Over 1 million tech questions and answers.

Abnormal Response Time - Hijackthis Log Analysis Request

Q: Abnormal Response Time - Hijackthis Log Analysis Request

Please take a look at my Hijack This log file and let me know if you see anything that needs to be fixed.Thank you.Logfile of HijackThis v1.99.1Scan saved at 11:16:48 AM, on 8/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeE:\WINDOWS\LogWatNT.exeE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeE:\WINDOWS\Explorer.EXEE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exeE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exeE:\WINDOWS\SYSTEM32\USRmlnkA.exeE:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeE:\Program Files\Java\jre1.5.0_06\bin\jusched.exeE:\Program Files\SpywareGuard\sgmain.exeE:\WINDOWS\SYSTEM32\USRshutA.exeE:\WINDOWS\SYSTEM32\USRmlnkA.exeE:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Mozilla Firefox\firefox.exeE:\Documents and Settings\Mark_2\My Documents\temp\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csc.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.worldnet.att.netO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [Propel Accelerator] "E:\Program Files\AT&T Worldnet Accelerator\trayctl.exe" /STARTUPLAUNCHO4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"O4 - HKLM\..\Run: [USRpdA] E:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdAO4 - HKLM\..\Run: [WinPatrol] E:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\PROGRA~1\AIM\aim.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.worldnet.att.netO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cabO16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://E:\AutoCAD2002\AcDcToday.ocxO16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://E:\AutoCAD2002\InstBanr.ocxO16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://E:\AutoCAD2002\AcPreview.ocxO20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeO23 - Service: Event Log Watch (LogWatch) - Unknown owner - E:\WINDOWS\LogWatNT.exeO23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

RELEVANCY SCORE 200
Preferred Solution: Abnormal Response Time - Hijackthis Log Analysis Request

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Abnormal Response Time - Hijackthis Log Analysis Request

Why no response in 5 hours?

Read other 2 answers
RELEVANCY SCORE 75.6

Hello!

Looking at a friends laptop where the internet doesn't seem to be working, i am using my internet on it via Ethernet (net works for me on my pc), i open up IE on her laptop and try to go to 'http://www.google.co.uk" which then gives the error This address is not valid and leave 'http:///' in the address bar

I have run Malwarebytes so far with nothing found, reset internet options with no luck

Below is a HJT log if someone could advise?

Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:43:37, on 14/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\P... Read more

A:HiJackThis Log analysis request

Bump
 

Read other 1 answers
RELEVANCY SCORE 75.6

Does anything here to be a true positive for malware, ect?Any help is greatly appreaciated. ----------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:42:22 PM, on 7/5/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17041)CHROME: 1.5.316.0FIREFOX: 29.0.1 (en-US)Boot mode: NormalRunning processes:C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exeC:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exeC:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exeC:\Program Files (x86)\Gizmo\gizmo.exeC:\Users\Magus\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\CyberLink\Shared files\brs.exeC:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exeC:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exeC:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exeC:\Windows\Sys... Read more

A:HijackThis Log - Request for Analysis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===The HijackThis tool is not compatible with your 64 bit Operating System.Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the sa... Read more

Read other 2 answers
RELEVANCY SCORE 75.6

I cleaned computer as best I could before running log. Some of the recommended WEB sites would not run, however, perhaps due to firewall settings. Any analysis would be appreciated.Logfile of HijackThis v1.99.1Scan saved at 9:14:21 PM, on 1/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\System32\alg.exeC:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exeC:\WINDOWS\system32\cidaemo... Read more

A:Hijackthis Log: Analysis Request

Looks fine - However

Add remove porgrams - remove Logitech Desktop Messenger

Boot - if all of those O18 entries are still there use hijack to fix them

Read other 1 answers
RELEVANCY SCORE 74.8

Due to my having clicked on a link that I shouldn't, I now have an extremely annoying dialer installed on my computer that keeps reappearing no matter how many times I try and delete it. It installs itself under the name 0202 and dials a 1-900 number - specifically 1(900) 643-2888t - hat's inaccessible from my area (which is good), but it keeps interrupting my regular Internet connection to do so (which is bad).Short of wiping my hard drive and reinstalling everything, does anyone know of a good piece of antivirus or dialer removing software that I can use to get rid of it? I've already tried SpyBot, AdAware, AVG, XoftSpy, SpywareDoctor, and several other programs to no avail. I've posted my HijackThis logs for analysis and can post a link to where the virus came from if that is at all helpful.Thanks in advance for any help. The Lunar Archivist-----------------------------------------------------------------------------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 11:55:04 PM, on 04/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng... Read more

A:Hijackthis Logs Help Analysis Request

Hi Lunar Archivist and Welcome to the Bleeping Computer!Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.After posting the new ... Read more

Read other 1 answers
RELEVANCY SCORE 74.8

I've attached my HijackThis log. Anything look suspicious in it? Thanks!

