Computer Support Forum

Check my layoutmodification.xml please

Question: Check my layoutmodification.xml please

I am about to import my layoutmodification.xml to our Windows 10 Ent LTSB 2016 image. Can somebody check the syntax?
Also, it possible to add in "folders that appear on Start"?

More replies
Relevance 100%
Preferred Solution: Check my layoutmodification.xml please

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 56.17%

I have ~ 200 machines here on our domain, all running windows 10 Pro. We have configured a custom start menu using by exporting LayoutModification.xml and applying this through Group Policy. It has always been slightly problematic in that some users see some tiles and others don't, there's no rhyme or reason to which work consistently. I've made a change to this file to add a new tile, applied this to the .xml file and saved to the location the GPO points to.
On updating group policy or even manually using Import-StartLayout through PowerShell it simply WILL NOT make this change to any machines.
Current build on our clients is 1607 and we're using Server 2012 R2 on our DCs and FP server.
I've been through MULTIPLE threads on various forums and tried various means to get this applying, even going so far as to creating a new GPO that effects only TEST users. These test users get the start menu applying but NOT the new group and tile in question.
This is an essential shortcut for a new tool we're pushing out to the business ad I've been looking at this for hours, any advice would be greatly appreciated, thanks.

More replies
Relevance 33.21%

The problem start with my wife's PC. It started a few weeks ago she told me. She can't open Outlook Express (doesn't start), access My Space or get updates at Windows Update. Also some images on sites do not load.

I then checked my PC and found, I couldn't access Windows Update, My Space, Thunderbird fails to retrieve emails. I have not noticed any issues with images.

Given this sounded like some of the behaviors I have heard of trojans doing I thought I would post my logs here and see if anyone sees anything out of place. Normally I wouldn't consider a cross contamination but about two weeks I temporarily set up a home network between our PCs to share a few files. The next day I disabled NetBIOS on my PC but as we are both behind a hardware firewall, I guessing if it happened it must have happened then.

Nothing jumps out at me but I wanted to get a second opinion.

Any help would be appreciated.

Wife's PC
Logfile of HijackThis v1.99.1
Scan saved at 5:12:51 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sys... Read more

Answer:Hijack This Check (Can't Update Windows, Check Email or access My Space)

I ran SuperAntiSpyware and found nothing but 10 tracker cookies. Running Panda Virus Scanner online. I couldn't run F-Secure because IE7 Active X controls prevent it from running.

Zero clue as to what is going on so far.
 

3 more replies
Relevance 33.21%

Hello, My PC is disk usgae is at 100%  and somtimes the CPU usage jumps up to. I tested my system and recived- Hard Drive Short DST Check and Long DST Check: Warning  How do I determine what the warning is? Do this mean my hard drive is on the verge of failing? 

More replies
Relevance 33.21%

Is verifying files by check sum / content after transferring (copying, moving) indeed unreliable?

Since "ever" I - if I checked files at all - checked files by content or check sum after transferring them, so this information sounds very astonishing to me now, I hadn't had any clue about what I read here: http://blogs.msdn.com/b/oldnewthing/archive/2012/09/19/10350645.aspx

Obviously meaning in many cases checking files by content / check sum checks the data in the buffer, if I see it right.

So, is it like that? Does it refer to all of the synchronizing / backup / copying, check sum, etc. programs?

And what is the best / easiest way to (automatically) check files after transferring. E.g. when copying all of the files of a 4TB drive to another one.
 

Answer:Verifying files by check sum / content after transferring unreliable - how to check?

Re: Verifying files by check sum / content after transferring unreliable - how to che

Kletus...

I'm not in my league with this, but could this make sense?

I think the article is referring to times when you are seeking to verify data across a network span between two systems (operating systems), where system b (copy destination) requests a checksum from system a (file original location). I believe the author is saying that in that particular situation checksums would be created from the cache/buffer on both computers. In the case of you copying to a secondary disk connected to a single computer I think the checksum should work fine. Sounds like one of those programmer's dilemmas to me.

Sorry if I am off on this. I know you are looking for some programming expertise. I'll just say that reading this, it made sense to me about the author's comments:



This really sounds like you're overthinking it.

First, what possible reason would there be for giving someone write access but not read access to a certain location? That's screwed up on so many different levels...

Second, you're right that having the sender compute a checksum of the destination file is a bad idea for all the reasons mentioned. But why did you even think of doing that in the first place?!? If I was implementing a system like that, I'd have the *destination* system compute the checksum on the file it received and send it back to the sender for verificati... Read more

5 more replies
Relevance 33.21%
Answer:how do i change ms word's spell check to check for british spelling?

is there a british version of office xp? i dont know if you can do that


 

6 more replies
Relevance 33.21%

Hi, i have hp pavilion g6 laptop and its upgraded from windows 8 to 8.1 then windows 10.  From last few days i was getting "Memory_Management", "Kernel_Data_Inpage_Error" and so many other errors with blue screen. Due to this i have to power off the system from main power button by holding for few seconds. Now i was getting hang problem. I saw in task manager that DISK UTILIZATION was 100%. I did a hardware test where i got below results : HARD DRIVE SHORT DST Check : WARNING HARD DRIVE Optimized DST Check  : FAILEDFAILURE ID: 9U3UWX-6KT85B-MFPWWJ-61Q003 Can anybody tell me how to resolve this or i need to replace the hard drive. -ThanksPankaj 

Answer:Hard Drive Short DST Check : WARNING and Optimized DST Check...

Yes you need to replace the hard drive. Since you have upgraded to Windows 10 it is very easy to get recovery media directly from the Microsoft Media Creation Tool. For most people, the problem is not physically swapping out the hard drive, but restoring the operating system since they do not have recovery disks. Post back if you want a service manual and/or video showing the replacement, purchase options for a new hard drive and step-by-step for restoring Windows 10. We would need the full model...g6-???? 

2 more replies
Relevance 32.8%

Hi all

I have been trying to create an Excel macro that deletes only the check mark inside the check box albeit with no success. Is there a way to do this?? I have plenty of check boxes and it is taking me a lot of time to go into each one and delete only the check marks. It would be would be pretty neat to create a macro to delete the check marks in every single check box. If someone out there has figured out how to do it, it would be a great help.

