Computer Support Forum

Hijack This log dude!

Question: Hijack This log dude!

Here is the log: Internet Security keeps getting a Subseven Backdoor Trojan warning.:

Logfile of HijackThis v1.97.7
Scan saved at 11:40:41 AM, on 1/14/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\Fonts\explorer.exe
C:\Program Files\ComSoft\Dialers\xxxCam\xxxCam.exe
C:\Program Files\SCom\Dialers\XXXmpegs\XXXmpegs.exe
C:\winnt\system32\sncntr.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Peachw\peachw.exe
C:\Peachw\W32MKDE.EXE
C:\Program Files\RBEnhance\rbenh.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/start/ie4
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coralwave.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: toolbar - {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} - C:\WINNT\Downloaded Program Files\toolbar.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdobeA] C:\WINNT\ntsyscore\adobes.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TaskMan] C:\WINNT\Fonts\rundll32.exe
O4 - HKLM\..\Run: [Explorer] C:\WINNT\Fonts\explorer.exe
O4 - HKLM\..\Run: [messnger] C:\WINNT\system32\Dvldr32.exe
O4 - HKLM\..\Run: [xxxCam] C:\Program Files\ComSoft\Dialers\xxxCam\xxxCam.exe /dontdial
O4 - HKLM\..\Run: [XXXmpegs] C:\Program Files\SCom\Dialers\XXXmpegs\XXXmpegs.exe /dontdial
O4 - HKLM\..\Run: [rbenh ml742e] "C:\Program Files\RBEnhance\rbenh.exe"
O4 - HKLM\..\Run: [sncntr] c:\winnt\system32\sncntr.exe /nocomm
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {29CAC0B6-D6C2-4395-8289-BF3FBF27AD5F} (AInst Class) - http://209.47.15.72/inst/activeinstaller.dll
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37895.4423611111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB2961FD-DD24-4F8A-8A92-6F9325FF6F11} (toolbar) - http://www.supaseek.com/toolbar/toolbar.cab

Relevance 100%
Preferred Solution: Hijack This log dude!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Hijack This log dude!

first you ahev a rapid blaster infection, plus countless adult diallers and a few trojans thrown in for good measure

FIRST
As RapidBlaster tends to mutate if the process isn't terminated first, do download and run RapidBlaster killer by Javacool: http://www.wilderssecurity.net/specialinfo/rapidblaster.html#removal
Launch the program and hit the Scan button.
RBKiller will find any RapidBlaster variants on your system, will kill the process, and delete the Registry Run entry and find the pertaining folder in Program Files, and simply delete it!

then REBOOT then

Download & Run CWshredder from http://www.merijn.org/cwschronicles.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "FIX" (Not "Scan only") and let it do it's thing.
and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually reinfected
the patches are :
http://support.microsoft.com/default.aspx?kbid=828026
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp
then reboot &
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &
download AdAware 6
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read 01R247 10.01.2004

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and "Let windows remove files in use at next reboot"

then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

reboot again

Run an online antivirus check from at least one and preferably 2 of the following sites
http://security.symantec.com/default.asp?
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://www.ravantivirus.com/scan/
http://www.anti-trojan.net/en/onlinecheck.aspx

then post a new hijackthis log to check what is left

3 more replies
Relevance 63.55%

Hello,

Here is my log....What should I delete? Thank you for your time!!!!!!!!
Logfile of HijackThis v1.97.7
Scan saved at 4:41:12 PM, on 9/2/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\srjhtm.exe
C:\Program Files\Microsoft SQL Server\... Read more

Answer:Another Dude Needs HiJack Log Analyzed

15 more replies
Relevance 44.69%
Question: dude

Hello fairly simple question i think? I like to display pictures from a folder on my desktop. all the photos from my cheap cell phone from which i emailed to my computer are clear and crisp. the ones friend send from their iphone and proper digital cameras display blurry and distorted? I have tried to change pixel size in iphoto but can not find a way?

thanks
 

Answer:dude

8 more replies
Relevance 44.69%
Question: What next dude?

Hey chaps,
So, I?ve ran through all your Read & run First steps, and ran CCleaner... as far as I can tell 2 problems remain.
The first is on starting up IE: on start up of my pc the following virus warning appears (see 1st screen shot). AVG detects it and asks if I want to heal or quarantine, I have done both.
Second, is the most frustrating, certain web sites that I visit, (non-porn) do this really annoying thing, I get automatically re-directed to a dell search page, I run a dell PC and at the top of the page it says: Sorry, we couldn't find http://ad.uk.doubleclick.net/adi/N3784.AND/B2258036;sz. Here are some related websites: (2nd screen shot was too big to post, should i e-mail?)
I also run a registered copy of Spyware Detector, this obviously hasn't detected it.
Plus, when I opened up majorgeeks.com the following message appeared. (See 3rd screen shot)
Can you help, please?
 

Answer:What next dude?

Hi

you'll need to attach the logs requested from the Read Me guide.




When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

4 more replies
Relevance 44.69%
Question: Dude

Ok so this happened on my old XP machine, and just recently on this Vista one.

As far as i can tell, it is harmless, and i have barely noticed it, but it is a little frustrating.
All it is, is some virus or something. All that happens is some guys voice (maybe about 20 year) comes on the speakers saying "dude" in a weird sort of way. It happened quite a bit on my XP machine, but only once on this one. I looked on the internet and found nothing, and I am confused as to what it is.

Its not a huge issue, I can survive with it for now (until i reinstall) but i wanna know wtf is with it.

~Lordbob

Answer:Dude

LMAO, are you serious? Never heard of that one. Have you ran full scans with an AV and antispyware apps?

19 more replies
Relevance 44.69%

Hi everyone, am new to this forum.Having a hard time removing some horrible malware. am attaching log files please help....
 

Answer:New Dude About To Cry!!!

Also..
 

12 more replies
Relevance 44.28%
Question: Cowabanga Dude(do)

First of all I want to say that I appreciate all the help I have received from MajorGeeks in the past. Thank you.


Now, down to business. First of all the problem is not on this computer it is on my other house computer. Through a recent download we ended up picking up some malware called Cowabanga, Deluxe Communication .


Here is what I have done to get rid of this. Each folder came with an uninstall so I tried that. I also tried to manually delete all folders but it seems that it only morphs itself in other folders.

It has disabled my internet which forces me to use this other computer.


I ran HJT and have attached it


What can I do to get rid of this? Please help.:crybaby
 

Answer:Cowabanga Dude(do)

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
&... Read more

1 more replies
Relevance 44.28%

HI,

I just got set up with comcast internet yesterday, I have 2 Desktops, one running XP home, and another running Redhat 9.0, along with 2 laptops running XP Pro.

Befor I was running Quest DSL and everything was working fine,

I am using Netgear wireless router, with a Linksys 5 port hub.

I can only have internet connection to my desktop running XP home, it is hardwired. I have to take incomming internet from modem into one of the ports on the Netgear because the incomming port on Netgear does not work. Then I have internet to the Netgear and my laptop will see that there is wireless but it will not see other computers or the internet. I have tried putting the incomming internet into the incomming port on the Netgear and still nothing. I am not sure what is going on but this is not working and I tried all day yesterday to fix this but nothing worked.

Does anyone have any ideas to try????

~LuMa
 

Answer:Dude where is my Wireless.

Yo,

My wireless router is MR814.

~LuMa
 

4 more replies
Relevance 44.28%

So I've got this Gateway GT4009. That's a good PC, right? I got it for free out of a school that closed.

I'm a little stressed out because the problems I'm having are not consistent. When I first started the computer, it went past the XP spash screen and then it said to press ctrl+alt+delete. BUT before I could do anything it restarted and it did it again then restarted and so on.

So I decided to reinstall XP. It made it halfway through the NTFS format and then it restarted and loaded to the infamous "blue screen of death" and it had a stop code of 0x0000004e, which according to this article is bad ram, so i replaced the ram stick. Then it went to setup. Then it restarted. Then I said screw it, I'm going to ask for help.

Now I've read that this restarting happens for 3 different reasons: 1) OS problems. (which we know it can't be since I'm booting from CD) 2) a hot CPU or 3) a bad power supply. I don't have a replacement power supply handy, so I want to test the CPU heat. How do I know how hot my CPU is and what exactly IS too hot?

Answer:Help a Mac dude understand PC.

Next time before you reinstall, try safe mode (press F8 at startup).

Dunno about what constitutes too hot, but when you boot, you can get into the BIOS (there's a key you have to press right after you power on your PC - maybe Del, maybe F10, don't know what it is for Gateway PC's). Then just navigate around the menu and you're likely to find your CPU temperature.

1 more replies
Relevance 44.28%

Logfile of HijackThis v1.99.1Scan saved at 5:34:11 PM, on 4/1/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\winyi32.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Common Files\Symantec Shared\ccAp... Read more

Answer:like...dude...this is my hijackthis log or something...

Thats alot of stuff lol, my comp has like 10 things.

2 more replies
Relevance 44.28%

my brother in law used the computer while house sitting and bam! viruses galore. My wallpaper is hijacked, I get all kinds of security threat alerts saying i'm infected with spyware which lead to spyware removal advertisements, and IE quit working. I have xp professional and an out dated symantec. receive alerts indicating C:/tempar.bat is in quarantine. spy sweeper also says i have coolwebsearch, zenosearchassistant, and a few others. i also get messages about rundll32.exe, mssys.exe, trojanddownloader.xs. I removed something called mIRC, and some other files after reading some posts, but still having problems. Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:30 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Prog... Read more

Answer:one frustrated dude!

6 more replies
Relevance 44.28%

Greeting to Dude's here,

I am using window 7 on my computer. From few days a problem is arising in my computer. While running any video suddenly the computer hangs and after leaving it idle for few time it start responding. I have done virus scan not found any solution. What should I do to fix this issue?


Thanks
Jason

Answer:Please Fix My Computer Dude

Fill out your system specs. Click the link in my signature to do it.

4 more replies
Relevance 44.28%

I live in Ireland!

I have tried to purchase a MS Surface RT. I have tried every possibility!

The only possible way that I can buy one legally, is to buy it in the UK & have to shipped to someone in Northern Ireland (Part of the UK. A real Irishman would NEVER do this. I would have to cross the border into NI).

I talked to my Electronics retailer here that has been in business for over 50 years! I buy all my electronics there.

