Computer Support Forum

Idk what the virus is but my hijack file is inside.

Question: Idk what the virus is but my hijack file is inside.

Everytime I start my computer my background is changed and it says I have spayware and that I need to remove it. Also my screen saver is roaches eating the screen and I can never change it. Please help

Relevance 100%
Preferred Solution: Idk what the virus is but my hijack file is inside.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Idk what the virus is but my hijack file is inside.

Hi tony82x,
Welcome to Major Geeks!

I'm making a bug collection, so if you'd like to contribute, please attach a screen shot of the bugs with your next post. Then please continue as follows:

Go to the READ & RUN ME FIRST and work through all the instructions. If there is something you can't do, just make a note of what happens to tell us later and then continue on. When you're finished, use the Manage Attachments button down below the reply window to attach your logs. If you get all four logs, you'll need to post twice, because you can only attach three logs with each post.

Thanks.
abri

26 more replies
Relevance 64.37%

i dont know y but from last few days i m getting this thing whenever i open my MY COMPUTER icon ..........even on some other folders i do get the same thing but after custominzing the folder it works fine below is the screen capture



can any one tell me how to remove this thing

Answer:How do i remove this (Hijack This Log file inside)

We'll require a HijackThis log from you.

But before you post your log at the HijackThis Log Help forum, please read through the sticky first.

16 more replies
Relevance 63.96%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:08 PM, on 7/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Mike\AppData\Roaming\Microsoft\systemkernal.exe
C:\Program Files\Google\Google Desk... Read more

More replies
Relevance 63.96%

Can someone tell me what these two things are

C:\WINDOWS\system32\savedump.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Logfile of HijackThis v1.99.1
Scan saved at 7:36:19 PM, on 10/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\AMER... Read more

Answer:I think i have a virus (hijack log inside)

13 more replies
Relevance 63.96%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:11: VIRUS ALERT!, <---(this is appearing everywhere!!) on 7/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\lphc5aqj0ec11.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\AIM\aim.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\AIM\AIM Pro\aimpro.exeC:\WINDOWS\system32\wuauclt.exec:\program files\avant browser\avant.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R1 - HKLM\Software\Microso... Read more

Answer:Virus (hijack Inside)

Hello, and welcome to the forum.My name is Simon V., and I'll be glad to help you with your computer problems.Please download and install CCleaner.Open CCleaner. On the Windows tab, leave the default options alone.On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.Click on the Run Cleaner button at the bottom right hand corner.When the cleaner has completed, click Tools in the Left Pane.Verify that Uninstall is highlighted in color, or click on it. In the lower right, click Save to Text File. Pull down the arrow at the top of the Save dialog and choose Desktop as the location. You can leave the filename as install.txt. Click Save, then exit Ccleaner._________________Please visit this webpage for download links, and instructions for running ComboFix -http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says -The Recovery Console was successfully installed.Please continue as follows -Close/Disable all anti-virus and anti-malware programs so they do not int... Read more

3 more replies
Relevance 63.14%

Whats going on. I'm on Windows XP SP3, dell dimension c521. Dont know whats happening but I think a popup came up earlier in the day, something downloaded by itself and restarted the computer by itself. Now I can only have the computer running for about 10 min and then it locks up and I have to restart it the hard way for it to clear up but happens again. If I just leave the computer running, when I go to do something it wont let me double click to start up anything and then after right clicking or trying to get something going it locks up and I have to turn off and turn back on. Thanks in advance for any help. here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:54 PM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\windows\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Registry Mechanic\Re... Read more

Answer:Virus Help I Think, Need Badly Hijack Log Inside

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 63.14%

I have run spybot and ad aware. I also tried smitfraud. There were some strange logos in the bottom right hand tray of my screen that are now gone, but the computer is still running slow. I could not get Panda to run, the active x window on top never showed itself. Please help.Logfile of HijackThis v1.99.1Scan saved at 10:02:19 PM, on 4/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Nhksrv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exeC:\WINDOWS\system32\ezSP_Px.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\Program Fi... Read more

Answer:Spylocked Virus - Hijack This Log Inside

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

9 more replies
Relevance 62.73%

User name: chipbutty
email address: [email protected]
Web browser: Internet explorer.
I think I accindently downloaded an msn virus or something when I accepted a picture over msn. I have tried to delete the file but I'm still having problems with msn, when I sign in it opens chat windows with all of my online contacts and tires to send them the same file and does let me talk to my contacts.
Here's my Hijak log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:16, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files... Read more

Answer:Solved: msn virus, help needed please! hijack log inside

10 more replies
Relevance 62.73%

here is my log, i have tons of popups and don't know what to do!!!!
Logfile of HijackThis v1.99.1
Scan saved at 12:24:42 AM, on 4/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\NEtpZHNFbnQ\command.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\bocwdnt.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad8.exe
C:\WINNT\SYSC00.exe
C:\WINNT\sys01928459825-.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\bocwdntA.exe
C:\WINNT\system32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Sof... Read more

Answer:I have the Black Worm Virus...need help! my hijack this log inside, please look!!!

16 more replies
Relevance 62.73%

Can anyone see why i can't get into any anti-virus sites? Something is blocking just those sites from IE. (mcafee, nai, hijackthis, avg, lavasoft, etc).Thanks for the help.JohnLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:10:14 PM, on 9/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ScanSoft\PaperPort\pptd40... Read more

Answer:Can't Get To Any Anti-virus Sites. Hijack Log Inside

Hello and welcome to BCApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.
Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and le... Read more

2 more replies
Relevance 62.32%

Can someone please look through this log to see what files I should check? Thanks guys.Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 15:05:54, on 18/03/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Hp\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Hp\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Epson Software\Event Manager\EEventManager.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\spool\drivers\w32x86\3\E_FATICKE.EXEC:\Windows\System32\spool\drivers\w32x86\3\E_F... Read more

Answer:Google redirecting and email not recieving - Hijack file inside

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

3 more replies
Relevance 60.68%

Hi,

I am setting up a backup system for my pc, backsup to a remote machine via ftp. The files to backup will be compressed into a zip file and then backed up to the remote machine. My question is, if my pc gets infected with a virus and those files backed up to the remote machine, will the virus infect the remote machine as well ? (if the files are not unzipped on the remote machine & both machines running on windows Xp pro). Appreciate any help or suggestions in this.

Regards
Sudhi

Answer:Virus inside a rar or zip file

No, malware inside a ZIP or RAR file can't infect a machine, unless you extract the malware (and execute it).

So in your case, the simple fact of storing a ZIP backup on a remote machine will not infect that remote machine.

That's why malware researchers share malware samples in password-protected ZIP files.

2 more replies
Relevance 59.86%

So I downloaded some program off of Limewire and now everything is messed up. When you try to open internet explorer its very slow. It goes to the homepage and then a bunch of pop ups come. I also get error messages such as microsoft C++ buffer underrun error. The popups are like this...http://www.interracialsingles.net/in...D1909&opt=6943 or CID Popups and others. also my desktop background is just the white error that says restore to active desktop I click it and get another error message. How do i fix all this. Am i gonna use Hijackthis and Combofix?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:52, on 2008-02-04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService... Read more

Answer:Bunch Of Different Virus's Hjt File Inside

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

19 more replies
Relevance 59.04%

the folders when you right click and click properties it is 0 size, or the folder is empty but the file is inside. but i can not open the files, when i right click it just has open with, folder synchronization, send to no other features as usual.And it spread to other files and folders. and when i burn it with Nero, it failed it said the file is too

PLEASE HELP, HOW TO REMOVE THE VIRUS!