Thanks

Mario
 

Answer:Deleting the Check mark only inside the check box using VBA in Excel

6 more replies
Relevance 32.8%

I have what I believe is a probably Hard Disk failiure; however, the Windows utility provides different output than the error codes provided by the System level check. The below is from my OS check:Microsoft Windows [Version 6.1.7601]Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Users\user>wmicwmic:root\cli>diskdrive get statusStatusOKwmic:root\cli> It seems to indicate status as OK. However, the system level Hardware Test before booting shows the following:Failiure ID is: 9PMPKK-5B284T-XD002K-60QS03Product ID is XG809UA#ABA  I assume the OS level SMART Test is less reliable, then?Thanks!

More replies
Relevance 32.8%

My daughter called me and asked what was wrong with her monitor. She said that when she starts her computer she gets this message "Self check, check your PC and signal cable, monitor is working" and no other display...

kds x-flat monitor, onboard video, XP, AMD

She has unplugged and replugged the video cable several times... any ideas why this is?
 

Answer:Self check, check your PC and signal cable, monitor is working

That suggests that the computer is not booting, or if it is, there is no video output.

The monitor is simply saying "I am OK, but the computer isn't sending me anything"

A simple check to see if the computer is booting is to try the CAPS Lock key. Pressing it will toggle the CAP light on and off each press, if the PC is running.
 

2 more replies
Relevance 32.8%

i have a panasonic toughbook cf 53 running windows 7 pro.my computer works fine. when i turn the computer on it states that there is a media test failure check cables. the only thing that is not working on my computer is the sound. i have checked the control panel and the settings, nothing is muted. im confused why the sound will not turn on. i pressed fn f4 to mute the volume and now it seems to be stuck on mute? any help would be greatly appreciated.thanks, jason

Answer:media test failure check check cables.

Check in Device Manager. Are there any yellow exclamation points?You've been helped by a 14 year old.

6 more replies
Relevance 31.98%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des
 

Answer:Check Disk \ Auto Check Alternatives

Well...? I'm sure there must be some available.

-Des
 

7 more replies
Relevance 31.98%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des

Answer:Check Disk \ Auto Check Alternatives

There isn't any such software??

-Des

3 more replies
Relevance 31.98%

I have listbox with check box as listbox items, i need to select to checkox dynamically. help me to do this.

Answer:Unable to check the check box dynamically in listbox in wp7

sorry but I clearly didn't get your question here. Could please give me some more details ? :)

2 more replies
Relevance 31.98%

Hello.

I have a SuperMicro server with windows 7 32bit. I am using a specialized hardware that can understandably may cause machine check errors because I have a pcie device that can stop responding to cpu non posted transactions for long pepriod of time. I have disabled the pcie timeouts in the hardware, but some other cpu exception occurs due to this long waiting time for the pcie transaction to complete. I get the BSOD with WHEA exception 124.
Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR

Reported by compenent: Processor Core
Error source : 3
Error type: 9
Processor ID: 36

Event ID 18

How do I disable this machine check in windows 7 ?

Thanks

Rayyan

Answer:how to DISABLE Machine Check, WHEA bug check

Hello and welcome to the sevens forum. You said you are getting BSOD"s can you do the following because the BSOD team will need it to help you.

Blue Screen of Death (BSOD) Posting Instructions

1 more replies
Relevance 31.98%

So I have this problem, I have a user that have to check that box every time he open outlook for always check spelling before sending, it won't save the setting when I close it, my last resort would be a new profile but I want to try get help here first since google wasn't very helpful

We use outlook 2010 and the PC is part of a domain, I also tried checking the web outlook but the option is not there.

He is the only user having this problem and to be honest I have never seen this problem before.

More replies
Relevance 31.98%

If it ain't one thing, it is another with this computer.
My spell check is having a nervous breakdown. It checks and offers alternatives for almost every word. This check can include words such as A or An, It, etc. At times I get spellings for words nowhere similar
In a paragraph similar in length to the preceding one, I might have suggetions for practically every word.
Plus, the auto check feature is not working
Anyone help? Appreciate any

Sarge
 

Answer:Spell check doesn't check correctly

You need to tell us what OS you are using and where this is happening - in a browser, in a word processor etc.
 

4 more replies
Relevance 31.98%

What is the best check -in check-out asset management software? A list of what's out there would be appreciated because I cant seem to find an authoritative one of what's best for asset management (game development). I hear Alien brain is good and there's one that starts with a 'p' that I can't remember the name of it to save my life... Alien brain is too expensive and hard to find. It's an open source project so I know the 'p' one would work because they offer open source licenses so if anyone knows what Im talking about feel free to enlighten me.

Something similar to Project but with asset management and check in/check out functionality would be great if anyone could suggest something. A step beyond that would be real time preview of maya scenes, psds, and xsi files. But maybe I want too much with the latter...

edit: Oh and it doesn't have to be free, Im just curious as to what's out there...
 

More replies
Relevance 31.98%

Hey guys,

The company I'm working for has grown a lot and now I'm no longer the only programmer. We're looking for an app that lets us do code check-in/check-out that'll also store all the changes.

All the files we need monitored are plaintext, and we do most of our development in Notepad or Notepad++. The app must work in Server 2003.

Any suggestions?

Thanks!
 

Answer:Code Repository/Check-in/Check-out system

I think subversion should handle your needs...
 

13 more replies
Relevance 31.16%

just wanted to see if anyone noticed anything out of the ordinary.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:04 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\SYSTEM32
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTune... Read more

Answer:*not urgent* can someone check my HJT to make sure everything is in check?

Looks fine
 

1 more replies
Relevance 31.16%

greetings,
when I try to enter checks in the check register, I cannot set the check date to anything other than today's date (ie, the day I am trying to enter the check).

I have googled, etc, but cannot find the cause of this problem.

Anybody have an idea ?

thanks in advance.
 

Answer:Check dates in check register

What program
 

2 more replies
Relevance 29.11%

I get this blue screen error "Auto Check Program not found - Skipping auto check" each time that I boot up. What's the cause and how can a fix it?

