Computer Support Forum

check up...

Question: check up...

I havent had any problems with my machine but im doing a cleanup, just to make sure i havent got anything bad running could you do a quick look over of my log. Any suggestions?

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:03:58 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hamptonroads.cox.net/cci/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hamptonroads.cox.net/cci/home
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/pcpitstop.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


End of KRC HijackThis Analyzer Log.
====================================================================

Relevance 100%
Preferred Solution: check up...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: check up...

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download WinsockFix http://www.greyknight17.com/spy/WinsockFix.sfx.exe and uncompress it. Then double-click on the uncompressed file to run it.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

xfire_lsp_10650.dll<<<<<<<<Do a search for and delete

Restart and run a new HijackThis scan. Save the log file and post it here.

9 more replies
Relevance 33.21%

The problem start with my wife's PC. It started a few weeks ago she told me. She can't open Outlook Express (doesn't start), access My Space or get updates at Windows Update. Also some images on sites do not load.

I then checked my PC and found, I couldn't access Windows Update, My Space, Thunderbird fails to retrieve emails. I have not noticed any issues with images.

Given this sounded like some of the behaviors I have heard of trojans doing I thought I would post my logs here and see if anyone sees anything out of place. Normally I wouldn't consider a cross contamination but about two weeks I temporarily set up a home network between our PCs to share a few files. The next day I disabled NetBIOS on my PC but as we are both behind a hardware firewall, I guessing if it happened it must have happened then.

Nothing jumps out at me but I wanted to get a second opinion.

Any help would be appreciated.

Wife's PC
Logfile of HijackThis v1.99.1
Scan saved at 5:12:51 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sys... Read more

Answer:Hijack This Check (Can't Update Windows, Check Email or access My Space)

I ran SuperAntiSpyware and found nothing but 10 tracker cookies. Running Panda Virus Scanner online. I couldn't run F-Secure because IE7 Active X controls prevent it from running.

Zero clue as to what is going on so far.
 

3 more replies
Relevance 33.21%
Answer:how do i change ms word's spell check to check for british spelling?

is there a british version of office xp? i dont know if you can do that


 

6 more replies
Relevance 33.21%

Hello, My PC is disk usgae is at 100%  and somtimes the CPU usage jumps up to. I tested my system and recived- Hard Drive Short DST Check and Long DST Check: Warning  How do I determine what the warning is? Do this mean my hard drive is on the verge of failing? 

More replies
Relevance 33.21%

Is verifying files by check sum / content after transferring (copying, moving) indeed unreliable?

Since "ever" I - if I checked files at all - checked files by content or check sum after transferring them, so this information sounds very astonishing to me now, I hadn't had any clue about what I read here: http://blogs.msdn.com/b/oldnewthing/archive/2012/09/19/10350645.aspx

Obviously meaning in many cases checking files by content / check sum checks the data in the buffer, if I see it right.

So, is it like that? Does it refer to all of the synchronizing / backup / copying, check sum, etc. programs?

And what is the best / easiest way to (automatically) check files after transferring. E.g. when copying all of the files of a 4TB drive to another one.
 

Answer:Verifying files by check sum / content after transferring unreliable - how to check?

Re: Verifying files by check sum / content after transferring unreliable - how to che

Kletus...

I'm not in my league with this, but could this make sense?

I think the article is referring to times when you are seeking to verify data across a network span between two systems (operating systems), where system b (copy destination) requests a checksum from system a (file original location). I believe the author is saying that in that particular situation checksums would be created from the cache/buffer on both computers. In the case of you copying to a secondary disk connected to a single computer I think the checksum should work fine. Sounds like one of those programmer's dilemmas to me.

Sorry if I am off on this. I know you are looking for some programming expertise. I'll just say that reading this, it made sense to me about the author's comments:



This really sounds like you're overthinking it.

First, what possible reason would there be for giving someone write access but not read access to a certain location? That's screwed up on so many different levels...

Second, you're right that having the sender compute a checksum of the destination file is a bad idea for all the reasons mentioned. But why did you even think of doing that in the first place?!? If I was implementing a system like that, I'd have the *destination* system compute the checksum on the file it received and send it back to the sender for verificati... Read more

5 more replies
Relevance 33.21%

Hi, i have hp pavilion g6 laptop and its upgraded from windows 8 to 8.1 then windows 10.  From last few days i was getting "Memory_Management", "Kernel_Data_Inpage_Error" and so many other errors with blue screen. Due to this i have to power off the system from main power button by holding for few seconds. Now i was getting hang problem. I saw in task manager that DISK UTILIZATION was 100%. I did a hardware test where i got below results : HARD DRIVE SHORT DST Check : WARNING HARD DRIVE Optimized DST Check  : FAILEDFAILURE ID: 9U3UWX-6KT85B-MFPWWJ-61Q003 Can anybody tell me how to resolve this or i need to replace the hard drive. -ThanksPankaj 

Answer:Hard Drive Short DST Check : WARNING and Optimized DST Check...

Yes you need to replace the hard drive. Since you have upgraded to Windows 10 it is very easy to get recovery media directly from the Microsoft Media Creation Tool. For most people, the problem is not physically swapping out the hard drive, but restoring the operating system since they do not have recovery disks. Post back if you want a service manual and/or video showing the replacement, purchase options for a new hard drive and step-by-step for restoring Windows 10. We would need the full model...g6-???? 

2 more replies
Relevance 32.8%

I have what I believe is a probably Hard Disk failiure; however, the Windows utility provides different output than the error codes provided by the System level check. The below is from my OS check:Microsoft Windows [Version 6.1.7601]Copyright (c) 2009 Microsoft Corporation. All rights reserved.C:\Users\user>wmicwmic:root\cli>diskdrive get statusStatusOKwmic:root\cli> It seems to indicate status as OK. However, the system level Hardware Test before booting shows the following:Failiure ID is: 9PMPKK-5B284T-XD002K-60QS03Product ID is XG809UA#ABA  I assume the OS level SMART Test is less reliable, then?Thanks!

More replies
Relevance 32.8%

My daughter called me and asked what was wrong with her monitor. She said that when she starts her computer she gets this message "Self check, check your PC and signal cable, monitor is working" and no other display...

kds x-flat monitor, onboard video, XP, AMD

She has unplugged and replugged the video cable several times... any ideas why this is?
 

Answer:Self check, check your PC and signal cable, monitor is working

That suggests that the computer is not booting, or if it is, there is no video output.

The monitor is simply saying "I am OK, but the computer isn't sending me anything"

A simple check to see if the computer is booting is to try the CAPS Lock key. Pressing it will toggle the CAP light on and off each press, if the PC is running.
 

2 more replies
Relevance 32.8%

i have a panasonic toughbook cf 53 running windows 7 pro.my computer works fine. when i turn the computer on it states that there is a media test failure check cables. the only thing that is not working on my computer is the sound. i have checked the control panel and the settings, nothing is muted. im confused why the sound will not turn on. i pressed fn f4 to mute the volume and now it seems to be stuck on mute? any help would be greatly appreciated.thanks, jason

Answer:media test failure check check cables.