A:First tine HijackThis log request for analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 74.8

I got an "extra" toolbar in IE6 that i want to get rid of and saw another post that looked similar to mine. So downloaded HiJackThis, ran the report, saved the log and here is the results. I'd appreciate anyone's help:

TIA!

oldertechy

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINNT\system32\cba\pds.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\PROGRA~1\Navnt\vpexrt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\AEIWLRAD.exe
C:\WINNT\System32\AEIWLSTA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Navnt\vptray.exe
C:\WINNT\System32\atiptaxx.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\ClearSearch\Loader.exe
C:\Program Files\Bargain Buddy\bin\bargains.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\Winamp3\winampa.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\PROGRA~1\Novosoft\HANDYB~1.7\hbagent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\World Time\worldtime.exe
C:\Program Files\eRoom 5\ERClient.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINW... Read more

A:HiJackThis results Analysis request

Scan with HijackThis, put a checkmark at and "Fix checked" the following entries. Close all windows except HijackThis before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_...count_id=131467
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_...count_id=131467
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_...count_id=131467
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1211.dll
O2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin\apuc.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\ISTbar\istbar.dll
O4 - HKLM\..\Run: [1AEIWLRAD.exe] AEIWLRAD.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin\bargains.exe
O16 - DPF: {018B7EC3-EECA-1... Read more

Read other 1 answers
RELEVANCY SCORE 73.2

I have tried autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and startupmonitor (http://www.mlin.net/StartupMonitor.shtml) to remove this registry value, (O4 - HKCU\..\Run: [WinUpdate] C:\DOCUME~1\ADMINI~1.SIR\LOCALS~1\Temp\winsvchosts.exe) to no avail.I am somewhat computer literate but this has me stumped. The registry value refers to a non existent file, yet even after I remove the reference it gets replaced. Almost instantly, the popup i get from startupmonitor reads like this"The Program WinUpdate has registered the executable C:\DOCUME~1\ADMINI~1.SIR\LOCALS~1\Temp\winsvchosts.exeto run at system startup. Do you wish to allow this change?"I can click NO a million times over but the message returns. My thoughts are that there must be a process running that keeps retrying to register this startup registry.For the life of me I cannot find the program winupdate, or the process that keeps re-registering this startup value.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:11:11 PM, on 7/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchos... Read more

A:Request for a hijackthis analysis, trying to remove a registry value that seems impossible

Hi,I see you are running Teatimer.I suggest you to disable it because it can interfere with the changes you'll make on your system.When everything is done and your log is clean again, you can enable it again.If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.How to disable TeaTimer <== click me for instructions.After you disabled Teatimer, download ResetTeaTimer.exe to your desktop. Then run ResetTeaTimer.exe.This will only take a few seconds.Then, * Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be view... Read more

Read other 3 answers
RELEVANCY SCORE 72.4

Vista OS. PC boots successfully to desktop. Able to start programs then they hang not responding. Scans clean with Spybot and on C drive with , Malwarebytes, Avast, Ad Aware but hangs scanning the D (Gateway Recovery partition) as follows:

Ad Aware - d:\Windows\system32\commsvcs.dll

Avast - Windows\system32\comm\security log

Malwarebytes - d:\windows\system32\boot\es-S\winresume.exe.mui

Spybot - runs clean no problems found
I can access the internet on that pc only in Safe Mode. Please find below the contents of my DDS file:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Samantha at 15:23:39.89 on Sun 04/26/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2045.1207 [GMT -4:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:&#... Read more

A:Hijackthis.log analysis request, av scans hang so no specifics on virus

ello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the result... Read more

Read other 9 answers
RELEVANCY SCORE 72.4

Logfile of HijackThis v1.96.2
Scan saved at 8:12:05 PM, on 09/04/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\SYSTEM\XL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\HXIUL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\PRINTKEY2000\PRINTKEY2000.EXE
C:\PROGRAM FILES\SILICON PRAIRIE SOFTWARE\MEMTURBO\MEMTURBO.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\CLIENT\HELPEXP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALSET\HELPEXPRESS\HXDL.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\TD_0001.... Read more

A:Request Analysis of Logfile from HijackThis. Which files are safe to delet?

Read other 7 answers
RELEVANCY SCORE 71.6

i have already deleted some things, but still this log-file looks to large.

can someone help me delete things i don't really need?

thanks, Margriet


here's my logfile:
Logfile of HijackThis v1.97.2
Scan saved at 20:12:41, on 1-10-2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\E-Tech\ADSL\CnxDslTb.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ebkrdr\mediaman.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microso... Read more

A:[SOLVED] Request Analysis of Logfile from HijackThis. Which files are safe to delet?

Read other 10 answers
RELEVANCY SCORE 58

Here is the Safe Mode Hijackthis log made after running Spybot S&0, which found 73 nasties. We're still having problems with computer slow-down and redirected pages.

Logfile of HijackThis v1.98.2
Scan saved at 4:52:56 PM, on 11/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Doug\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id==
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id==
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:/... Read more

A:Request for log analysis

Please re-run in Normal Mode and and re-post. Thx.

