box that asks to "send report" and i clicked error details. This is what i guess is causing the exact problem.

Problem signature:
Problem Event Name: APPCRASH
Application Name: services.exe
Application Version: 6.0.6000.16386
Application Timestamp: 4549add1
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4549bdc9
Exception Code: c0000374
Exception Offset: 000af1c9
OS Version: 6.0.6000.2.0.0.768.3
Locale ID: 1033

How do I correct this. It says APP Crash. What do i do?????
 

1 more replies
Relevance 62.73%

I put this rig together yesterday, and it turns on but for only about for a few mins then shuts down.....i can't install windows nor stay in bio's to long because of the shut downs..... does anyone know whats going on here or how to fix this?..........here are the specs

E6300 C2D
GA-965G-DS3
Corsair XMS2 Twin2x ddr2 675(2 x 512)
Evga 7600 GT KO (PCI-E)
Maxtor Sata Ultra 200GB
CoolMax Taurus 550W PSU
Thermaltake Damier V5000c

thanks for any info

Answer:new build...somethings wrong

My first thought is that the power supply is suspect. If you can get it tested, that would be good.

Second thought is RAM.

Keep us posted!

5 more replies