Check in Device Manager. Are there any yellow exclamation points?You've been helped by a 14 year old.

6 more replies
Relevance 32.8%

Hi all

I have been trying to create an Excel macro that deletes only the check mark inside the check box albeit with no success. Is there a way to do this?? I have plenty of check boxes and it is taking me a lot of time to go into each one and delete only the check marks. It would be would be pretty neat to create a macro to delete the check marks in every single check box. If someone out there has figured out how to do it, it would be a great help.

Thanks

Mario
 

Answer:Deleting the Check mark only inside the check box using VBA in Excel

6 more replies
Relevance 32.39%

Hey guys,

The company I'm working for has grown a lot and now I'm no longer the only programmer. We're looking for an app that lets us do code check-in/check-out that'll also store all the changes.

All the files we need monitored are plaintext, and we do most of our development in Notepad or Notepad++. The app must work in Server 2003.

Any suggestions?

Thanks!
 

Answer:Code Repository/Check-in/Check-out system

I think subversion should handle your needs...
 

13 more replies
Relevance 32.39%

What is the best check -in check-out asset management software? A list of what's out there would be appreciated because I cant seem to find an authoritative one of what's best for asset management (game development). I hear Alien brain is good and there's one that starts with a 'p' that I can't remember the name of it to save my life... Alien brain is too expensive and hard to find. It's an open source project so I know the 'p' one would work because they offer open source licenses so if anyone knows what Im talking about feel free to enlighten me.

Something similar to Project but with asset management and check in/check out functionality would be great if anyone could suggest something. A step beyond that would be real time preview of maya scenes, psds, and xsi files. But maybe I want too much with the latter...

edit: Oh and it doesn't have to be free, Im just curious as to what's out there...
 

More replies
Relevance 32.39%

I have listbox with check box as listbox items, i need to select to checkox dynamically. help me to do this.

Answer:Unable to check the check box dynamically in listbox in wp7

sorry but I clearly didn't get your question here. Could please give me some more details ? :)

2 more replies
Relevance 32.39%

If it ain't one thing, it is another with this computer.
My spell check is having a nervous breakdown. It checks and offers alternatives for almost every word. This check can include words such as A or An, It, etc. At times I get spellings for words nowhere similar
In a paragraph similar in length to the preceding one, I might have suggetions for practically every word.
Plus, the auto check feature is not working
Anyone help? Appreciate any

Sarge
 

Answer:Spell check doesn't check correctly

You need to tell us what OS you are using and where this is happening - in a browser, in a word processor etc.
 

4 more replies
Relevance 32.39%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des

Answer:Check Disk \ Auto Check Alternatives

There isn't any such software??

-Des

3 more replies
Relevance 32.39%

Hello.

I have a SuperMicro server with windows 7 32bit. I am using a specialized hardware that can understandably may cause machine check errors because I have a pcie device that can stop responding to cpu non posted transactions for long pepriod of time. I have disabled the pcie timeouts in the hardware, but some other cpu exception occurs due to this long waiting time for the pcie transaction to complete. I get the BSOD with WHEA exception 124.
Bug Check 0x124: WHEA_UNCORRECTABLE_ERROR

Reported by compenent: Processor Core
Error source : 3
Error type: 9
Processor ID: 36

Event ID 18

How do I disable this machine check in windows 7 ?

Thanks

Rayyan

Answer:how to DISABLE Machine Check, WHEA bug check

Hello and welcome to the sevens forum. You said you are getting BSOD"s can you do the following because the BSOD team will need it to help you.

Blue Screen of Death (BSOD) Posting Instructions

1 more replies
Relevance 32.39%

So I have this problem, I have a user that have to check that box every time he open outlook for always check spelling before sending, it won't save the setting when I close it, my last resort would be a new profile but I want to try get help here first since google wasn't very helpful

We use outlook 2010 and the PC is part of a domain, I also tried checking the web outlook but the option is not there.

He is the only user having this problem and to be honest I have never seen this problem before.

More replies
Relevance 32.39%

Sup ppl?

I've been trying to get chech disk to run on startup for about a month now with now succes. I've searched the net constantly and tried tons of different approaches, but they all failed for me.

Anyway, I keep getting a baloon popup saying I should run chech disk because I have errors. I was hoping there's any type of software I can buy/download that will do the same thing as Check Disk, as in fix errors and bad sectors on disk.

Thanks in advance ppl.


-Des
 

Answer:Check Disk \ Auto Check Alternatives

Well...? I'm sure there must be some available.

-Des
 

7 more replies
Relevance 31.16%

just wanted to see if anyone noticed anything out of the ordinary.

Logfile of HijackThis v1.99.1
Scan saved at 8:57:04 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Windows folder: C:\WINDOWS
System folder: C:\WINDOWS\SYSTEM32
Hosts file: C:\WINDOWS\System32\drivers\etc\hosts

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTune... Read more

Answer:*not urgent* can someone check my HJT to make sure everything is in check?

Looks fine
 

1 more replies
Relevance 31.16%

greetings,
when I try to enter checks in the check register, I cannot set the check date to anything other than today's date (ie, the day I am trying to enter the check).

I have googled, etc, but cannot find the cause of this problem.

Anybody have an idea ?

thanks in advance.
 

Answer:Check dates in check register

What program
 

2 more replies
Relevance 29.11%

Hi -Have you changed or added anything recently, or had any type of infection on the computer ? ?Go > Start Accessories > Command Prompt and Right click on it > Select Run as Administrator > Then type scf /scannow and press Enter -This "should" only take about 20 to 30 mins and will check your System Files -Next do the same, but type chkdsk /r and follow any prompts and reboot your computer - The 5 stage check may take from 1 to 2 hours depending on your system, but please let it finish -Thank You -

Answer:auto check program not found-skipping auto check

If sfc /scannow doesnt help then try thisDownloadAutorunsExtract and launch autoruns.exeAllow the scan to run,click on FILE-SAVE Filename:Autoruns.txtsave as type:textUpload the file to wwww.filedropper.com and post the link here

3 more replies
Relevance 29.11%

I get this blue screen error "Auto Check Program not found - Skipping auto check" each time that I boot up. What's the cause and how can a fix it?