Read other 7 answers
RELEVANCY SCORE 58

This is from a Windows 98 Dell Laptop, Inspiron 3500It was run immediately after boot.The computer was running so slow it wasn't even useful for picking up e-mail.I cleared Internet Temp, Windows Temp, and Cookies directories.I installed 22 critical updates and service packs from MS update.I ran Ad Aware and SpyBotEvery now and then the hard drive starts running for no apparent reason and nothing works until it shuts down. Actually, I haven't seen this since installing the updates.The laptop seems to be running nicely now. I am submitting the HijackThis log for an expert opinion on whether anything further should be done.You really should change the "Post New Topic Button" to simply "Post"."Post New Topic" gives the impression that you are done one topic and want to start another.Logfile of HijackThis v1.98.2Scan saved at 10:39:37 AM, on 10/03/2004Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXEC:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\DOCKAPP.EXEC:&#... Read more

A:Request for HJT log analysis

Please download LSP-Fix from the following link and save it to a location you can find later if necessary.LSP-Fix Download LinkTo remove New.net. please go to Start | Settings | Control Panel | Add/Remove Programs, look for and remove New.Net. If you can't find it, then please go here and follow the removal instructions in Procedure 4 at the bottom of the page.If you can not connect to the Internet after removing New.net, please run the LSP-Fix program I had you download earlier, and click on the finish button. Reboot and you should be able to get back on.

Read other 7 answers
RELEVANCY SCORE 58

Logfile of HijackThis v1.98.2Scan saved at 11:25:46 PM, on 4/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\D-Tools\daemon.exeC:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\ASUS\Ai Booster\OverClk.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\AVPersonal\AVGNT.EXEC:\Program Files\Messenger\msmsgs.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:&#... Read more

A:Analysis Request

Hello Dyno and welcome to the BC forums. You are currently running an older version of HijackThis. Please click on the link below and download the most current version:HijackThis_sfx.exeDelete your current HijackThis.exe file and double-click on the file you just downloaded to install the newer version.Start HijackThis and perform a new scan. Post your new log file back here as a relpy to this topic and I will review it when it comes in.OT

Read other 5 answers
RELEVANCY SCORE 58

im not sure what 2 do , ive been having a really long load up time, it stays on the welcome 2 windows screen for about five minutes, then it takes a couple more minutes 2 finnally load up any help would be welcomed heres my log.Logfile of HijackThis v1.99.1Scan saved at 1:09:09 PM, on 1/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\hphmon06.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Viewpoint�... Read more

A:Analysis Request Pls

Hello BlahWolF,Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Read other 2 answers
RELEVANCY SCORE 58

Standard pop-ups. Swept with Norton AV, Adaware, and spybot. See attached smitfraudfix and hjt logs.thx,mike----------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 6:39:49 PM, on 7/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\ActivCard\acachsrv.exeC:\Program Files\Common Files\ActivCard\acautoreg.exeC:\Program Files\Common Files\ActivCard\acautoup.exeC:\WINDOWS\system32\bgsvcgen.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\WINDOWS\system32\cisvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\WINDOWS\ehome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32&... Read more

A:Hjt + Sff Analysis Request

nevermind. i fixed it myself

Read other 2 answers
RELEVANCY SCORE 58

So i've gotten some sort of trojan and my computer is running really slow. With soem research i've discovered it's the "Services32" trojan (http://www.bleepingcomputer.com/startups/services32-12488.html).While doing some reasearch i also came across the rundll32 trojan (http://www.bleepingcomputer.com/startups/rundll32-4652.html). i've noticed this file "rundll32" appearing on my pc lately but i didn't think anything of it. I've run my norton antivirus (which is up to date apparently) and spybot but they don't catch anything. Here is my HJT log; my pc is really screwy, can anyone please help??(sorry for basically posting this twice)Also, i ran an online TrojanScan off windowssecurity.com, and it came up with a bunch of bad stuff: things like "adware.maxifiles.j", "Trojan-downloader.Win32.1stbar.ij", "Adware.savenow.z" and "Trojan-Clicker.Win32.Small.ht" among other things. Is there any way to get all of these things out of here? Why hasn't spybot picked up this adware and deleted it?Logfile of HijackThis v1.99.1Scan saved at 2:20:12 PM, on 10/5/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\sv... Read more

A:request HJT analysis please!

Original post answered here.Please keep all replies there from now on.Thread locked.

Read other 1 answers
RELEVANCY SCORE 58

The problem I am having is with rundll32.exe. When I boot normal (XP Pro) I am unable to open IE, add/remove programs and several other programs. All give a rundll32.exe error. I followed another thread here last night (can't seem to find it right now) that seemed similar but I was hoping to confirm. Here is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 7:18:18 AM, on 6/23/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXED:\Downloads\HijackThis.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll... Read more

A:HJT log analysis request

This topic can be closed. Unfortunately I could not wait any longer am I just going to have to proceed with a reinstall of XP. Thanks anyway.

Read other 2 answers
RELEVANCY SCORE 57.2

I have a machine which takes about 2 minutes to come to the Windows 2000 boot screen. It'll hang at the BIOS POST screen for about 2 minutes, beep, then go to the Windows 2000 boot screen. However, if I disconnect the hard drive, the problem goes away, and boots up quickly. The same thing happens if I boot from a floppy or cd (they boot before the hard drive), as long as I have the hard drive connected. If the drive's not connected, it boots up quickly, and normally. I've tried putting the hard drive at the top of the boot list, and the problem still happens. There's an option in the BIOS for hard drive read delay. I've tried changing it from the minimum to the maximum, and it doesn't seem to have any effect. Does anyone know what might be causing it?
 