More replies
Relevance 29.11%

Hi -Have you changed or added anything recently, or had any type of infection on the computer ? ?Go > Start Accessories > Command Prompt and Right click on it > Select Run as Administrator > Then type scf /scannow and press Enter -This "should" only take about 20 to 30 mins and will check your System Files -Next do the same, but type chkdsk /r and follow any prompts and reboot your computer - The 5 stage check may take from 1 to 2 hours depending on your system, but please let it finish -Thank You -

Answer:auto check program not found-skipping auto check

If sfc /scannow doesnt help then try thisDownloadAutorunsExtract and launch autoruns.exeAllow the scan to run,click on FILE-SAVE Filename:Autoruns.txtsave as type:textUpload the file to wwww.filedropper.com and post the link here

3 more replies
Relevance 26.24%

Today, I was online, reading the news and noticed that the pages were loading slower and slower. Using IE 8. Anyways, I got the Blue Screen of Death with (this is the first time I've seen this message):

Hardware Malfunction
Call hardware vendor for support
NMI: Parity Check/Memory Parity Error
The system has halted

I have a Dell Inspiron E1705 laptop
Win XP, Svc Pack 3
RAM: 1GB
BIOS version: Dell Inc. A03 (2006)
Recent changes to computer: Upgraded from IE 7 to IE 8 12 Apr 09, Windows Auto Update 15 Apr 09, Reg Fix Pro Update 16 Apr 09

After rebooting, I came to your site and checked out some similar posts, I've blown away the dust and went to the link for memtest86, downloaded, installed and updated drivers.

So, far have not received this msg again, but there were some other suggestions I'd like to try. How do I clear CMOS & set BIOS? (And years ago I heard the term - flash the BIOS is this the same thing? Or something else & do I need to do it?) Can you give me guidance on opening up a laptop to reseat & switch memory (I've only opened a desktop)? I did try to go into Setup (F2), but most fields were unchangeable. The battery is 100% charged and performing normally.

Any other things I should do?

Thanks so much!
 

Answer:parity check/memory parity check

There should be a slot on the bottom to get to the memory. Laptop memory sits flat, you will press 2 clips on the RAM holder and the memory will come up about 45 degrees. You can then lift it out of the slot. To install new memory, you slide it into the holder then press it down so it lies flat and you will hear it click in place.

As far as BIOS, avoid flashing it. If this is the first problem you've had and the error seems to point to memory, you do not need to do anything with your BIOS.
 

8 more replies
Relevance 26.24%

Running the Computer Check Disk Function
Step 1
Determine whether you are using Windows XP or Windows Vista. XP users can simply click on the "Windows Start Button" and then go to the "Run" link. Once run pops up type in "CMD" and hit enter which will cause the MS DOS prompt to appear. Type in "CHKDSK /r" which will check for hard disk errors. Vista users need to click on "Start" then go to "Accessories" followed by "System Tools" and then run the MSDOS program followed by "CHKDSK /r"
Step 2
Insert your restore CD if errors are found and not fixed by the check disk function listed above.
Step 3
Turn your computer off and then back on. You'll be asked to hit any button to boot from your CD; press any key. You will then be asked if you want to install a fresh version of your OS or "Repair" a current copy. Choose the "Repair" option and allow the computer to go through the necessary steps.
Step 4
After the repair function has run, turn your computer off and then back on. Wait and see if the computer shuts down again. If it does not shut down, your computer's restore function has fixed the file, which was probably caused by a bad system file.
Fixing Computer Shut Downs Via The Power source
Step 1
Check if your power source is properly connected inside your computer. Your power source is the large box that your computer's power cable plugs into. If this connection becomes loo... Read more

Answer:How to check for disk errors using Check Disk

Very useful share angelcotty

2 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 5:25:03 PM, on 6/2/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGER PLUS\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\PROGRAM FILES\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MMRTKRNL.EXE
C:\PROGRAM FILES\BROWSER MOUSE\MOUSE32A.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\INTERVIDEO\COMMON\BIN\WINCINEMAMGR.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\ON-SCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\WINDOWS\Application... Read more

Answer:Please check my HJT log

7 more replies
Relevance 22.96%
Question: Check Up Please

SDFix: Version 1.93Run by peter on Wed 02/13/2008 at 07:08 PMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\DOCUME~1\peter\Desktop\SPYWAR~1\SDFixSafe Mode:Checking Services: Restoring Windows Registry ValuesRestoring Windows Default Hosts FileRebooting...Normal Mode:Checking Files: No Trojan Files FoundRemoving Temp Files...ADS Check:C:\WINDOWSNo streams found. C:\WINDOWS\system32No streams found. C:\WINDOWS\system32\svchost.exeNo streams found. C:\WINDOWS\system32\ntoskrnl.exeNo streams found. Final Check:Remaining Services:------------------Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger""C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger""C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire""C:\\Program Files\\Veoh Networks\\Veoh\... Read more

Answer:Check Up Please

Hello,

Are you having problems or just making sure none of your torrents are infected?

2 more replies
Relevance 22.96%
Question: check this log plz

Logfile of HijackThis v1.99.0
Scan saved at 5:42:57 PM, on 2/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\soundman.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\windows\system32\GwQXL.exe
C:\WINDOWS\Xhrmy.exe
C:\WINDOWS\system32\GwQXL.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\MSNGMSNGR32.EXE
C:\WINDOWS\System32\gah95on6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Justin.N-5095DCBGND56Z\Application Data\ewso.exe
C:\WINDOWS\System32\r?gsvr32.exe
C:\DOCUME~1\JUSTIN~1.N-5\LOCALS~1\Temp\A~NSISu_.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\Justin.N-5095DCBGND56Z\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WIN... Read more

Answer:check this log plz

Please don't duplicate posts.

Keep posting to your original here: http://forums.techguy.org/t329782.html
 

1 more replies
Relevance 22.96%

check mine too plz thx.

Logfile of HijackThis v1.99.1
Scan saved at 2:54:17 PM, on 6/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\... Read more

Answer:Please check my HJT log

spidrmage, I've split your reply off into a new thread, as its easier to work on one person's problem at a time

Regards

eddie
 

2 more replies
Relevance 22.96%
Question: Check Log

Could you please analyse my Hijack This log as follows, thank you.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:16 PM, on 20/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Boost XP\bxservice.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System... Read more

Answer:Check Log

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.


Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

P2P - I see you have P2P software (i.e. warez) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly cont... Read more

5 more replies
Relevance 22.96%
Question: Check my log

My desktop has been slowing down and I got a very strange errot in Excel today. Time to check the log thought I.

Any advice on this please?

Logfile of HijackThis v1.99.1
Scan saved at 20:28:28, on 11/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7~1.0\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7~1.0\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTHELPER.EXE
F:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
F:\PROGRA~1\Grisoft\AVG7~1.0\avgcc.exe
C:\Program Files\Messenger\MSMSGS.EXE
F:\Program Files\Security\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\mapiicon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
F:\Program Files\microsoft office 97\Office\OSA.EXE
F:\Program Files\Utilities\TextPad\TextPad.exe
N:\Program Files\Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
F:\program files\microso... Read more

Answer:Check my log

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then create a new restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

O2 - BHO: (no name) - {} - (no file)
O4 - HKLM\..\Run: [hecewwncw] C:\WINDOWS\System32\mqwfwy.exe
O4 - Startup: install.lnk = C:\Documents and Settings\bob\Local Settings\Temp\setup.exe

C:\WINDOWS\System32\mqwfwy.exe <--delete that file.

Once done reboot into Normal Mode and post a new HijackThis log file to confirm what was removed and if it's clean or not

1 more replies
Relevance 22.96%
Question: Log Check

Followed Readme.

Counterspy failed to open and just caused computer to hang, same with AVG.

Logs as follow.
 

Answer:Log Check

Thank you for help given.

Note: New version of Java failed to install and this is a friends computer so I have no idea what they did to get into this mess.
 

8 more replies
Relevance 22.96%
Question: check up...

I havent had any problems with my machine but im doing a cleanup, just to make sure i havent got anything bad running could you do a quick look over of my log. Any suggestions?

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - S... Read more

Answer:check up...

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download WinsockFix http://www.greyknight17.com/spy/WinsockFix.sfx.exe and uncompress it. Then double-click on the uncompressed file to run it.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work... Read more

9 more replies
Relevance 22.96%
Question: Just check please

Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:35:22 AM, on 7/26/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\xp\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,[email protected]
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\L... Read more

Answer:Just check please

Check up...?

Ok... Turn and cough please..

Do you have anything to report.. log looks ok.. You're minus a few Critical Updates for your OS.. so you should address this issue first:

Make sure to update Windows and Internet Explorer at http://v5.windowsupdate.microsoft.co....aspx?ln=en-us.

1 more replies
Relevance 22.96%

Hello everyone, I was advised in another thread in the "Am I infected? ..." forum to clean up my computer (which I have done so) and post a HjT log, could you please check this and tell me if anything is bad? Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:37:49 AM, on 4/01/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\SiteAdvisor\6172\SiteAdv.exeC:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System3... Read more

Answer:Could Someone Please Check My Log?

Hi Mahou,I'm sorry it's taken so long for you to get a response to your post. If you still need help please do as follows:Download Deckard's System Scanner (DSS)Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimizedMake sure Format->Word Wrap is uncheckedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your replyOnce complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.

9 more replies
Relevance 22.96%

It seems like there is a lot of crap.

Logfile of HijackThis v1.99.1
Scan saved at 8:41:28 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\DOCUME~1\Lexy\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/... Read more

Answer:Can someone check out this HJ log?

Are you having any issues? If so, please explain. I don't see any malware in that log. HijackThis doesn't see everything out there these days....let's have you run some tools and see if anything lurks.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Perform an online scan with Internet Explorer with

Kaspersky Online Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:Scan using the following Anti-Virus database... Read more

7 more replies
Relevance 22.96%
Question: Log Check

Not having any major problems at the moment but everything helps. Here is my HJT log its not as extensive as some i have viewed on here, would like to get it checked out.I have done all the prep work before i scanned with HJT.I have used Spybot search and Destroy, Ad Aware 7, i tried Mc Afee stinger but it kept being unresponsive and out of date.the three entries with (no name) concern me.Thanks and look forward to hearing from youregards michaelLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:02:16, on 11/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\Hi... Read more

Answer:Log Check

Not having any major problems at the moment but everything helps. Here is my HJT log its not as extensive as some i have viewed on here, would like to get it checked out.I have done all the prep work before i scanned with HJT.I have used Spybot search and Destroy, Ad Aware 7, i tried Mc Afee stinger but it kept being unresponsive and out of date.the three entries with (no name) concern me.Thanks and look forward to hearing from youregards michaelScan saved at 23:11:55, on 11/01/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU ... Read more

4 more replies
Relevance 22.96%

My internet explorer only works for a few minutes, then I have to restart my whole computer.
comLogfile of HijackThis v1.99.1
Scan saved at 8:49:37 AM, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\... Read more

Answer:Please check my log

16 more replies
Relevance 22.96%
Question: HJT Log Check

Hi,

Recently, my computer has been having an extremly high CPU usage % I thought it might have been virus or spyware so I followed the instructions from GreyKnights page.

I ran Ewido in safe mode
Ad aware in safe mode
CleanUp
Spybot S and D

So far it seems to be back to normal here is my HJT log file. Please tell me if anything looks out of place

Thanks

ogfile of HijackThis v1.99.1
Scan saved at 1:27:08 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ayresw\Desktop\HHC XO\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ... Read more

Answer:HJT Log Check

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx


Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folder... Read more

1 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.2
Scan saved at 3:58:48 AM, on 11/11/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\DOCUME~1\User\APPLIC~1\lyadrvos.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Wat1.exe
C:\Program Files\National University of Singapore\NUS-VPN Client\cvpnd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:... Read more

Answer:Re: Help me check this log out

9 more replies
Relevance 22.96%

I know there has to be something wrong with my log so I would be grateful for somebody to just check my HJT log and tell me what I need to fix. Without further adeu, here it is:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:10 PM, on 12/3/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\eMachines Bay Reader\shwiconem.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Webroot\Desktop Firewall\WDF.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Messenger&#... Read more

Answer:I Just Need Someone To Check My Hjt Log

...please?