More replies
Relevance 26.24%

Running the Computer Check Disk Function
Step 1
Determine whether you are using Windows XP or Windows Vista. XP users can simply click on the "Windows Start Button" and then go to the "Run" link. Once run pops up type in "CMD" and hit enter which will cause the MS DOS prompt to appear. Type in "CHKDSK /r" which will check for hard disk errors. Vista users need to click on "Start" then go to "Accessories" followed by "System Tools" and then run the MSDOS program followed by "CHKDSK /r"
Step 2
Insert your restore CD if errors are found and not fixed by the check disk function listed above.
Step 3
Turn your computer off and then back on. You'll be asked to hit any button to boot from your CD; press any key. You will then be asked if you want to install a fresh version of your OS or "Repair" a current copy. Choose the "Repair" option and allow the computer to go through the necessary steps.
Step 4
After the repair function has run, turn your computer off and then back on. Wait and see if the computer shuts down again. If it does not shut down, your computer's restore function has fixed the file, which was probably caused by a bad system file.
Fixing Computer Shut Downs Via The Power source
Step 1
Check if your power source is properly connected inside your computer. Your power source is the large box that your computer's power cable plugs into. If this connection becomes loo... Read more

Answer:How to check for disk errors using Check Disk

Very useful share angelcotty

2 more replies
Relevance 26.24%

Today, I was online, reading the news and noticed that the pages were loading slower and slower. Using IE 8. Anyways, I got the Blue Screen of Death with (this is the first time I've seen this message):

Hardware Malfunction
Call hardware vendor for support
NMI: Parity Check/Memory Parity Error
The system has halted

I have a Dell Inspiron E1705 laptop
Win XP, Svc Pack 3
RAM: 1GB
BIOS version: Dell Inc. A03 (2006)
Recent changes to computer: Upgraded from IE 7 to IE 8 12 Apr 09, Windows Auto Update 15 Apr 09, Reg Fix Pro Update 16 Apr 09

After rebooting, I came to your site and checked out some similar posts, I've blown away the dust and went to the link for memtest86, downloaded, installed and updated drivers.

So, far have not received this msg again, but there were some other suggestions I'd like to try. How do I clear CMOS & set BIOS? (And years ago I heard the term - flash the BIOS is this the same thing? Or something else & do I need to do it?) Can you give me guidance on opening up a laptop to reseat & switch memory (I've only opened a desktop)? I did try to go into Setup (F2), but most fields were unchangeable. The battery is 100% charged and performing normally.

Any other things I should do?

Thanks so much!
 

Answer:parity check/memory parity check

There should be a slot on the bottom to get to the memory. Laptop memory sits flat, you will press 2 clips on the RAM holder and the memory will come up about 45 degrees. You can then lift it out of the slot. To install new memory, you slide it into the holder then press it down so it lies flat and you will hear it click in place.

As far as BIOS, avoid flashing it. If this is the first problem you've had and the error seems to point to memory, you do not need to do anything with your BIOS.
 

8 more replies
Relevance 22.96%

COULD YOU TELL ME WHAT RUBBISH IVE GOT IN MY LOG PLEASELogfile of HijackThis v1.99.0
Scan saved at 21:55:47, on 27/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\STOPzilla!\SZServer.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
D:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
D:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Lexmark 3100 Series\lxbrcmon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\Program Files\Pica... Read more

Answer:Plz Check My Hjt Log

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKCU\..\Run: [LicenseBin] d:\DOCUME~1\hank\APPLIC~1\ANTEWI~1\debugcurbbyte.e xe <<-- unless you know what it's for, get rid of it

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

d:\DOCUME~1\hank\APPLIC~1\ANTEWI~1\ <<-- unless you know what it's for, get rid of it

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

Any problems now?

4 more replies
Relevance 22.96%

It's been a while since I did an HJT scan and the computer seems to be running slow again. I've run CWS, Adaware, and Spybot, and usually have Zone Aleam firewall running (except when my wife turns it off to download something and forgets to turn it back on ). Anyway, here is the log and please tell me what does not need to be there.

Logfile of HijackThis v1.99.1
Scan saved at 12:01:13 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software U... Read more

Answer:Please check this HJT log

6 more replies
Relevance 22.96%

A friend of mine has asked me to look over his HJT log. I don't feel confident with some of the entries in the log. Could someone please look it over. Thanks in advance

Logfile of HijackThis v1.99.0
Scan saved at 2:26:17 AM, on 1/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\dmi\win32\bin\Win32sl.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\... Read more

Answer:HJT log - please check

Just this one:

R3 - Default URLSearchHook is missing

2 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 11:30:46 PM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\debbie miller\Desktop\jerry's 3\AVGNT.EXE
C:\jerrys\gcasServ.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\jerrys\gcasDtServ.exe
C:\Documents and Settings\debbie miller\Desktop\jerry's 3\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cobian Backup 7\cbs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\jerrys\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUMENTS AND SETTINGS\DEBBIE MILLER\DESKTOP\JERRY'S 3\AVGUARD.EXE
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\jerrys\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explor... Read more

Answer:please check my log

Looks alright to me, are there any particular sites that cause this problem?
 

1 more replies
Relevance 22.96%
Question: Please check over

hey guys, can you please check over my log and tell me what i should delete.
Logfile of HijackThis v1.98.2
Scan saved at 10:55:37 PM, on 12/30/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$NetSDK\Binn\sqlservr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Pro... Read more

Answer:Please check over

Hi

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".

Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program.

Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES When done Download Cleanup and run it to clean out the temp folders ..Then please get HJT v1.99,reboot and post a new log when finished...

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

6 more replies
Relevance 22.96%

Oh man I've been experiancing all kinds of stupid pop-ups! There is one called xadsjt-a.offeroptimizer.com that hides in the toolbar untill it's fully loaded!. I also have an x-lime problem and other pop-ups, but you can't fix em all I understand. And there is a few pop-ups that manage to bypass my Service Pack 2 pop-up blocker! here is the most recent HiJackThis.log

Logfile of HijackThis v1.99.0
Scan saved at 3:32:39 PM, on 12/23/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Gateway\Gateway Ink Monitor\GWInkMonitor.exe
C:\WINNT\SM1BG.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\WINNT\system32\eqwsndta.exe
C:\Documents and Settings\Derek\Application Data\dees.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\system32\t?skmgr.e... Read more

Answer:Check this out and tell me what's up.

Yuck......you need to start with some tools to soften them up some.....

==========

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the Fix Selected Problems button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.

Do... Read more

12 more replies
Relevance 22.96%
Question: check log, please!

Logfile of HijackThis v1.99.1
Scan saved at 19:24:16, on 14/08/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\keyhook.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgen... Read more

Answer:check log, please!

Log is clean. Do you have an issue...or is this just a checkup?

2 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 10:59:26, on 03/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\hijackthis1991\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneydrum.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Windows\C... Read more

Answer:Please check this Log

10 more replies
Relevance 22.96%

Happy holidays. Jimpaul again looking for some help from some of you brighter people. Avg keeps sending flash messages of different trojan downloader type viruses. I was going to write them all down but they kept popping up with too many. They seemed to be residing in the System Restore area so I turned SR off. Then I ran AVG, AASE, SpybotS&D and Trendmicro online.

Here's the current Hjt log:


Logfile of HijackThis v1.99.0
Scan saved at 3:38:19 PM, on 12/23/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Sche... Read more

Answer:Can someone check this Hjt log

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

The Temp folders should be cleaned out periodically as inst... Read more

7 more replies
Relevance 22.96%

Hi,
Whenever I use the IE browser on Win XP platform, the website that i'm viewing gets replace by this spyware website,which is really annoys me (it does not actually pop up on a separate window but always uses the one that I'm currently viewing). Could you help sort this problem out please? Here is my HJT log.
Cheers.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/16/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\A... Read more

Answer:Can you please check my HJT log?

