Computer Support Forum

Check my layoutmodification.xml please

Question: Check my layoutmodification.xml please

I am about to import my layoutmodification.xml to our Windows 10 Ent LTSB 2016 image. Can somebody check the syntax?
Also, it possible to add in "folders that appear on Start"?

More replies
Relevance 100%
Preferred Solution: Check my layoutmodification.xml please

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 56.17%

I have ~ 200 machines here on our domain, all running windows 10 Pro. We have configured a custom start menu using by exporting LayoutModification.xml and applying this through Group Policy. It has always been slightly problematic in that some users see some tiles and others don't, there's no rhyme or reason to which work consistently. I've made a change to this file to add a new tile, applied this to the .xml file and saved to the location the GPO points to.
On updating group policy or even manually using Import-StartLayout through PowerShell it simply WILL NOT make this change to any machines.
Current build on our clients is 1607 and we're using Server 2012 R2 on our DCs and FP server.
I've been through MULTIPLE threads on various forums and tried various means to get this applying, even going so far as to creating a new GPO that effects only TEST users. These test users get the start menu applying but NOT the new group and tile in question.
This is an essential shortcut for a new tool we're pushing out to the business ad I've been looking at this for hours, any advice would be greatly appreciated, thanks.

More replies
Relevance 33.21%

The problem start with my wife's PC. It started a few weeks ago she told me. She can't open Outlook Express (doesn't start), access My Space or get updates at Windows Update. Also some images on sites do not load.

I then checked my PC and found, I couldn't access Windows Update, My Space, Thunderbird fails to retrieve emails. I have not noticed any issues with images.

Given this sounded like some of the behaviors I have heard of trojans doing I thought I would post my logs here and see if anyone sees anything out of place. Normally I wouldn't consider a cross contamination but about two weeks I temporarily set up a home network between our PCs to share a few files. The next day I disabled NetBIOS on my PC but as we are both behind a hardware firewall, I guessing if it happened it must have happened then.

Nothing jumps out at me but I wanted to get a second opinion.

Any help would be appreciated.

Wife's PC
Logfile of HijackThis v1.99.1
Scan saved at 5:12:51 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sys... Read more

Answer:Hijack This Check (Can't Update Windows, Check Email or access My Space)

I ran SuperAntiSpyware and found nothing but 10 tracker cookies. Running Panda Virus Scanner online. I couldn't run F-Secure because IE7 Active X controls prevent it from running.

Zero clue as to what is going on so far.
 

3 more replies
Relevance 33.21%
Answer:how do i change ms word's spell check to check for british spelling?

is there a british version of office xp? i dont know if you can do that


 

6 more replies
Relevance 33.21%

Is verifying files by check sum / content after transferring (copying, moving) indeed unreliable?

Since "ever" I - if I checked files at all - checked files by content or check sum after transferring them, so this information sounds very astonishing to me now, I hadn't had any clue about what I read here: http://blogs.msdn.com/b/oldnewthing/archive/2012/09/19/10350645.aspx

Obviously meaning in many cases checking files by content / check sum checks the data in the buffer, if I see it right.

So, is it like that? Does it refer to all of the synchronizing / backup / copying, check sum, etc. programs?

And what is the best / easiest way to (automatically) check files after transferring. E.g. when copying all of the files of a 4TB drive to another one.
 

Answer:Verifying files by check sum / content after transferring unreliable - how to check?

Re: Verifying files by check sum / content after transferring unreliable - how to che

Kletus...

I'm not in my league with this, but could this make sense?

I think the article is referring to times when you are seeking to verify data across a network span between two systems (operating systems), where system b (copy destination) requests a checksum from system a (file original location). I believe the author is saying that in that particular situation checksums would be created from the cache/buffer on both computers. In the case of you copying to a secondary disk connected to a single computer I think the checksum should work fine. Sounds like one of those programmer's dilemmas to me.

Sorry if I am off on this. I know you are looking for some programming expertise. I'll just say that reading this, it made sense to me about the author's comments:



This really sounds like you're overthinking it.

First, what possible reason would there be for giving someone write access but not read access to a certain location? That's screwed up on so many different levels...

Second, you're right that having the sender compute a checksum of the destination file is a bad idea for all the reasons mentioned. But why did you even think of doing that in the first place?!? If I was implementing a system like that, I'd have the *destination* system compute the checksum on the file it received and send it back to the sender for verificati... Read more

5 more replies
Relevance 33.21%

Hello, My PC is disk usgae is at 100%  and somtimes the CPU usage jumps up to. I tested my system and recived- Hard Drive Short DST Check and Long DST Check: Warning  How do I determine what the warning is? Do this mean my hard drive is on the verge of failing? 

More replies
Relevance 33.21%

Hi, i have hp pavilion g6 laptop and its upgraded from windows 8 to 8.1 then windows 10.  From last few days i was getting "Memory_Management", "Kernel_Data_Inpage_Error" and so many other errors with blue screen. Due to this i have to power off the system from main power button by holding for few seconds. Now i was getting hang problem. I saw in task manager that DISK UTILIZATION was 100%. I did a hardware test where i got below results : HARD DRIVE SHORT DST Check : WARNING HARD DRIVE Optimized DST Check  : FAILEDFAILURE ID: 9U3UWX-6KT85B-MFPWWJ-61Q003 Can anybody tell me how to resolve this or i need to replace the hard drive. -ThanksPankaj 

Answer:Hard Drive Short DST Check : WARNING and Optimized DST Check...

Yes you need to replace the hard drive. Since you have upgraded to Windows 10 it is very easy to get recovery media directly from the Microsoft Media Creation Tool. For most people, the problem is not physically swapping out the hard drive, but restoring the operating system since they do not have recovery disks. Post back if you want a service manual and/or video showing the replacement, purchase options for a new hard drive and step-by-step for restoring Windows 10. We would need the full model...g6-???? 

2 more replies
Relevance 32.8%

Hi all

I have been trying to create an Excel macro that deletes only the check mark inside the check box albeit with no success. Is there a way to do this?? I have plenty of check boxes and it is taking me a lot of time to go into each one and delete only the check marks. It would be would be pretty neat to create a macro to delete the check marks in every single check box. If someone out there has figured out how to do it, it would be a great help.