A:Abnormal Boot Time

The hard drive may be faulty, I would also check the voltage of the CMOS battery (should be at least 3V) as a flat battery can cause delays on startup.
 

Read other 2 answers
RELEVANCY SCORE 57.2

Hi,
My laptop has recently started taking much longer to startup. At the beggining of this year, it was taking around 35/45 seconds to boot to the desktop and be ready to go. Over the last couple of weeks, i have noticed it has been taking longer and longer, it now sometimes takes up to 90 seconds or more, also it takes a particularly long time on the 'Welcome' screen. I know that 90 seconds isn't exactly bad but i don't understand how the time has doubled as there has been no major changes whatsoever. The only changes have been the install of Microsoft Office 2010 in January but as far as i can remember, this made little difference if any at all. I regularly run a registry cleaning programme, defragment the hard drive and scan for viruses etc... I personally don't think this is a case of the laptop just getting slower because of age as i have only had it around 6 months, but please do correct me if i am wrong and my laptop specifications are as follows:

Windows 7 64bit Home Premium
Intel i7 620m @ 2.67GHz
4Gb DDR3 RAM
250Gb 5400rpm Western Digital HDD
-If you need to know anything else please ask

Any help or adviced would be mch appreciated,
Thanks, Rob

A:Abnormal boot-up time

What has changed the past couple weeks? Think of every little thing, Windows updates? Have you connected to network printers? Other wireless networks/hotspots?

Read other 9 answers
RELEVANCY SCORE 57.2

hi every, i have just found that my windows 7 ultimate start up time too long, i have already turn off some start up program and some services on MSconfig, but start up time still start the same, i check the reboot time and it takes 19X sec! and, i found that when start up PC, after theGUI boot screen, there are about 1X seconds of black screen with mouse pointer(i can move the mouse) before the windows login screen, can any tell that whether it is normal or not? thx~
for more details of my start up, please find my print screen of MSconfig set up.

A:abnormal boot up time

The most immediate cause that comes to mind is A/V software. What are you using? Try switching to a different one, like Microsoft Security Essentials.

Read other 9 answers
RELEVANCY SCORE 57.2

Request for Analysis of LogsI've done all the procedures required in Topic Journal ...======================================1 - The Problem:Whenever I open the folder: C: \ Documents and Settings \ x4NG3L.X4NG3L-DE17A6A0Appears a message suspicion that I had never seen before in my life.A Message pops up, the simple fact of opening the folder:This is my folder of User.Other folders in the system, eg"All Users" or "Default User.WINDOWS" for example, nothing unusual happens.Below a picture of the suspected message:http://img403.imageshack.us/img403/6677/problema1j.jpg======================================2 - What has been done by me:2.1 - Complete Virus Scan using AVG 8.02.2 - Full Scan for Malware, using SpyBot2.3 - Full Scan for Malware, Using Malwarebytes Anti-Malware2.4 - Cleaning and corra?ao of record, using CCleaner2.5 - Cleaning and correction the registry, using Marcos Velozo Reg CleanAll procedures above were carried out with software update.======================================Here my log for examination:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:30:39, on 28/4/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOW... Read more

A:Request for Analysis of Logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

Hi,I'm not exactly sure how this works as I am new to this forum. I ran combofix on my parents computer running win xp sp2 with the attached results. Does anyone know how I go about analyzing the results so I can try to fix the problems they have been having?I appreciate any ideas you might have.Thanks,mdcEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:ComboFix Analysis Request

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

My PC is showing signs of trouble as yet unidentified. External mouse quit. Touchpad problems. Alt not working, etc.Spybot reports clean. Immunized.Norton Anti virus running and current.Log:Logfile of HijackThis v1.99.1Scan saved at 8:48:54 AM, on 3/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC... Read more

A:Request For Hijack This Log Analysis

Hello Bill Howard and welcome to the BC HijackThis forum. The only thing I see in the log is a download for FunWeb which we can fix.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cabNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.The hardware issues could be any number of things like a bad driver or the hardware is failing. It's hard to say at this point.I would suggest posting a question in the Hardware forum to let them analyzeit a little deeper. They can assist with non-malware related issues.Cheers.OT

Read other 1 answers
RELEVANCY SCORE 57.2

Thanks for any help!! Also, this is the log that pretty much pops up whenver I access the 'net. I guess McAfee's firewall isn't that great because this stuff just goes through it like tissue paper. Either that or there is something in my PC rewriting it.

Logfile of HijackThis v1.98.2
Scan saved at 3:21:10 PM, on 11/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINDOWS\System32\ScsiAccess.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ntuh32.exe
C:\WINDOWS\system32\netls.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\javajj32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messen... Read more

A:KijackThis log analysis request

Hi PhinPhan1227,Welcome to BC! The first thing I need you to do is download the file from here:Getservice.zip Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post.From the moment you post your list, until you see a detailed fix written up, DO NOT reboot your system or log off. If you do, the service will have changed and the fix provided will not workAlso, is that your complete log? If not, please post a new log along with your GetServices log.Thank you.

