Over 1 million tech questions and answers.

Webbrowser High-jack

Q: Webbrowser High-jack

Hello all,

I was recently victim to the VIRUS PROTECT scam. Thanks to the posts herein, I believe I successfully removed most of the malware. However, I still have a persistent and sporadic bug that redirects my web search links to a rogue url. Here is an example of an attempt to link to search result from "cod liver oil" :

(http://alfasort.com/search.php?q=cod%20liver%20oil )

The alfasort string is the ubiquitous prefix. I am using Microsoft's Internet Explorer. I am running Kaspersky Internet Security suite.

Can anyone here graciously offer some direction on how to eliminate this annoyance?

Thank you.

WPM

RELEVANCY SCORE 200
Preferred Solution: Webbrowser High-jack

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Webbrowser High-jack

Hello MtnGntx, welcome to the forum.Need to know exactly what you did ... so Did you do/run these? How to remove VirusProtect or Virus Protect (Removal Instructions)Next, please download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the prompts.During installation an icon will automatically be created on your Desktop.If the program does not open after installation, double-click on the RogueRemover icon to launch.Select "Check for Updates" and click Download if any are found.Wait for the updates to finish downloading, then Close the update window.Select "Scan" and follow the onscreen directions to remove anything found.If nothing is found, exit RogueRemover.If RogueRemover finds something, it will present a list of detected items.Click "Remove selected", then Yes at the prompt.Wait for the removal to complete and then close RogueRemover.If using Windows Vista, be sure to Run As Administrator Download and scan with SUPERAntiSpyware, Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from HERE.)Under "Configuration and Preferences", click the Preferences button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Reboot into Safe ModeHow to start Windows in Safe ModeBack on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".Make sure everything has a checkmark next to it and click "Next".A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.If asked if you want to reboot, click "Yes".To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab.Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.Please copy and paste the Scan Log results in your next reply.Click Close to exit the program.

Read other 6 answers
RELEVANCY SCORE 51.6

is this normal?

A:high jack this log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:07 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalE... Read more

A:High-jack Log Help!

Hello, elvy. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to create a Deckard's System Scanner (DSS) LogPlease download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.Primary MirrorSecondary Mirror

DSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is n... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Logfile of HijackThis v1.97.7
Scan saved at 11:29:20 AM, on 6/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\MPS\mscifapp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\CheckIt\86\CheckIt86.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Outlook Express\msimn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\jessie\My Documents\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dev.ntcor.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local P... Read more

A:High Jack This PLEASE

Click here to download CWShredder. Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

When it is finished restart your computer.
Come back here and post another Hijack This log and we'll get rid of what's left.
 

Read other 3 answers
RELEVANCY SCORE 51.6

someone tell me what to fix or whatever with this log? thanks

Logfile of HijackThis v1.98.2
Scan saved at 11:33:53 AM, on 2/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGR... Read more

A:high jack this log

Add remove programs, remove lime shop and wildtangent

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE 1.05 http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Do these and reboot before the next step.

Then get the CURRENT HiJack This http://downloads.subratam.org/hijackthis.zip
 

Read other 1 answers
RELEVANCY SCORE 51.6

Logfile of HijackThis v1.99.1
Scan saved at 4:51:11 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\sndcfg16.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-78... Read more

A:Please take a look at my High Jack This log

Read other 9 answers
RELEVANCY SCORE 51.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:21:42 AM, on 1/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Pag... Read more

A:high jack this log

This was the title: Hey I need some help with my hijack this log. I have pop up that I did not get in the past and I cannot update windows, ad aware so on, popups,unable to update programs ~ OBHey i hope you guys can help me with this it is really bothering me I will attach the 4 logs that I have generated

Read other 3 answers
RELEVANCY SCORE 51.6

I have attached the HJT log what can I delete;

Logfile of HijackThis v1.99.1
Scan saved at 9:03:15 AM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\... Read more

A:High Jack This Log

you should put that in the secuirty boards so a certified member can reveiw it
 

Read other 3 answers
RELEVANCY SCORE 51.6

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:39 PM, on 3/31/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\... Read more