Thx.

Answer:New Virus: The Folder is Empty but the file is inside

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 59.04%

currently, I'm using CA Security suite, I'm wondering if I can use the anti-virus to scan the inside of a RAR file, which composed of dozens of files, and confirm if there is a virus inside the packed rar file or not
 

Answer:Can anti-virus scan the inside of a RAR or zip file?

NOD32 does... perhaps the CA cra--- uhmmm... product has an option to scan inside archives that needs to be enabled (seems like it should be on by default; it is with NOD32).
 

6 more replies
Relevance 59.04%

hey guys, i got attacked by some virus or trojan or whatever it was, got some services removed and i need some reg keys to restore them....

If you are on Windows 7 x64 sp1, just go here in regedit;

HKEY_LOCAL_MACHINE\SYSTEM\CurrenControlSet\

and export the services subfolder and paste it up in a reply!

All the headache from trying to fix this with solutions now, i think im missing some vital part and only the right registry files can fix.

make sure you are on 7 x64 sp1...

thanks.

Answer:Got a virus, need a reg file, Windows 7 x64 sp1, directions inside.

Hello dek

Here you go hope it helps
Services.zip

Danny

3 more replies
Relevance 58.63%

I got a powerpoint in an email attachment, virustotal reports a zip file inside...
 
1.) Is there always a .zip file inside powerpoints?
2.) What malicious benefit could a zip file provide?
3.) How can I alalize the ZIP compressed archive (2.5%)
 
ssdeep
1536:d98NvL6Ra3cQewv87TClJ2HsrwRKbbEBbfnCY9Gbt09bfmh4jVuJTVxZbbFH5T14:dfJR4EBfnCK+JTVxZbb59q5/nfcQtb
 
TrID
PowerPoint Microsoft Office Open XML Format document (97.4%)ZIP compressed archive (2.5%)
 
F-Prot packer identifier
appended
 
ExifTool
SharedDoc................: No
Title....................: MEMORY
HyperlinksChanged........: No
TitlesOfParts............: Office Theme, MEMORY, What is Memory, Memory involved three fundamental processes, The stage model of Memory, Sensory Memory, Sensory Memory, Sensory Memory, Short-Term Memory, Short-Term Memory, Short-Term Memory, Short-Term Memory Working Memory, Long-term Memory, Long-Term Memory, Long-Term Memory Transforming or encoding memory, Long-Term Memory Types of Information, Long-Term Memory Subsystems, Maintenance Rehearsal , Elaborate Rehearsal , Retrieval , PowerPoint Presentation, PowerPoint Presentation, Encoding Specificity Principle , Forgetting , Forgetting
LinksUpToDate............: No
LastModifiedBy...........: RLLocal
Application..............: Microsoft Office PowerPointZipFileName..............: [Content_Types].xml
CreateDate...............: 2013:03:19 17:24:18ZZipRequiredVersion.......: 20
PresentationFormat.......: On-screen Show ... Read more

More replies
Relevance 57.81%

Alright, here's my Hijack This log...

Logfile of HijackThis v1.99.1
Scan saved at 11:14:43 PM, on 10/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\... Read more

Answer:Solved: Trojan.Vundo Virus, File: geedc.dll, log inside.

9 more replies
Relevance 56.99%

Hello, We have gone to the website
http://www.salonrenovationmaisonneuve.com/en/exposants
and download the file to open Inside of IE. Once the file is open, none of the links either e-mail or web site works. However, if we open the same file Inside of Google Chrome, the links work. So, we want to know if we are missing something in IE or a plugin.
The PDF file opens with no problem but the links are not enabled. The file works in an Apple Machine and Google Chrome. However, if we download the file physically inside of the computer and then open the file with Adobe Reader, the links all work! Any ideas
how to solve this issue? Thanks Miguel Moreno

Miguel A. Moreno Alfa Logos inc. Tel. 514-253-2548

Answer:UNABLE TO OPEN AN HYPERLINK INSIDE OF A WEB PDF FILE OPENED INSIDE OF IE 11

Internet Options>Security tab, click "Reset all zones to default" (there's a setting for scripting of ActiveX controls)
Start>Adobe Reader>Edit Preferences>there are setting for how embedded links are handled.
Chromium uses its own pdf reader plugin.Rob^_^

3 more replies
Relevance 56.17%

Hi, for a few days now my PC has been downloading a file by the name of "ads.gz". It's been doing it at random, and I always catch it and cancel it. I thought maybe it's one of my currently open tabs but I can't think of which it would be. Thanks in advance...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:09 PM, on 1/26/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\E\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\E\AppData\Local\Google\Chrome\Application\... Read more

Answer:PC is DL a file named "ads.gz" Hijack this inside...

ttt
 

1 more replies
Relevance 52.48%

I just finish off using my CA security suite to custom scan 1 file, but the mesg. didn't say whether it was scanning the file itself, or the files within the RAR file.

So how do you know the anti virus software is doing its job?
 

Answer:when an anti-virus scan a RAR file, should it automatically scan the inside?

Check the options or settings within CA to see if it is set to scan inside compressed files, and if it isn't, turn it on. An AV that doesn't scan inside compressed files is about as worthless as a screen door on a submarine.
 

3 more replies
Relevance 51.25%

I helped a buddy clean out his system a couple of months ago. The other day he said his wife was sent an e-mail by cox saying one of her e-mails had a virus. She didn't open it she says. Well now, what is happening is that everytime he boots up a "WhenUSearch" taskbar tries to initialize. He says the computer hangs, and his internet explorer gets all kinds of popups. I had him install google toolbar to try to limit some of them so he coudl at least get around. He ran Spybot and Ad Aware. He then ran Hijack. Here is his log.

Logfile of HijackThis v1.97.7
Scan saved at 10:54:16 AM, on 5/9/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKSSB.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\BACKPACK UDF\BPUDFMON.EXE
C:\WINDOW... Read more

Answer:Hijack This Log file, virus?

First, You have the peper trojan. Run This uninstaller to get rid of it:

*Note: Just click on the uninst.exe and let it run. When it is finished it will just close. There will be no dialogue. Also you must be connected to the internet for the uninstaller to be effective.

Restart your computer

Next, download CWShredder.exe. Close all windows, including browser. Launch CWShredder and click the Fix button (not Scan). Let it do it's thing.

Restart your computer and post a new HJT log. There will be more cleanup to do.
 

1 more replies
Relevance 51.25%
Question: Virus? HiJack File

Logfile of HijackThis v1.97.3
Scan saved at 9:29:55 PM, on 11/8/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\COMMON~1\EACCEL~1\EANTHO~1.EXE
C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE
C:\Program Files\Bargain Buddy\bin2\bargains.exe
C:\PROGRA~1\BROWSE~1\adblck.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\Winnet.exe
C:\WINDOWS\System32\nssys32.exe
C:\Program Files\Media\Media\UpdateStats.exe
C:\WINDOWS\System32\wjview.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Common files\KeenValue\KeenValue.exe
C:\WINDOWS\System32\IEDriver\IEDriver.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\SahAgent.exe
C:\DOCUME~1\TOMNIC~1\APPLIC~1\eashdrdb.exe
C:\Program Files\ClearSearch\Loader.exe
C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
C:\Program File... Read more

Answer:Virus? HiJack File

Wow! What a mess!

Let's see if we can get you started here.

You have the RapidBlaster parasite.