Read other 5 answers
RELEVANCY SCORE 57.2

Hello,I am new to all this so please be kind ;)I have had the problem of the win fixer going off everytime I log onto the internet. I ran hijack this and have the following logs:StartupList report, 12/3/2005, 2:29:28 PMStartupList version: 1.52.2Started from : C:\hijackthis\HijackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\taskmgr.exeC:\hijackthis\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXE--------------------------------------------------Listing of startup folders:Shell folders Common Startup:[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe--------------------------------------------------Checking Windows NT UserInit:[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]UserInit = C:\WINDOWS\system32\userinit.exe,-----------------... Read more

A:Hijack This Log Analysis Request

Hi and to BleepingComputer!My name is David Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link. Install it. Once the program is installed, it will open. It will prompt you to update to the latest definitions, click Yes. Once the definitions are installed, click Sweep Now on the left side. Click the Start button. When it's done scanning, click the Next button. Make sure everything has a check next to it, then click the Next button. It will remove all of the items found. Click Session Log in the upper right corner, copy everything in that window. Click the Summary tab and click Finish. Paste the contents of the session log you copied into your next reply.Then reboot your computer - IMPORTANTThen post a new HJT logDavid

Read other 7 answers
RELEVANCY SCORE 57.2

I've had BSODs since my last hardware upgrade, I installed 8GB of RipJaws X memory, a i5-2500k processor and a z77x-d3h motherboard.
I've done memtest 86+ and HDD checks, both have given me a negative result.
The BSODs happen sometimes while the windows is starting up after the Welcome sign, quite frequently when alt-tabing out of applications, less frequently in the games themselves. They also happen sometimes while playing videos or watching streams. The errorcodes or whatever are almost always different.
BSOD's happen from 1-3 times a day to a week without one.
I did a format yesterday in hope to fix it but no luck.


Here's a dump file from my most recent BSOD, it is my first time with these dump files, so I'm not sure if it is the right one, sorry.
http://www.puu.sh/LVFb

A:BSOD analysis request

Welcome
Please supply the needed information
http://www.sevenforums.com/crashes-d...tructions.html

Read other 3 answers
RELEVANCY SCORE 57.2

Below is my logfile. Prior to running Hijackthis I have run Combofix, Spyware Doctor, Spybot and Microsoft Security Essentials. Some symptoms have remained including search results when clicked are redirected to other sites. Copying and pasting or open in new tab clicks are not affected. Thanks for any assistance. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:34:24 PM, on 6/29/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\PC Tools Security\pctsGui.exeC:\Program Files (x86)\PC Tools Security\BDT\FGuard.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hp... Read more

A:Hijack This log, request analysis

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 57.2

O10 --- bugs me.  Unknown files in winsock.   Is this a spyware program.....trojan?   My computer runs slowly after about an hour of useage.   Chrome address bar bogs down to almost unuseable after 10 minutes.    I'm run spyware and malwarebytes programs and it detects nothing.  I'm perplexed.  Anyone have any thoughts? Thanks, zz  Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:47:45 PM, on 9/13/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17280)Boot mode: Normal Running processes:C:\Users\Ron\AppData\Local\FluxSoftware\Flux\flux.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exeC:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exeC:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exeC:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Ap... Read more

A:Hijack Log analysis request

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

Read other 26 answers
RELEVANCY SCORE 57.2

My system has had eleven BSODs since August 26th, seven of them in the past forty-eight hours. I'd be obliged if someone could help me determine the cause. Thanks very much.

? OS: Microsoft Windows 7 Home Premium 64-bit SP1; reinstalled about a month ago

? Age of system: Purchased September 10, 2010; hard drive replaced about a month ago

? CPU: Intel Core 2 Duo E7500 (Wolfdale)

? Video Card: Intel G45/G43 Express Chipset

? MotherBoard: Dell Inc. 0K83V0

? Power Supply: Dell 300 (?) watts (it's the OEM supply)

? System Manufacturer: Dell

? Exact model number: Inspiron 560S

A:BSOD, request for help with analysis of

I have attached a second Windows7_Vista_jcgriff2.zip in case any additional information might be helpful. Thank-you.

Read other 3 answers
RELEVANCY SCORE 57.2

Another computer, same issue BSOD

Background

Is Windows 7 . . .
- x86 (32-bit) or x64 - 32 bit
- the original installed OS on the system - no
- an OEM or full retail version? - full retail
- OEM = came pre-installed on system
- Full Retail = you purchased it from retailer

- What is the age of system (hardware)? one year old
- What is the age of OS installation (have you re-installed the OS?) December 2010
Here are the files for BSOD.

Thanks in advance.

A:BSOD analysis request

Hello,
Start by updating these drivers...

Apfiltr.sys Thu Feb 07 04:23:41 2008
Alps Point Touching Device - none at OEM. Try update this from your computer manufacturer's website.

LPCFilter.sys Wed Apr 23 14:18:02 2008
No clue at all.

Regards...

Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 9F, {4, 258, 83c9b4c0, 81b73b24}

*** WARNING: Unable to verify timestamp for thpdrv.sys
*** ERROR: Module load completed but symbols could not be loaded for thpdrv.sys
Probably caused by : umbus.sys

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_POWER_STATE_FAILURE (9f)
A driver is causing an inconsistent power state.
Arguments:
Arg1: 00000004, The po... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

In a project I'm trying to send a file(mp4/video) in a http response. I'm sending all data at once for now and trying to figure out what's happening.