Thanks

Mario
 

Answer:Deleting the Check mark only inside the check box using VBA in Excel

6 more replies
Relevance 32.8%

i have a panasonic toughbook cf 53 running windows 7 pro.my computer works fine. when i turn the computer on it states that there is a media test failure check cables. the only thing that is not working on my computer is the sound. i have checked the control panel and the settings, nothing is muted. im confused why the sound will not turn on. i pressed fn f4 to mute the volume and now it seems to be stuck on mute? any help would be greatly appreciated.thanks, jason

Answer:media test failure check check cables.

Check in Device Manager. Are there any yellow exclamation points?You've been helped by a 14 year old.

6 more replies
Relevance 32.8%

My daughter called me and asked what was wrong with her monitor. She said that when she starts her computer she gets this message "Self check, check your PC and signal cable, monitor is working" and no other display...

kds x-flat monitor, onboard video, XP, AMD

She has unplugged and replugged the video cable several times... any ideas why this is?
 

Answer:Self check, check your PC and signal cable, monitor is working

That suggests that the computer is not booting, or if it is, there is no video output.

The monitor is simply saying "I am OK, but the computer isn't sending me anything"

A simple check to see if the computer is booting is to try the CAPS Lock key. Pressing it will toggle the CAP light on and off each press, if the PC is running.
 

2 more replies
Relevance 32.8%

I have what I believe is a probably Hard Disk failiure; however, the Windows utility provides different output than the error codes provided by the System level check. The below is from my OS check:Microsoft Windows [Version 6.1.7601]Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Users\user>wmicwmic:root\cli>diskdrive get statusStatusOKwmic:root\cli> It seems to indicate status as OK. However, the system level Hardware Test before booting shows the following:Failiure ID is: 9PMPKK-5B284T-XD002K-60QS03Product ID is XG809UA#ABA  I assume the OS level SMART Test is less reliable, then?Thanks!

More replies
Relevance 32.39%

If it ain't one thing, it is another with this computer.
My spell check is having a nervous breakdown. It checks and offers alternatives for almost every word. This check can include words such as A or An, It, etc. At times I get spellings for words nowhere similar
In a paragraph similar in length to the preceding one, I might have suggetions for practically every word.
Plus, the auto check feature is not working
Anyone help? Appreciate any

Sarge
 

Answer:Spell check doesn't check correctly

You need to tell us what OS you are using and where this is happening - in a browser, in a word processor etc.
 

4 more replies
Relevance 32.39%

Hey guys,

The company I'm working for has grown a lot and now I'm no longer the only programmer. We're looking for an app that lets us do code check-in/check-out that'll also store all the changes.

All the files we need monitored are plaintext, and we do most of our development in Notepad or Notepad++. The app must work in Server 2003.

Any suggestions?

Thanks!
 

Answer:Code Repository/Check-in/Check-out system

I think subversion should handle your needs...
 

13 more replies
Relevance 32.39%

I have listbox with check box as listbox items, i need to select to checkox dynamically. help me to do this.

Answer:Unable to check the check box dynamically in listbox in wp7

sorry but I clearly didn't get your question here. Could please give me some more details ? :)

2 more replies
Relevance 32.39%

So I have this problem, I have a user that have to check that box every time he open outlook for always check spelling before sending, it won't save the setting when I close it, my last resort would be a new profile but I want to try get help here first since google wasn't very helpful

We use outlook 2010 and the PC is part of a domain, I also tried checking the web outlook but the option is not there.

He is the only user having this problem and to be honest I have never seen this problem before.

More replies
Relevance 32.39%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des

Answer:Check Disk \ Auto Check Alternatives

There isn't any such software??

-Des

3 more replies
Relevance 32.39%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des
 

Answer:Check Disk \ Auto Check Alternatives

Well...? I'm sure there must be some available.

-Des
 

7 more replies
Relevance 32.39%

Hello.

I have a SuperMicro server with windows 7 32bit. I am using a specialized hardware that can understandably may cause machine check errors because I have a pcie device that can stop responding to cpu non posted transactions for long pepriod of time. I have disabled the pcie timeouts in the hardware, but some other cpu exception occurs due to this long waiting time for the pcie transaction to complete. I get the BSOD with WHEA exception 124.
Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR

Reported by compenent: Processor Core
Error source : 3
Error type: 9
Processor ID: 36

Event ID 18

How do I disable this machine check in windows 7 ?

Thanks

Rayyan

Answer:how to DISABLE Machine Check, WHEA bug check

Hello and welcome to the sevens forum. You said you are getting BSOD"s can you do the following because the BSOD team will need it to help you.

Blue Screen of Death (BSOD) Posting Instructions

1 more replies
Relevance 32.39%

What is the best check -in check-out asset management software? A list of what's out there would be appreciated because I cant seem to find an authoritative one of what's best for asset management (game development). I hear Alien brain is good and there's one that starts with a 'p' that I can't remember the name of it to save my life... Alien brain is too expensive and hard to find. It's an open source project so I know the 'p' one would work because they offer open source licenses so if anyone knows what Im talking about feel free to enlighten me.

Something similar to Project but with asset management and check in/check out functionality would be great if anyone could suggest something. A step beyond that would be real time preview of maya scenes, psds, and xsi files. But maybe I want too much with the latter...

edit: Oh and it doesn't have to be free, Im just curious as to what's out there...
 

More replies
Relevance 31.16%

greetings,
when I try to enter checks in the check register, I cannot set the check date to anything other than today's date (ie, the day I am trying to enter the check).

I have googled, etc, but cannot find the cause of this problem.

Anybody have an idea ?

thanks in advance.
 

Answer:Check dates in check register

What program
 

2 more replies
Relevance 31.16%

just wanted to see if anyone noticed anything out of the ordinary.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:04 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\SYSTEM32
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTune... Read more

Answer:*not urgent* can someone check my HJT to make sure everything is in check?

Looks fine
 

1 more replies
Relevance 29.11%

Hi -Have you changed or added anything recently, or had any type of infection on the computer ? ?Go > Start Accessories > Command Prompt and Right click on it > Select Run as Administrator > Then type scf /scannow and press Enter -This "should" only take about 20 to 30 mins and will check your System Files -Next do the same, but type chkdsk /r and follow any prompts and reboot your computer - The 5 stage check may take from 1 to 2 hours depending on your system, but please let it finish -Thank You -

Answer:auto check program not found-skipping auto check

If sfc /scannow doesnt help then try thisDownloadAutorunsExtract and launch autoruns.exeAllow the scan to run,click on FILE-SAVE Filename:Autoruns.txtsave as type:textUpload the file to wwww.filedropper.com and post the link here

3 more replies
Relevance 29.11%

I get this blue screen error "Auto Check Program not found - Skipping auto check" each time that I boot up. What's the cause and how can a fix it?