6 more replies
Relevance 22.96%

im not sure if there is an major problem, just wanted to be on the safe side...i had some problems a month ago with a trojan that blocked my msconfig, folder tools/options etc...i managed to solve that, reading thru this forum...i still have a little problem with quick launch bar, it deactivates from time to time at startup...so i checked my system as described in Preparation Guide...did a complete scan with adaware, spybot, stinger, trojan remover and nod32...they found some bleep and i deleted it all...and i use zonealarm firewall for some time now...finally i checked with hijackthis and this is its log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:43:36, on 11.12.2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG AntiSpyware 7.5\guard.exeC:\Program Files\Nod32\nod32krn.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerT... Read more

Answer:If You Could Check This Log, Please...

Hi costassAll I see is corrupted Hosts file:Download HostsXpert and unzip it to your desktop. Open HostsXpert that you earlier unzipped on your desktopClick "Make Hosts Writable?" upper right corner (if available)Click "Restore MS Hosts File" and then click OKClose HostsXpertNote; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually After that, please post back a fresh HijackThis log and post back any problems that are left

2 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.0
Scan saved at 12:54:52 PM, on 7/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome Alex!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PRO... Read more

Answer:Hello, Please check this over!

Your log appears clean. Are you experiencing anything that may suggest otherwise?

1 more replies
Relevance 22.96%
Question: Pls check this out

Random pop-ups occurances. Please check below logs. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:27:04 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\Hijack... Read more

Answer:Pls check this out

HiJackThis Analyzer result:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: N... Read more

11 more replies
Relevance 22.96%

Please can i have a check on my log

Logfile of HijackThis v1.99.1
Scan saved at 11:38:07, on 10/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Neuston Media Centre\app\Neuston-server.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005... Read more

Answer:Please can i have a check on my log

Do u have any specific problems?

Please download Trend Micro? Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Perform an online scan in Internet Explorer with Panda ActiveScan
Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing th... Read more

5 more replies
Relevance 22.96%
Question: Please Check Over

Hello, Could you please check this over, you guys are the pros! I have no clue what I'm staring at!

Logfile of HijackThis v1.99.0
Scan saved at 11:43:21 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome Alex!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yah... Read more

Answer:Please Check Over

Hi alexxx,

Your log appears clean but to be certain, do an online scan at Panda also:

Please run an online scan at http://www.pandasoftware.com/products/activescan.htm
Make sure you click the "Free Online Virus Scan" in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

1 more replies
Relevance 22.96%

My computer has a history of viruses, so I'm anxious that any potential problems will be fixed before they get worse. I'd really appreciate it if someone checks out my log. Thanks!

Logfile of HijackThis v1.99.0
Scan saved at 01:52:55, on 01/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\pc user\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search ... Read more

Answer:Could someone check this log out for me please?

Nothing major:

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/

That's all I see in this log.

Other than that:

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.

1 more replies
Relevance 22.96%

Can somebody please check this log for me and tell me what to fix... thanks


Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Answer:Please check this log for me

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

3 more replies
Relevance 22.96%
Question: please check log

i have been having random issues with my mouse, i checked hibernate but nothing is on. the mouse pauses and comes back, and the pc internet seems to be slow even though im getting 8mb down /768 up. please check both hjl and hja.

Logfile of HijackThis v1.99.1
Scan saved at 3:34:25 PM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton Internet Security\ISSVC.... Read more

Answer:please check log

I'm just moving this back up

4 more replies
Relevance 22.96%
Question: check please

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/27/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:35:44 PM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\Kevin\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C... Read more

Answer:check please

Your logs are clean. Any more issues? If not you should be good to go. We still have a few more items to address so please follow the instructions below.


Reset hidden/system files and folders

Windows XP
===============Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide file extensions for known types option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Windows 2000
===============Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Select the Advanced settings box option.
Select the Hidden files Folders.
Deselect the Show all files option.
Click Yes to confirm.
Click OK.

Windows ME
===============Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Deselect the Show hidden files and folders option.
Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Windows 95/98/98SE
===============Open My Computer.
Select the View
Select the Folder Options option.
Select the View tab. option.
Select the Advance Advanced settings box option.
Select the Hidden files folder.
Deselect the Show all files option
Click Apply to confirm.
Click OK.



Create a new System Restore point

Windows XP
=============== Click Start >> Run - type SYSDM.CPL & press Enter
Select the System Restore T... Read more

6 more replies
Relevance 22.96%
Question: pls check

hello,

My brother the a$$ did something to the computer that makes it really laggy. i was wondering if the Seniors can take a look and check what is not suppose to be in my comp.

thnx,

tomea

Logfile of HijackThis v1.99.1
Scan saved at 10:59:09 PM, on 6/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Set... Read more

Answer:pls check

Hi.. you have AVG and Symantec Anti virus programs running...they will (if not now) conflict with each other and cause problems...one should go..
Your HJT log should be in C:\ program file incase back up to log is needed..
A log expert will read your log and tell you more...
 

2 more replies
Relevance 22.96%

Please Check My Log..
Kind regards, Heather

Logfile of HijackThis v1.99.1
Scan saved at 16:36:03, on 26-9-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Program Files\HijackThis1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - {0A775BD2-4E8F-D42E-99F7-80FAAA76A0FC} - porka_.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Goog... Read more

Answer:Please Check My Log..

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Make sure you downloaded, installed, updated and ran these programs (run in Safe Mode) already - Ad-aware, Spybot and Ewido. If you didn't, do them now. For more information, go to http://www.greyknight17.com/spyware.htm

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run Clean... Read more

1 more replies
Relevance 22.96%

I just got this computer for my job. It is a dell dimension 2400. just wondering why it lags sometime. I used housecall 6.6 and it removed a couple of viruses. I have tried to remove the registry booster but it says i'm missing the uninstall.dat file attached is my hijack this log. any help would be appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:06:08 PM, on 1/13/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Verizon ... Read more

Answer:Please Check My Log

Welcome to BleepingComputer and I apologize for the wait. The logs extremely outnumber the volunteers. I am not seeing any malware and might be able to clean a little, make a few suggestions. You can remove: Uniblue Registry Booster if you wish, but according to CastleCops, it is not malware: http://www.castlecops.com/startuplist-13106.htmlIf you still have issues of concern, post a fresh HJT log and give me details. Before you post, have a look at this information, it may clear up your issues:http://users.telenet.be/bluepatchy/miekiem...owcomputer.htmlThanks

2 more replies
Relevance 22.96%

hi there,
I was wondering if you would check the log for me!
thanks


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Compaq\Easy Access Keyboard\nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PRO... Read more

Answer:please check HJT log!