The problem I've encountered is that the browser(IE 11) SOMETIMES aborts/close connection after it sends the first request for a resource, which makes my send attempt invalid. It doesn't matter if
I send() or recv() after the request, both returns error code: 10054.


This is the conversation. The second attempt works(all bytes are sent as you can see) and I can play the file in the browser.


Connection 1 accepted.

Connection: 1, Request nr: 1
GET /videofile.mp4 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept: */*
Referer: http://localhost:27015/index.php
GetContentFeatures.DLNA.ORG: 1
Pragma: getIfoFileURI.dlna.org
Accept-Language: sv-SE
Accept-Encoding: gzip, deflate
Host: localhost:27015
Connection: Keep-Alive
Cache-Control: no-cache

Response:
HTTP/1.1 200 OK
Connection: keep-alive
Content-Type: video/mp4
Content-Length: 38722854

(Body)

Sent: -1
Connection closing with error: 10054


------------------------------------------------------------------------------------------


Connection 2 accepted.

Connection: 2, Request nr: 1
GET /videofile.mp4 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept: */*
Referer: http://localhost:27015/index.php
GetContentFeatures.DLNA.ORG: 1
Pragma: get... Read more

Read other answers
RELEVANCY SCORE 56.4

Heres the ugly truth of my hijack this log. Thanks for your help becuase I'm truley lost.rhargrovLogfile of HijackThis v1.98.2Scan saved at 4:44:34 PM, on 10/4/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\NETWORK ASSOCIATES\COMMON FRAMEWORK\FRAMEWORKSERVICE.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\STARTER.EXEC:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\PROGRAM FILES\WINZIP\WINZIP32.EXEC:\HJT\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.... Read more

A:Hijack This Log Analysis Request - rhargrov

Hi,

Having a look.

Read other 11 answers
RELEVANCY SCORE 56.4

Hi,
 
I am new to the forum as a member although I have surfed here before.
 
I was hit by a Torjan virus - (my own dumb fault) - immediately disconnected from Internet - I ran the following scans while disconnected:
 
VirpreResucue (in Safe Mode)  according to log deleted 
 
Trojan.Win32.Generic.pak!cobra  ID 4657539
WGA remover  BehavesLike.Win32.Malware.kitb(mx-v)  ID 4726274
Trojan.Win32.Generic!BT  ID 4150696
 
Emisoft Emergency Kit - removed what it found
 
AdwCleaner -  found/removed 
C:\Windows\SusWOW64 \Search Protect
c:\Windowssystem32\tasks\GoForFiles
c:\Users\***\AppData\Roaming\newnext.me
Also removed Ffirefox\Profiles\ ****.default\prefs.js  and Google default prefernces
 
Then ran  latest Sophos Virus Removal Tool  which told me my system was clean -  is that true? 
I have the following log file produced by Hijackthis.  Having a Windows7 64Bit  Hijackthis was not able to gain access to the Hosts file - should I be worried about this?  As far as I can remeber the Trojan I picked up was the type that execute sneaky protocols to hide from Antivirus/Malware scans and can reinfect the system.  For that reason I am here on a different machine...Unfortunately, the one thing I didn't note of the exact name of the nasty,  but was something like 'avast.exe' (which is was what fooled me.)
 
Concerned if my router breached, I have checked my rou... Read more

A:HijackThus Log file - request for analysis please

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 14 answers
RELEVANCY SCORE 56.4

My computer's been running really slow lately and I am experiencing a high level of variation in my Internet speed without a clear reason for it. Could someone please check my hijackthis log file and verify if there are any entries which I should delete? Thank you in advance and here it is:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:36:56, on 29-1-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Ilas\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ilas\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet... Read more

Read other answers
RELEVANCY SCORE 56.4

I was called yesterday by a friend of the family to help with their slow system running Win XP Home Edition with SP2. It's a P4/2 GHz processor with 512 MB of ram. When I got there booting up took 20 minutes, booting down took 5 and there were pop ups appearing every minute. I loaded and ran Spybot, Norton and Zone Alarm for them and the system runs 100 times better, but still takes around 5 minutes to boot to the desktop when it used to take 30 seconds. Can you analyze this log for me and tell me what I need to do? Let me know if there's anything else I need to include for you. Thanks in advance:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\wjview.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Rebate_Nation\RebateNation0.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.... Read more

A:System slow; HJT log analysis request.

Geez Louise, that's pretty well infected there.....let's do a couple more tools before attacking the log head-on and hope some of it can be erased for us. Please post the ENTIRE log next time, including the headers.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Make sure to select the Autoclean option. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this site to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to c... Read more

Read other 3 answers
RELEVANCY SCORE 56

Yeah, it's me again. Started getting popups. Not sure how this keeps happening -- I use the "immunize" feature of Spybot S&D, don't download stuff, don't use P2P programs, and visit only a couple of websites.

Ran Ad-Aware and Spybot S&D after downloading the updates for them. Nothing but cookies. Downloaded the Ewido updates, booted into Safe mode, and ran a scan -- a few more cookies. Booted back up in a normal mode and ran VundoFix to scan for any possible files related to that, and came up clean.