First click on the link below and it will download RBKiller.

http://www.spywareinfo.com/downloads/rbkiller/rbkiller.exe

Close all browser windows and click on the rbkiller.exe and let it do it's thing. It can scan all running programs, detect RapidBlaster, and successfully terminate the process and remove the Run key registry entry. The newest version can also clean up various RapidBlaster remnants.
Go here http://www.lavasoftusa.com/support/download/ and download Adaware 6

Install the program and launch it.

I strongly recommend that you read the help file to familiarize yourself with the program.

Before running the scan look at the top of the main window and you will see a Gear Icon. This is where you configure the settings. Click on that and then in the next window that pops up click on the "Scanning" tab on the left side. Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all the options there.
The click on the "Tweak" tab and under "Scanning engine" put a check by "Unload recognized processes during scanning" ...........then......under "Cleaning engine" put a ckeck by "Let windows remove files in use at next reboot" then click "Proceed"

Next in the main window look in the bottom right co... Read more

2 more replies
Relevance 51.25%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:11 PM, on 4/1/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18444)Boot mode: NormalRunning processes:C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\hkcmd.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\5-button wireless optical notebook mouse\StartAutorun.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\5-button wireless optical notebook mouse\KMConfig.exeC:\Users\Andy\.COMMgr\complmgr.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\HP\QuickPlay\Q... Read more

Answer:Virus Hijack this log file

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

3 more replies
Relevance 50.84%

Please take a look at my hijack this log file. I had Ssate.exe in my start up registry in Reg Cleaner. I deleted it and restarted my computer and it is no longer in the list. Take a look at my log file and let me know if there is anything that I need to do to get rid of the W32/Bagle virus. My computer has been extremely slow. Rhonda
Logfile of HijackThis v1.97.7
Scan saved at 8:33:20 PM, on 5/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C... Read more

Answer:Bagle virus?? My hijack this log file.........

8 more replies
Relevance 50.84%

i think i just got the about:blank virus/trojan thing.is there a real name for this?anyways,here is my log file,if anyone can help me:

Logfile of HijackThis v1.97.7
Scan saved at 4:28:16 PM, on 6/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\3eb\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9... Read more

Answer:about:blank virus,hijack this log file.

6 more replies
Relevance 50.84%

I am a technician always fixing viruses but this one has me stumped

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:29:24 PM, on 4/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10�... Read more

Answer:Hijack log file,Virus Problems

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 50.84%

hello

Can someomne please inform me on this hijack log and tell me how to get rid of this virus. I can't remove the virus with AVG free edition.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:51 AM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Juno6\exec.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Juno6\exec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/s/sp?r=al&cf=sp&...0000&C=1... Read more

Answer:jspsyme virus and hijack log file help please

Welcome to TSG

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click

No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================

Please perform a scan with Kaspersky Webscan Online Virus Scanner

1. Read the Requirements and Privacy statement, then select "Accept". 2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?". 3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run. 4. When the download is complete it will say ready, click "Next". 5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard). 6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases". 7. ... Read more

1 more replies
Relevance 50.84%

Hi,
I believe I have a virus but I can't seem to find information about it. I am unable to clear it up when I run virus checks either.
What's happening is this. When ever I open a web page (aol is my home page with ie as my brower) the page takes forever to load and then just after it does load I get a message saying "We're sorry, the content you requested is temporarily unavailable. Please try again later." My computer is also EXTREMELY slow to load pages - pages that use to load within 5 seconds (like when checking email) can take 5 minutes to open, if it opens at all.
I tried running AVG anti-spyware and even SUPERantispyware but with no luck. I just ran a Hijackthis scan and was hoping someone could help me or lead me in the right directions!
Below is the log - thanks in advance for your help!
Logfile of HijackThis v1.99.1
Scan saved at 3:27:48 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOW... Read more

Answer:May have virus? Hijack this file enclosed

12 more replies
Relevance 50.84%

I think I have a virus. My computer is making funny noises and I have some pop ups occuring and the whole system has slowed down considerably.
I have run hijack this but not sure what to do with it. here is my log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:51 AM, on 04/15/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer... Read more

More replies
Relevance 50.84%

Last week one of the users on our network opened a file "UPS Delivery Slip" - Norton did not catch the virus and it has infected our computer network slowly shutting down each computer. I have installed the Hijack This program and ran a scan here is what the scan found. Any assistance with this would be a great help I have been trying for over a week to fix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:34 AM, on 17/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =... Read more

More replies
Relevance 50.84%

A computer keeps losing its homepage to homesearch...
Can someone help??
Logfile of HijackThis v1.98.2
Scan saved at 10:55:32 AM, on 10/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Canon\VDC\AuVdc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\crsi.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\javaqh.exe
C:\Documents and Settings\cnorris\Desktop\HijackThis.exe

... Read more

Answer:virus or spyware... Hijack This log file...

ActiveServices ...
Please download GetService.zip
Extract it to a new folder in the desktop. Double click on the Getservice.bat file to run it. This will create and open a text file named getservice.txt in the same folder. It will then open getservice.txt for you.
getservice.txt will list all active Services. Copy and paste the contents of getservice.txt in your next reply here.

From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not work
 

1 more replies
Relevance 50.84%

any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:54:39 AM, on 2/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Katie\My Documents\Kate\anything\iTunesHelper.exe
C:\Program Files\Mess... Read more

Answer:Virus problem help please - hijack this file

6 more replies
Relevance 50.02%

if anybody could help me i would really appreciate it...thanks
Logfile of HijackThis v1.99.1
Scan saved at 2:23:39 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\kusbglxn.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS... Read more

Answer:trojan virus (check my hijack log file please)

12 more replies
Relevance 50.02%

Logfile of HijackThis v1.99.1
Scan saved at 10:08:10 PM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\SYSTEM32\xcommsvr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Tweak-XP Pro\tranicon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\sysservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\DOCUME~1\NOAHM... Read more

Answer:Virus Problems Hijack This Log File For Review

16 more replies
Relevance 50.02%

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Airlink101\AWLH5026\WLService.exe
C:\Program Files\Airlink101\AWLH5026\AWLH5026.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings... Read more

Answer:hijack this log file....trojan virus....please help: WINXP SP2

StartupList report, 3/26/2008, 11:17:56 AM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16608)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Airlink101\AWLH5026\WLService.exe
C:\Program Files\Airlink101\AWLH5026\AWLH5026.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\PROGRA~1\Yahoo!\YO... Read more

2 more replies
Relevance 49.61%

My machine is such a mess- it's SLOW, alternately kicks me off + freezes, half the screen has turned white with a weird gray and blue wavy logo, when I log on it flashes with fragments like a bad DVD. Does other weird stuff, has to be a Bug?

Can you help? Thanks in advance!
(Windows XP Home Edition Service Pack 2 (build 2600) HP Pavilion 061 PU003AV-ABA)
Here is my Highjack file :

Logfile of HijackThis v1.99.1
Scan saved at 10:11:25 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Prog... Read more

Answer:Solved: Major Virus?Can you plz read my Hijack file?

10 more replies
Relevance 49.61%

I think I'm at my wits end...Here's what I have...

Last night, I was working on a few things for work and all of a sudden, I heard the PC bogging down and getting loud. It stopped, shut itself off and then rebooted. Upon reboot, AVG was disabled, I couldn't run Malwarebytes, my Firewall was turned off, my browser was hacked as Google brought up fake sites and even said this one was no longer on the internet.