He told me that the only way he cold get them is to buy a skid load. He says he could not invest that kind of money at the expense of his general inventory!

I have contacted the Irish office of Microsoft. All they do is transfer the call to the UK MS Website. I can fill in the order for the Surface, but at the check out, it tells me they CAN NOT ship to the IRSH REPUBLIC!!

Why in HELL was I transferred to THE UK??

I have contacted all the Electronic retailers in Ireland & no one has them!

PC World told me I had to order them online! But they didn't have any idea where!!

WHAT KIND OF SO-CALLED "WORLD WIDE COMPANY" would deliberately boycott A WORLD LEADING COUNTRY!!

MAD AS HELL!!

The "Old Fart"

TULLY!!

Answer:Hey Dude, Where is my Surface RT?

Now you see what us Americans often go through when foreign companies make products, such as Nintendo, Samsung, etc, and we have to wait behind for availability.

I'm quote certain Microsoft wouldn't boycott a "world leading country". They haven't been on the market very long, so my suggestion would be to go to the largest electronics retailer, either in person or online and find one there. If the one who went to isn't a nationwide chain, then they may not be able to purchase them as easily as the major retailers.

12 more replies
Relevance 44.28%

click hereOn my second free guestbook.First one no admin access to remove bad post.This one listed above loads ok 1 out off ten times if host is lucky.Anyone know of a reliable guestbook with admin capabilty and loads good?thanks?and possibly password protected currently using a java script with a comment on top of page for view source.(not the greatest).

Answer:Another Guestbook dude

WOW drop the E on DUDE LOL = DUD

9 more replies
Relevance 44.28%

day one of my problems the computer froze up would do nothing so I attempted to reboot and it would not allow me to shut down so I powered off with the power button, it worked for most of that day
then later either that day or the next it froze up again and I was able to reboot, then just yesterday I set the laptop down softly and it shut off this happened twice.
The second time it would not boot, the power led would come on for about 4 seconds, and the battery light would flash about every 3 seconds. I tried taking the battery out and just leaving the power cord plugged in and it worked so I left it that way for some time, later in the day I put the battery back in just because I did not like leaving the battery out and having an opening for dust etc. to get in.
I set it down awhile later and again it shut and hasn't come back on. I still get the power light for 4 secs, and and then battery light flash every 3 or 4 secs. I am a little knowledgeable about computers so I took it apart and I don't see anything wrong inside.
I reset the CMOS just for fun and did a little cursing, then tried to pray, and here I am begging for help from you kind folks....
I haven't tried the hammer yet, thought I would check here first... Thanks in advance for your help...
Ron
 

Answer:Dude I got a Dell, HELP.....

6 more replies
Relevance 44.28%

hey how can i disable my onboard video card 8290g/GV/190GL Express Chipset Family chipset using the BIOS in order to install a new driver for my nVidia GeForce FX 5200?? Just wondering if u knew
 

More replies
Relevance 44.28%

I'm running vista (32bit) on an Acer 5310 service pack 2 laptop. I did a safe boot two days ago because of a glitch with IE (a warning saying this script can no longer be run on this page or something such) I've since rebooted in normal mode(I've gone though F8 to do this three times now) to find that the Vista orb has been replaced by the old rectagle style. I'm pretty sure that other design type features have remained in the old style (ie 'safe mode' style) as well.Can any one help please?

Answer:Dude, where's my vista orb?

Right click on your desktop and select Personalize, Theme, and select Windows Vista in the drop down.

6 more replies
Relevance 44.28%

I have a netgear dual band router (WNDR3300). My Ubuntu laptop can see both the G and N networks. However my XP Desktop can only see the G and NOT the N. My desktop has a D-Link Rangebooster N (DWA-142).

Any help?
 

Answer:Dude Where's my wireless n?

12 more replies
Relevance 44.28%

OK i have this problem where my computer keeps restarting. it restarted on me the other day and now i cant get it to start back up in normal mode. i can only get it to start up in safe mode. i have no idea wtf happened please can someone help
-Frank C
 

Answer:Solved: Dude Help Me!

16 more replies
Relevance 44.28%

Some more problems with the comp from hell from dell. My A drive will sometimes just mysteriously vanish from my computer, and I will not be able to save anything to through any other programs. It will sometimes be there when I reboot, but other times it will not.

Any help appreciated.

PS - I love the dell run around. They keep me on hold for 1.5 hrs, and then they just tell me to run a diagnostic check, virus scan, etc and tell me to get back to them. They aren't the most help ever!
 

Answer:Dude, where's my A drive?

6 more replies
Relevance 44.28%

I got a client where we gave him a fresh install of Windows Xp Pro Sp2 (Legit Copy + Updates)

This guy installs a chase game, however when it comes to trying to play it, he gets an error message saying that he needs OpenGL1.1 or greater to play it.

I found an OpenGL1.1 on the microsoft website. However think this is mainly for Windows 95 / NT Platforms as it did not do any thing.

I have re-installed the video card drivers (onboard NVIDIA GeForce 6100 GPU on a Gigabyte GA-K8N51GMF-9 SKT 939 Motherboard). Please note that these are the video card drivers from Gigabyte's Website. I have fround that the nVidia Drivers from the nVidia's website does not what to have any thing do with it.

It's currently using Direct X 9.0c (however I have not re-installed that yet)

I have tried looking at the OpenGL.org site. However the only download I can seem to find points back to the same one from Microsoft that I mensioned earlier.
However the website is talking about OpenGL 2.0. There is a lot of blurb on what it does, but no downloads for it.

Any other suggestions on where I can download Open GL 1.1 or greater?

Thank you.

Answer:DUDE! Where's My OpenGL?!?!

Im possibly downloading them from limewire right now, 2 files. I will install them on my pc and test it just to make sure there not junk, but not sure what version they are yet, they say for 2000, XP, so we'll see....

9 more replies
Relevance 43.87%

http://video.yahoo.com/video/play?vid=dfc50c324a0695cfe48d7050a1dd9ccb.657909&fr=yvmtf&cache=1

he's back in video. oooooooooooohhhhhhhhhhhhhhh
 

Answer:remember the peter pan dude?

this is relevant how?
 

4 more replies
Relevance 43.87%

I need some help folks... I ran the first 5 steps of the malware READ THIS RUN FIRSt. THING. I am seriously freaked out with this computer. Everytime I open IE it is fine...then I go to another web page and the popups start. I dunno what to do. Help. :confused

Im not sure what info you need just tell me I will do my best to provide it.
Just remember...Im not computer lingo saavy
 

Answer:Im a noob computer dude! HELP!

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy Log - only for Windows XP, 2K, & NT users
AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
Bitdefender Log - from step 6
Panda Scan Log - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis Log
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

14 more replies
Relevance 43.87%

http://graphics.tomshardware.com/gra...l#3d_mark_2005

man, the 6800Ultra lost against the X800XT??
seems the only way nvidia is keeping up is with SLI, which is not worth the cost...

scroll down to the second chart, ...ridiculous... the 6800GT killed the 6800Ultra, and all the x800's (except the Pro) beat the 6800Ultra.. man, ultra seems bad at high res and AA/AF

u sure these are correct??

Answer:WOW, dude, check out this benchmark!!

Doesn't look right to me. What till all the nvidia fans get in here.

9 more replies
Relevance 43.87%

Logfile

< S N I P >

End of file - 13460 bytes

Answer:Some WoW dude said i should post it on a forum, its HJT

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 43.87%

My goal is to mod my Dell until it's no longer recognizable as such.

Here's a summary of my question:
Which should I buy first: a CPU fan, or a mobo/PSU combination? In other words, which is more important: keeping my CPU below 55&deg; C or being able to plug the mobo into the front panel USB, power switch?

Here are the details:
I am tweaking the heck out of my Dell Dimension 2350 Intel P4 1.8 GHz 845GL system. My father got it for me two years ago because it was really cheap, and he thought it would be a good place to start and I could upgrade later. The thought was, at least it's an ATX with a P4, and my old Wintel system wasn't upgradeable to a P4 at all. Unfortunately, when I got it and opened it up, I found I couldn't add another HDD because there's no place for it! I was not aware of Dell's lockbox/proprietary policies before I got it. Needless to say, this is really annoying!

So, I've been putting a lot of effort lately into upgrading, modding, and doing all I can to negate the warranty! But I have a predicament right now, and that is, I've put myself in a place where I cannot just stop where I am. But I'm overbudget on my upgrades for this month, but I've ended up with a PC in a sort of a "transitional phase" and I need to know: what's the most important step to take next, if I can only do one thing?

My first step was to replace the graphics card and disable onboard graphics (and I... Read more

Answer:Dude, you're killing your Dell!

Update: This, and other pages led me to think the PSU is proprietary. But my mobo doesn't have that other 6-pin dealio that the older Dells had. It looks like a standard ATX PSU. And if you look at the specs for these knockoffs, you'll see it's 20-pin ATX. Does anyone know for sure? A new PSU would almost cost more than a mobo!
 

7 more replies
Relevance 43.87%

I'm new to using forums. Running Windows XP SP2Working on a friends Dell Dimension 5150. First it would not turn on, did some poking around and looked like the computer had been dropped. The ram had disconnected, fixed that Starting cleaning up the thing (history, viruses, malware all that fun stuff) When I went to reboot it, it seems XP was corrupted. The taskbar had reverted to what windows 2000 task bars looked like. Yet it was below the viewing space. No start button at all up able to drag the task bar to make it larger. Can't open IE. The only I can make the computer function is through Task Manager. Some areas of Concern I have is...When I boot the computer it informs me that the Floppy Drive is not found F1 to continue F2 to try again. After I get past the Floppy seek bios pops up with 3 options...1) Windows NT 6.X2) Windows NT 5.x3)GRUB4DOS (it defaults to this option, when I select 1 or 3 it tries to boot but doesn't.)Also at one point in the booting process I'm prompted with the text {{{{ " Urr! wee..."}}}} <<<<< Just like that. I've never heard of that.Thanks for taking the time to read this post. Any help is greatly appreciated, Brad

Answer:Dude I got a Dell Problem

Do you really need to multi boot on this system (Grub4dos) ?