Can you repost your HJT log? We will need the system information at the top of it.

3 more replies
Relevance 22.96%

please check my log so i can remove ad.yieldmanager.com malware from my computer

Logfile of HijackThis v1.99.1
Scan saved at 5:55:08 PM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\... Read more

Answer:Please Check my log

Please DISABLE spybot's teatimer and LEAVE IT OFF until the fix is complete!

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Download and install CleanUp! but do not run it yet.

*NOTE* Cleanup d... Read more

3 more replies
Relevance 22.96%
Question: RAM Check

Iv had my old pc for a while now, and wanted to add a bit of ram to it, but i have no idea which i need!
IS there a tool or software or somethign to tell me cos theres nothing written on the actual ram or motherboard.
Thanks
 

Answer:RAM Check

Yes, go to crucial's site and input your make and model of computer or make and model of motherboard. It will show all compatible ram chips.
 

1 more replies
Relevance 22.96%

hi, its been a while since i posted a log, god knows whats on here. anyways, please analyze my log for me. take your time, im sure other people need it more than i do. here it is:

Logfile of HijackThis v1.99.1
Scan saved at 5:59:26 PM, on 9/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Tom\Desktop\Tommy's Folder\HijackThis.exe

R1 - HKCU\Software\Micros... Read more

Answer:check my log please

Hi
No problems here.Its all fine

3 more replies
Relevance 22.96%

my antivirus program picked up a virus name "Trojan Virus" (something like that). i deleted the file and i would appreciate it if you checked my log to se if everything is ok.

i went to download the hijackthis analyzer but the link didnt work for me. so here's just my regular HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 10:12:45 PM, on 3/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BlueLight Internet\exec.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Symantec Share... Read more

Answer:can you check my HJT log?

Yes it's clean.

Any problems now?

1 more replies
Relevance 22.96%

I did an adaware scan earlier and the same 'low' danger files came up as usually do. However my pc is running slower than usual. I was also wondering how long it takes you guys to check a log, I wouldn't want to waste time considering other people have much worse computer problems. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 11:20:14, on 18/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\pc user\My Documents\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4... Read more

Answer:could someone check this log please?

Hi and Welcome to TSF

I don't see anything in the log but let's look a little deeper...

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please run an online scan at http://www.pandasoftware.com/actives..._principal.htm
Once it has finished save the activescan log. Then post that log in your next post.

1 more replies
Relevance 22.96%

Last night I believe I got a virus from AIM. One of my very good friends sent me something and like an idiot I clicked on it. Anyways, I have run all updated versions of Norton, Ad-Aware, etc. Attached is a Hijack This Log. I used the The HijackThis Analyzer program to get the new log. Thank you so much for your help!

og was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 10:43:07 AM, on 9/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\PanelICON.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\W... Read more

Answer:Can Somebody Check My Log

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

4 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 11:18:47, on 08/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\UAService7.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Del6B.tmp
C:\WINNT\System32\06h95oo1.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Spy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = www.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files... Read more

Answer:Can someone check log please?

Help Me - Please explain.

I see you here atleast once a week, with a different problem, different log. Do you own multiple computers, or do you own a pc maintenace business.. or, what??

We've helped you a number of times. Enough times that you should know by now the necessary measures for self help and prevention.

Please let me know what's going on...?

5 more replies
Relevance 22.96%

I can't work with Yahoo!Mail, some popups appear on the top of the windows. Please help me with my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:45 AM, on 10/5/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Vietkey2000\vknt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\cmd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Sys... Read more

Answer:Help me to check my HJT log

You have multiple infections which requires disinfection to be done stages.

Download this tool to your desktop:

http://users.telenet.be/bluepatchy/m...tools/FixO.exe

Doubleclick FixO.exe
This will create a new folder on your desktop called FixO
Open the folder and doubleclick FixO.bat

It will generate a log afterwards. Copy and paste the contents of that log together with a new hijackthislog.

1 more replies
Relevance 22.96%

My computer is running extremely slow. Please check my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:04:14 AM, on 30/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\... Read more

Answer:Please check my HJT log

Hi, Welcome to TSG!!

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/c...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/c...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w... 9Jr5K/+g2H8=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/c.../www.yahoo.com
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [WIN KNOB] C:\DOCUME~1\HP_ADM~1\APPLIC~1\THIRDD~1\4ante01.exe

Close all applications and browser windows before you click "fix checked".
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main ch... Read more

1 more replies
Relevance 22.96%

Comp not running as it should can you check this log for me.



Logfile of HijackThis v1.99.1
Scan saved at 7:19:55 PM, on 12/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
D:\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAl... Read more

Answer:Can you please check this log for me?

Hi Kodi.

There is nothing standout at the moment. You may fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

Please download Trend Micro? Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).Save it to your desktop.
Double-click the new icon on your desktop (tmas-web-scan.exe)
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click "Start Scan"
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

Do an online scan at one of the following sites: Panda ActiveScan
Kaspersky Anti-Virus Web Scanner
BitDefender Online Scanner
Trend Micro? HouseCall
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

3 more replies
Relevance 22.96%

Hi. Can you check the HijackThis log? Coz I dunno which one to check...

Logfile of HijackThis v1.99.1
Scan saved at 9:57:55, on 2005/09/26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Nats\My Documents\HijackThis.exe

O2 - BHO:... Read more

Answer:Can you check the log?

Hello and Welcome to TSF!!


Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it?s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.


**Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/downlo...p1a_en_x86.exe


Thank you for your cooperation.

8 more replies
Relevance 22.96%

Just trying to rid the HD of some critter named rdriv.sys

Answer:Check log, please! Thank you!

Quote:




Logfile of HijackThis v1.99.1
Scan saved at 7:42:03 PM, on 8/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\keyhook.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.lexis-nexis.com/universe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHe... Read more

1 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 17:30:18, on 30/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Omer Abbasi\My Documents\My Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F... Read more

Answer:check this for me pls...

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.


SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Files highlighted in BLACK will need to be removed from your hard drive.


------------------------------------------------------------------


If you hav'nt already done so,download and run SpyBot (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.



How to setup Spybot Search & Destroy version 1.4

Download SpyBot
Save spybotsd14.exe into its own directory, NOT in a TEMPorary folder or on the Desktop.
I recommend c:/program files/spybot/
Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory.
Open Spybot from S... Read more

3 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 9:56:40 PM, on 5/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet-0,00.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.centurytel.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://totalinternet.snap.com:8005/channel/search/0,11,totalinternet... Read more

Answer:Please Check HJT Log

Run HJT again and put a check in the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe

Close all applications and browser windows before you click "fix checked".

Click Here and download Killbox and save it to your desktop.
Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\WindowsUpdates.exe

Click on the button that has the red circle with the X in the middle after you enter the file name.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

After the restart please post your HJT log again.
 

1 more replies
Relevance 22.96%

Im new to all this but my computer has taken a huge downfall, mainly from my brothers installing a rediculous amount of stuff on here, i ran spybot search and destroy. got some results but didnt stop my computer from slowing down. its so much that when I tried using adaware, it wouldnt work. So can someone please check out my hijack this log for me? Also tell me what to do exactly for the results you come up with.

thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:13:47 AM, on 6/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:... Read more

Answer:can someone check my log?

7 more replies
Relevance 22.96%

Hi, I'm a new member and suspect an unwanted invader in my computer. Also, something new has appeared in my startup - PD0620 STISvc. Don't know what this is or how it got there. I have completed scans using spybot, asquared, and spydoctor. I just ran hijack this for my first time and here is my log. I see that entry in this log also. If someone can review this I would appreciate it. Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:58:49 PM, on 1/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\arservice.exeC:\WINDOWS\system32\bgsvcgen.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\WINDOWS\eHome\ehSched.exeC:... Read more

Answer:Please Check My Log?

Hello and welcome to BC.
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please post a fresh HijackThis log and I?ll be happy to help you.

Thanks for your patience.

2 more replies
Relevance 22.96%
Question: Check -up

Hello To all:

I was wondering if you see anything wrong??

Thank You in Advance

Fixandfly


Logfile of HijackThis v1.99.1
Scan saved at 10:44:50 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Pro... Read more

Answer:Check -up

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Download LSPFix http://www.greyknight17.com/spy/LSPFix.... Read more

1 more replies
Relevance 22.96%

Just trying to make sure my computer is safe!! Thanks to whoever can help!!
HJT log follows...




Logfile of HijackThis v1.99.1
Scan saved at 830 PM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Fil... Read more

Answer:Can someone please check my log?

Hello JerseyBella13,

Our apologies for the delay. We've been short-handed due to summer vacations.

There is nothing apparent in this log, but I would suggest an online scan for a second opinion.

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report

Please post those results along with a new HijackThis log.

3 more replies
Relevance 22.96%

I have a simple question: I have Dell Dimension 4600 with 512MB. How much memory i can add and in what configuration (2x512? other?). Do i have to replace the exisitng memory or just add? Thansk, Eran
 

Answer:How can I check how much RAM I can add?

11 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 12:33:03 AM, on 6/2/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\VmFsdWVkIEN1c3RvbWVy\command.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\rpcmscv.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\cxhmi.exe
C:\WINNT\System32\cxhmi.exe
C:\WINNT\System32\cxhmi.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\ipwins\ipwins.exe
C:\defender24.exe
C:\WINNT\sirbfvlA.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINNT\SYSC00.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\win32078768-200498.exe
c:\winnt\system32\pkdsregs.exe
C:\PROGRA~1\COMMON~1\zkrz\zkrzm.exe
C:\DOCUME~1\VALUED~1\MYDOCU~1\STEM~1\alg.exe
C:\Documents and Settings\Valued Customer\My Documents\?icrosoft.NET\n?tepad.exe
C:\PROGRA~1\COMMON~1\zkrz\zkrza.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\... Read more

Answer:could someone check this log for me please

Download the Windows 2000 SP4 update as soon as you can and install it. If you have problems doing it now, fix the below first and then do it. Install it before you give us a new HijackThis log. We need all users to have these updates in order to help prevent further security outbreaks that may occur.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you might get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on start update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, yo... Read more

2 more replies
Relevance 22.96%

i've been getting lots of spam lately, not sure if i've a virus or what. if you could please check this log out for anything unusual, i'd really appreciate it.

Logfile of HijackThis v1.98.2
Scan saved at 9:32:41 AM, on 4/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon0... Read more

Answer:Please Check My Log!!!

6 more replies
Relevance 22.96%
Question: Check this out!

http://www.techguy.org/rules.html

.78 cents a Gig
Comment added by AcaCandy: What a rip off. You can get a nice external for about half that price per gig
 

Answer:Check this out!

Only a two meg cache for something that size?
Meh.
 

2 more replies
Relevance 22.96%

i'm trying to get rid of the allofsafety popup windows and alertsI just need to check if my log is clean.thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:30:18 PM, on 10/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\Desktop\HiJackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dllO3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-ca\msntb.dllO4 - HKLM\..\Run: [LaunchApp] AlaunchO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32... Read more

Answer:Please Check My Log,

Hello Spec,

Welcome back to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log, made in normal mode please, to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 22.96%

My firewall told me a trojan was trying to access the internet. I ran bitdefender in safe mode and it said the trojan was in my temporary internet files so I deleted them and ran cc cleaner. I ran bitdefender again and it didn't come up with anything. Could someone check my HJT log to make sure I have removed all of the trojan please.
 

Answer:Please check my HJT log

Fix this line -
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

Other than that your log is clean.
 

3 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 7:41:39 PM, on 5/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Pro... Read more

Answer:Someone please check my HJL

Hi and welcome to TechSupportForum!

I'm Jet Ian , and I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

4 more replies
Relevance 22.96%
Question: HJT check up

Hi,

I wonder if anyone could help?

Could someone check this HJT logfile and make sure it is clean?

Thanks for your time,

Tom

Logfile of HijackThis v1.99.1
Scan saved at 12:29:26, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Prog... Read more

Answer:HJT check up

That log is clean. If you just wanted a checkup, you are all set

If you have any specific issues that you need addressed please describe them in as much detail as possible and we will work on diagnosing them through other means.