After browsing the forums on a work computer, I realized I could start the computer in Safe mode which is how I am on the net now. I did that and was able to scan with Malwarebytes and AVG, both of which noticed problems, it removed them like normal, or so I thought, and rebooted...only to have them start popping up over and over again. If someone could PLEASE check out my Hijack This file and help me...I would be GREATLY appreciative.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:01 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program F... Read more

Answer:Please Help! Trojans / Worms / Virus / Etc. (HiJack File Included)

I've been able to run Malwarebytes and AVG in safe mode after doing scans...here is the MBAM log:

Malwarebytes' Anti-Malware 1.28
Database version: 1147
Windows 5.1.2600 Service Pack 2
10/30/2008 10:19:57 PM
mbam-log-2008-10-30 (22-19-57).txt
Scan type: Full Scan (C:\|)
Objects scanned: 109761
Time elapsed: 56 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSA (Adware.TargetSaver) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\Steve Miller\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Steve Miller\Local Settings\Temp\tsupdate_4_0_4_1_b3.exe (T... Read more

1 more replies
Relevance 49.61%

I think im infected with a Active X Videovirus, it constantly tells me to download a special antivirus program (which I will obviously not do).So I thought you might be able to help me, heres my hijack this file (I allready ran 3 different antivir/spyware tests but couldnt get rid of it):Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:43:40, on 12.02.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\csrss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\devldr32.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\system32\svchost.exeE:\Zipprogramm\Lavasoftware\ad aware\aawservice.exeD:\WINDOWS\system32\LEXBCES.EXED:\WINDOWS\system32\spoolsv.exeD:\WINDOWS\system32\LEXPPS.EXEE:\ZIPPRO~1\ANTIVI~1\AVG200~1\avgamsvr.exeE:\ZIPPRO~1\ANTIVI~1\AVG200~1\avgupsvc.exeE:\ZIPPRO~1\ANTIVI~1\AVG200~1\avgemc.exeE:\Zipprogramm\Antivirensoftware\Ashampoo AntiVirus\ashAvSrv.exeD:\Programme\Gemeinsam... Read more

Answer:Infected With Activex Virus, Heres My Hijack File

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments or inside code boxes,thanks.

1 more replies
Relevance 49.61%

PLease find the attached log file-
I am running Symantac Anti virus w/firewall- i am unable to Enable the firewall and live update-
it tells me that i do not have admin rights

Logfile of HijackThis v1.97.7
Scan saved at 7:42:02 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\ntvdm.exe
D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Defaul... Read more

Answer:Windows XP - ANTI Virus Disabled- HIJACK LOG FILE

7 more replies
Relevance 49.61%

Hi Gurus

I have been reading for the past two days on various sites and pages including here to remove the Security Suite virus myself. I think I may have messed up royally somewhat along the way and deleted some files in the registry (which of course I'm sure down the road will incur a re-appearance here! ) .

Anyways, here's what I have done to date before I have finally decided to seek help (should have done this sooner - *doh* but one cannot account for natural born PC stupidity ):

A. Ctrl-delete-alt and removed the v$#&*@(&$# process from TASK MANAGER so that it would stop popping crap up on my screen.
B. Also did the NO PROXY setting on internet since that Security Stoopid Suite keeps putting the 127.0.0.0 whatever on there

NEXT

1. Ran iexplore.exe (virus still there)
2. Ran rkill (didn't do much as I'm sure i wasn't doing it right)
3. Downloaded the mbam-setup.exe (ran that for what seemed hours last night - fell asleep only to find that it had crashed along the way this morning).
4. Ran that again, only to find that it found nothing after 3 hours
5. Read for next steps on many various alternate solutions for removal was to rmit.exe ( that didn't seem to do too much)
6. Finally came across another solution that said run the HIJACKtool file
7. Ran that and that seemed to bring up a slew of files but the person on the website said "LOAD THE FILE UP TO THE FOLLOWING WEBSITES LISTED .. bleepingcomputer b... Read more

Answer:Need help with the Hijack Log File to remove the Security Suite Virus HELP ME PLS!!

Hello seems problem occurred in step 6.. Using HJT on your own.Let's see if we can't do an end around play..Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know... Read more

4 more replies
Relevance 49.61%

My computer was running fine last night, but this morning I started having issues with Excel and Word and my computer is freezing up. I ran the anti virus software I had and it showed a Trojan Goldun Virus. I downloaded and ran the Hijack software and this is my file from them:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:17 AM, on 10/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mobsync.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MemTurbo 4\MemTurbo.exe
C:\Program Files\Common Fil... Read more

More replies
Relevance 49.61%

Good morning, I have run multiple virus scans and malware scans both in regular and safe mode and they run clean each time now after they found a couple of trojan viruses two days ago. The issue is that I am noticing a huge amount of web traffic even when I am not running anything on my end. When I run TCPView it shows many "hits" of ip's from Russia and other countries as well. What can I do to delete or change whatever is causing this and is not found by the antivirus/malware programs?Any help would be greatly appreciated!Thanks in advance, TimeBanditgfile of Trend Micro HijackThis v2.0.2Scan saved at 8:31:56 AM, on 8/29/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device S... Read more

Answer:Hijack this file below: Virus scans and malware find nothing

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

3 more replies
Relevance 49.61%

Logfile of HijackThis v1.99.1Scan saved at 10:51:53 AM, on 5/26/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\aniServ.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\rpcnet.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\SYSTEM32\WISPTIS.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\tabbtnu.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exeC:\Program Files\Softwin\BitDefender8\vsserv.exeC:\WINDOWS\system32\atmclk.exeC:&... Read more

Answer:What Do I Do? Hijack This Log Inside

Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

3 more replies
Relevance 49.61%

Hey there, having a problem with a "searchmiracle" adware program...

Heres the Hi-jack this log....

Thanks in advance...

Logfile of HijackThis v1.97.7
Scan saved at 6:28:00 PM, on 4/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Wryax\Qzdj.exe
C:\Program Files\Windows FormatAd\WinFormKeep.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\W32RfSA.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows FormatAd\WinForm.exe
C:\PROGRA~1\Toolbar\TBPS.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\fgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijack This Software\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software... Read more

Answer:Help, Hijack Log Inside...

8 more replies
Relevance 49.61%

This allaboutsearching virus is bugging me....help..here's the hijack this log.

Logfile of HijackThis v1.97.7
Scan saved at 9:36:08 AM, on 4/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
\ENTPITMS1\VOL1\PUBLIC\NTDIAG.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\DRAW SHIM\OWNSPLAN.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\WILKNews\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start... Read more

Answer:Help!! Hijack this log inside...Need Help!

13 more replies
Relevance 49.61%

I have got something on my computer that wont allow my Superantispyware update and wont allow me to get to any website related to downloading anti spyware. Please help!!!!! Log below and attachedLogfile of Trend Micro HijackThis v2.0.4Scan saved at 17:07:06, on 8/2/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Amada\AI-CAM\AIC_Autoexecute\AIC_AutoExecuteHost.exeC:\Program Files\Amada\AI-CAM\AIC_Nesting\NestingHost.exeC:\Program Files\Amada\AI-CAM\AIC_Schedule\ScheduleHost.exeC:\Program Files\Amada\AI-CAM\AIC_Sequence\SequenceHost.exeC:\Program Files\Amada\AI-CAM\AIC_ToolAssign\ToolAssignmentHost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\hasplms.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\NVIDIA Corporation\Performance Driver... Read more

Answer:NEED HELP!!!! HIJACK THIS LOG INSIDE

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 49.61%

I'm having all sorts of issues. I get tons of pop ups, and there is a clicking noise over and over again in the background when I'm online. Here's my log:

Logfile of HijackThis v1.98.2
Scan saved at 5:53:59 PM, on 11/17/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\EPOAgent\naimas32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\winhost.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Comm... Read more

Answer:Please Help! Hijack This Log inside

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.WL
You have no AV it appears so do a scan from at least one of the sites listed here

http://forums.techguy.org/t110854.html

and get this

http://free.grisoft.com/freeweb.php/doc/1/
 

2 more replies
Relevance 49.61%

Hey i was here a few months ago when i had the Donk Q virus which i must thank the members for its safe removal but now i have another problem, i use Adware and Spybot and also the website version of Pest Patrol and it picks up something like a keystroke spyware, now am only 16 and use my mum's credit card for like Amazon and Ebay.