Yeah, we're seeing this realtively new bugger a bit more now.

First thing is to remove the bad DNS entry:

Open the Control Panel and click on "Network Connections"

Right click on your Local Area Connection and then click on Properties.

Highlight the entry for TCP/IP and then click on the Properties button.

While on the General tab, click on the Advanced button.

Click on the DNS tab.

Now......look for and remove all DNS entries for this IP address: 195.225.176.31

(This IP address tracks back to NetcatHosting in the Ukraine.)

===============

Reboot and report back on whether or not that helped.

17 more replies
Relevance 22.96%

This is different from my other thread. While trying to disinfect one computer, I accidentally infected another. The virus has been deleted, but now I'm paranoid. Would someone please confirm that this computer is virus-free?

Thank you SO much.

Logfile of HijackThis v1.99.1
Scan saved at 4:51:02 AM, on 7/31/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILE... Read more

Answer:HJT log...please check

Piper,

Unfortunately ... this computer is infected. But if it's any consolation to you, it does not appear to be your fault. It appears it has been infected for quite sometime already.

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted by our Team. Click the "Thread Tools" button located in the original thread line and select "Subscribe to this Thread".

This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you have Notepad 'on'. If you should choose to do otherwise, it may lead to some confusion.

If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any open browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please do not run Hijackthis from it's current location. Create a permanent directory - C:\Program Files\HiJackThis\
Re-locate all files to the new directory
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be ... Read more

19 more replies
Relevance 22.96%
Question: In need of a check

Hi after reading a review that turbo torrent contains ad-ware and a trojan i wanted to get myself checked out.

Logfile of HijackThis v1.98.2
Scan saved at 07:48:13, on 15/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\passrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\APVXDWIN.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\SmartM\BlueOpal\Utilities\BlueTray.exe
C:\Pr... Read more

Answer:In need of a check

Hi ceemo

I can't find anything to support that statement. Did you read it on the net?

Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.


Lobos

5 more replies
Relevance 22.96%
Question: Log Check Please

Had an issue where all my JPG images in the shared documents folder were mysteriously deleted. I'm not sure whether this is child related or whether it is a malware issue. Scans didn't seem to pick anything up, so I'm guessing the former. But as it has happened on both desktop and laptop I was a little suspicious.

Both machines are running XP patched to SP3 and fully up to date with windows updates etc.

Logs attached as per instructions.

Combofix failed to complete after suffering a blue screen error. I didn't catch the error codes and didn't want to run it again unless asked to do so.

Thanks in advance and hope that everything is clean and I'm worrying unnecessarily
 

Answer:Log Check Please

No. Not seeing any malware in those logs.

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
If we used Pocket Killbox during your cleanup, do the below
Run Pocket Killbox and select File, Cleanup, Delete All Backups

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MG... Read more

1 more replies
Relevance 22.96%

Hi,
I did a clean install of XP 2 days ago, unfortunately the kdis surfed before I could install all of the usual spyware tools. I followed the directions on the KRC anti-spyware tutorial, so have run: Online virus scan, CWShredder, adaware in safe mode, and spybot s & d.
CWS found nothing, adaware found 156 items, spybot found 6 (all of which I deleted).
I initially did all this because the computer was running slow, there was a starware toolbar in explorer that we didn't put there, multiple explorer windows were opening when connecting to the net, and the computer was trying to dial out constantly.
This is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 2:58:41 PM, on 15/03/2005
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG\avgupsvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG\avgcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVG\avgemc.exe
C:\WINDOWS\holxhd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Prog... Read more

Answer:Please check HJT log

Hi computernovice and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

5 more replies
Relevance 22.96%
Question: please check this

will some one please look at this highjackthis log and tell me if it looks ok. i just got my other pc running good and thank you all for helping me with that one now to get my last pc running good. thank you all for your time. i wish i could learn to read these myself.


Logfile of HijackThis v1.99.1
Scan saved at 2:17:13 AM, on 03/09/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\PGPsdkServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\BitLord\BitLord.exe
C:\WIN... Read more

Answer:please check this

For the most part the log is clean. Please update both XP and IE6 to SP1/SP2 service packs to remain so.

You can fix the following entrys in hijackthis...(Disable spybots teatimer first)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} -
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {40689DFB-7484-4D82-BCDD-DE2B39F74FD3} -
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} -
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} -
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} -
O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} -
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} -

O4 - Startup: Check For Dope Wars Updates.lnk = C:\Program Files\Dopewars\WiseUpdt.exe <--this entry is for a webgame..correct??

1 more replies
Relevance 22.96%

Hi,
I got a lot of adware and other crap including: CoolwwwSearch, EGroup instant access, winpup, urlsearch hook.atlpz, Troj agent BM, IEfeats, HTML redir.exploit virus, etc.
It has changed my IExplorer startpage, add some porn sites to bookmarks, and pop-up advertisements.

I removed all of them using spybot, ad-aware SE, symantec NSW 2004 and CWS shredder. I used Panda and Trendmicro online scans too. It seems that I finally get rid of them, all scans are successful and ok, but I want to be sure. Please could u be so nice and check my HijackThis log, please? I used also KRC HijackThis Analyzer to make this log.

Thank you so much!

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Share... Read more

Answer:Just need to check my log

Hi and Welcome to TSF

Still got some garbage floating, a dialer and a trojan. Please open spybot S&D and DISABLE teatimer.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then create a new restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - (no file)
O4 - HKCU\..\Run: [calmp3l0006.exe] C:\WINDOWS\System32\calmp3l0006.exe 1
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -
O16 - DPF: {09... Read more

4 more replies
Relevance 22.96%

Greetings all,
Have been getting a lot of SPAM lately soooo.......
Just cleaned my machine using Spybot S&D, Ad-Aware SE, AVG, all definitions were up to date. Oh yeah! have ZoneAlarm, and SpamMonitor working too.
Then I ran HJT and all looked O.K. until I got to the following:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
HJT states this is a VX2 but is also used by some Windows components?
Will this be dangerous to delete?
Does anyone see anything else that could be dangerous in this log?
Thanks in advance,
ultra_classic

Logfile of HijackThis v1.99.1
Scan saved at 7:55:43 AM, on 4/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone La... Read more

Answer:Please Check My HJT...VX2 again!!!!!!!

[bump] by ultra-classic
Didn't want this to get buried. Need advice before I delete anything. I can see how busy you are.
Thanks,
ultra_classic

6 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 7:51:20 PM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\110079~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110079~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe... Read more

Answer:<----- Log Check Here....Thanks!!!

Hi brut28481,

Your log is clean. Any problems?

2 more replies
Relevance 22.96%
Question: Bug Check 124

Hi,
I have been plagued, over the past year or so with intermittent, and seemingly random freezing. Listed below are some behaviours I notice with the problem, what I've attempted to do to fix it, some things that seem to have reduced the frequency of the problem but not fix it completely, some things I've yet to try, and will be trying. System specs, mini dumps, and other related things will be posted at the end.