2 more replies
Relevance 43.87%

Told ya them Dell's we're Junk..lol
AN INQUIRER READER attending a conference in Japan was sat just feet away from a laptop computer that suddenly exploded into flames, in what could have been a deadly accident.
Guilhem, our astonished reader reports: "The damn thing was on fire and produced several explosions for more than five minutes".
(Wouln't it be fun to be stuck against a window seat with a 270 fat guy next to you when one of these blows up at 30,000 ft..)
http://www.pixpond.com/1/3kyvx7.jpg
http://cache.gizmodo.com/gadgets/images/delldude.jpg
http://www.pixpond.com/1/3kyvx779.jpg
 

Answer:Dude, Your getting a Melted DELL

16 more replies
Relevance 43.87%

Okay, this is kinda wierd. I havn't used floppies in a long time, since before some changes were done to my comp. Anyway, I need to use one now.... the only problem is my computer doesnt seem to recognize an A: drive! It's just not there. I can't open from it, save to it, view its contents, or even see the freakin logo in My Computer.... it's like it doesn't exist. And yes, the physical drive is there, and I am pretty sure no one has opened my computer and disconnected it or something.

Dude, where's my drive?
 

Answer:Dude, where's my Floppy Drive?

11 more replies
Relevance 43.87%

I'm really hoping someone can help me with this because it's driving me nuts.

I have 2 computers hooked up to a router, to share the internet connection.

Recently one of the computers got a really bad virus, so I formatted the hard drive. I decided to format the other computer's hard drive as well, as long as I was at it. After the formats, both computers has intermittent problems connecting to the web. They'd connect, then lose the connection for a while, then connect, etc. I figured the router was shot, since I was already on my second one and I know those things don't last forever. I went out and got a new router and that one seemed to do the trick- for a while anyhow. Now I'm back to the same problem of both computers occasionally losing their connectivity. If I wait a while it comes back, but 5 minutes can be an eternity where you're trying to do stuff online.

Now that I have a new router and I'm still having problems- I figure it must have something to do with my settings. I've turned OFF windows firewall and the firewall in PC-Cillin, but the problem still persists. Beyond turning off the firewall however, I'm afraid I don't know much about what might be causing my computers to have connectivity problems.

Can anyone out there shed some light on which settings I might change in order to maintain my connection? Possibly something in Windows security center, but there's so much stuff in there that I'm af... Read more

More replies
Relevance 43.87%

Hi, I have the same/similar problem as dude 1234. Firefox using 100% CPUI didnt want to steal his post so I made my own.I have doing a bit of research on different things for browsers, this amongst them. (Well I dont know that its the browser actually).Every now and then my computer seems to just grind away, fans rev to their limit, windows wont open and the whole system drags for ages then to a total stop.It seems as though it is a memory problem, but having read that post, I wondered if it was my browser? I have a Pentium 4 CPU 3.00 Ghz 1.5GB of RAM. My computer doesnt always play up like that but it has its moments.The easiest way to get past it is to close everything and then restart F/F, this does cure it but is really inconvenient if I have lots of windows open.Can I do anything to cure this phenomenon please?

Answer:Same as dude 1234 CPU Grinding away at 100%?

Well your computer is better than mine and, anyway, I have investigated and determined its not a processor or memory problem. Try using Opera browser and see if you think that eliminated the problem. I'd be interested to know."Browser" is the name of the software you use to download and display web material. Examples of browsers are:- Firefox, Internet Explorer, Opera, Chrome.In case you are not familiar with the term "software", it means a computer program. Computers have hardware (all the electronic bits), and software (all the instructions that are given to the hardware to make it do something useful). My apologies if I have over-simplified this, but it sounded like you needed to know.

2 more replies
Relevance 43.46%

Posted on Sunday, December 23rd, 2007by Jose Nazario The Storm Worm is back, this time it?s got a Christmas theme. Who knew that it would take them so long to do this? Here?s a sample mail: Date: Sun, 23 Dec 2007 21:19:19 -0500From: geneoldham[at]usmint.treas.govTo: ---Subject: Find Some Christmas Tailgot a sec?Winter can be cold. I bet you could use a little something to warm youup. Take 2 min out of your day. You wont regret it. ;-)hxxp://merrychristmasdude.com/That domain, merrychristmasdude.com, has a bunch of nameservers and a lot of IPs associated with it - Fast Flux! An infected host will drop the file:C:\WINDOWS\disnisa.exeAnd store the peerlist in:C:\WINDOWS\disnisa.configA pair of randomly chosen ports - one TCP and one UDP - will be opened.It will lower the firewall and add a registry entry to make sure that firewall permission is permanent.After that, the usual Storm worm mayhem begins.AV detection for this sample is pretty modest at this pointMore Detailed Analysis @ ARBOR NetworksAdditional analysis over @ Digital Intelligence and Strategic Operations Group

More replies
Relevance 43.46%

Hi. i am running windows xp pro sp2. my windows task manager has suddnely gone bonkers. all the tabs+drop down menus are gone. when i press clt+alt+delete all i get is the view which shows the proformence graph. this is how it appears now http://pg.photos.yahoo.com/ph/mahmadazfar/album?.dir=7b32
it has happened to me once before too. dont know wht caused it. any ideas how i could get ma whole task manager back !! ?
 

Answer:Dude.. wheres my Task Manager !

8 more replies
Relevance 43.46%

Hey,

I have just downloaded a Guitar Pro 5 program using a torrent and I don't understand the install instructions supplied. There was a read me inside that said:

Install Notes:

1. Burn or Mount with PowerISO

2. Install it.

3. Use key below to register .

User ID: TEAMZWT

Serial: AEAAK-ANR60-AAAAZ

Now I know how to run an install and put in a serial cause that is simple but step one is like foreign language to me. Please help and I will forever be indebted to you.

Answer:Please help a dude out who is kinda computer illiterate

Also I should mention that the file that was downloaded has a odd extention, it is .daa

2 more replies
Relevance 43.46%

i have recently installed I.E.7 even upgraded it to I.E.7 optimised for yahoo but i dont know whr did my yahoo toolbar went...if that was not enough i reinstalled yahoo toolbar but again i aint spotting it...

my 3rd party browser extention is already check..even then i am unable to use anti-spy n all button of yahoo toolbar..infact the entire toolbar is missing....

does i.e 7 support yahoo toolbar at all?
 

Answer:whrs my yahoo toolbar dude!!

on the same line as where it says file,edit etc, you should be able to right click and see the toolbar you want and activate it
 

4 more replies
Relevance 43.46%

Not sure about the name but from time time when i surf to a web page instead i see popup windows one of them is dude calc pro or something then he ask me if i want to keep showing the site or not with a checkbox i think.

And all i can do is to shut down the chrome from Task Manager and re open chrome.

Any ideas how to fix that ?

Answer:Anyone else have this dude calc pro virus in chrome ?

Chocolade,

Please see if you can find dude.exe and run it through VirusTotal:
VirusTotal - Free Online Virus, Malware and URL Scanner


Once at the website, press: Choose File

Navigate to dude.exe, and double click on it so the file name is populated, then click: Scan it!


IMPORTANT! If the file is listed as already analyzed, click on: Reanalyze file now


Once completed, highlight the information in the address bar and provide the link in your reply.

Note: If dude.exe is not a found, and it is dudexxx, or whatever file you think is associated with the issue, then, scan it instead.

2 more replies
Relevance 43.46%

hey im a new guy round here names hayan

if anyone can help me asahp ill be grateful

i got a new system with a intel dg33bu motherboard and an intel core 2 quad processor and 2 seagate sata 500 gb hard disks.

when i try to install xp 64 bit it says no hard disk drives detected on your... does anyone know how i can fix this

More replies
Relevance 43.46%

Dude and or others, thanks in advance for your help with this. I've updated my configuration on this site.

I attached an image with most of the errors on the updates.

I'm also getting a flashing dark (not black, just darker than normal) screen on my machine. I can't find anything that may be causing this.

Ok, uploading the image didn't work.

Here's the first update that failed:

Update for Windows 7 for x64-based Systems (KB2661254)

Installation date: ‎2/‎11/‎2013 2:02 PM

Installation status: Failed

Error details: Code 80071A90

Update type: Important

Install this update to keep your system up to date by increasing the minimum level of encryption on Windows systems. After you install this item, you may have to restart your system.

Here's the most recent:

Update for Windows 7 for x64-based Systems (KB2739159)

Installation date: ‎2/‎14/‎2013 3:07 PM

Installation status: Failed

Error details: Code 80071A90

Update type: Recommended

Answer:Win Update Errors (attn Dude)

Could you please present the full version of your problem as it reads like a post in the middle of a thread rather than describing a problem from the top.

Also, who is Dude?

8 more replies
Relevance 43.46%

I was trying to remote from my desktop at home to my work laptop. I changed the workgroup on my laptop to match my workgroup at home. But being that the laptop is a secured login its not accepting my password now, and just tells me "The system could not log you on. Make sure you User name and domain are correct, then type your password again." Ummm so that's special. I don't know any of the other admin account user names or passwords but I am able to see it on my network. I don't know if there's any way for me to fix the problem myself without having to confess my stupidity to the powers that be. If anyone has any helpful advice it would be much appreciated.

Answer:Dude I think I just bricked my work laptop

At the login screen press ctrl+alt+del (you may have to press it twice) and it should present you with the old style login. From there you should be able to choose the domain you are logging into.

If that does not work, you should probably contact your IT dept. and let them fix it.

1 more replies
Relevance 43.46%

I had wrote a thread amonth ago under the title "Where is my disc space???". The suggestions were all helpful, but they were only about retrieving lost files and such. I've finally settled into the mind set that my treasures are gone, (photos, videos, music, ect ) but I thought that when you do a full system restore that it not only wipes out all the old stuff but also clears up or clears out space. I'm down to about a 150 to 175mb of space which leaves 0% of memory. I don't know where my space went or how to get it back. I have the minimum programs and such. I have nothing to throw out. Do I have to get back all of the old files to go through those and delete what I can? HELP! S.O.S. May day. May Day. Man Down.

Peace, Love and Anime
M.I.B.
 

Answer:Dude Where's My Disk Space part 2

"Memory" is built into the machine and stays the same. It has nothing to do with disk space.

If you are low on disk space, you need to find out what is using it and remove anything unneeded, or get a larger drive.