My HijackThis log looks strange in that once again, my homepage isn't showing up on the log. That tells me something's still going on, but I sure as heck can't find it.

Logfile of HijackThis v1.99.1
Scan saved at 2:38:00 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explore... Read more

A:Abnormal HijackThis Log

Read other 7 answers
RELEVANCY SCORE 56

I submitted a service request--to which I have still received no response--on 4/4 because my Flex4 got stuck in a windows repair look. I did plenty of research and figured out I needed to get a recovery disc from Lenovo. I tried to do that and found out I needed to download and create my own instead. Fine. I bought a flash drive, downloaded the files, and tried to boot the Flex4 from the flash drive. It didn't work. I did some more research and read that maybe I needed to make the boot partition on the flash drive active. I did that. The Flex4 still won't boot. Yes, I've changed the BIOS options to boot from USB first. Yes, in the boot menu, it recognizes the flash drive as a boot option. Yet nothing ever works. The laptop comes to the Lenovo screen with the spinning icon, and it just spins. I've left it overnight and it will still be spinning 8 hours later.  Today, I got an e-mail from Lenovo saying my issue has been resolved. I checked the status on the Lenovo web site and it says the same thing. That's very interesting since I never received ANY response from Lenovo about my actual problem. After seeing the message about the closed ticket, I tried to submit a new ticket. I got an e-mail from Lenovo with the subject: Lenovo Service Request: Processing Error. The e-mail said: "Thank you for contacting us. Unfortunately, your service request could not be created automatically by our system." So they didn't solve my issue, didn't even respond to it, closed my ti... Read more

Read other answers
RELEVANCY SCORE 56

Hey all,
 
Was hoping someone could point me in the right direction on where to perhaps expand on my near non-existent knowledge of Malware Analysis?
 
I've purchased and read Practical Malware Analysis - (Michael Sikorski, Andrew Honig) & Malware Analyst's Coobook - (Blake Hartstein, Matthew Richard, Michael Hale Ligh, and Steven Adair.) but want more, and perhaps updated? sources.
I'm also attempting to build my own homegrown test lab, out of some laptops, and 6 ex-government refurbished towers  (My desk is crying under the weight!) and was interested to know how others have designed their labs.
 
I was just wondering if the subject matter experts for this area (or the ones to modest to admit they are experts) could maybe give me the names of some more books/whitepapers/articles or perhaps some general guidance? Even if I get directed to older Posts on the subject, I'm new at this and beyond eager to learn.

Read other answers
RELEVANCY SCORE 56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:09 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 56

Hi Guys

I've been trying to get Windows 7 to work on my Notebook HP Model DV7-1285DX for the longest time now to no avail. The install always goes without a hitch, but am plagued with BSODs from the word go
I've installed most every Beta version and every permutation of drivers out there

Always attributed the problem to unstable beta product & lack of official Windows 7 Drivers. My latest OS is the RTM with ALL of the hardware properly configured. HP has the Windows 7 Drivers for my model on their website (including the BIOS update which I installed)

I use the notebook for watching movies on my TV (connecting via HDMI) and I have been dealing with the BSOD as many as 4-5 times during a movie at times. The problem BSOD and reboots dont follow any recognizable pattern (sometimes I can get thru various movies with no BSOD, I dont get the BSOD ONLY while watching movies either - it happens just as much while using the notebook normally as well)

Since yesterday I've had 7 BSODs and I installed WinDBG to have a look at the data for the first time. I'm no expert but its completely random from what I see - the processes involved are different in each DMP

I ran MEMtest86 and got No errors

Can somebody who knows what the files "really" say have a look at the attached dumps and advise what I ought to do to fix this problem??

Any help would be more than welcome - Thanks

A:BSOD on HP 1285DX Debugging Help Request (DMP Analysis)

  
Quote: Originally Posted by Rhadamanthys


Hi Guys

I've been trying to get Windows 7 to work on my Notebook HP Model DV7-1285DX for the longest time now to no avail. The install always goes without a hitch, but am plagued with BSODs from the word go
I've installed most every Beta version and every permutation of drivers out there

Always attributed the problem to unstable beta product & lack of official Windows 7 Drivers. My latest OS is the RTM with ALL of the hardware properly configured. HP has the Windows 7 Drivers for my model on their website (including the BIOS update which I installed)

I use the notebook for watching movies on my TV (connecting via HDMI) and I have been dealing with the BSOD as many as 4-5 times during a movie at times. The problem BSOD and reboots dont follow any recognizable pattern (sometimes I can get thru various movies with no BSOD, I dont get the BSOD ONLY while watching movies either - it happens just as much while using the notebook normally as well)

Since yesterday I've had 7 BSODs and I installed WinDBG to have a look at the data for the first time. I'm no expert but its completely random from what I see - the processes involved are different in each DMP

I ran MEMtest86 and got No errors

Can somebody who knows what the files "really" say have a look at the attached dumps and advise what I ought to do to fix this problem??