I am fearing for my life if my mum get a massive bill in for her card, just looking for some reassurance and self releavife, thanx in advance.

Logfile of HijackThis v1.97.7
Scan saved at 12:12:46, on 04/08/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\S3apphk.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R3 - Default URLSearchHook is missing
... Read more

Answer:Help Plz (HiJack This Log Inside)

Do not trust Pest Control--lots of false positives-
 

3 more replies
Relevance 49.61%
Question: Hijack log inside

hi i have got this knew laptop and dont need half this stuff what would be ok to get rid of please and thanksLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:40 PM, on 09/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Users\Kade\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Kade\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR... Read more

More replies
Relevance 49.61%

cant get rid of the pop ups on my dads computer, its changing his homepage , and they are poping up whether his browser is open or not.ive ran the updated ad-aware and spy bot S&D and it finds stuff but i reboot and re run and it finds stuff all over again. please look at my log and see if you can help me
Logfile of HijackThis v1.97.7
Scan saved at 9:10:24 PM, on 7/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\hunahfo.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\Web Offer\wo.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Common Files\WinTools\... Read more

Answer:need help with pop ups , hijack this log inside plz help me

You have spyware/adware on this system. Use SpyBot S&D or Lavasoft's AdAware to safely remove this trash.

Luck!

~Eric
 

3 more replies
Relevance 49.61%

ok i think i got some ad ware or somthin....help please heres my log

Logfile of HijackThis v1.97.7
Scan saved at 10:37:26 PM, on 6/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Desktop\Crap\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=4456697
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-searc... Read more

Answer:H-E-L-P....please (hijack this log inside)

any help please???
 

2 more replies
Relevance 49.61%

My homepage keeps changing to about:blank, i try to put it back but then it changes right back...its pissin me off...heres my log

Logfile of HijackThis v1.98.0
Scan saved at 1:15:37 PM, on 7/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Desktop\Crap\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\... Read more

Answer:Help please! (hijack this log inside)

7 more replies
Relevance 49.61%

having a horrible problem with pop ups all of a sudden. I ran spybot, adaware and still am having issues. every 10 mins or so i get 2-4 advertisements in full screen Internet explorer. Whether im on IE or not.

Logfile of HijackThis v1.97.7
Scan saved at 9:44:42 PM, on 4/16/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\E-Color\Registration\SonnReg.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\New Folder (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Micros... Read more

Answer:Please help ! hijack this log inside

anyone??
 

3 more replies
Relevance 49.61%

I ran Adware this morning and it found a bunch of stuff and wouldn't delete 2 lsp.dll's...ran it again with a deeper scan and it now won't remove just 1 lsp.dll. I haven't rebooted yet though but wanted to show this log before I did. I don't see the dll on the log at all but maybe I overlooked it.

Thanks in advance!

Logfile of HijackThis v1.97.7
Scan saved at 7:56:20 AM, on 5/20/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYST... Read more

Answer:Help...hijack log inside

13 more replies
Relevance 49.61%

Logfile of HijackThis v1.99.1
Scan saved at 3:35:01 AM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe
C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe
C:\WINDOWS\system\driver\csrss.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\BitTorrent PRO\BitTorrent PRO.exe
C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program ... Read more

Answer:Help Me Please: Have HiJack Log Inside

I'm having the NEWDOT~2.DLL problem
 

2 more replies
Relevance 49.61%

I've been getting tons of pop up windows and blue screens of death lately... anyone that can help me out with what to remove from this log file, and how to get rid of it? Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:17:39 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\sokkit\Apache2\bin\apache.e... Read more

Answer:Please help - Hijack This log inside

Anyone? Please? I can barely use this computer for anything anymore...
 

2 more replies
Relevance 49.61%

I've run spybot and adaware. some of the problems are deleted but reinstall themselves. Other problems include constant pop-ups, change of homepage, and programs being installed.heres my hijack this log: Logfile of HijackThis v1.97.7Scan saved at 3:55:33 PM, on 5/13/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\System32\rundll32.exeC:\WINDOWS\System32\video2.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exec:\windows\system32\bdvnmkv.exeC:\Program Files\Steam\Steam.exeC:\Program Files\AIM\aim.exeC:\Program Files\LimeWire\LimeWire... Read more

Answer:In need of help...hijack this! log inside

Please download and extract the following file:http://www.derbilk.de/SpSeHjfix112.zipRun this program and then continue with the next steps:Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user\LOCALS~1\Temp\se.dll/sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Intern... Read more

15 more replies
Relevance 49.2%

Using Windows XP sp2 on HP laptop. Unidentified virus characteristics: Blew by Norton Antivirus 2006 (w. up to date definitions) like it wasn't even there. Hundreds of strange icon (52k in size) suddenly appeared everywhere, mostly in Program files and Windows folder. Also on desktop. Most shortcuts inoperable. Norton is corrupted & inoperable now and cannot uninstall components to attempt reinstall. Spyware Doctor did remove a dialer virus, but doesn't pick anything else up (probably because I can't download the updates on a painfully slow dialup connection). I attemted to delete all of these files, but many replicated themselves afterwards...that's why you will see "file missing" for most of these on the Hijack This file. Can't find the registry entry that loads all this crap. Most of the "experts" at the computer shops say to reformat. That's last choice for me. Please help!
 

Answer:Plz review Hijack This file. Virus easily defeated Norton

Ummm...I realize it says it may take a day or two for a response, but I see replies to folks that have posted after me. Is it preferrable that I post the HJT file directly to my post instead of an attachment? Oops! Seems I can't post the HJT file directly...it's too large.
 

2 more replies
Relevance 49.2%

Hello!
So, I download Guitar Tabs online (legally), and after trying to download one ... I instantly knew something was wrong. I got a bunch of pop-ups...and I never got my tablature. This has never happened when trying to get a guitar tab...but. I've gotten a virus before. I've ran Spybot Search and Destroy a few times and it seems like it still doesn't work. Random things have just...stopped working. Like...Google Chrome and sounds from YouTube videos. Sometimes, iTunes says something like no audio source is found so there may be no sound. Also, some things have "encountered a problem and need to close"...not normal things...like Generic Host Process for Win32 Services. One last thing...sometimes...randomly...everything starts turning into like, Default Windows Style setting. Like, gray boxes and the taskbar goes back to how it looked in Windows 98. When looking at my processes, the program svchost.exe (just one of them) takes around 300,000 K of Mem usage, which has never happened before. I hope I've given adequate information. Here's a HiJack This logfile :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:12:10 PM, on 3/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system... Read more

Answer:Virus? Trojan? Websites Redirecting, etc. HiJack This File Included

16 more replies
Relevance 49.2%

Please help as fast as you can and thank you... Please explain your fixes step by step thank you very muchagain possible google redirected virus infectionHijack This file below let me know what needs to be taken away or steps which need to be taken thanks againLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:40:40 PM, on 4/12/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18882)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exeC:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exeC:\Program Files\Motorola\SMSERIAL\sm56hlpr.exeC:\Program Files\Common Files\AOL\1224940649\ee\aolsoftware.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\vVX1000.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exeC:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exeC:\Program Files\Linksys\Li... Read more

Answer:possible google redirect virus infection. Hijack This file included

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.Please read the preparation guide here => http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Then post the required logs when you reply and we will begin from there. Thanks.PS - Please do not post your email address here. This is to protect you from spam bots who will pick up your email address and spam you.