More replies
Relevance 26.24%

Running the Computer Check Disk Function
Step 1
Determine whether you are using Windows XP or Windows Vista. XP users can simply click on the "Windows Start Button" and then go to the "Run" link. Once run pops up type in "CMD" and hit enter which will cause the MS DOS prompt to appear. Type in "CHKDSK /r" which will check for hard disk errors. Vista users need to click on "Start" then go to "Accessories" followed by "System Tools" and then run the MSDOS program followed by "CHKDSK /r"
Step 2
Insert your restore CD if errors are found and not fixed by the check disk function listed above.
Step 3
Turn your computer off and then back on. You'll be asked to hit any button to boot from your CD; press any key. You will then be asked if you want to install a fresh version of your OS or "Repair" a current copy. Choose the "Repair" option and allow the computer to go through the necessary steps.
Step 4
After the repair function has run, turn your computer off and then back on. Wait and see if the computer shuts down again. If it does not shut down, your computer's restore function has fixed the file, which was probably caused by a bad system file.
Fixing Computer Shut Downs Via The Power source
Step 1
Check if your power source is properly connected inside your computer. Your power source is the large box that your computer's power cable plugs into. If this connection becomes loo... Read more

Answer:How to check for disk errors using Check Disk

Very useful share angelcotty

2 more replies
Relevance 26.24%

Today, I was online, reading the news and noticed that the pages were loading slower and slower. Using IE 8. Anyways, I got the Blue Screen of Death with (this is the first time I've seen this message):

Hardware Malfunction
Call hardware vendor for support
NMI: Parity Check/Memory Parity Error
The system has halted

I have a Dell Inspiron E1705 laptop
Win XP, Svc Pack 3
RAM: 1GB
BIOS version: Dell Inc. A03 (2006)
Recent changes to computer: Upgraded from IE 7 to IE 8 12 Apr 09, Windows Auto Update 15 Apr 09, Reg Fix Pro Update 16 Apr 09

After rebooting, I came to your site and checked out some similar posts, I've blown away the dust and went to the link for memtest86, downloaded, installed and updated drivers.

So, far have not received this msg again, but there were some other suggestions I'd like to try. How do I clear CMOS & set BIOS? (And years ago I heard the term - flash the BIOS is this the same thing? Or something else & do I need to do it?) Can you give me guidance on opening up a laptop to reseat & switch memory (I've only opened a desktop)? I did try to go into Setup (F2), but most fields were unchangeable. The battery is 100% charged and performing normally.

Any other things I should do?

Thanks so much!
 

Answer:parity check/memory parity check

There should be a slot on the bottom to get to the memory. Laptop memory sits flat, you will press 2 clips on the RAM holder and the memory will come up about 45 degrees. You can then lift it out of the slot. To install new memory, you slide it into the holder then press it down so it lies flat and you will hear it click in place.

As far as BIOS, avoid flashing it. If this is the first problem you've had and the error seems to point to memory, you do not need to do anything with your BIOS.
 

8 more replies
Relevance 22.96%

Please check this log, I have tried everything else, thanks in advance. AndyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:46:23 AM, on 05/08/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Shaw Secure\Common\FSM32.EXEC:\WINDOWS\RtHDVCpl.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Shaw Secure\FSGUI\fsguidll.exeC:\Windows\system32\conime.exeC:\Windows\System32\mobsync.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE... Read more

Answer:Please Check My Hjt Log

Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please do not run any other tool untill instructed to do so!Please reply to this thread, do not start another!Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.I am sorry that we were unable to reply to your post sooner. The forums have been very busy.I am currently looking at your log now and will be back as soon as possible with your instructions.while you are waiting one other thing that can be of good use is an uninstall list so please do the following Make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Right click on HijackThis and click Run as administrator 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and... Read more

2 more replies
Relevance 22.96%
Question: Check Up

Hi, my computer has been running very slowly lately. Could anyone analyse this hijack this log to find if there is sometihng causing it.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 7:01:16 PM, on 14/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WI... Read more

More replies
Relevance 22.96%

Here is my HJT log. I also did a PandaScan--the results follow the HJT log.

Thank you!!!



Logfile of HijackThis v1.99.1
Scan saved at 2:24:27 PM, on 2/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\syst... Read more

Answer:Please check out my log...thanks! :)

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Click Main at the top and from the list on the main window, choose Select All.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Your log is clean.

Are you experiencing any problems?

5 more replies
Relevance 22.96%

PC seems slow. Especially with the internet. Could you check with HJT below and tell me if there is anything suspicious - Many thanks!
Logfile of HijackThis v1.99.1
Scan saved at 5:00:40 PM, on 12/14/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSLAGENT.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Syman... Read more

More replies
Relevance 22.96%

My Sony Vaio laptop is running very slowly and has several other issues. I was hoping that someone might take a look at my HJT log and tell me what you see.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:33:17 PM, on 2/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Viewpoint\Viewpoin... Read more

Answer:HJT log check, please

Hi and welcome to TSG

Uninstall all instances of Viewpoint from Add/Remove Programs.

How much RAM do you have?

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

Install Ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido.
It will prompt you to update click the OK button and it will go to the main screen.
On the left side of the main screen click update.
Click on Start and let it update.
DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

3 more replies
Relevance 22.96%

my comp keep having pop up of iexplore.exe cuz i install some codec and i think its a trojan.. luckily i havent done anything like type my password etc... so please help me on this..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:03 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesear... Read more

Answer:Hi can anyone check my HJT log...?

16 more replies
Relevance 22.96%
Question: please check log

i have been having random issues with my mouse, i checked hibernate but nothing is on. the mouse pauses and comes back, and the pc internet seems to be slow even though im getting 8mb down /768 up. please check both hjl and hja.