You can explore the space usage with:
Space Sniffer (Win 7/8 compatible)
TreeSize
Disk Space Fan
 

1 more replies
Relevance 43.46%

Hello,anyone out there can help me to configure my own LAN at my home.Let's me describe.I have a pc connected to Streamyx(my ISP) broadband.Basic 512K,static IP.
I'm using Windows XP.
I'm just bought a notebook and I wanna it connect to the Internet too while I'm online using my PC.Sound crazy,right..
Can you show me step by step as I'm tried there were error 619(invalid username/password).Forget about this error.Now,can you show me how to do with this?
---------------------------------------------------------------------------------------------------
NOTEBOOK(XP)
PC(XP also)
SWITCH(DLINK)
ADSL ROUTER(Billion supplied by TMnet)
STREAMYX account(BASIC 512k unlimited)
----------------------------------------------------------------------------------------------------
Please show me step by step..I'm glad if u can solved this problem..
 

More replies
Relevance 43.46%

Hello there,

I am a new member in Tech Support Guy forum. I am looking forward for the solution regarding the problem occurred in my computer. Last day as soon as I turn on my computer it shown the DLL missing error. I tried to start in safe mode but it is working.Is this is because of virus? Can it be recovered? If is the way to recover from this?

Thanks
Martin
 

Answer:Solved: Any Suggestions To Fix My Computer Dude ?

9 more replies
Relevance 43.46%

Hello, im new in the forum, sorry for my english, im argentinian.. I would change my hdd stock Toshiba MK3261GSY SIZE: Width 69.85 mm (2.75 inch) - Depth 100 mm (3.94 inch) - Height  9.5 mm (0.37 inch) And this is instales with this (Or similarity the pic is a google example)  ------ I should buy something to install my SSD or nothing more? the ssd is smaller, no space left over?For example this: Dimensions: 69.8mm x 100.1mm x 7mm iM FOLLOW THIS TOPICTHANK YOU FOR YOUR ANSWERS





__________________________________________________Laptop: Lenovo Thinkpad T420 - Mod. 4236-GL3 || I5, 6gb, 320gb.









Solved!

Go to Solution.

Answer:[DUDE] Change my HDD stock for SSD T420

Welcome to the forum.
 
Yes you can replace the 9.5mm thick HDD with a 7mm thick SSD. The thinner SSD will fit OK inside the metal cage that now holds the HDD and the rubber rails will hold everything in place inside the ThinkPad. I have done this before without any problems.

2 more replies
Relevance 43.05%

hi . i recently bought this new mother board by Asus, P5RD1-V. the problem is that when i try to install windows xp on my SATA HD, after the initial stage during which the setup copies all the drivers and then gives that option " to install windows XP press enter" plus one or two other options, when i press enter i get this massage that says " setup didnt find any hard drives installed on your system. check to see if any HD is installed .... " and then it goes on to say things like check your drive configuration or the drive health and things like that. all this when at the the bootup it does show the hard drive connected at SATA port 1. !! ? i run seagate diagnostic tool on it and it showes the drive as perfectly healthy. i dont know why is it doing it. the hard disk is spanking brand new. the same goes for the 120GB WD SATA. the interesting thing it has no issue with the good old IDE HD's. i connected my old maxtor IDE hard drive and the setup ran as smooth as it can get. i dont know why setup isent detecting the SATA HD. is it the board or is it somthing else. any ideas !
 

Answer:Solved: Dude wheres my Hard Drive !!

6 more replies
Relevance 43.05%

We have a PC which we use for our SBS 2003 R2 Server. It's an entry level server with 3 PC connected to it.
Specs are Intel Core2Duo E8400, 4Gb DDR II Ram, 2x SATA 160Gb Hard Drive (Software Raid for OS), 2x 1Tb Hard Drive (Raid via Adaptec Adaptec 1220SA), 1x 1TB Hard Drive for nightly back up.

This PC is left on 24/7. However every 6-8 weeks, the data from the 2x 1TB Hard Drives disappears. We will go into MY COMPUTER, we can still see the RAIDed Volume. However when we open up the volume, there is no data on the volume. We have found that if we restart the server, the data is back. During the restart, i notice that the RAID controller card is reporting to me that the volume is OPTIMAL.

This morning, we had this happen for the 3rd time, and it's getting a little annoying with the little mirror heart attack that you get finding that your data has gone walkies.

We are using your Adaptec Utility to monintor the RAID. The RAID is set up as a RAID1 (or Drive Mirror).

Any advice on what could be going wrong and what steps me can take to resolve the issue.

Answer:DUDE! Where's My RAID Data? Adaptec AAR-1220SA

Have you checked device manager when the data on the volume isn't found? It could possibly be the RAID controller itself adn Windows would report that the device is failing when you can't find the files. Also does the card report that the volume is optimal everytime or only when it fails the previous time?

I would say start with a driver reinstall/update first and go from there. I'm assuming your software RAID running 2003 is 100&#37;?

1 more replies
Relevance 43.05%

Last week I did a format and re-install of my main computer. I am currently using Outlook 2007 Beta.

I did the normal export to a PST file. However when I restored, the only thing that i can see it my Message Headers. I open up an email or reply to an email, the message body is no longer there.

I have also noticed that new email are being downloaded, but again, only the header is being visable. No message body.

Any one else have this problem?
Any way that I can get my old message bodies back?
More importantly, is there any way that i can get my new message bodies to show?

Answer:OUTLOOK 2007 BETA - DUDE! Where's My Emails!

have you tried your pst's on a different pc just to make sure they are no corrupted? You will need to use the original since they arent backwards compatiable...atleast they arent in the older versions

5 more replies
Relevance 43.05%

Windows 7
x64 bit
Retail version
Hardware is all new except for the video card, which was functioning fine last week (never had a BSOD error before this new setup)
I have reinstalled the OS as off 11/1/2011 (after getting tons of blue screens, i installed a 2nd time)
CPU: AMD Phenom (tm) II X6 1035T Processor 2.60 GHz
Video Card: Radeon HD 5750
Motherboard: ASUS M5A97
PSU: Corsair GS600 (600w)

Homebuilt system.

I haven't updated the BIOS or any drivers past what I received on the motherboard install disk. The motherboard is new out of the box as is the RAM, CPU (and heat sync), and PSU.

I installed win 7 initially and after installing MB driver updates, etc..started to go through programs (flash, java, etc...) and began getting a lot of blue screens of various kinds. I narrowed it down I thought to a driver issue with my video card. Apparently the atikmdag.sys file that comes with catalyst screws up win 7 computers? I was careful not to install the video care drivers the 2nd install of 7 and I got no BSOD errors till I did. Having said that, all my errors seem to be unrelated to my video card, examples: "bad_pool_header" and "system_service_exception".. I'm a bit stuck. Also my desktop window manager has crashed a couple times.

Thanks for any help..

Answer:[SOLVED] BSOD - (out of date) tech. dude needs help

Hi -

There were 8 BSOD dump files, 1 was -0- bytes (indicates catastrophic, sudden hardware failure). The remaining 7 don't offer us much as they seem to point everywhere, but nowhere. ATI video, Networking (tcpip.sys), memory, security descriptors, etc...

I did find entries like this in Event Viewer -

Code:
{Registry Hive Recovered} Registry hive (file): '\??\Volume{625b9dda-049f-11e
1-8f9f-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd
42efe1-f6f1-427c-b004-033192c625a4}{D4EDFD4C-4000-48C8-82AD-52130B576BF0}'
was corrupted and it has been recovered. Some data might have been lost.
Registry hive corruption may be HDD failure.

Run HDD diags - start w/ 2nd link - SeaTools for DOS -
- http://www.carrona.org/hddiag.html
- http://www.techsupportforum.com/2828431-post7.html
- http://www.techspot.com/vb/topic7602.html

I also found 100s++ entries relating to "bad blocks" + CDROM. Any chance the DVD used to install Windows 7 is bad?

I saw -0- Windows Updates in the systeminfo file, yet the Event Logs show both success and failure for Windows Updates. WERCON shows 100s of Windows Updates failures. Please check Control Panel - are there any Windows Updates installed? I do know that Windows 7 SP1 is not installed.

I know you have 4x4 GB RAM; some bugchecks were memory related.

Run memtest86+ - http://www.techsupportforum.com/2863029-post5.html

Do you have 2 ATI Radeon HD 5700 Series video cards installed ... Read more

3 more replies
Relevance 43.05%

Hello There,

Greeting to all experts and senior member in this forum.I need any help to solve my issue.Is there any dude who can help me to fix my computer problem? While working the window suddenly restart. Is this is a virus attack? Should I format my computer or there is any other alternative for this?

Thanks In Advance

Answer:Fix My Computer Dude, Window Restart Without Warning

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461036 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 43.05%

Just last night I received a message from a friend with the caption 'WTF DUDE?' and a link. Dumbly I opened it and chrome auto downloaded 'Image.scr'. I don't remember exactly whether or not I executed it but shortly after I found that my steam account had messaged everyone in my friends list the same message. I quickly located the file and deleted it, and emptied my bin, cleared all my cookies and history on my browser, etc. I then boot up my PC in safe mode, look for any of the listed .scr infections posted of the steam forums but found none. I can't completely recall anything strange going on either after that. I then restarted and scanned my computer with Malwarebytes, Superantispyware, and Avast. Only Supersantispyware found three threats which were cookies. It took action and still I can't completely seem to know whether or not i'm infected with the virus. Now I am here on this forum without experience in anything related to viruses, so I have no clue what i'm searching for. I'm dying to know, again, whether or not i'm infected. 
 
- Edit -
 
Any help would be much appreciated. Thank you. 
 
Windows 8.1 
 
Toshiba Satellite P755D

Answer:Steam 'WTF DUDE?' .scr link - Have I been infected? Symptoms?