2 more replies
Relevance 48.79%

I'm on my Dad's comp. It seems as though he was viewing porn (gross!), and now has the Juicyaccess toolbar. I need to get rid of it for him. Please help. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:14:20 PM, on 10/09/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\OpenSA\Apache2\bin\Apache.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\OpenSA\Apache2\bin\Apache.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\AVG... Read more

Answer:Juicyaccess (Hijack this log inside). Need help!

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2 more replies
Relevance 48.79%

I recently rebooted the computer to clean up it and just start "fresh"..

I haven't done much in it and then all of a sudden, the problems started to happen!

1.I cannot open MY COMPUTER Icon. It keeps loading and loading and it never opens it up.

2.I cannot Use the Search Function.It won't let me Search..

3.Is also getting very slow and the INTERNET EXPLORER is pretty much broken.

I notice the computer is fine when I run it in SAFE MODE but it breaks down in NORMAL MODE..

This is my HiJACK log

Logfile of HijackThis v1.99.1
Scan saved at 3:50:10 PM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet E... Read more

Answer:I have several odd problems. My HIJACK LOG is inside.. Someone Help Me Please!

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

In the meantime, make sure you subscribe to this thread so that you will receive an instant email when I have replied with a fix to your problem. You may do this by clicking the Thread Tools option at the top of your post and then clicking Subscribe to this thread. Then, make sure Instant Notification by email is selected and click Add Subscription

Please be patient with me during this time.

7 more replies
Relevance 48.79%

I've run the steps suggested on this forum and some others suggested on others (even for manual removal) and I can't get rid of it.

Here's my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:28 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C... Read more

Answer:Can't get rid of SpyAxe - Hijack this log inside

12 more replies
Relevance 48.79%

Logfile of HijackThis v1.99.1
Scan saved at 6:38:26 PM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\A... Read more

Answer:do i have malware? hijack log inside.

Add remove programs - remove all occurrences of Viewpoint - Seekmo

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such... Read more

1 more replies
Relevance 48.79%

    My computer will give BSODs ever since I--as far as I know--accidentally pulled out the monitor cable behind the computer tower. I put it back in and all, so maybe that's not the cause, I just don't know how it started. But if a HiJack This log tells you what you need to know to help me, I've attached it. I don't want to give you any erroneous info, I just want the BSODs to end so I can actually use my computer for more than 5 minutes before it gets another BSOD. (which is what happens anytime I'm not in Safe Mode) I'd like this handled ASAP, as soon as someone can. Thanks!HiJackThis log: http://www.computer-juice.com/forums/attachments/f49/1755d1336151015-bsods-hijack-log-inside-hijackthis.zip    P.S.    I don't want to mislead anyone with any BSODs that -may- not matter, but in case it helps in conjunction with the attached HiJackThis log, examples of BSODs stop errors and mentioned filenames I got include:    The driver is mismanaging system PTEs. (I uninstalled and manually reinstalled the latest NVIDIA graphics driver as a result of this BSOD)    DRIVER_IRQL_NOT_LESS_OR_EQUAL    tcpip.sys    REFERENCE BY POINTER    rr172x.sys MEMORY_MANAGEMENTMULTIPLE_IRP_COMPLETE_REQUESTSP.P.S.Something I've been wondering about as a possible cause is that in Device Manager, under Processors, it lists four "Intel(R) Xeon(TM) CPU 3.06GHz" items with yellow... Read more

Answer:BSODs - HiJack This Log Inside

Download BlueScreenView:http://www.nirsoft.net/utils/blue_screen_view.htmlunzip downloaded file and double click on BlueScreenView.exe to run the program.when scanning is done, go to EDIT - Select AllGo to FILE - SAVE Selected Items, and save the report as BSOD.txtOpen BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

14 more replies
Relevance 48.79%

My pc is dragging could it have anything to do with my hijack log cause i noticed earthlink installed a ton of stuff

Logfile of HijackThis v1.99.1
Scan saved at 1:23:50 AM, on 10/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\AOL\1111326310\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1111326310\ee\AOLServiceHost.exe
c:\program file... Read more

Answer:PC is dragging (hijack log inside)

I don't think the Earthlink stuff is slowing you up -- but why the AOL files running if you are on Earthlink? Did you fully uninstall AOL?
 

3 more replies
Relevance 48.79%

Ive run adaware pro thousands of times, and they never leave!!!! Here is my hijack log if this helps. what should i do?
Logfile of HijackThis v1.97.3
Scan saved at 10:16:17 AM, on 11/6/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\XdriveNT\xdService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search... Read more

Answer:Cant get rid of adware?! Hijack log inside...

anyone?
 

2 more replies
Relevance 48.79%

Hey I have been plaqued with adware and many other lovely trogans, spyware etc. on my christmas break dontcha love it? Anyways I have some desktop hijacker where it changes the desktop to some Warning, Your Infected! or something, where I found something that temporarily removes it but it comes back after a restart. Also I have many spyware adware, etc. ... I let the HiJackThis Log do the talking....

Logfile of HijackThis v1.98.2
Scan saved at 12:56:59 PM, on 24/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
F:\D-tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Megan.MCCRORIE-DOH607\Desktop\Ares Lite Edition\AresLite.exe
F:\Sierra\steam.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\??oolsv.exe
C:\Documents and Settings\Craiger\Desktop\Craig's\Downloads\COMP PROBLEMS\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=135343
R1 - HKCU\Softwar... Read more

Answer:Solved: Help! Hijack Log Inside!

16 more replies
Relevance 48.79%

Hey there. I've been having some issues lately with my computer involving spyware, malware, etc. All of my google searches are redirected, most sites either go extremely slow or don't load whatsoever, and a lot of times my computer won't even get past the windows welcome and will lock up. I've run Anti-vir, Spybot, and ComboFix to no avail. Spybot came up with traces of Virtumonde, Smitfraud, and a few others I can't name off the top of my head. Here's my hijack this log. I have smitfraud fix and can post a log of that if requested. Thanks so much!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:55:25 PM, on 8/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\... Read more

Answer:Issues With My Pc! Hijack This Log Inside.

Hello Ryanfetus and welcome to BleepingComputer,Running tools ad random is just masquerading your problem,please stick to the advise below and don't do anything inbetween. 1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then... Read more

5 more replies
Relevance 48.79%

My computer will give BSODs ever since I--as far as I know--accidentally pulled out the monitor cable behind the computer tower. I put it back in and all, so maybe that's not the cause, I just don't know how it started. But if a HiJack This log tells you what you need to know to help me, I've attached it. I don't want to give you any erroneous info, I just want the BSODs to end so I can actually use my computer for more than 5 minutes before it gets another BSOD. (which is what happens anytime I'm not in Safe Mode) I'd like this handled ASAP, as soon as someone can. Thanks!