3 more replies
Relevance 22.96%

I'm having all sorts of problems with malware, and I've ran various programs to try and rid my system of these bugs with no luck. Do you see anything I'm missing in the log file?
 

Answer:Please check my HJT Log

Welcome

fyi... your Microsoft Antispyware program is now out of date as MS Antispyware was replaced by Windows Defender, so I would uninstall MS Antispyware and install Windows Defender, once installed update the program either via Microsoft Update or via the program itself, click the small down triangle next to Help "Help Options" > About Windows Defender > Check for Updates


then continue to.....

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.



- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefend... Read more

1 more replies
Relevance 22.96%

Hi, just tell me if there is anything wrong with this log. Anything you think I should remove?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:12 AM, on 10/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Daniel\My Documents\Crap\GUI Customisation\avedesk13\AVEDESK.EXEC:\Program Files\iTunes\iTunes.... Read more

Answer:Check My Log Please :)

I also want to try to delete anything related to StyleXP, but I'm afraid it might affect anything.

7 more replies
Relevance 22.96%
Question: HJT log check

Haven't had much virus/spyware/adware/etc protection on this computer until recently, so I thought I'd post the HJT log for a check. I have already run several programs including Kaspersky, Panda Active Scan, Trendmicro Housecall, ewido, CWShredder, CleanUp!, Spybot & Ad-Aware.

So here's the HJT log. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 1154 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\mcafee.com\personal firewall\MPFTray.exe
C:\Program Files\Common Files\AOL\1104675462\EE\aolsoftware.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.ex... Read more

Answer:HJT log check

Welcome to TSF.

If XPCSpy is a program that you installed and use, then you're computer is clean.

Take care

2 more replies
Relevance 22.96%

well after a big sysfader incident that really annoyed me and a coolwebsearch incident also, i decided to run a scan of hijackthis in safemode. thanks for your help :)

Logfile of HijackThis v1.99.1
Scan saved at 8:25:25 PM, on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Helen.YOUR-4D56229BEA\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.optusnet.com.au/?brand=ODSL&panel=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft In... Read more

Answer:please check this log :)

Hello and welcome to TSF

I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appea... Read more

1 more replies
Relevance 22.96%

Hi. My computer is running fine. I was just wondering if someone could check my Hijackthis log file to see if there are any abnormalties in it. Thanks for your help.
 

Answer:Just need someone to check my log.

No your PC is not running fine!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

.
 

9 more replies
Relevance 22.96%

Internet has been going pretty slow lately, ran all those other programs and removed a bit of stuff but still the same.
 

Answer:Can someone check please?

HijackThis is the last step! You need to run all the other steps in the READ and RUN ME before posting HijackThis logs. HJT logs by themselves are not that useful in diagnosing malware issues. But here is your answer based on you only running HijackThis. You have no problems.
 

1 more replies
Relevance 22.96%
Question: Hjt Log Check-up

C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Common Files\Symantec Shared\ccApp... Read more

Answer:Hjt Log Check-up

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.How to make a permanent folder:Click Start | My Computer | Local Disk (C: ) | Program Files.In the menu bar at the top, go to File | New | Folder.That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\Program Files\HijackThis. Now get your HijackThis.exe file and place it in your folder.Then please post back a new log, making sure to include the whole thing this time. There is a section off the top missing in the log that you last posted, which contains some important system information that I need to see. I would also like a detailed description of the problems you are currently experiencing; "Hjt Log Check-up" doesn't really help me very much.Thanks,Charles

10 more replies
Relevance 22.96%

Computer seems to be running very slow and virtual memory too low alert also popped up, below is a current HiJackThis log. Any help would be much appreciated and would also like to eliminate so many things firing up on startup... thanks!

Edit by chaslang: Inline log attached (for Software Forum to reference)
 

Answer:Need check of HJT log...

Welcome to Majorgeeks!

You do not have any major malware problems. You should uninstall Viewpoint Manager and Viewpoint Toolbar which came from AOL but other than that you should seek help in the Software Forum for your problems. Also consider whether you really need the other toolbars (AOL and Yahoo). In fact what we would tell you here is going to slow you down more but you really need it. You have no protection software installed. You need an antivirus application and a firewall. Hopefully your SpywareDoctor program is a paid subscription version. If not, you will need a real antispyware blocker too. See the below:


How to Protect yourself from malware!

Also another note, you do not need to load the below at startup which will help conserve some resources.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
 

1 more replies
Relevance 22.96%

I was reading your web-site and found how to correct a problem that I was having with an WINNTcfgmgr52.dll error. I did what you said and it fixed it fine. Also, thank you so much for advice you gave to someone else regarding another error I fixed because of your web-site. You are wonderful!

The computer I am working on with the first problem above is still running poor. Can you check my hijackthis log, and let me know if there is anything else that needs to be removed? Thanks

EDIT: removed inline log.
 

Answer:Please check my log.

As you'll be aware, as the advise from the guy's have helped in the past its a good thing to follow our standard cleaning procedures which the first steps will help to remove alot of the junk that HJT will miss, as HJT is one of the final run scans. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

.
 

1 more replies
Relevance 22.96%

I know for a fact my computer is infected with JUNK but how much and how can I get rid of it is the problem. I have SPYBOT and ADAWARE but both did not do their job on this one. Heres my log.

Logfile of HijackThis v1.99.1
Scan saved at 12:58:46 AM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Virtual CD\PowerISO\SCDEmuApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\syst... Read more

Answer:Can someone check my HJT log for me?

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

2 more replies
Relevance 22.96%

the internet (dial-up by the way) is going slow, pretty much not working that well. Hope it's only a temporary thing. The computer generally seems to be fine, so maybe it's something to do with cabling or something rather than viruses. The PC probably needs a routine check anyway, so guess I'll post a hijackthis log and pandascan thing. Thanks.


-----
Logfile of HijackThis v1.99.1
Scan saved at 1100, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\hijack folder\HijackThis1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D5... Read more

Answer:can someone check my log please?

Is this log from Normal Mode?

It might just be the connection. It's dial up, so it won't be fast.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.

1 more replies