G'day Yamatsukami, and Welcome to BC
 
Read HERE...in Full
 
 
How to Watch Your Back so You Can Help Others Watch Theirs
Enable Steam Guard. Never disable it no matter what others say.
Use strong passwords with your Steam account. Never share it with anyone. Change it on a regular basis.
Make sure that the email tied to your Steam account has the two-factor authentication (2FA) feature enabled. Never share your password for it as well.
Familiarize yourself with terms related to Steam, such as SSFN, Steam Guard, and Steam Wallet, so that you know what they are, their purpose, and how they’re used.
Avoid clicking links sent over your way via Steam chat. If you can, take the time to verify them using free online tools at your disposal. Is the link shortened? Do what Joe did and use a site that reveals the true destination of the URL. Not familiar with the domain of the URL you received? Do a bit of research on it, or have a website scanner visit it first. VirusTotal and Sucuri Site Check are just some of the tools you can use for this.
In line with the point above, make sure to read correctly the Steam URL sent to you. The only acceptable ones should be store.steampowered.com and steamcommunity.com. This is very important, especially when you’re expected to log in to your account to do something with the page.
Resist the urge to add and accept every friend or group invite you receive. Having more Steam friends may be merrier, but being picky... Read more

8 more replies
Relevance 42.64%

14 pages of reading....but some may find it quite interesting
http://www.microsoft.com/downloads/...FamilyID=7a827fbd-c2a1-48bc-9e85-6b805d3e7e26
 

Answer:A good article by some Microsoft dude on Rogue malware

thanks for the post
 

2 more replies
Relevance 41.41%

Ok so I had to reinstall windows XP because my OS would not load and I got all the drivers reinstalled, diagnostic ran smooth and everything came up working ok etc but my device manager won't recognize anything! The compy says my audio mixers are not there, my USB devices are not working, hardware wizard is not responding, microsoft updates are not working, Dell's driver downloads are calling out for something that isn't there and I really really need this fixed ASAP so I can get to my external HD. So I tried putting an apple sticker on my Dell in hopes it would accept its new identity and start not sucking, but alas this did not work. If you help me fix this I'll seriously be your new best friend... I have apple stickers. ;-)
 

Answer:Solved: Dude! I don't get my Dell! No devices in device manager?! USB and sound don't work?!

14 more replies
Relevance 37.72%

hey there !
avast keeps finding a Trojan named Win32:Agent-LTS [Trj] , and keeps saying no need to panic but I'm realy panicing lol coz it's not doing anything to prevent it . plz help me .. I read something about hijack logs or something but I need to know if i should do it or there is another way to solve this .. right now I'm doing an online scan using kaspersky maybe it will help ..
plz I realy need ur help ..

I uesd malwarebytes and now avast isn't detecting win32 agent-LTS I think .. but it's detecting something called "BV:malware-gen" ..
what I do now ?
 

Answer:how can I remove this dude "Win32:Agent-LTS [Trj]" ?? plz help :)

hey guys ..
could some one help me plz .. I've been waiting and I realy need ur help .
 

1 more replies
Relevance 36.9%

Ok so before I got the patches for this Windows 98se some trojans got in. Others were delt w/ but Im still getting one more thing. At any random time, even when not at the computer, Ill get this dialog box that pops up and says "Hey Dude, you wanna see some Porn?" adn the only button is OK adn if you close it in the close program diaog then it opens up the 3 porn pages anyways. Ive searched everywhere but cant find any trace of it so I suppose its in the registry of IE in a key that I cant figure out. Here's my Hijack log. Any help would be appreciated. Thanks You in Advance.

Logfile of HijackThis v1.96.4
Scan saved at 1:47:39 AM, on 12/09/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\STEVE 'O'S [DELETABLE]\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\WEATHERCAST\WEATHER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTE... Read more

Answer:Stupid "Hey Dude" Porn Pop-up

8 more replies
Relevance 34.03%

Hi i have the hijack regedit, hijack task mangr, and Hijack system hidden . I have went through the read me run me and the clean up procedure for XP but it is still their. Malwarebytes seems to be the only one that detects it (from my inexeperianced eye) but does not remove it . Please find attached the various logs as per clean up procedure. Any help would be much appreciated as it's driving me crazy.

Can't locate Super anti spyware log or root repeal , if needed should i re-run scan ? Sorry

rolleyes
 

Answer:Hijack regedit, Hijack system hidden, Hijack task mang,

Your SAS logs are here:

Code:

"C:\Documents and Settings\Curly Monster\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
supera~1.log 25 Feb 2010 2222 "SUPERAntiSpyware Scan Log - 02-25-2010 - 01-10-06.log"
supera~2.log 25 Feb 2010 1292 "SUPERAntiSpyware Scan Log - 02-25-2010 - 02-52-40.log
Now you need to re-run MBAM and have it fix everything it finds!! Your last log indicates you took no action.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Runmeinit"=-

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now use windows explorer to find and delete:
c:\windows\system32\nepalloid.bat

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* MBAM log
* SAS logs
* C:\MGlogs.zip

Make sure you tell me how things are working now!
 

21 more replies
Relevance 33.21%

hi ive been trying to remove these 3 nuisances for quiet sometime ive used malwarebytes and HTJ and none of these remove the malware can somebody please help me.

i have included HTJ Log, Malwarebytes Log and Silent Runners Log

It says On Malwarebytes that the viruses have been deleted successfully deleted but this is not the case as when i try to access regedit or task manager it says admin has disabled the right to use this. please note that there is only one account on my computer. thanks
 

Answer:Please Help Remove Hijack.Regedit Hijack.Taskmanager and Hijack.Desktop

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 29.11%

Alright to start off i regularly run Avast professional aswell as Adaware. I recently started using ccleaner also. Two weeks ago i kept getting google redirects in IE and Firefox. NOW, i cant even access my browsers. Ive tried Google Chrome, IE, Firefox, AND Opera 10 Beta! The only browser i can access is Blackbird for some reason. All the others get a proxy denied! Heres a picture ( http://tinypic.com/r/33tmiqq/5 )So i installed HJT and i couldn't run it, after doing some google searching i found that sometime virus's block HJT from running by its name, so i simply reinstalled with a new name and new folder and the renamed the program in the folder and wah-laa i got it too run. Which is telling me that something IS blocking it from running with its usual name! In the HJT File "thenew****.exe" is hijackthis rennamed so i could get it to work.Ive ran Avast Scan and Adaware scan and found several items but i quarantined and deleted them all, although some seem to be reappearing. Also When running CCleaner one file doesn't delete, it seems some other Thinkpad t43 users are having this problem aswell, and im not sure of what it is. (Update: i just ran CCleaner again and this item didn't show up, but other thinkpad t43 users can get rid of it, so im baffled by this now aswell.)Once again heres the picture of all 5 browsers trying to run ( http://tinypic.com/r/33tmiqq/5 ) and heres my HJT Log, Someone help please because i'm beyond having no idea at this point... Read more

Answer:All browser Hijack, Virus Blocking Hijack This from running. HJTLogfile Enclosed! HELP!

my apologies.

3 more replies
Relevance 29.11%

Hello!
 
 
As per Malwarebytes Anti-Malware scan results, my pc is infected with the following
 
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),,[15346897017956e03bc6c763917352ae]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),,[4bfe4eb14337d264758def3bb74d3ac6]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),,[4306689786f4f73fab5882a8877d21df]
PUM.Hijack.TaskManager, HKU\S-1-5-21-2000478354-179605362-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),,[69e042bdf28891a5c728da51e1237a86]
PUM.Hijack.Regedit, HKU\S-1-5-21-2000478354-179605362-682003330-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),,[dc6db34c314924124548f238798bf20e]
 
 
Please note:
 
1. The virus came through an infected pen drive
 
2. I am unable to boot the computer in safe mode. It keeps going in a loop.
 
3. I have used Combofix, Hitmanpro, Avast, MBAM, Anvi smart defender to remove the infections. But the infections keep coming back. Now, Combofix, Hitmanpro, Avast have become corrupt and unuseable.
 
4. The taskmanager and registry editing have been disabled. I... Read more

Answer:Windows XP infected with Virus.Sality,PUM.Hijack.Regedit, PUM.Hijack.TaskManager

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi vp17,
 
This doesn't sound good, but I would like to confirm it is Sality before I give you some bad news.
 
What detected Sality? Do you have a log for that program?
 
Also, please go to the root of your drive (normally C:) and y... Read more

5 more replies
Relevance 29.11%

Hello,

My computer has become infected with the following trojans/rootkits, and I've everything I know how (which is very little) to fix it, with no effect. I discovered this forum while googling the relevant trojan names and come to you humbly for whatever assistance you may offer.

The first problem I noticed was computer/browser slowdown. There was an svchost process that was listed as using over half of my RAM. I suspected an infection and so ran my antivirus/malware software -- Avast, AdAware, & Malwarebytes. Nothing was discovered. Shortly after this alerts began popping up from Avast saying it was blocking communication to a certain website. I'm sorry, I didn't take this as seriously as I should have at first and did not write down anything about these first warnings. Repeated scans again revealed nothing. I remembered from removing one of the "AntiVirus" rootkits from a girlfriend's computer that starting in safe mode, installing a new Malwarebytes, and then scanning may help. I tried that, and two trojans were discovered, both named Exploit.Drop.7, and I removed them. After this I also ran the Free Windows Registry Repair command, as well as the registry repair function of C-Cleaner (I'm not sure why, in retrospect, I just remembered doing that last time). I restarted the computer again. It appeared to be working normally, and I accessed the internet and checked e-mail, etc. However, in just a few minutes I again notice... Read more

Answer:Infected with Rogue.FakeHDD, Trojan.FakeAlert, PUM.Hijack.StartMenu, PUM.Hijack.TaskManager, Exploit.Drop.7, etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

28 more replies
Relevance 29.11%

Exorcism for my 'puter needed...

Couldn't find any old posts with repair info. Whatever it is, Smart HDD, destroyed Avira. Was on net & Avira picked it up around 5:15 pm yesterday and I thought it took care of it but, obviously it didn't. Smart HDD installed itself and won't delete. Serious write disc messages coming. Thought I lost all my files but found them.

Microsoft security said it took out 3 versions of SHDD but it's still there. Downloaded hijack and it started, froze and started again. Froze GMER when it got to shadow hd 3. Wouldn't let Housecall run. Didn't know what to delete with Kaspersky and another scanner that said more than 8,000 files were not right.

If I copy Word files to another medium, will they bring SHDD with them?