Behaviour

This problem was absent for about the first year after piecing this computer together, which leads me to believe it is not a Hardware issue, unless through time pieces broke down and started malfunctioning.
Video freezes, no actions via keyboard or mouse registers, thus requiring a hard restart. Audio continues about 70% of the time, as if nothing went wrong. Other times it hangs looping the same sound.
Happens with or without intense graphic stress. Can happen with games running (most often), or with just Chrome up (while I wrote this post)
Seemingly random. Sometimes does it back to back 3 or 4 times in 15 minutes. Sometimes goes days, or weeks without happening.
Only sometimes generates mini dumps (unsure as to why).
Things I've tried:
First happened on Windows XP SP2/3. Clean install of Windows 7 Enterprise 32bit, twice. Did not install any software that was not essential. Problem did not seem to be present, but since I was hardly even surfing the web in that state, much less gaming, I don't know if that's an accurate fix... Read more

More replies
Relevance 22.96%
Question: Check This

Logfile of HijackThis v1.99.1
Scan saved at 13:11:46, on 22-12-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\Archivos de programa\Java\jre1.5.0_06\bin\jusched.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Ar... Read more

Answer:Check This

Clean
 

1 more replies
Relevance 22.96%
Question: Please check

I haven't had any real problems, but I wanted to do a scan and I did notice there are some things that need to be removed. I removed a couple already. I figured I'd save the rest for the pros!

I know that Weatherbug should be removed... is there another program that is as good? What about Wintools? I notice it often is killing my CPU usage!

Also are all 010 bad? They're Winsock hijackers?

Last comment: I ran 1.98.2 because 1.99 crashes every time! So I looked and saw that a thread that said to just run the old... so that's what I did.
Thanks all!

Logfile of HijackThis v1.98.2
Scan saved at 10:01:08 AM, on 2/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\... Read more

Answer:Please check

The O10 entries may be good but not in this case.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Downlo... Read more

4 more replies
Relevance 22.96%

I'm not sure what happened to be honest. The computer worked fine and when I got back from work, all the suddon I get all these constant virus/trojan whatever warnings. I ran spyware and adware as well as virus check and the problem is still there.

Here's my log.

Logfile of HijackThis v1.98.2
Scan saved at 22:35:50, on 2004-12-06
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\Program\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program\Symantec\Norton AntiVirus 2003\navapsvc.exe
C:\Program\Symantec\Norton AntiVirus 2003\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchosting.exe
C:\WINDOWS\System32\scvhosting.exe
C:\Program\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\D-Tools\daemon.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\winreg32.exe
C:\WINDOWS\System32\systcfm.exe
C:\WINDOWS\System32\csrss386.exe
C:\WINDO... Read more

Answer:Please help, check my log!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

If you have a fast internet connection (broadband), run an ... Read more

19 more replies
Relevance 22.96%

Logfile of HijackThis v1.97.7
Scan saved at 9:20:02 PM, on 11/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\Dennis Snider\Desktop\HijackThis.exe ... Read more

Answer:please check my log

Your log is clean. Are you having some sort of issue??

2 more replies
Relevance 22.96%

Hi, My computer has been a little sluggish,especially the cursor. I also get the little pop-up windows that say, http://media fastclick, they appear so quickly, i don't have time to cancel it. then it appears in my taskbar for a moment, then disappears. Anyway, here's the log.
Logfile of HijackThis v1.99.1
Scan saved at 9:38:11 PM, on 1/10/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SMC.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.chilitech.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\PROGRAM FILES\SURFAPPS.COM\POPTHIS! FREE VERSION\POPTHIS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-... Read more

Answer:Would someone please check my HJT. Log.

10 more replies
Relevance 22.96%

Helping out a freind with an unusual memory leak. I have checked for malware, spyware, adware and viruses. Everything comes up clean. This is a last resort. As I am not that skilled at reading these things I am asking for your assistance.

Logfile of HijackThis v1.99.1
Scan saved at 1:48:58 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\DOCUME~1\Harry's\LOCALS~1\Temp\Temporary Direct... Read more

Answer:HJT Log: Please Check

10 more replies
Relevance 22.96%

I ran Ewida suite and avg I can't get ride of trend micro which says I have a virus in windows/system32/wininet.dll I also ran cool web search
Thanks for any help
Logfile of HijackThis v1.99.1
Scan saved at 6:18:57 PM, on 1/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PRISMIQ\MediaMa... Read more

Answer:Help please check this log

9 more replies
Relevance 22.96%
Question: Used PC Check-up

Hello, I recently purchased a PC from a friend and I would like to make sure there is nothing bad running on it before I start using it. I'm attaching the log files mentioned in the WinXP malware removal/cleanup thread.
Thank you for any help you're able to provide.
 

Answer:Used PC Check-up

Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
 

4 more replies
Relevance 22.96%

Can someone look at my hjt log and tell me if there is anything currupt and
how to get rid of it. also,,, what is a good spyware to download that is free?
thank you,,,
Karebear

Logfile of HijackThis v1.99.1
Scan saved at 7:53:55 PM, on 2/1/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\OPCENUM.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\TQSNSS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assis...rce=wdz3&utm_medium=bund&a... Read more

Answer:hjt log, please check it out.

14 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 9:56:13 AM, on 2/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\BOINC\boinc_gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explore... Read more

Answer:Please check my HJT log

Looks fine - problems?????
 

2 more replies
Relevance 22.96%

Hi...

I'm like totaly new in this forum, but got help already with a Explorer.EXE trojan. But now i have another problem with another computer. I did a HiJackThis scan and there where alot of no name and no file entrys. Now i wonder if i could remove those or not?

I have added the HiJackThis log as a attachment.

Wishing the best
and waiting for a answer

Wearder
 

Answer:Could someone check this hjt log?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 11:54:12 PM, on 2/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\jerrys\gcasServ.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\jerrys\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cobian Backup 7\cbs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\jerrys\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yaho... Read more

Answer:please check my log!

11 more replies
Relevance 22.96%

My IE just disappears sometimes for no good reason that I can see. Could someone take a look at the attached log please?

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:10:35 PM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\Support.com\client... Read more

Answer:Could Someone check my HJT Log please?

Is it that bad?
 

2 more replies
Relevance 22.96%

I just bought this pc off of a m8 and i want to check how clean it is. Unfortunately I know next to nothing about HJT logs so I hope someone can check this log. Cheers
Logfile of HijackThis v1.99.1
Scan saved at 00:20:45, on 05/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Moz... Read more

Answer:HJT Log. Can someone please check this?

7 more replies
Relevance 22.96%

I think I infected my computer with some infected thumb drives. I've run a bunch of AV programs, but am not sure I got all the nasties, computer running slow, some AV programs not running properly, ect. Example, malware bytes balloon would come up saying definitions are 30 days old, but when I updated, it said no new updates needed. Think I did everything in the read me first. Here are the attached logs. Please advise. Thanks.
 

Answer:Not sure if got everything, Please check

Here are the other two logs. Thanks again.
 