P.S.
I don't want to mislead anyone with any BSODs that -may- not matter, but in case it helps in conjunction with the attached HiJackThis log, examples of BSODs stop errors and mentioned filenames I got include:

The driver is mismanaging system PTEs. (I uninstalled and manually reinstalled the latest NVIDIA graphics driver as a result of this BSOD)
DRIVER_IRQL_NOT_LESS_OR_EQUAL
tcpip.sys
REFERENCE BY POINTER
rr172x.sys

Answer:BSODs - HiJack This log inside

Follow the link below and post the zipped files here
http://www.techsupportforum.com/foru...ta-452654.html

4 more replies
Relevance 48.79%

Please help trojans and dialers infected.
Ad-Aware run. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 10:49:26 PM, on 18/02/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SOFT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VET\VETTRAY.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\XHRMY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pcworld.idg.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsof... Read more

Answer:Help Hijack this logfile inside

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Don't run it yet.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Don't run it yet.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to clos... Read more

19 more replies
Relevance 48.79%

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\serbw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\MSN M... Read more

Answer:Plagued (Hijack this log inside)

That is an incomplete log - http://thespykiller.co.uk/files/hijackthis_sfx.exe

Dl the new.net removal tool and run it http://www.newdotnet.com/removal.html

Add remove programs remove

Windows AdStatus
AdTools Service

DL http://www.cexx.org/lspfix.htm

Launch the application, and click the "I know what I'm doing" checkbox.

Then click Finish.

DL http://www.thespykiller.co.uk/downloads.htm

Close all browser windows and run the uninstaller.

Download CWShredder http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows,
Open cwshredder.exe then click "Fix" and let it run.

Boot and post a new log
 

1 more replies
Relevance 48.79%

Logfile of HijackThis v1.99.1
Scan saved at 7:55:27 PM, on 1/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\win... Read more

Answer:Help With Trojan Spm/lx!!!! Hijack This Log Inside

Hi and welcome to TSG,

Please download SmitfraudFix (by S!Ri)

Extract (unzip) the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

1 more replies
Relevance 48.79%

ok this is my friends pc and it looks and runs like crap thing has so many add-ware i ran spysweepr and it had 1000+ files and apps of that ran spybot same now it runs a bit faster but still some apps run here is the log file that i got
Logfile of HijackThis v1.99.1
Scan saved at 07:47:43 p.m., on 30/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\m?config.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\rusa\eotn.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\He... Read more

Answer:In need ofmajor help Hijack Log Inside

7 more replies
Relevance 48.79%

Please help me. I am trying to fix my work computer. I have Windows XP. I am constantly bothered by pop-ups and viruses. I have McAfee security, SpyBot, Adaware, etc. Here is my log. If anyone can help it would be greatly appreciated.

Jennifer

Logfile of HijackThis v1.99.1
Scan saved at 10:54:46 AM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1... Read more

Answer:please help new girl-hijack this log inside

6 more replies
Relevance 48.79%

I Am Using Internet Explorer.Here Is My Hi jackThis Log Id Appreciate any Help.........Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:30:29 PM, on 6/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\mHotkey.exeC:\WINDOWS\CNYHKey.exeC:\Program Files\Digital Media Reader\readericon45G.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Common Files\AOL\1231970728\ee\AOLSoftware.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\spoolsv.exeC:\... Read more

Answer:HiJack Log Posted Inside

Hello michael ray,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Relevance 48.79%

I get this Mysearchnow.com/passthrough...google.com everytime i restart my computer. Even tho i run Ad-Aware and hijackthis it dosent seem to go away.

Logfile of HijackThis v1.97.7
Scan saved at 10:58:19 AM, on 19/07/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\HP SIMPLE TRAX\HPCRON.EXE
C:\WINDOWS\SYSTEM\DLA\TFSWCTRL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\GAME CONTROLLERS\COMMON\SWTRAYV4.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\HOLDVCWEB\AUDIOACID.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\FREEMEM PROFESSIONAL\FMEMPRO.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC... Read more

Answer:Mysearchnow Hijack: Log Inside

Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [Enc bleh] C:\PROGRA~1\Holdvcweb\audioacid.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...585d7b34e81015d

Close all applications and browser windows before you click "fix checked".

Restart the computer.
 

1 more replies
Relevance 48.79%

My computer will give BSODs ever since I--as far as I know--accidentally pulled out the monitor cable behind the computer tower. I put it back in and all, so maybe that's not the cause, I just don't know how it started. But if a HiJack This log tells you what you need to know to help me, I've attached it. I don't want to give you any erroneous info, I just want the BSODs to end so I can actually use my computer for more than 5 minutes before it gets another BSOD. (which is what happens anytime I'm not in Safe Mode) I'd like this handled ASAP, as soon as someone can. Thanks!

EDIT:
I don't want to mislead anyone with any BSODs that -may- not matter, but in case it helps in conjunction with the attached HiJackThis log, examples of BSODs stop errors and mentioned filenames I got include:
The driver is mismanaging system PTEs. (I uninstalled and manually reinstalled the latest NVIDIA graphics driver as a result of this BSOD)
DRIVER_IRQL_NOT_LESS_OR_EQUAL
tcpip.sys
REFERENCE BY POINTER
rr172x.sys

Answer:BSODs - HiJack This log inside

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as... Read more

6 more replies
Relevance 48.79%

I've had a problem with about:blank also....I've run ad-aware, spy-bot, AVG, and NIS with no luck of getting rid of this....BTW, in the Hijack This log, I notice most of the items in the "trusted zone" are items i have not put there!...also, in the IE security settings, the trusted sites "custom level" button is grayed out....Below is my hijack this log...thanks in advance for your help...

George

Logfile of HijackThis v1.97.7
Scan saved at 8:28:19 PM, on 2/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\FitSense\nli.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\iprb32.exe
C:\WINDOWS\System32\tibs5.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\Plaxo\1.4.1.19\InstallStub.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\... Read more

Answer:About:blank (hijack this log inside)

Hello GatorDawg and Welcome to TSG!

Download Ad-Aware SE from here:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Install and run Ad-Aware SE. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.

Download Spybot S&D from here:
http://users.skynet.be/fa936042/spybotsd13.exe

Install and run Spybot S&D. Choose "Search for updates". Next choose "Download updates". After that, choose "Search and Destroy" and click on "Check for problems". If Spybot finds any nasties on your computer, make sure that they are ticked and choose "Fix selected problems".