Thank you. ST
===================

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista&#8482; Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2037 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
Hard Drives: C: Total - 112963 MB, Free - 34435 MB;
Motherboard: Intel Corporation, SANTA ROSA CRB
Antivirus: AVG Anti-Virus Free, Updated: Yes, On-Demand Scanner: Enabled

==========================
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-18 13:01:30
Windows 6.0.6002 Service Pack 2
Running: slicer.exe; Driver: C:\Us... Read more

Answer:Solved: Downloaded hijack and whatever it is froze hijack killed avira

16 more replies
Relevance 29.11%

i ran mbam and it wont delete these two please help here is the mbam log....
Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 3

6/23/2009 4:20:14 AM
mbam-log-2009-06-23 (04-20-14).txt

Scan type: Quick Scan
Objects scanned: 107136
Time elapsed: 12 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
C:\WINDOWS\Temp\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Zlob.H) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system recover! (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER�... Read more

Answer:hijack.regedit / hijack.folder options removal [Moved]

here is the log after i ran mbam again. it didn't delete the two.
Malwarebytes' Anti-Malware 1.34
Database version: 1887
Windows 5.1.2600 Service Pack 3

6/23/2009 12:23:10 PM
mbam-log-2009-06-23 (12-23-10).txt

Scan type: Quick Scan
Objects scanned: 105278
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3 more replies
Relevance 29.11%

Logfile of HijackThis v1.99.1
Scan saved at 4:03:23 PM, on 7/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\qwerty12.exe
C:\WINDOWS\System32\HPZipm12.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Stuff X\Full Working Programs\hijackthis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GPLv3] "rundll32.exe" "C:\WINDOWS\System32\ktmejbbk.dll",realset
O4 - HKLM\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common F... Read more

Answer:Hijack logfile. Could barely even get hijack to run, including in safe mode!

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

1 more replies
Relevance 29.11%

Hi

I run Adaware and AVG OS is Windows Vista. Adaware found a possible browser hijack when running a normal scan. Each time it says I have successfully quarantined it but it appears as a threat again each time I do a new scan.

I states "Registry Entry HKU:S-1-5-21-3682116167-212917\..\t\Internet Explorer\Search URL

Ad-aware says the object refers to a blacklisted site.

My HJT Log is as follows:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:53, on 15/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Progr... Read more

Answer:Adaware shows possible browser hijack but it doesn't show on hijack this log.

14 more replies
Relevance 29.11%

Hello~
I tired doing a windows update yesterday, computer would not let me perfom the action.
The error message read: Network policy settings prevent you from using Windows Update to download and install updates. This error may occur if the Remove access to use all Windows Update features group policy has been enabled by your system administrator and comes up with a windows error 0x8DDD0003 and have done a lot of the recommended fixes but nothing has worked. In the meantime I had went and enabled a few items that were disabled that may have prevented the updates from being downloaded.
After that, I had these 3 items show up on my hijack log & my computer is running terribly slow. I have not had a problem w/ this computer in quite sometime as I have been protected by my anti-virus/firewall etc. but somethng is very wrong. It is now taking about 3 minutes just to pull up one windows explorer page and that is with nothing else running. I also have high speed wireless internet. I have run my anti-virus, did a defrag ran Ad-Aware etc. w/ nothing found from either scan.
Todays problem~ I have tried restoring my computer to 5-6 different dates now & now will take affect.
So...
#1 I am unable to get Windows Updates
#2 I am unable to do a System Restore
#3 I never got a Windows CD when I bought my cra**y Toshiba Laptop so am unable to re-install windows. I am hoping that someone has some advice of something to try first.
Here is my hijack log which has 3 new entrys which all ... Read more

Answer:Pls Look at my hijack log, Computer Slow or Hanging, did Hijack Repair Yesterday...

This is me again~
I decided to try to do a scandisk to check for errors & this came up:
The disc check could not be performed because the disk check utility needs exclusive access to some windows file on the disk. These files can only be accessed by restarting windows.
I restarted, still unable to perform a scandisk.
Just keeps getting better...
 

1 more replies
Relevance 29.11%

Hello, I have multiple infections and I think my PC is on it's way out and this is my last attempt at saving it. First off the symptoms started as everytime I would use the search function a link would redirect to google search saying page cannot be found even if I was not even on google search. And I noticed it would show some other site in the link right before it went there but would never cannot to that site. It never actually connected to the site I wanted to. For some reason it worked 50% of the time if I opened the link in a new browser but odds increasingly got slimmer. I ran multiple scanners. I'm currently protected by avast 4.8, ad-aware, spyware blaster and malwarebytes but none of these protected this infection or will they get rid of it. I ran other scanners like panda, kasperty, stopzilla. I even updated to the newest avast. Nothing will stop this. It got worse when internet explorer kept opening up new windows one after another without let up and eventually I got all of them to close with quick clicks but the browser no longer works. I am currently using modzilla. Now I cannot even download any spyware, virus or malware protection. This infection has disabled my documents folder so I can't open anything. This is why I can't post a LOG. I can only post what AVAST and stopzilla picked up.

alureon.h
win32: rootkit gen
win32: malware gen

There was one more but unfortunately I lost it when stopzilla stopped working. Please help thankyou!

Answer:Multiple infections, Browser hijack, search function hijack

Any help please... I can't even post logs.. It won't allow me to. I don't know what to do.

2 more replies
Relevance 28.7%

So my pc was hit with a variation on the XP Antivirus 2011 virus. I ran Malware Antibytes, SuperAnti Spyware, and Hitman Pro and it seems to have removed the virus. However, a browser hijack still exists so that whenever I click a link in a search engine, it takes me to an assortment of sites (from fake antivirus sites to plain marketing pages). I can't seem to get rid of it and don't know enough about looking at the logs to identify it. I'd be very grateful if someone could identify any malicious programs I have running.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:05, on 5/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files... Read more

Answer:After Virus Removal, Browser Hijack Remains (Hijack This Log)

7 more replies
Relevance 28.7%

Message is STOP 0,0000008e(oXc0000005,0X818be2e,0Xac37339C,0X00000000)

The BSOD occurs when trying to run Hijack This on Vista Ultimate edition. SP1

Answer:Search Hijack Hijack This creates BSOD [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.In order to assist you, we need more information from you. What issues led you to run HiJack This? Please describe as specifically as possible.Orange Blossom

11 more replies
Relevance 28.7%

Hi There!
 
MWB found PUM.Hijack.TaskManager, PUM.Hijack.Regedit  and PUM.Disabled.SecurityCenter
on my computer. MWB quarantines it, but PUM keeps popping up every day. i tried using combo fix it solve the problem but after a minute it keeps coming back. i tried downloading anti viruses,hijackthis and ccleaner but all my download stops at 99%. and i tried to reformat but the virus keeps coming bakc please i need help.
 

Answer:i need help removing PUM.Hijack.TaskManager / PUM.Hijack.Regedit / PUM.Disabled

Hi There!
 
MWB found PUM.Hijack.TaskManager, PUM.Hijack.Regedit  and PUM.Disabled.SecurityCenter
on my computer. MWB quarantines it, but PUM keeps popping up every day. i tried using combo fix it solve the problem but after a minute it keeps coming back. i tried downloading anti viruses,hijackthis and ccleaner but all my download stops at 99%. and i tried to reformat but the virus keeps coming bakc please i need help.
 
Please close this topic. i fixed the problem myself.  i used Malicious Software Removal Tool. scan my system and fix. then after a reboot i used combo fix and after that i used malwarebytes.

2 more replies
Relevance 28.7%

Hi Bleeping Computer,I hope you can help with my infection.I have followed the preparation guide for this post. The DDS script did not work properly on my system; it generates one "dds-Notepad" file full of garbled text. Near the beginning there is readable sentence, "This program cannot be run in DOS mode."The GMER file is attached as requested. About a week ago my system got infected. My regular scans with AVG and Malwarebytes took care of some of this, but a few problems remain I am concerned about:--Malwarebytes detects a malware it calls Hijack.FolderOptions. File extensions are hidden, as is the option to turn them on. The System Restore interface is also inaccessible. Malwarebytes attempts to delete this malware on reboot, but the problem reoccurs.--In Firefox, Google searches entered in the location bar are redirected to another search engine, http://search.search-tab.com/. The XULRunner 1.9.1 appears as a Firefox extension, and I am unable to remove it. Searches using Bing or Yahoo seem to be OK. --Shortly after this all began, I ran the most recent Windows Software Removal Tool. It identified and deleted Win32/Alureon.H. I have run the tool again and found no trace of this trojan. But of course, I suspect that all these issues are interrelated. Thank you for your attention, bark.chris

Answer:Infected with Hijack.FolderOptions and a Google Hijack/Redirect

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

24 more replies
Relevance 28.7%

Can't think what to add to this other then my 1 year old HP laptop is running really slow and not wanting to do to many processes at once. I ran Ad-Aware and deleted a pile of stuff it foundI then ran SpyBot and cleaned out some items it located as wellI also scanned with a House Call PC virus scan and lastly......shot it with Mcafee Mcafee Stinger which found nothing. HiJack This file is below...Any help is greatly appreciated... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:14:45 PM, on 9/3/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exeC:\Program Files\MozyHome\mozystat.exeC:\Windows\system32\wbem\unsecapp.exeC:&#... Read more

Answer:Hijack Log...3 Years Since Last Hijack Post.. House Cleaning!

Hoping someone can look over my log and give me some input. I would like to clean this old crust bucket out.

Thanks,

Eric

3 more replies
Relevance 28.7%

Hi! I know this is weird, (believe my I can't find answers anywhere on the net about this) but my desktop wallpaper has just been hijacked by someone because in doesn't load the default settings I've put, rather it has been altered by someone to load a weird HTML file whenever I open up my User Settings. This has suddenly appeared a few days ago, when I opened my PC first thing when I came to work. At that time too, a lot of viruses, mostly backdoor.jeem and other trojan virus are detected. A lot of new and malicious .exe files have also been put on my desktop. I tried checking the properties of this weird wallpaper I have and found out that it is an HTML file and it has been installed probably by some hacker on my C:\Windows folder. As soon as I deleted this file, the wall paper became weird for it just became dirty white and whatever new wallpaper I set it to be, it's still the same. This has not been the case with the other User Settings (eg. Guest) for their wallpaper still loaded up accordingly.
However, whenever I start opening up my own User Settings again after fixing everything, my original wallpaper loads up. But then, after everything finishes loading up, the weird wallpaper sets in again. I really dont know what to do with it now. And the system seems to be working super slower than usual esp at startup. Here's my hijack log list. Hope this helps, thanks!