Any help would be more than welcome - Thanks


These... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

The title says it all pretty much, I recently installed start menu 8 great app but for some reason it got rid of IE11 and then I installed open brodcaster latest version ive since known that moment Catalyst control center host program uses very high disk space also sometimes upto %100 and then crashes this also happens to service host loical system (11) which i have a picture for and i recently did an anti malware scan and found 12 peices of malware which i later removed.

A:Abnormal disk usage from OS for certian period of time.

I think it's when the system is just booting up and using a lot of disk space then it goes back to normal 0% after it booted because ive checked and im clean if malware and viruses.

Read other 1 answers
RELEVANCY SCORE 55.2

EDIT: Moved to the Virus, Trojan, Spyware, and Malware Removal Logs forum I have had scareware come up recently and so I downloaded combofix on a different computer and just ran it to see if it gets rid of it.It appears to have done so but please could someone see if I need to do anything else following a read of the log it produced (below?)ComboFix 11-12-08.01 - Paul Boyden 08/12/2011 17:52:40.1.4 - x64 MINIMALMicrosoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3893.3086 [GMT 0:00]Running from: F:\ComboFix.exeAV: Panda Internet Security 2011 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}FW: Panda Personal Firewall 2011 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}SP: Panda Internet Security 2011 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\FullRemove.exec:\programdata\NOTEPAD.EXE-x.txtc:\programdata\RUNDLL32.EXE-x.txtc:\users\Paul Boyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.45287507067181443.exe.lnk..((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))..2011-12-08 18:00 . 2011-12-08 18:00 -------- d-----w- c:\users\Default\AppData ... Read more

A:Simple request - UKASH Scareware combolog analysis

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431363 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hello,
I've been invaded!!! The mouse cursor is quite irratic. When performing a single click on a form, it is sometimes interpreted as a double click. When dragging a form the form doesn't respond or it will respond to the drag sporadically. When attempting to highlight text, image, etc., the highlight doesn't happen or only a partial highlight will occur. It is very annoying which is what I'm sure is the mission of the designer of this bug, virus, trojan, whatever. Also, at the same time this invader changed the format of the system date/time form standard time to military and month/day/year to year/month/day. I've ran the AVG anti-virus program and AVG root toolkit - they've both came up without finding any foreigners. I've ran Spybot and it to came up empty-handed. The operating system on this computer is XP sp3.

Sincerely,
rascaal

A:Abnormal Mouse Cursor Behavior, Date/Time reformatted

System manufacturer and model?

FWIW: System problems such as have (so far) described...may occur for various reasons...malware may be among them, but let's try a few things.

First...I'd like you to run the chkdsk /r command. Start/Run...type chkdsk /r and hit Enter. Type Y in response to onscreen query and hit Enter. Reboot the system and let the command execute, the system will boot into XP when the command has completed.

Second...I'd like you to enter the BIOS and check the time/date reflected there and ensure that all settings are still as they should be.

Third...if your mouse still behaves erratically, try a different mouse.

Louis

Read other 2 answers
RELEVANCY SCORE 54.8

Thank you for any helpLogfile of HijackThis v1.99.1Scan saved at 10:33:55 AM, on 5/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\PRISMSVR.EXEC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Intel\Intel Matrix Storage ... Read more

A:Hijack Analysis Request: Spyfalcon On Ie And Background Program Cashe

Hi, ydobwonk,Sorry it took so long for us to get to you. Thank you for waiting patiently.Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.Please download the trial version of Ewido Anti-malware 3.5 from here:http://www.ewido.net/en/download/Install Ewido Anti-malware.When installing, under Additional Options uncheck Install background guard and Install scan via context menu.When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.The program will prompt you to update. Click the Ok button.The program will now go to the main screen.You will need to update Ewido to the latest definition files.On the left-hand side of the main screen click the Update Button.Click on Start.The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido. http://download.ewido.net/ewido-signatures-full-current.exeOnce finished updating, close Ewido.Make sure to close Ewido before installing the update.Reboot your computer in Safe Mode.If the computer is running, shut down Windows, and then turn off the power.Wait 30 seconds, a... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

I have recently notices some abnormal windows processes i have not seen before.

here is a Hijack this log.
 hijackthis_10_04_2007.log   4.11KB
  12 downloads

A:Abnormal Windows Processes (hijackthis Log)

Hi ArcZero,Welcome to Bleeping Computer. Your log is clean. Frankly I am rather amazed to see this, because your machine is wide open to infection. Here are the main problems:I can see no evidence that you have any antivirus software installed. If this is the case, you need to install an antivirus program immediately. Please download one of these free programs:AVG Free is available at this site.Avast Home Edition is available here.Avira AntiVir can be downloaded here.I personally use AVG Free, but all these programs have good reputations. If you don't like one, you can try another. Please consult the help files or online support for information on installing, updating, and using the program.Another issue is that I see no evidence of a firewall on your computer. It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer. I recommend you download and install one of these excellent (and free) products: Zone AlarmSygateOutpost Firewall FreeKerio personal firewallFor more information about firewalls, please read this tutorial.And finally, your Windows installation is badly out of date. Microsoft does not support SP1 any more, and it has numerous security risks that have been exploited by malware writers.Please go to this web page where you will find links to information on Service Pack 2 and ways to obtain it. Your basic options are either to download, which is practical if you have a high speed internet connec... Read more

Read other 1 answers