6 more replies
Relevance 22.96%

Hi , I have windows xp home edition and use internet explorer 6
Hope I posted in right place

When I connect to the internet by dial up and use the address bar to search for things it will only work for 2 or 3 searches then it stops and shows this page cannot be displayed I then have to disconnect from the internet and reconnect again for it to work for another 2 or three times - please help how can I fix this ??

here is my hijackthis log - I also have ewido but do not know what scan to add to this .

Logfile of HijackThis v1.99.1
Scan saved at 10:10:39 AM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\hijackthis\Hija... Read more

Answer:please check my log

just bumping this up to see if anyone can check my log and see why I am having trouble with browsing using IE browser
 

2 more replies
Relevance 22.96%

i get a bit paranoid because sometimes my taskbar freezes...

here my HJT log, hope its ok

Logfile of HijackThis v1.99.1
Scan saved at 10:52:18 AM, on 29/11/2007
Platform: Unknown Windows (WinNT 6.00.1904) It's Vista but HJT must not know it yet?
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Inter... Read more

More replies
Relevance 22.96%

Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 12:27:06 AM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Updater.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Updater\1.0.377.3622\GoogleUpdater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\... Read more

Answer:check out my hjt log please

clean log!
have hijack this fix these entries. close all browsers and programmes before
clicking FIX.
O2 - BHO: (no name) - {B6BFCF98-B30D-4074-982B-E96798810473} - (no file)
O3 - Toolbar: (no name) - {B720BA4B-AB91-44DD-88AB-43C28FCF5031} - (no file)
9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Filter: text/html - (no CLSID) - (no file)
 

1 more replies
Relevance 22.96%
Question: Check up on me

Hi.

I ran the software contained in the removal guide for XP and I'm posting my logs. The computer is running better. Strangely, my wireless internet connection is not working right. It will connect but not allow me to browse or update things. The wired connection is solid. Also, the trackpad seems to be moving up and down on its own in IE. Basically, I just would like an expert to go over my logs. Thanks very much for any and all help. I know everyone is busy.
 

Answer:Check up on me

And here is the MGTools log. I also just noticed I keep getting a random ie icon on the screen that says vgb underneath it. Strange...

Thanks again
 

2 more replies
Relevance 22.96%

Hi
I have been experiencing very slow web page loading and downloads, I have complained to my ISP but just to make sure there is nothing wrong on my end that could be causing it, could someone have a quick check of this HiJack This Log for me please.

Thankyou

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:25 PM, on 26/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Aspin\Desktop\All Icons\Cleaning Software\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iprimus.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Mic... Read more

Answer:Can someone check this for me.

8 more replies
Relevance 22.96%

I just did all of the "cleaning proceedures" in the newbie files. Can someone please check this log to make sure i am spotless. I also would not mind recomendations to reduce the number of running processes.

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 8:47:56 PM, on 11/01/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
F:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\System32\RUNDLL32.exe
F:\Program Files\Hewlett-... Read more

Answer:Can someone please check this log

You could uninstall WildTangent if you are not into online games and also update IE6 to IE6 SP1.Apart from that, all looks ok.
http://www.microsoft.com/windows/ie/...1/default.mspx

2 more replies
Relevance 22.96%

I had the sober worm and posted here a week or so ago, but couldn't follow up. I can't find my post. This is what I did, I ran my avg it caught it and I deleted it. I had several other programs that I removed and have run hjt, what should I remove from this before running ewido and following the other suggestions given here? This is my log:
Logfile of HijackThis v1.99.1
Scan saved at 10:37:10 AM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\d.bin\mwsoemon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\... Read more

Answer:please check my hjt log

15 more replies
Relevance 22.96%

Hi there.
Last Feb I had my PC, running on Windows Vista 32, infected with the Pocyx.F!plock trojan virus. It was detected and put into quarantine by the MS security essentials. As required I deleted it and it re appeared, detected and put into quarantine again. It was also deleted. 
Since then the system hasn't detected the virus again but the it is experiencing some strange symptoms, such as I'm not able to run the windows updates because after the system is restarted only a black screen with cursor shows up. It only recovers after I go back to the previous restore point. 
Even the MS security essentials updates do not happen easily. It shows message abouth connectivity probles although I can brose normally. The Security essentials, after the system restarts, is updated anyway.
Last symptom I notice is a sort of system slow down. It freezes regulary and today it happened a sudden shut down.
I ran the latest Combofix and wanted anyone of you, experts, to analyze the attached report and see if there is anything that might suggest there still a bug. This as the latest attempt to avoid a time consumming system formatting.
Thanks a lot,
Mauricio

Answer:Think I might need a check up on this log

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

5 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 11:18:04 PM, on 1/15/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\jerrys\gcasServ.exe
C:\Documents and Settings\debbie miller\Desktop\jerry's 3\AVGNT.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\jerrys\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\DOCUMENTS AND SETTINGS\DEBBIE MILLER\DESKTOP\JERRY'S 3\AVGUARD.EXE
C:\Documents and Settings\debbie miller\Desktop\jerry's 3\AVWUPSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cobian Backup 7\cbs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\jerrys\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HK... Read more

Answer:please check my log

9 more replies
Relevance 22.96%

background......
I am having starting issues. It takes about 2-5 minutes sometimes after I press the power button on my machine to actually go to my log on screen. It goes through the normal start up at the beginning, checking for drives and memory and all, but then its just a blank screen for a while till the windows logo appears and then my log on(password screen) screen I have had this issue for a while now. I also currently get when my desktop opens, a DLL error about an "adode" file missing in
"c:\documents and settings\Administrator\Local Settings\Application Data\Adobe"

here is my log from combofix, which I ran after scanning my computer with "Vipre" and "CCleaner"
 

Answer:please check out my log

Please read this:
How to attach items to your post.

Please do the following:
READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 22.96%

Hello,
 
My PC seems to be working ok, but I want to check for any sort of virus problem or threat that might be lurking without me knowing about it.
 
I've read the relevant threads about keeping my computer clean and followed that advice.
 
I have installed on my PC the following:  Malwarebytes, SuperAntispyware, Zemana Antilogger and Windows Defender.  All are up to date and showing no problems, but of course these are quite superficial scanners.
 
I just want a deep clean and check.  Thanks.
 
 

Answer:Win 8.1 - want to check for everything!

Hey if these scanner and antivirus not showing to any threat or virus on your PC thats great i recomended that you uninstall all third party tool. Just deep scan through windows defender tool it will be worked fine. Other wise you can also use antivirus or system protector like advanced system protector tool. install it and perform boot time scan. it will be shows all errors to you. Here is the link
http://systweak.com/advanced-system-protector

2 more replies
Relevance 22.96%

I know I've been infected with New Dot, WareZ and possibly a few others; but I can't locate the files to get rid of them. Please look over this HJT log and HELP!!!!! PLS!!!!!!!!!!!!!!!
Logfile of HijackThis v1.99.1
Scan saved at 1:25:26 PM, on 1/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Dwnld exe files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h... Read more

Answer:Please check HJT log

Please do this first.

Go to Add/Remove Programs and uninstall New.Net (NewDotNet).
If it will not uninstall, or is not listed there - do this:

First click here: http://www.cexx.org/lspfix.htm to get the LSP Fix.