Logfile of HijackThis v1.98.2
Scan saved at 4:12:52 PM, on 11/17/2004
Platform: Wind... Read more

Answer:Win XP Desktop Wallpaper Hijack! Please help! (Hijack Logfile Provided)

6 more replies
Relevance 28.7%

Having computer problems. MSE detected, quarantined and removed the threat, then began getting pop-ups about directory problems and another pop-up offering to fix the problem; just enter your credit card info.
Background is now black, icons removed except Safari, Firefox and Trash.Can't access Firefox; pop-up says Firefox already running. Favorites removed, cannot access MSE,control panel, my computer etc. Able to access IE using start search box. Ran Spybot, nothing found. Ran malwarebytes and found items in Topic Title and included the log.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVIN-PC [administrator]

9/16/2012 6:44:27 PM
mbam-log-2012-09-17 (08-09-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207368
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Kevin\LOCALS~1\Temp\msaaohvz.com -> No action taken.

Registry Data Items Detected: 2
HKCU\SOFTW... Read more

Answer:antivirus found Trojan.ransom, PUM.Hijack.Sta... and PUM.Hijack.Sta...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

20 more replies
Relevance 28.29%

F2 - REG:system.ini: Shell=Explorer.exe C:\Windows\Nail.exe
O4 - HKLM\..\Run: [qajodhd] c:\windows\system32\mlwhks.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\Windows\svcproc.exe (file missing)


THe above entries are the ones that won't be fixed via Hijackthis.

Also I have run Spybot, Adaware, Xclean, Housecall, and Panda Active scan and removed what ever they found. The above was not picked up by anything.

Can anyone help me get rid of this infection.


Logfile of HijackThis v1.99.1
Scan saved at 3:26:07 PM, on 6/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Windows\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COM... Read more

Answer:Strange things in HIjack that HIjack this won't remove

Hi khelbena

Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. If you have trouble updating, you may do it manually at http://www.ewido.net/en/download/updates/ Do NOT the Ewido scan yet.

Please download Nailfix at http://www.noidea.us/easyfile/file.p...50515010747824 Unzip it to the desktop but do NOT run it yet.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

c:\windows\system32\mlwhks.exe

Once in Safe Mode, please double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next run a full scan in Ewido. Save the log from the Ewido scan so that you can post it later.

Run a scan in HijackThis. Check ... Read more

6 more replies
Relevance 28.29%

Hi there this is my first post so plz bare with me, here goes . My prob is that I have these 2 viruses called Hijack Regedit and Hijack Taskmanager that I cant get rid of, Malwarebytes finds them and removes them but when I reboot they come back Grrrr, also a new one seems to have raised its ugly head called password stealer , Im running Windows XP with Norton 2010 which wont do a full scan without freezing up. Ill try add the Logs

Malwarebytes' Anti-Malware 1.41
Database version: 2904
Windows 5.1.2600 Service Pack 2
04/10/2009 16:43:38
mbam-log-2009-10-04 (16-43-38).txt
Scan type: Full Scan (C:\|)
Objects scanned: 313418
Time elapsed: 1 hour(s), 39 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d63f90d-f193-4277-b27b-fe70c9c55d6f} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{d07cdf07-b01d-4a9e-bef4-0a1ba518203b} (Password.Stealer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d63f90d-f193-4277-b27b-fe70c9c55d6f} (Password.Stealer)... Read more

Answer:Hijack Regedit Hijack Taskmanager Boohoo :(

Bump Bump Bump
 

1 more replies
Relevance 28.29%

Hi all, I think my computer is infected by an IE hijack as my IE browser keeps getting redirected to directseek.org, thefreedictionary.com, info.com and random sites like that whenever I try to google things and click on the website. I eventually can still search websites from google but I have to close the windows the 1st time, and then click on it a second time to access it since the 1st time, the browser always gets redirected.

ALSO, when I look at my taskmanager, there are several "iexplorer.exe" running even when I have no internet windows open. My internet is much, much SLOWER on my laptop because of this infection (sometimes I have to restart so that the internet works), and I can't shut down my computer quickly because the "DDE server window" pops up continuously, same with iexpolrer.exe, and I have to press like 5-10 times before my computer actually shuts down. My laptop refuses to shut down.

My Dell Laptop came with McAfee, but when I do a full scan, nothing comes up? Well, McAfee did tell me about having trojans in the "updates.exe" file which I quarantined, and deleted. Yet, I still have this problem.

--I am currently using Windows XP, and IE explorer 7. Below is my Hijack This Log. PLS HELP AS THIS IS DRIVING ME NUTS! THANK YOU SO MUCH.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:44 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: ... Read more

More replies
Relevance 28.29%

Good Morning. Thanks in advance for any help you might provide.

Here is my system info:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 2.00GHz, x86 Family 6 Model 13 Stepping 6
Processor Count: 1
RAM: 2046 Mb
Graphics Card: ATI MOBILITY RADEON, 16 Mb
Hard Drives: C: Total - 238472 MB, Free - 138320 MB; D: Total - 157065 MB, Free - 147795 MB; F: Total - 76290 MB, Free - 28373 MB; G: Total - 157065 MB, Free - 88173 MB;
Motherboard: IBM, 2672KBU, Not Available, J1ZTX59P22J
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated: Yes, On-Demand Scanner: Disabled

Symptoms:
- I get alot of redirects when loading new pages in Firefox
- svchost is a memory hog and seems to have some association with realplay.exe
- taskbar will change format and color
- loss of audio mixer support
- slow loading of applications

Background:
- I somehow downloaded 2012 XP Security....I ran Spybot, Adaware, Antimalware, but the problems still exist.

Here is Hijackthis.log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:56, on 6/27/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system... Read more

More replies
Relevance 28.29%

I am getting a redirection to advertising websites when using IE7 or Firefox. The problem started after doing some browsing and McAfee notified me that something was trying to change a registry setting - I told McAfee not to allow the change. I then ran Malwarebytes - the first time thru, it said that it detected 2 problems and removed them. The second time it came back and said there was registry data infection HIKEY_LOCAL_MACHINE|SOFTWARE|Microsofte\Wndows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good (Explorer.exe) -> Quarantined and deleted successfully. However, without my doing anything, the computer just rebooted all by itself at that point. After that, I started getting all of the browser redirection - Hijacked, I guess.

I greatly appreciate any help that you can provide.

Please note that I cannot get RootRepeal to run - I start it up, select report and scan, make the selections, it then says it's Initializing but nothing seems to happen - just hangs and does not respond?

Here is DDS.txt
DDS (Ver_09-11-29.01) - NTFSx86
Run by Liberatore Family at 21:33:35.15 on Sun 11/29/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2330 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running P... Read more

Answer:Infected with Browser Hijack - hijack.shell?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

22 more replies
Relevance 28.29%

Hi,

I am currently suffering from the Hijack.Task Manager and Hijack.Regedit malware. I have malware bytes installed which detects them everytime I run it. It says that they is removed successfully, but virtually everytime I restart my computer, they're back!

I am also running Windows Defender and AVG v9.0.709 (previously had Virgin Media PC Guard installed)

Windows Defender also fails to auotrun at startup, even though it is selected to do so.

I've check my startup files to see if there is anything suspicious running when I start my computer, but nothing.

AVG, Windows Defender and Malwarebytes do not detect any other viruses on my system.

Anyone know why these Hijack malware won't go away?

Thanks.

Answer:Hijack.Task Manager & Hijack Regedit

Welcome to BCPlease run this application:Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again==========================Then immediately Update mbam and run a FULL scanPlease post the results========================Next run We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:),... Read more

1 more replies
Relevance 28.29%

Hello BC Forum
I am new to Forum. This is my first post. I tried to make sure I was following protocol. If my post is unacceptable...please advise how to / where to post my message and files.
I had an event with Scareware. As a result of that event I ran HijackThis. (first time using HijackThis) I've known of HijackThis for along time but, was concerned it would be too technical for me.
I would like to submit files for Analysis to BC. If I can successfully attach files.
The Hijack Log looks normal but, I am not qualified to make that call. I do not understand the Action Taken: info for each entry. I have disable some programs at startup and I have changed some Local Services from default. So Action Taken may be normal or malicious? My system appears OK. All malware scans with resident and on-demand scanners are clean except for one Scareware event reported with A2free ~ Key: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe Trace.Registry.SmartVirusEliminator!A2 As SmartVirusEliminator is known malware. I followed BC removal Tutorial for Smart Virus Eliminator and that is how I have come to run my first HijackThis Log.
I also ran the Hijack Startup list which annotates Registry Check failed. I am curious/concerned about this failed event.
I was going to run TrendMicro Rootkit Buster and RU Botted but, was unable to confirm apps are Vista SP2 supported. Are the apps c... Read more

Answer:Hijack Log file and Hijack Startup list

Hello BC Forum

Trying to follow Forum instructions and run DDS and Root Repeal.

DDS runs no problem. Saved .txt
Root Repeal Reports Scan runs and runs and runs and etc. Scan never ends. Window populates info, refreshes once and just keeps scanning for hours. HDD light on solid. Scanning annotated in lower left of window. I followed directions....click Reports, click Scan, click Drive. Scan never ends. Is Root Repeal supported with Vista SP2. Root Repeal sites offers app is beta and use at your own risk. How do I get the scan to complete and populate log txt.

Regards
bjm_

3 more replies
Relevance 28.29%

I'm usually pretty good about getting rid of malware and browser hijacks but this one has me stumped. Not sure how I even got this baddie but I have it. Tried removing it with:Malwarebytes (wont run)Adaware (always comes back with tracking cookies, remove and they are back after reboot)SmitfraudFixCWshredderThis particular piece of malware is blocking certain domains (all the antivirus/malware sites) and does browser redirects from google searches. Naturally, I cant install spybot (download), update AVG, update Adaware, etc. Nothing seems to work. Wonder if I can get some help from the community. Here is my Hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:51:57, on 3/17/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Prog... Read more

Answer:Help reading my HiJack this log - Browser HiJack Nasties

 ASDF.gif   41.59KB
  24 downloads

3 more replies
Relevance 28.29%

Hi,First of all, thanks in advance to anybody that can help me fix my problems. I'm having two problems, although they're very similar. The first problem is that the majority of the time I click on a Google search result link, I'm redirected to a completely random website. My second problem is with Windows Update. Windows Update is popping up saying "Windows could not search for new updates" and giving me the error code #80244019. Also, when I try to go to http://windowsupdate.microsoft.com/ I am redirected to msn.com or google.com.Thanks again for any help you can provide!DanHere's my log:DDS (Ver_09-02-01.01) - NTFSx86 Run by Dan at 20:36:47.55 on Fri 02/06/2009Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3581.2374 [GMT -6:00]AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Outdated)FW: PC-cillin Internet Security - Firewall *enabled*============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Win... Read more

Answer:Google Hijack/Windows Update Hijack Help

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

11 more replies
Relevance 28.29%

Wow - I woke up this morning and had a mess.