Logfile of HijackThis v1.99.1
Scan saved at 3:34:25 PM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Razer\razerhid.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton Internet Security\ISSVC.... Read more

Answer:please check log

I'm just moving this back up

4 more replies
Relevance 22.96%

he can some one please check this for me i might have been overlooked
many thanks

http://forums.techguy.org/search.php?searchid=688260&query=
 

More replies
Relevance 22.96%

Could someone check this for me? Getting lots of popups

Logfile of HijackThis v1.99.1
Scan saved at 22:36:55, on 13/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wmgxn.dll/sp.html#90144
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wmgxn.dll/sp.html#90144
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WIN... Read more

Answer:can someone check this please?

* Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
* Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in safe mode:
* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Res... Read more

1 more replies
Relevance 22.96%

Hi,I uninstalled my adobe flash player--mostly by accident--and reinstalled it from Adobe's site online. But now I'm having issues downloading most programs on my laptop here. When I try to run an install file after downloading, an error occurs saying the file is corrupt.Upon log on, I have been getting another error:Could not load or run ' "C:\Users\******\AppData\Roaming\Adobe\Manager.exe" ' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.Also, running 'Steam' on my computer now causes it to crash within minutes.Flash plugins online work.Can you check my HJT log or redirect me to a different section of the forum?Thanks,>>>>Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:38:21 PM, on 8/12/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16681)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Program Files\McAfee\Common Framework\UdaterUI.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\W... Read more

Answer:Check My Hjt Log Please?

Ignore my last posts--this has nothing to do with malware. I got my brother to help me out. Thanks, and sorry if this wasted anybody's time.

-AnonymousLoser

2 more replies
Relevance 22.96%
Question: Please check over.

Logfile of HijackThis v1.99.1
Scan saved at 10:01:04 PM, on 15/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/... Read more

Answer:Please check over.

Hi and welcome to TSF

I'm Jet Ian, and I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. Please be patient with me during this time.

We also recommend that you Subscribe to this thread so that when I or the other experts replied, you will get an email notification. To do this: Click on then and make sure you set it to Instant notification by email.

3 more replies
Relevance 22.96%

Hi , I have windows xp home edition and use internet explorer 6
Hope I posted in right place

When I connect to the internet by dial up and use the address bar to search for things it will only work for 2 or 3 searches then it stops and shows this page cannot be displayed I then have to disconnect from the internet and reconnect again for it to work for another 2 or three times - please help how can I fix this ??

here is my hijackthis log - I also have ewido but do not know what scan to add to this .

Logfile of HijackThis v1.99.1
Scan saved at 10:10:39 AM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\hijackthis\Hija... Read more

Answer:please check my log

just bumping this up to see if anyone can check my log and see why I am having trouble with browsing using IE browser
 

2 more replies
Relevance 22.96%

Hi. Can you check the HijackThis log? Coz I dunno which one to check...

Logfile of HijackThis v1.99.1
Scan saved at 9:57:55, on 2005/09/26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Nats\My Documents\HijackThis.exe

O2 - BHO:... Read more

Answer:Can you check the log?

Hello and Welcome to TSF!!


Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it?s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.


**Note** If your having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/downlo...p1a_en_x86.exe


Thank you for your cooperation.

8 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 8:37:09 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\Xfire.exe
C:\Progra... Read more

Answer:please check my log

Hi and welcome to TSF

I'm Jet Ian, and I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. Please be patient with me during this time.

We also recommend that you Subscribe to this thread so that when I or the other experts replied, you will get an email notification. To do this: Click on then and make sure you set it to Instant notification by email.

2 more replies
Relevance 22.96%
Question: check my log pls

dont know sumthing might be wrong..?
pls tell me

ty

Logfile of HijackThis v1.99.1
Scan saved at 21:10:15, on 08/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Fi... Read more

Answer:check my log pls

10 more replies
Relevance 22.96%

Would you mind looking at my HijackThis Log because I want to make sure nothing has buried itself in my registry and other hidden corners of my computer. I have ZA Pro, Spybot, SpySweeper, and MS's Antispyware. These programs haven't turned up anything, but I see the value in using HJT. However, I need someone to interpret my log to see if anything is hiding. I really don't want to delete in ignorance!

Thanks,
Jeff Smith

Logfile of HijackThis v1.99.1
Scan saved at 7:46:41 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\WebEraser\weraser.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\A... Read more

Answer:Please Check My HJT Log

Hi there.

The log is looking clean , however you are missing one important program on that computer: An antivirus.

You need to install an antivirus program as soon as you can and run a complete scan of the computer.
I recommend AVG free edition - i use it!

Antivir
Avast Free
AVG Free
Bitdefender Free

Install it, and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

David
 

3 more replies
Relevance 22.96%

I can't work with Yahoo!Mail, some popups appear on the top of the windows. Please help me with my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:30:45 AM, on 10/5/2005
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Vietkey2000\vknt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\cmd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Sys... Read more

Answer:Help me to check my HJT log

You have multiple infections which requires disinfection to be done stages.

Download this tool to your desktop:

http://users.telenet.be/bluepatchy/m...tools/FixO.exe

Doubleclick FixO.exe
This will create a new folder on your desktop called FixO
Open the folder and doubleclick FixO.bat

It will generate a log afterwards. Copy and paste the contents of that log together with a new hijackthislog.

1 more replies
Relevance 22.96%

Hi,

Can someone please check the HJT Log below. IE is slow. I have not noticed any other problems although the kids mention Sim2 hangs occasionally, but I have not witnessed.

Running Windows XP Home, 512mb RAM, just ran disk cleanup and defrag. Thanks much.
G

Logfile of HijackThis v1.97.7
Scan saved at 7:19:45 PM, on 2/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\WINDOWS\System32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provi... Read more

Answer:Please check HJT Log

13 more replies
Relevance 22.96%
Question: please check log

posting for friend:
Logfile of HijackThis v1.97.7
Scan saved at 7:27:07 PM, on 2/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\msrexe.exe
C:\WINDOWS\System32\winupdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\progra~1\steam\steam.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ARCHAN~1\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tuxhrv.t.muxa.cc/s.php?aid=33 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tuxhrv.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://tuxhrv.t.muxa.cc/s.php?aid=33 (obfuscated)
R0 - HKLM\Software\Microsoft\I... Read more

Answer:please check log

Click here to download CWShredder. Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

When it is finished restart your computer.