You may not need it, but go ahead and download it just in case.

Now go here: http://www.newdotnet.com/removal.html

Scroll to the bottom of the page to Procedure 4 and download and run the New.Net Uninstaller.

If you lose your internet connection after running the New.Net Uninstaller, Run the LSP Fix, and click Finish. (Don't do anything else).

That should restore the internet connection.

Post a new Hijack This log.
 

3 more replies
Relevance 22.96%

I'm afraid I may have a new problem. Please check my hijack log for bugs. I've also included other scan reports for further info.

Thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 12:26:53 AM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5335.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\ctfmon.ex... Read more

Answer:Please check my new log

16 more replies
Relevance 22.96%

I had to do a restore on my pc i couldnt even go online anymore.can you help me figure out what i need to do next. i installed outpost firewall pro. and hjt now. what else do i need for protection tyvm

Logfile of HijackThis v1.99.1
Scan saved at 3:12:26 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:... Read more

Answer:can u check my pc for me? hjt log

Do you have both Norton and McAfee antivirus programs installed? If you do, you need to get rid of one of them. Besides both of them being problematic and memory hogs, running 2 antivirus programs at the same time can bog down your computer and cause various problems.

-------------------------------------------------------------------------------------

Get rid of BigFix. It's a very outdated program and hasn't been updated from version 1.7.6.0 in years and before Windows XP ever came out.

-------------------------------------------------------------------------------------
 

1 more replies
Relevance 22.96%
Question: Check my CBS log.

Had an odd start up got stuck on rotating orbs, after a minute or two I hit reset.  Started but went to repair which I ran, when it had some errors so I let it boot and ran SFC /Scannow the file was massive 208 megs with a ton of references to several KB: entries and telemetry.  Said the were fixed but ran SFC again with the result below.
 
Post was was way long I cut out multiple (seemed) like a thousand copies of the first three lines.
2015-12-17 08:12:12, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2015-12-17 08:12:13, Info                  CSI    000001c7 [SR] Verify complete
2015-12-17 08:12:13, Info                  CSI    000001c8 [SR] Verifying 100 (0x0000000000000064) components
2015-12-17 08:12:13, Info                  CSI    000001c9 [SR] Beginning Verify and Repair transaction
2015-12-17 08:12:13, Info                  CSI    000001cb [SR] Cannot repair member file [l:24{12}]"utc.app.json" of Microsoft-Windows-Unified-T... Read more

Answer:Check my CBS log.

Hi OldPhil,
 
That particular error (utp.app.json) has been associated with KB 3022345. According to sevenforums:
 
http://www.sevenforums.com/performance-maintenance/370460-corrupt-utc-app-json-telemetry-asm-windowsdefault-json.html
 
You might want to uninstall KB3022345 then rerun sfc /scannow.

2 more replies
Relevance 22.96%

After serious .NET problems that keep me from doing things in Flight Simulator, I've decided to switch from XP to Vista for my gaming habits.

I put in the disk, had my hard drive set up so it would've booted off the disk, and about 2 minutes into it, it says that my computer is not an HP.

However, it is right. My mom and sister got new HP laptops with Vista recently, and they came with backup disks. My computer was once an HP, but we have upgraded it to be a gaming rig in the last few years.

Is there any way I can go around the check for HP components? If not, is there a way to trick my computer into thinking it's an HP?
I still have the old HP processor, but it's only 900MHz, which is too slow for Vista's requirements.
Help please?
 

Answer:How To Go Around The HP Check?

Clarification- you are upgrading from XP to Vista, I think. What Vista disk are you using? Is it the one from another computer, or one you have bought separately?
 

2 more replies
Relevance 22.96%
Question: check my log pls

dont know sumthing might be wrong..?
pls tell me

ty

Logfile of HijackThis v1.99.1
Scan saved at 21:10:15, on 08/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Fi... Read more

Answer:check my log pls

10 more replies
Relevance 22.96%

HI,
Not sure yet what is happening with PC. IE sometimes opens,like now, other times I g am getting page cannot be display. Ran AV scans and nothing found. No changes/upgrades have been made. Once I get on IE some links within pages when clicked on I get same problem. So I 'm not too sure what is wrong. Could someone pleae check my log? Thank you..
Logfile of HijackThis v1.99.1
Scan saved at 9:32:51 PM, on 8/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\hpha2mon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WIN... Read more

Answer:Please Check HJT log

16 more replies
Relevance 22.96%
Question: Check PCI

What would be a good utility program to check a PCI slot?
 

Answer:Check PCI

6 more replies
Relevance 22.96%

I'VE USED HJT BEFORE BUT STILL NEED ADVICE ON WHAT TO REMOVE/REPAIR. THIS IS ON MY KIDS COMPUTER. SEVERAL THINGS HAVE BEEN HAPPENING, SO I THOUGHT I'D GO BACK TO WHAT WORKED IN THE PAST. AIM WILL NOT OPEN WHEN MY DAUGHTER IS LOGGED ON. IT JUST FLASHES FOR A SECOND AND DISAPPEARS. ALSO, SHE WAS NOT ABLE TO ASSIGN A WALLPAPER, BUT I THINK I FIXED THAT. ALSO, MY MCAFEE ISN'T WORKING FOR ANY USER AND IT WON'T LET ME FIX THE PROGRAM. IT TRIED TO RE-INSTALL, BUT THAT DIDIN'T WORK. HERE IS MY HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:11 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ptrun32\ptrun32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ptrun32\ptr32w.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Commo... Read more

Answer:Please Help...check Hjt Log...

You have some malware that needs to come out....


This will help to identify malware on your system.
Please download Combofix from any of these locations:

Here
or
Here

Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

19 more replies
Relevance 22.96%

Hi can someone check this log?
Logfile of HijackThis v1.99.1
Scan saved at 2:00:10 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common... Read more

Answer:can someone check this log?

11 more replies
Relevance 22.96%

Comodo keeps finding stuff in the system volume information\_restore....etc.

Here are the last logs
 

Answer:Please check this one too

Welcome to MajorGeeks!

Infected Restore Points are easily dealt with... I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m
 

2 more replies
Relevance 22.96%

Can someone please look at my HJT log and tell me what's going on.
It all started when I installed a video-codec on my system (big mistake obviously)
Some programs I have never installed pop out of nowhere but I removed them with
XoftSpySE. However, my running processes are using abnormally high amount of
memory and every time i start Ad-Watch SE I get "registry modification detected"
every second!?
Heres one for example:

Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:msmdev
Data:
New Data:{91566CDD-E96E-4E99-BD36-D1DB20FEF464}

...I get thousands of those

OK heres my HJT log so please tell me what is wrong
and what to do. Thank you so very much.