Download SpywareBlaster from here:
http://www.majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef

Install and run SpywareBlaster. Click on "Updates" and then choose "Check for updates&... Read more

2 more replies
Relevance 48.79%

I didn't know what I was thinking. I downloaded something and it's stuck. I kind of know what to delete, but I want to make sure before I go delete away. Plz help. TIA

Logfile of HijackThis v1.98.2
Scan saved at 5:05:54 PM, on 2/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Log... Read more

Answer:Downloaded Something Bad. HiJack Log Inside

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

The Temp folders should be cleaned out periodically as installation programs and hijack pro... Read more

6 more replies
Relevance 48.79%

Please help me cure my computer of all viruses! I've scanned my system using adaware, spybot and norton trial and i'm still getting pop ups and i cannot play music using my windows media player. please help! here's my log:
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PQSC\PROGRAM\SCTRAY.EXE
C:\TECHBOX\TECHBOX.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\TEMP\G5VL37J.EXE
C:\WINDOWS\SYSTEM\IEHOST.EXE
C:\WINDOWS\SYSTEM\CARSCRPT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\AIM+\AIM+.EXE
C:\PROGRAM FILES\LINKSYS\WMP11 CONFIG UTILITY\WMP11CFG.EXE
C:\PROGRAM FILES\AIM\AIM95_C0\AIM.EXE
C:\WINDOWS\SYSTEM\HITQG.EXE
C:\WINDOWS\SYSTEM\VTZAY.EXE
C:\PROGRAM FILES\AIM+\AIM+.EXE
C:\PROGRAM FILES\AIM\AIM95_C0\AIM95_C0\AIM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EX... Read more

Answer:[Solved] Please I need some help- HiJack Log inside

16 more replies
Relevance 48.79%

ok my hompage keeps changing....ill go to my tools and change it....a second later ....it goes back to about:black or somthin....here my HIJACKTHIS log

Logfile of HijackThis v1.97.7
Scan saved at 2:06:24 PM, on 7/28/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\mcafee.com\Agent\mcagent.exe
C:\Program Files\mcafee.com\Agent\mcupdate.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Desktop\Crap\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\... Read more

Answer:Ad ware help please!!!!(hijack this log inside)

16 more replies
Relevance 48.38%

Avast Anti-virus found the trojan, so did pest patrol which managed to delete alot of files I think might have been associated with it.....anyway, I tried deleting it and repair which temporarily worked but it always came back. How can I get this off my parent's computer?

BTW, for some time now, I can't seem to get any virus scanner or spyware remover to run at startup? Even if they offer it and ask me to do so, it never does. A while ago I think a trojan or virus got in and wrecked my Win2k PC, I installed winxp and to my susprise it didn't reformat everything and instead just installed right next to it, but the problem didn't exist anymore....perhaps the start up problem is related? Welll that was another concern but the main one is this virus.

Anyway, Here is the hijack this log. Thx for the help!

EDITED: Updated my hijack this copy and this is the updated log as requested below, the post below is the same log as this and you can skip the second post I made in this thread:

Logfile of HijackThis v1.98.2
Scan saved at 8:09:22 PM, on 10/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Softw... Read more

Answer:I have win32:Trojan-Gen{UPX!} and need help getting rid of it, Hijack this log inside

10 more replies
Relevance 48.38%

Hello,

I am working on a friend's computer and I have a solid working knowledge of operating systems and virus/malware removal. The system has clean reports from Avast and Malwarebytes. I have cleared temporary files, uninstalled unnecessary software, limited start-up items, disabled unnecessary processes, and defragged the hard drive. At this time, the computer is still running slowly during boot up, installing applications, and opening basic processes like Firefox.

Computer stats:

XP Media Center SP3
1.66ghz
1 GB Ram
86.3GB HDD
68GB Available

I am running out of ideas. Though it's unlikely anything suspicious will appear in the HiJack This, I figured I would ask someone more well-versed with this program.

Thanks for your help, guys.

Here's the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:55:36, on 6/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.e... Read more

More replies
Relevance 48.38%

Norton found the Awax.Trojan (http://securityresponse.symantec.com/avcenter/venc/data/trojan.awax.html) on my computer. It was unable to delete it or quarantine it though. The computer is running hella slow (on a different one now). I tried following Norton's removal instructions.. but they are not working, and I do not have a system recovery CD.

I was able to get a hijack this log of my PC though. I would appreciate any help/advice SO much.
P.S. Just made a donation

Logfile of HijackThis v1.99.1
Scan saved at 9:32:43 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVir... Read more

Answer:I have the Awax.Trojan. Can someone help? Hijack log inside..

Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
==============

Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

Click here to download HJTsetup.exe:
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item5

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents ... Read more

1 more replies
Relevance 48.38%

hello...
well.. it looks like my uncles computer is full of everything you could think of.. He has popups, restart homepage.. everything..
I ran cws, S&D, and adaware,. and everything keeps coming back..

heres his hijack this log...
Thanks for your help!
Logfile of HijackThis v1.97.7
Scan saved at 6:58:43 PM, on 8/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\System32\nozepk.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINNT\System32\runner.exe
C:\WINNT\System32\ezsn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\loaddadv3[1].exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program F... Read more

Answer:computer having problems...Hijack Log inside...

Your HJT log shows you've no firewall installed. If you're not computing behind a firewall-embedded network router, enable ICF immediately:

To turn on the WinXP Internet Connection Firewall (ICF):

- On the taskbar at the bottom of your screen, click Start, and then click Control Panel.

- Click the Network and Internet Connections category. (If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)

- Click Network Connections.

- Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the shortcut menu.

- On the Advanced tab, under Internet Connection Firewall, select Protect my computer and network, and then click OK. The Windows XP firewall is now enabled.

***

Run HJT, click Scan, put a checkmark by the following then click Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R0 - HKCU\Software\Microsoft\Intern... Read more

1 more replies
Relevance 48.38%

Just a few little problems here and there.
My computer's running a little slower than usual and after letting a friend do a few things on here I returned to find that my system tray icons keep mysteriously disappearing (including my volume control icon which is most likely down to an old windows upgrade ).
Anything I can do to help my poor old computer out?


Logfile of HijackThis v1.99.1
Scan saved at 16:12:04, on 29/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Progra... Read more

Answer:Minor all-rounder [Hijack This log inside]

noone's gonna help me?
 

2 more replies
Relevance 48.38%

hello. i read the rules and hope that i am able to ask this question. i have used this site before to uninstall malware, but i believe i now have a trojan.
this is the message that came up on my virus scan.


here is the hijackthis log

please help me to clean up my computer.

thank you!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:25:56 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
... Read more

Answer:trojan today! hijack this log inside.

i just went into my msconfig and checked all the items i had unchecked so it would give a more accurate reading for you all.

any help is appreciated.
thank you.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:03:24 PM, on 5/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program F... Read more

2 more replies
Relevance 48.38%

Ok, AVG must be a piece of crap, because it doesn't detect anything. I used to play (USED TO) World of Warfraft. Haven't for a few months, didn't plan on going back, ever. I got an e-mail, saying my account was permanently suspended for suspicion of illegal activity. So i'm like, lolwut?

I log into my battle.net account, using onscreen keyboard just incase. I got in fine.

I check my Warcraft account, i see a msg saying its been suspended I cant see any other info.

I check WoWarmory site and my characters have been logged on yesterday, lolwtf?

The only 'torrents' i download, are the occasional movie from aXXo or a TV show from EZTV (all trusted uploaders). I actually BUY my music off itunes. I recently just reformatted my PC and freshly installed Windows 7 x64 as well.

This has me all paranoid, it's like I've been violated I love my PC. I spend a lot of time gaming on it, to have this happen has me disturbed and unable to sleep to say the least. I even had some e-mails saying I was trying to reset my password for my gmail and steam account

I'm begging for help!

Here is my Hijack this log,


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:27:25 AM, on 1/30/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\... Read more

Answer:I have a keylogger.. but.. I can't find it. -- Hijack this log inside.

No matter what you use, theres not a single piece of software out there that will detect everything.

Run malwarebytes and post its log

3 more replies
Relevance 48.38%

One of the computers where I work keeps on restarting at odd intervals. I've unchecked Automatically Restart in the Startup and Recovery tab already, but it still restarts. Here is the Hijack This log for the computer. I'm also unsure if this is the right forum to post this on.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:05:15 PM, on 9/28/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Promon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\System32\spool\drivers\w32x... Read more

More replies