To help prevent this from happening again, I strongly recommend you install the folowing patches for the vulnerabilities that this hijacker exploits:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-075.asp

*Note: The simplest way to make sure you have all the security patches is to go to Windows update and install all "Critical Updates"

Go here and download Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use a... Read more

1 more replies
Relevance 22.96%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:34 AM, on 8/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\PnkBstrA.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\Mixer.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Microsoft Office\Office12\WINWORD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\... Read more

Answer:Hjt Log Please Check

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

First
Seeing its been a number of days since your original scanning with HJT could you please run HJT now and post a fresh HJT log back to this topic please.

Next

Start HijackThis Click on the Config button Click on the Misc Tools button Click on the Open Uninstall Manager button. You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,
Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking o... Read more

6 more replies
Relevance 22.96%
Question: Please Check?

Sorry to bother you guys again but my computer's cpu usage is very high, around 85 to 90 at times with no programs running. I ran norton antivirus and it found Downloader virus and quarantined it, but nothing much has changed. I ran it again in safe mode and it found 2 spyware on it. Would someone please check my hijackthis log to help fix my computer. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:16 AM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmo... Read more

Answer:Please Check?

I waited for a while but no one answered so I did another scan with hijackthis and was hoping someone would be able to look at it. Thanks, again in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:49 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\... Read more

1 more replies
Relevance 22.96%

Hello all! I was with several malwares (like Winctrl32.dll) and i did a lot of stuff to remove them all.Can anyone please check my log to see if everything is fine now? Thanks!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:58:31, on 19/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\GbPlugin\GbpSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exeC:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exeC:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exeC:\ARQUIV~1\MICROS~3\rapimgr.exeC:\Arquivos de programas\APC\APC PowerChute Personal Edition\mainserv.exeC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arq... Read more

Answer:Please Check My Log

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

2 more replies
Relevance 22.96%

Hi

A mate of mine has some problems with spy ware on his pc , hes run spybot and add aware but still gets the messages in right hand corner.. heres what he told me ..

This morning when I signed onto AOL, the computer seemed to be doing something more after all the normal AOL screens had loaded up. Within a few seconds before I had a chance to react, it had downloaded and installed several programs (although I dont know what programs they are). I then got a few new icons in my system tray, saying my computer is infected with spyware and all that lot, and everytime I tried to get rid of that message or click on it, it would open up a few pages on my internet explorer browser advertsing spyware/adware removal programs. I then noticed a program opening up called SpyFalcon. It did some sort of scan and came up with a list of programs that are spyware and said for it to remove them I need to buy and enter a serial code. Whenever I tried to exit the strange program it would open up again and would remain there. After several attempts to close it down, I ran a program that I have had a quite a while and fully trust called Ad-ware SE Personal, which scanned and found a dialler, some registration thingys, a few programs etc that wernt suppose to be there. It deleted them for me, but after a few more scans, some files kept coming back, mainly the SpyFalcon one which I couldnt delete manually because it kept coming up with 'you do not have access to this file' but after abou... Read more

Answer:can some one check this log please

hi welcome to TSG!

Download FixSF.reg to your desktop by right clicking on the following
link and then selecting Save Link As or Save File as, depending on your
browser.

http://www.bleepingcomputer.com/files/reg/FixSF.reg
Go to your desktop and double click on the FixSF.reg file that you
downloaded earlier. When it asks if you would like to merge the
information, press the Yes button and then the OK button.

Go to add/remove and uninstall spyfalcon!
Find the entry for SpyFalcon and double-click on it. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.
Delete the following files and folders (Do not be concerned if this folder does not exist):

C:\Windows\System32\dxmpp.dll
C:\Program Files\SpyFalcon\


* Click here to download smitRem.zip.
http://noahdfear.geekstogo.com/click counter/click.php?id=1


* Save the file to your desktop.
* Unzip smitRem.zip to extract the two files it contains.
* Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.

*Download Cleanup from Here
http://www.stevengould.org/software/cleanup/download.html
* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will app... Read more

2 more replies
Relevance 22.96%

I've been having some odd problems with my computer, and am hoping that someone here can help me resolve them. First, I can't use internet explorer. It opens up my home page, and when i type address or search for something, it freezes. Needless to say, I switched to Firefox. Secondly, something made my audiosrv.dll file bad or corrupt, and if I left it alone, ie would work fine, but as soon as I replaced the .dll with a working one, i lost ie. I was running ie7, and thought that it might just be a problem with that, so downgraded to ie6, but still same problem.Any way, here's the logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:15:19 PM, on 9/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files ... Read more

Answer:Can Someone Check This Out For Me?

Hello, bk94caddy. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you would still like help, please post a new HiJack This log below, as things may have changed on your system.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount... Read more

2 more replies
Relevance 22.96%
Question: HJT Log Check

Hi,

Recently, my computer has been having an extremly high CPU usage % I thought it might have been virus or spyware so I followed the instructions from GreyKnights page.

I ran Ewido in safe mode
Ad aware in safe mode
CleanUp
Spybot S and D

So far it seems to be back to normal here is my HJT log file. Please tell me if anything looks out of place

Thanks

ogfile of HijackThis v1.99.1
Scan saved at 1:27:08 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ayresw\Desktop\HHC XO\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ... Read more

Answer:HJT Log Check

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked if the site has that option.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx


Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folder... Read more

1 more replies
Relevance 22.96%

I,m not real good with computers, but mine is running slow. Its Windows XP and I did run Spybot S&D. Thank You!

Logfile of HijackThis v1.99.1
Scan saved at 10:58:52 AM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.ex... Read more

Answer:Please check my HJT Log

13 more replies
Relevance 22.96%
Question: Check Log

Could you please analyse my Hijack This log as follows, thank you.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:16 PM, on 20/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Boost XP\bxservice.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System... Read more

Answer:Check Log

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.


Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

P2P - I see you have P2P software (i.e. warez) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly cont... Read more

5 more replies
Relevance 22.96%

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:20:52 PM, on 11/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\rotatelogs.exe
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\rotatel... Read more

Answer:Please check this HJK log

7 more replies
Relevance 22.96%

It seems like there is a lot of crap.

Logfile of HijackThis v1.99.1
Scan saved at 8:41:28 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\DOCUME~1\Lexy\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/... Read more

Answer:Can someone check out this HJ log?