Logfile of Trend Micro HijackThis v2.0.2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Siemens\Adsl\dslagent.exe
C:\Program Files\Ja... Read more

Answer:Check my log please

BUMP

I would really appreciate if someone could help me out
OK, before I paste my HJT and DSS logs, first this:


Quote:





Originally Posted by amnesiack


It all started when I installed a video-codec on my system (big mistake obviously)
Some programs I have never installed pop out of nowhere but I removed them with
XoftSpySE. However, my running processes are using abnormally high amount of
memory and every time i start Ad-Watch SE I get "registry modification detected"
every second!?
Heres one for example:

Registry modification detected
Root:HKEY_LOCAL_MACHINE
Key:Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Value:msmdev
Data:
New Data:{91566CDD-E96E-4E99-BD36-D1DB20FEF464}

...I get thousands of those




I updated my NOD32 Antivirus and NOD found 2 threats:
c:\windows\nsduo.dll is infected with application Win32\Adware.Agent.NFK
and
Win32\Adware.Agent.NFK found in operating memory. Sistem memory
infection originated from file C:\WINDOWS\msmdev.dll

I deleted them and my Ad-Watch SE stoped getting
"registry modification detected" messages. I hope it's OK for now.
But STILL my running processes are using abnormally high amount
of memory! Why is that!?

Here are my HJT and DSS logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:43:42, on 10.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 ... Read more

10 more replies
Relevance 22.96%

As always, hullo 'puter genies! Hope you're all having a great week. I need some help with a rather infamous poltergeist known as WinFixer. I suppose my problem is similar to what others have been experiencing. It just pops up and tells me my computer is gonna croak if I don't fix my register so I better scan it or the Win Fixer police are going to lock me up! (eeek!)

Now it doesn't appear to have installed itself on my system 'cause it's not showing up on my desktop or my program files, at least that I can tell. But I get about 3-4 of those little serious looking windows every day. My first reaction was "gee, maybe I need to do this" but then I saw where a lot of people are having the same problem and I have yet to see anyone recommed installing and running it! So how do I get rid of it? And why is it so persistent? Does it know something I don't know?!?!?!? is it hiding in my closet?

It looks like there's some scary stuff in my log so any advice/solutions would be mucho appreciated-o!
Fixin' Wins in Virginia Beach!

Logfile of HijackThis v1.99.1
Scan saved at 7:47:01 PM, on 11/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOW... Read more

Answer:Can someone check my log?

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

3 more replies
Relevance 22.96%

Would someone mind checking my log for me? Also, the entry I highlighted in bold, I'd unable to delete it. Everytime I try I get the blue error screen and have to manually turn off my pc, what should I do?

Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 11:45:41 PM, on 11/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LINKSYS\WIRELESS-B NOTEBOOK ADAPTER\WPC11CFG.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\... Read more

Answer:HJ This Log check please

10 more replies
Relevance 22.96%

Logfile of HijackThis v1.99.1
Scan saved at 6:39:47 AM, on 08/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.arijkmqtqyahgqbbwqrevlsd...5vjHTnAAuDDAISh38MpAbLftr3iOAOwj_DgjBUKa.html
R0 - HKCU\Software\Microsoft\Interne... Read more

Answer:please check this log....

10 more replies
Relevance 22.96%

Geeksters,

Please review attached logs. All should be ok but you never know. Fifth log to follow.

S.
 

Answer:looking for a check up

5th log
 

6 more replies
Relevance 22.96%
Question: VBA check box

posted wrongley someware else, dont know how to move posts.

i have made some check boxes in VBA, and what to display the outcome in a spreadsheet, how do i do this.

ive been using this tutorial, http://blogs.techrepublic.com.com/msoffice/?p=203 , but this dosent cover it.

any ideas?
 

Answer:VBA check box

The tutorial gives you code that should send the information on what check boxes are checked to the spreadsheet.
I've tried the code myself and got an error.

Removing the "Application.WorksheetFunction.CountA (Range("A:A")) + 1" line fixed it for me. What version of Excel are you using?
 

1 more replies
Relevance 22.96%

Hey, sorry I have done one of these in awhile. Since I learnt to look after my computer. :)

However at the moment I now have a Pinnacle USB capturing device, which captures from my TV. However when it captures it never gives me the full clip. Pinnacle Support forums have no answers for my problem all I've been told is that it requires a lot of computer power. So I'm just wondering if there is anything unwanted happening in my log. Sorry to be a nuisance.

Cheers,
Peter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:55 PM, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\stsystra.exe
D:\Program Files\QuickTime\QTTask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcH... Read more

Answer:Just a check up really

Hi PeteyD -

I don't see anything in that log to suggest a malware issue, which is what this section of the forum focuses on.

You may want to ask for help in the Hardware section of the forum, since your issue seems related to a piece of hardware, and available power.

http://www.techsupportforum.com/f14/

3 more replies
Relevance 22.96%

Please somebody check my HJT Log for any problems. My HJT Log looks clean but I just wonder on the item 04. Thanks for helping me.
HJT LOG ATTACHED BELOW:

Logfile of HijackThis v1.99.1
Scan saved at 10:30:48 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\{C8ACFAD0-0423-1033-0303-031102000001}\Update.exe
C:\WINDOWS\RavMonE.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{C8ACFAD0-0423-1033-0303-031102000001}] "C:\Program Files\Common Files... Read more

Answer:Please can somebody check my HJT Log. THX

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKLM\..\Run: [{C8ACFAD0-0423-1033-0303-031102000001}] "C:\Program Files\Common Files\{C8ACFAD0-0423-1033-0303-031102000001}\Update.exe" mc-110-12-0001032

Close HijackThis now.

--------------------------------------------------------------------------------------------- Launch ComboFix
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whil... Read more

10 more replies
Relevance 22.96%

How does this batch file look guys? I'm trying to use this as a startup/login script through group policy to do a silent install on about 30 machines. I cant seem to get this to work!? THANKS!!

Its creating a dummy text file to prevent multiple installs.

-----------------------------------------------------------------------
if not exist "C:\Program Files\Autodesk\DWFViewer\test.txt" goto
install

goto end

:install
net use Y: \\escape\installs$\DWFViewer /user:merced\administrator %1
"Y: \DwfViewerSetup.exe" /q
echo Installed > "C:\Program Files\Autodesk\DWFViewer\test.txt"
net use Y: /delete

:end
------------------------------------------------------------------------

All Help and comments are appreciated. Thanks again!
 

Answer:Please Check It Out! =(

Is it not writing the txt file to the logged on users C: drive?
 

1 more replies
Relevance 22.96%

Computer very slow to respond - had two day lapse in Norton - renewed and scanning...

Can someone do a quick check of my log? Thanks in advance...

Logfile of HijackThis v1.98.2
Scan saved at 11:30:05 PM, on 11/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SURFMONKEY\SMPROXY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\NMAIN.EXE
C:\PROGRAM FILES\NORTO... Read more

Answer:HJT Log, need check

16 more replies
Relevance 22.96%

New one with updated version of HJT...

Logfile of HijackThis v1.99.1
Scan saved at 9:46:58 AM, on 11/5/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SURFMONKEY\SMPROXY.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\IPCLIENT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\ACCELERATOR\ELINKACC.EXE
C:\PROGRAM FILE... Read more

Answer:HJT Log, please check?

6 more replies