I ran SUPERAntiSpyware in safe mode and it cleaned a lot of things but did not fix the problem. Some of the items it found are:

Trohan.Smitfraud Variant
Trojan.Net-MSV/VPS
Browser Hijacker.Internet Explorer Settings Hijack

The desk top red with a bid nuclear waste symbol on it with "Your Privacy Is In Danger Download Privacy Protection Software Now"

Browser homepage goes to a spyware software site which varies each time it opens.

Popups all the time saying bad things are going to happen so buy my software (obviously paraphrased)

Below is the Hijack This Log . . . Please advise.

Thank you

PineLake Tech
======================================================

Logfile of HijackThis v1.98.2
Scan saved at 3:53:15 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Pro... Read more

Answer:Trojan, Browser Hijack & Desktop Hijack

That is an outdated version of Hijack This.
Go to here and download 'Hijack This!' self installer.
Save it to the desktop or other suitable place. DO NOT just press run from the website
Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
 

1 more replies
Relevance 28.29%

Hi,
I have a strange bunch of things going on in 3 systems ( on a wireless home network ). I can't get a handle on what type of 'nasty' is causing the mess, and how it is doing it; nothing has totally stopped 'it' so far.
( I am not certain that this is just 'one' problem at work, or if there is more than one, doing separate things. )

1) I first noticed this problem with my husband's laptop, and the 'Uninstallation' of TweakUI.

I installed TweakUI from the Microsoft official website. ( He wanted the laptop to open straight to desktop, in his User Account ( no logon screens of any kind ). ) I did some settings, and began to see strange behavior after installing and using TweakUI. I was suspicious of it, and decided to Uninstall. I got an odd window during the Uninstall process, and Norton Internet Security blocked a 'malicious script'. I could not Uninstall until I gave Norton permission to 'run once'. I did the Uninstall. Snowballing, weird stuff has been going on after the Uninstall. Messages about not being able to logon, slow startup to desktop, disconnects when online, mouse locks/total lockups.
Laptop offline, turned off.

2) I also installed TweakIU in his desktop, and did some settings within the utility. Never did an Uninstall of TweakIU in this system; but it has just recently been completely redone ( on a new HDD, OS reload, etc. etc. , and TweakUI is NOT installed )

I ran the following com... Read more

Answer:Profile Hijack, Spyware Program Hijack, Etc.!

Sounds like some maleware/trojan spreading thru network shares, in a case like this it's best to work on one computer at a time and physically disconnect the lan. As soon as you remove part of the malware from one computer it's reinfected from another, not to mention that the malware goes back to the web for updates and new instructions.In case you have a backdoor trojan the systems will be hard to clean and your confidental information has been compromised.Take the computer that's least infected/corrupted. leaving only it connected to the wan and lan, and run MBAMhttp://www.bleepingcomputer.com/forums/ind...st&p=809739

1 more replies
Relevance 28.29%

ok so...due to malwarebytes my comuter has infacted with those two.cant run task manager nor regeditalso internet connection(wireless) seems to be slow and disconnects oftenly, and safe mode wont up, the computer just restarts it self again and again if chose that option.btw... when malwarebytes recognized the infections and says that it removed them, i restart the computer and it?s come back againlog of malwarebytesMalwarebytes' Anti-Malware 1.34Database version: 1749Windows 5.1.2600 Service Pack 313/04/2009 10:01:21 p.m.mbam-log-2009-04-13 (22-01-21).txtScan type: Quick ScanObjects scanned: 58729Time elapsed: 2 minute(s), 9 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Folders I... Read more

Answer:Hijack.Taskmanager Hijack.Regedit infection

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

2 more replies
Relevance 28.29%

Hi,

My laptop's running Windows XP Pro, SP-3.
The problem is that "Folder Options" and "Regedit" have been disabled which I suspect is because of some flash-drive virus.

I tried using FlashDisinfector which enables Folder Options and Regedit but only for a while. On the next reboot they're disabled again.

I just ran Malwarebytes and the log is as follows:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/22/2010 1:39:58 PM
mbam-log-2010-08-22 (13-39-58).txt

Scan type: Quick scan
Objects scanned: 138370
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Polic... Read more

Answer:Help Required on: HIJACK.REGEDIT, HIJACK.FOLDEROPTIONS

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 28.29%

Not sure if anyone has posted on this tool (or similar tools) yet, but security Exploded makes incredible tools, especially Anti Rootkit tools and Root kit detection tools, so I was happy to learn about this:






Quote:
DllHijackAuditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows application. This is recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to completely take over the system.
DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system. With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.

New version v2 brings out following features,
New & Smart Debugger based 'Interception Engine' for consistent and efficient performance.
Support for specifying as well as auditing of application with custom & multiple Extensions.
Timeout Configuration to alter the waiting time for each Application.

DllHijackAuditor is a standalone portable application which does not require any installation and can be run from anywhere. It works ... Read more

Answer:Yaa! DLL Hijack Auditor: For Microsoft DLL hijack vulnerability

hi !

looks very interesting....

but, where is the download-link ?
it?s nice to read info about good software, but even better if you tell us where we can find it...

and take a look at the picture, weird.....

3 more replies
Relevance 27.06%

The first symptom was that soon after dialing to the internet, I got the box that said lsass.exe needs to close, your system will shutdown in 60 seconds. In the course of fixing that, i downloaded a patch, but when I tried to install it, it closed the installer. Regedit also closed immediately. Soon after, internet explores stopped responding as well. I can only browse using netscape. I have run spybot and adaware, and fixed all they checked.

Here is my Hijack This log, run in safemode:

Logfile of HijackThis v1.99.0
Scan saved at 12:33:26 PM, on 1/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\WINXP\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\svohost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C908246... Read more

Answer:Sasser and ie hijack problems with Hijack this log

10 more replies
Relevance 27.06%

I'm suffering with a "Homepage Hijack" I have run Ad aware, Spybot S&D, Clean my PC, I have Norton also running......... I downloaded hijack this and have had difficulity with opening it so I can run it and see if it destroys this pest.......... but........ My PC always freezes up when trying to unzip the file??????? I'm not a waay saavy computer user, I would really appreciate any help?? If there is a way for anybody to contact me, I could sure use the help from one of you all knowing computer guru's.......

If you're in So. range Co., Ca....... I'll pay to have this problem fixed, I'm out of patience...... it's been a week [email protected]!....... The varmint that has ahold of me is this http://213.159.117.132/redir.php don't go there.... once it gets ahold of you........ it doesn't let go.........
If anybody has had this and has successfully deleted it, please let me know how you did it??
Being ever so humble.......... John M.
 

Answer:Homepage Hijack, difficulty w/ hijack this

Perhaps your version of HijackThis is corrupt. Try downloading it again.
 

12 more replies
Relevance 27.06%

AHH!! Someone hijack me! This was a part of the URL when i stop the transation it's in the windows system 32 file

\shdoclc.dll/navcancl.htm

I could just go in and remove it but I'll wait till you experts tell me what to do.. Please look at my Hijack Log and tell me what to delete.. thank you! I still have my Orginal Homepage but when I play the Video I downloaded a bunch of pop up from that site takes over my browser.. help!

Logfile of HijackThis v1.97.7

Platform: Windows XP SP1 (WinNT 5.01.2600)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe... Read more

More replies
Relevance 27.06%

my search for this case lead me here
 
ok lets get to the point, basically i play games online such as Point Blank, buat recently the game is suddenly disconnected and back to desktop which disable the taskmanager so i scan the PC with malwarebyte and found that PUM.Hijack.startmenu and PUM.hijack task manager within my registry
 
this is kind a annoy me because i have to disconected the game for like every 10 minutes i play, and everytime also scan with malwarebyte those 2 item PUM keeps appearing [its like the task manager auto kill my game when its on and make the task manager disable] this was never happend before i dont know how i got this malware
 
this is just keep happening the next day even after i quarantine and deleted with malwarebyte, so i hope my PC didnt get serious problem
 
looking for help and assistant from the expert here
 
Thanks
 
 

Answer:PUM.hijack.startmenu and PUM.hijack.taskmanager

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Lets start with these scans.Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and... Read more

2 more replies
Relevance 27.06%

My Ebay" page will not display
First, I am running Windows "XP", I.E. 8. Received & opened an email (zip file) with pictures & afterward having issues with "my ebay" page. The picture in the email
Appeared on all the favorite sites I check on ebay. The next morning, I'd log into ebay, can go all over ebay with the exception of "my ebay" page, which now comes up “Internet Explorer cannot display”. I can no longer access “My ebay” page or my favorite
Stores associated with it.
I have run Windows Malicious software tool removal, Microsoft essentials, cc cleaner, spybot & pc tools. All state they come up with no problems. I have done this also in safe mode.
I’ve dumped IE 8, reverted to IE7 and still the problem. Accessed thru Google Chrome
& Firefox, same issue. I feel it’s changed a location, but not savy enough to know where
To check.
I have no other issues on my pc, just the “my ebay” site. I can access this on my laptop
So the p.c. is the issue.
I’ve included the Hijac this log if you’d please see if you can locate my problem.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:58:39 PM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\sv... Read more

Answer:Browser Hijack?? Hijack log attached

9 more replies
Relevance 27.06%

When I scan the system with Mbam it showed that the system is infected from above two malware. I formatted the drive (only the partition containing windows) and installed windows again but the system was still infected (Can't access task manager or regedit)

Then I followed the procedures given in this forum and here are the log files.

Please help me to remove this problem.....
 

Answer:Hijack.regedit Hijack.Taskmanager pls help

the remaining log file is attached here....

Can't run CCleaner the virus stops it from running.
 

2 more replies