Are you having any issues? If so, please explain. I don't see any malware in that log. HijackThis doesn't see everything out there these days....let's have you run some tools and see if anything lurks.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Perform an online scan with Internet Explorer with

Kaspersky Online Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:Scan using the following Anti-Virus database... Read more

7 more replies
Relevance 22.96%

ran ad aware , house calls and others. am i good to go?

Logfile of HijackThis v1.99.1
Scan saved at 6:09:26 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kevin dollar\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\... Read more

Answer:PLEASE CHECK hjt log thank u

Do you have an antivirus program installed?
 

2 more replies
Relevance 22.96%
Question: Check -up

Hello To all:

I was wondering if you see anything wrong??

Thank You in Advance

Fixandfly


Logfile of HijackThis v1.99.1
Scan saved at 10:44:50 PM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Pro... Read more

Answer:Check -up

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Download LSPFix http://www.greyknight17.com/spy/LSPFix.... Read more

1 more replies
Relevance 22.96%
Question: Check Up

Please can someone have a look at my log for any issues.

Wil be much appreciated,

Ceemo

Logfile of HijackThis v1.99.1
Scan saved at 2155, on 29/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Pand... Read more

Answer:Check Up

Everything there seems to be in order

1 more replies
Relevance 22.96%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:33 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\M... Read more

Answer:Please check my log

Anyone? Please ^.^
 

1 more replies
Relevance 22.96%

Hi, ive got two questions, firstly microsoft word will not load up due to insufficient resources, and secondly I have a rather large Hijac this log to sort out. Any help would be much appreciated

Logfile of HijackThis v1.99.1
Scan saved at 22:09:18, on 09/03/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\INVERSE IP INSIGHT\BT\ARMON32A.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\BT YAHOO! INTERNET\MODEMLOCK.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\HPZTSB02.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BT YAHOO! INTERNET\WATCHDOG.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\PROGRAM FILES\BT BROADBAND 205\HELP\SMAR... Read more

Answer:Would someone please check this log

how much ram do you have?

i cant speak to whether you have an infection but you do have a lot of processes running which you need to trim down.
 

3 more replies
Relevance 22.96%
Question: Pls check this out

Random pop-ups occurances. Please check below logs. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:27:04 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\Hijack... Read more

Answer:Pls check this out

HiJackThis Analyzer result:

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: N... Read more

11 more replies
Relevance 22.96%

It's really only a routine check, but my pc has a history of viruses, so might as well get it checked. Thanks.

Answer:could someone check my log sometime?

We're going to need a log to check.

Please read and follow the process outlined here.

Then download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Copy and paste the contents of the logfile here for review. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

10 more replies
Relevance 22.96%
Question: please check log..

Could someone please check my log as i have been getting alot of popups again. Thankyou
Logfile of HijackThis v1.95.1
Scan saved at 9:35:53 AM, on 7/25/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NVATray.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\SuperBar\sbhc.exe
C:\Program Files\TwistedHumor\Bonus Software\msbb.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\ezula\mmod.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\FRU\Remind32.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
C:\Pro... Read more

Answer:please check log..

12 more replies
Relevance 22.96%
Question: HJT log check

Just wanted to get a check. Ran AVG and Spybot S&D and came up with stuff to fix. Did the fixes now just checking to see if it's clean Thank You in advance for the help!

Logfile of HijackThis v1.99.1
Scan saved at 1:12:07 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Creative\Sharedll\AHQ\CTMIX32.EXE
C:\Program Files\Creative\Broadband Blaster UI\bbui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donna\Desktop\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6369FC12-2311-44E4-9375-4320A5F2CF92} - C:\WINDOWS... Read more

Answer:HJT log check

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {6369FC12-2311-44E4-9375-4320A5F2CF92} - C:\WINDOWS\System32\ssqnk.dll (file missing)
O2 - BHO: (no name) - {AB6CF222-945D-4319-93AC-E0804D3DA809} - (no file)
O20 - AppInit_DLLs: c:\windows\system32\vtutron.dll
O23 - Service: Original Windows Service Monitor - Unknown owner - C:\WINDOWS\uncsvc.exe (file missing)

Close all applications and browser windows before you click "fix checked".

Please download the OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

c:\windows\system32\vtutron.dll
C:\WINDOWS\uncsvc.exe
Click to expand...
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a sc... Read more

1 more replies
Relevance 22.96%
Question: Check My Hjt Log

my friend told me to get and run hijackthis and post the log here and one of you can help me fix this problem i am having with popups
 hijackthis.log   8.41KB
  5 downloads the popups say there comming from banneradsgalore.com

Answer:Check My Hjt Log

Hello dinsaru,

I apologise for the delay, the forum is busy.

If you still need help post a new HijackThis log.

Post it properly and not as an attachment.

2 more replies
Relevance 22.96%
Question: Please check

I was told to post this so here it is (I will post the Ewido log in a little bit):

Logfile of HijackThis v1.99.1
Scan saved at 12:36:20 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\carpserv... Read more

Answer:Please check

I tried to install the ewido program and it told me that it couldn't because it was either corrupt or because of a virus. Must be a virus. and I can't do a virus scan because that seems to be one of the things affected by the virus. It won't allow me to even open a scan now. and when I ran S&D it found a antivirus and firewall overrider. I removed both but I can only image what may be left. I can't update any of the scan programs either because if I am connected to the internet, my computer just repeatedly reboots itself.

6 more replies
Relevance 22.96%
Question: Please Check Over

Hello, Could you please check this over, you guys are the pros! I have no clue what I'm staring at!

Logfile of HijackThis v1.99.0
Scan saved at 11:43:21 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Welcome Alex!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yah... Read more

Answer:Please Check Over

Hi alexxx,

Your log appears clean but to be certain, do an online scan at Panda also:

Please run an online scan at http://www.pandasoftware.com/products/activescan.htm
Make sure you click the "Free Online Virus Scan" in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

1 more replies
Relevance 22.96%

It isn't so long ago that i posted my last log, but i've download bits of software etc and the log seems different anyway, especially there's a lot more running processes for some reason (like csrss.exe) I'd be really thankful if someone checked it.

Logfile of HijackThis v1.99.1
Scan saved at 23:12:56, on 07/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hija... Read more

Answer:can someone check my log please

Hi
Thats fine.Its all normal...

1 more replies
Relevance 22.96%

Hi some webpages I visit just won't display any content, I was told to do a Hijack this log so you can help me !

here it is :


Logfile of HijackThis v1.99.1
Scan saved at 13:13:24, on 2006-09-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Internet%20Explorer/Connection%20Wizard/Index_files/Index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
F2 - REG:system.ini: Shell=explorer.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr-ca\msnappau.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\... Read more

Answer:Please check this log !!!

Kindly refer to this thread http://www.techsupportforum.com/showthread.php?t=111762

1 more replies
Relevance 22.96%
Question: Check My Log!

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 06:59:35, on 13/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\arservice.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\ARPWRMSG.EXEC:\Program Files\HP DigitalMedia Archive\DMAScheduler.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ctfmo... Read more

Answer:Check My Log!

HiYou are running an out-of-date version of javaGo to add/remove programs and uninstall any earlier versions ... in your case :-jre1.5.0_06 (at least)Then You can go here and install the latest version of Java.http://java.sun.com/javase/downloads/index.jspScroll down the page to 'Java Runtime Environment (JRE) 6 Update 6' and press the 'Download' button.Running an out-of-date version of java is an infection risk.-Other than that your log's clean ...Please Download CCleaner from :-http://www.filehippo.com/download_ccleaner/ (click the download tab)During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.doubleclick the ccsetup.exe file and install the program...After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours" Make sure the "windows" tab is selectedUnder "internet explorer" tick...Temporary internet filesCookies* > see Note belowHistoryRecently typed URL's (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)Delete index.dat filesLast download locationAutocomplete form historyunder "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"Other explorer MRU's (leave this unticked if you DON'T want to clear lists such as the start\run list)under "... Read more

2 more replies
Relevance 22.96%

I just got done cleaning one computer and you guys did so great, I was wondering if you would take a look at my PC. I try to keep it pretty clean, so here ya go.. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 4:35:00 PM, on 8/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1126138043\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\VERITAS Software\Update Ma... Read more

Answer:Just want a check - HJT Log

On a side note, everytime I try to delete viewpoint off the computer, it just hangs and I have shut down the add/remove and when I try to restart it, it just hangs.

2 more replies
Relevance 22.96%

Just trying to make sure my computer is safe!! Thanks to whoever can help!!
HJT log follows...




Logfile of HijackThis v1.99.1
Scan saved at 830 PM, on 8/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Fil... Read more

Answer:Can someone please check my log?

Hello JerseyBella13,

Our apologies for the delay. We've been short-handed due to summer vacations.

There is nothing apparent in this log, but I would suggest an online scan for a second opinion.

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it will offer you a report.
Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
Click on see report. Then click Save report

Please post those results along with a new HijackThis log.

3 more replies
Relevance 22.96%

Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 12:27:06 AM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Updater\1.0.377.3622\GoogleUpdater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\... Read more

Answer:check out my hjt log please

clean log!
have hijack this fix these entries. close all browsers and programmes before
clicking FIX.
O2 - BHO: (no name) - {B6BFCF98-B30D-4074-982B-E96798810473} - (no file)
O3 - Toolbar: (no name) - {B720BA4B-AB91-44DD-88AB-43C28FCF5031} - (no file)
9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Filter: text/html - (no CLSID) - (no file)
 

1 more replies
Relevance 22.96%
Question: Check my log

Logfile of HijackThis v1.97.7
Scan saved at 7:15:37 PM, on 2/17/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\MsDtc\Driver\chwin.exe
C:\WINNT\System32\MsDtc\Driver\NTSrv.exe
C:\WINNT\System32\MsDtc\Driver\WinSrv.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINNT\System32\MsDtc\Driver\msn.exe
C:\WINNT\System32\MsDtc\Driver\SMSS2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Real\RealOne Player\RealPlay.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\softnyx\GunBound\GunBound.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijack\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C... Read more

Answer:Check my log

13 more replies
Relevance 22.96%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:46:30 PM, on 7/13/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Network Associates\VirusScan\Avsynmgr.exeC:\PROGRAM FILES\CNS\CALL TRACKER 2000\SRVANY.EXEC:\Program Files\cns\Call Tracker 2000\BCM50Cap.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\cusrvc.exeC:\WINDOWS\Cpqdiag\Cpqdfwag.exeC:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Novell\ZENworks\nalntsrv.exeC:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exeC:\Program Files\Novell\ZENwo... Read more

Answer:Please Check My Log

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

2 more replies
Relevance 22.96%

can someone please check this for me
 

Answer:please check this for me

Hi no fear

I am poting your log in the thread. It is easier that way.

Give me a few minutes yo look it over.
Logfile of HijackThis v1.97.7
Scan saved at 21:53:20, on 15/02/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SAMSUNG\AHT-E310\CnxDslTb.exe
C:\WINDOWS\System32\mslaugh.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\VsMain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Halls\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww... Read more

3 more replies
Relevance 22.96%

Hi, My computer has been a little sluggish,especially the cursor. I also get the little pop-up windows that say, http://media fastclick, they appear so quickly, i don't have time to cancel it. then it appears in my taskbar for a moment, then disappears. Anyway, here's the log.
Logfile of HijackThis v1.99.1
Scan saved at 9:38:11 PM, on 1/10/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SMC.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.chilitech.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-... Read more

Answer:Would someone please check my HJT. Log.

10 more replies
Relevance 22.96%

the last time i posted a log was only a couple of weeks ago and i was told the problem wasnt virus related kinda, so i didnt really know what to do. The computer's really slow and i think im gonna bring it to a place to see what's wrong. Basically before i do so, I want to see if my pc's problems arent virus-related. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 09:56:33, on 02/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\PROGRA~1\YAHOO!\BROWSER\ybrwicon.exe
C:\PROGRA~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YAHOO!\BROWSER\YCOMMON.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\hijack folder\HijackThis1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKCU\... Read more

Answer:please check my log

Hi niall

Your log is clean. I did respond to your thread in General Security about the bt files, so I dont think that's anything to do with your problems.

However, let's just take a look and see if there is a rootkit present.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, the tool will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

When finished, the tool will produce a log for you at c:\combofix.txt. Post that log in your next reply.

3 more replies
Relevance 22.96%
Question: Check log please

Logfile of HijackThis v1.97.7
Scan saved at 1:26:49 AM, on 2/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\IDS78B4T\HijackThis[1].exe

O1 - Hosts: 213.222.11.11 auto.search.msn.com
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HK... Read more

Answer:Check log please

8 more replies
Relevance 22.96%

Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:48:46 PM, on 19/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXEC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\hp\kbd\kbd.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Windows Live\Messenger\usn... Read more

Answer:Please Check My Log

Hi ColdFire,I'm sorry it's taken so long for you to get a response, if you still need help please do as follows:Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)Close all applications and windows.Double-click on dss.exe to run it, and follow the prompts.When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimizedMake sure Format->Word Wrap is uncheckedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your replyOnce complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.

3 more replies
Relevance 22.96%
Question: Check up

Alright guys, not used this pc in a long time, been using my laptop, this one has been left for family to use, dunno if anythings on here?

Logfile of HijackThis v1.99.1
Scan saved at 02:58:47, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Linksys Home Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Home Wireless-G USB Wireless Network Monitor\HU200.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Fil... Read more

Answer:Check up

bump!

4 more replies
Relevance 22.96%

I had to do a restore on my pc i couldnt even go online anymore.can you help me figure out what i need to do next. i installed outpost firewall pro. and hjt now. what else do i need for protection tyvm

Logfile of HijackThis v1.99.1
Scan saved at 3:12:26 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:... Read more

Answer:can u check my pc for me? hjt log

Do you have both Norton and McAfee antivirus programs installed? If you do, you need to get rid of one of them. Besides both of them being problematic and memory hogs, running 2 antivirus programs at the same time can bog down your computer and cause various problems.

-------------------------------------------------------------------------------------

Get rid of BigFix. It's a very outdated program and hasn't been updated from version 1.7.6.0 in years and before Windows XP ever came out.

-------------------------------------------------------------------------------------
 

1 more replies
Relevance 22.96%

gfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:42 PM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW... Read more

Answer:can u plz check my log :D

Welcome to TSG ninja iwk,

The log shows at least some of IAC's MyWebSearch search hijacker running there (see here), but the bottom of the log is missing. Let's have you post back more details along with a more complete HijackThis log for now, then repair what needs repairing.

Open Hijackthis.
Click Config - Misc Tools - Open Uninstall Manager.
A list of the entries in Add/Remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents back here for review.

Also Go Here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your protective software queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here, along with the Uninstall List and a new HijackThis log please. You can use separate posts here if needed.
 

1 more replies
Relevance 22.96%
Question: Please Check.

Hi, This is a HJT log for my laptop. not the computer i'm currently using. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:28:47 PM, on 6/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\BroadJump\Client Foundation\... Read more

Answer:Please Check.

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

3 more replies
Relevance 22.96%

I hope I did this scan right.I closed every thing and went to the hjt icon and did the scan.
My problem is a hijacked home page and I also keep getting all kinds ballons popping up from a Icon in my system tray telling me I need to get this and that program to get rid of virus's.
ThankLogfile of HijackThis v1.99.1
Scan saved at 12:22:34 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\MMediaCodec\isamini.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\MMediaCodec\pmmon.... Read more

Answer:My log,Can you check it out please.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Download AVG Anti-SpywareInstall AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.On the top of the main screen click Shield
Click the word active... Read more

1 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 22:55:56, on 21/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\N-case\msbb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ToPicks\Bin\Idhost.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\eDonkey2000\eDonkey2000.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPE... Read more

Answer:can u please check this for me

8 more replies
Relevance 22.96%

Hello everyone,
I am new and first time in this community. Hope to have nice issue-solving in here ;)
I anyone could be kind to see my log for strange strings I would really appreciate. I have some suspicions that my browser has been cracked?
Thanks a lot everyone.
Regards



Code:
Logfile of HijackThis v1.99.1
Scan saved at 19:45:23, on 28.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus Corporate\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp 2.91\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\HijackThis v.1.99.1\HijackThis.exe

O2 - BHO: (no name) - {08A85291-3C64-8D1D-C1BF-05223EADFADB} - (no file)
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~... Read more

Answer:A log check to be sure

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance. Please just copy and paste your log directly into the thread - don't use code or quote tags.

Thank you.

4 more replies
Relevance 22.96%

I have about 5 viruses and I can't figure out how to remove them. Can someone check my HJT log, I'm assuming the viruses will show up here?

Thanks, Danna


Logfile of HijackThis v1.97.3
Scan saved at 9:03:47 PM, on 2/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\0VGJS1AZ\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.degrassi.tv/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\... Read more

Answer:Could you check my HJT log please?

16 more replies
Relevance 22.96%
Question: check me please

Had a blue screen, wonder what may be going on with this machine....thanks for giving it a look!

Logfile of HijackThis v1.97.7
Scan saved at 12:36:26 AM, on 2/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O3 - Toolbar: &... Read more

Answer:check me please

9 more replies
Relevance 22.96%

I know for a fact my computer is infected with JUNK but how much and how can I get rid of it is the problem. I have SPYBOT and ADAWARE but both did not do their job on this one. Heres my log.

Logfile of HijackThis v1.99.1
Scan saved at 12:58:46 AM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
E:\Virtual CD\PowerISO\SCDEmuApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\syst... Read more

Answer:Can someone check my HJT log for me?

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.


We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

regards
alba

2 more replies
Relevance 22.96%

the internet (dial-up by the way) is going slow, pretty much not working that well. Hope it's only a temporary thing. The computer generally seems to be fine, so maybe it's something to do with cabling or something rather than viruses. The PC probably needs a routine check anyway, so guess I'll post a hijackthis log and pandascan thing. Thanks.


-----
Logfile of HijackThis v1.99.1
Scan saved at 1100, on 02/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\hijack folder\HijackThis1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMMON\YCOMP5_2_3_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D5... Read more

Answer:can someone check my log please?

Is this log from Normal Mode?

It might just be the connection. It's dial up, so it won't be fast.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.

1 more replies
Relevance 22.96%
Question: hjt log check

my comp is starting to crash and run slow any help would be appreciated thank you in advance

Logfile of HijackThis v1.99.1
Scan saved at 10:04:14 PM, on 6/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Prog... Read more

Answer:hjt log check

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - H... Read more

5 more replies