A:HIgh Jack This Log: Please help

ComboFix 11-03-31.01 - Gary Buffington 03/31/2011 18:39:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2318 [GMT -5:00]
Running from: c:\documents and settings\Gary Buffington\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gary Buffington\g2mdlhlpx.exe
E:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-20 18:23 . 2010-10-14 03:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-03-20 18:23 . 2010-10-14 03:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-03-20 18:23 . 2010-10-14 03:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-03-20 18:23 . 2010-10-14 03:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-03-20 18:23 . 2010-10-14 03:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-03-20 18:23 . 2010-10-14 03:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-03-20 18:23 . 2010-10-14 03:28 52104 ----a-w- c:\windows\sy... Read more

Read other 4 answers
RELEVANCY SCORE 51.6

Hi I was wanting to know if any of this stuff on the HJT log could be causing me to get web page not found. thanks C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search ... Read more

A:high jack this log

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere, and still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Perform an online scan with Panda ActiveScanClick on Scan Your PC Now
A "pop up" window will appear, or a new tab will open.
Click on Register
Choose the option you like most, but we recommend the Free Registration.
Click on Register
Enter your e-mail address, and create a password.
Select "I do not want to receive any type of information" (unless you want to receive such information)
Click on Send
Confirm registration, and continue by entering your user name and password, then click on Enter
Select Full Scan, then Click on Scan Now
Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
Please ignore the offer to buy the program. Click on Export To

Export th... Read more

Read other 19 answers
RELEVANCY SCORE 51.6

Ok I downloaded high jackthis on my computer and did a scan.theres nothing wrong with the computer but wanted to back that up with you

Logfile of HijackThis v1.99.1
Scan saved at 4:32:14 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DR... Read more

A:High jack this log

http://forums.techguy.org/windows-nt-2000-xp/492356-high-jack.html
Closing duplicate, and it's HIJACK this
 

Read other 1 answers
RELEVANCY SCORE 51.6

Hi

Can you please take a look at this log to see if there is any thing wrong .. im having trouble getting on some web pages .. some will load others wont , cheers

Rich ...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:57, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Games\Flight Simulator 9\Modules\ASv6\ASv6.exe
C:\Program Files\OO Software\Defrag Professional\oodcnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Liv... Read more

Read other answers
RELEVANCY SCORE 51.6

I would like to know if anyone can help me with this look at it and see if there is anything that needs to be fixed thanks..

Logfile of HijackThis v1.97.7
Scan saved at 10:43:20 PM, on 10/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\my\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R0 - H... Read more

A:Help on high jack this thanks

You have an outdated version of HiJackThis. (It's currently at v1.98.2)

To update HiJackThis:

Open the program. click "Config..." --> "Misc. Tools" --> "Check for Update Online".

Or:

Please go to the link below and download HiJackThis:

http://www.majorgeeks.com/download3155.html

***NOTE***Do not FIX anything without a log analyzer's guidance. MOST of what's listed is necessary for your computer to operate normally.
Download and unzip to a permanent folder of your own creation.

Open HiJackThis. Click "Scan". Then, in the lower left corner, click "Save Log".

Save it to your permanent HiJackThis folder (or floppy disk if necessary).

The log will open in Notepad. Click "Edit" then "Select All".

Copy and paste the log back to this thread.

Alternate download links:

http://www.spychecker.com/program/hijackthis.html

http://www.spywareinfo.com/~merijn/downloads.html
 

Read other 3 answers
RELEVANCY SCORE 51.6

Hi,

Could you help me with my HJT log file?
It is taken in safe mode.
Thanks in advance!

/Gurra

Logfile of HijackThis v1.99.0
Scan saved at 20:38:43, on 2005-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\Program\COMMON~1\Toolbar\cnbabe.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\.... Read more

A:Help with High Jack This log

Hi.....

On the Windows XP taskbar:
Click "Start" > "Control Panel"
In the Control Panel window, double-click "Add or Remove Programs"
Uninstall "CommonName".
=======================================
Download AdAware SE from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)
Now re-boot...

Then
Download Spybot - Search & Destroy from http://majorgeeks.com/download2471.html

After inst... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

just woundering if i been highjc computer acting real slow ogfile of HijackThis v1.97.7
Scan saved at 11:35:29 PM, on 10/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.cl... Read more

A:can someone see if i been high jack ty

Nothing obvious showing, but you are using an out of date version of HJT

please download the latest version 1.98.2 which shows additional locations that malware runs from and post a new log from that version
 

Read other 1 answers
RELEVANCY SCORE 51.6

I think this is what I post.

Deckard's System Scanner v20070426.43
Run by Nick on 2007-04-27 at 23:29:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
39: 2007-04-27 15:29:50 UTC - RP39 - Deckard's System Scanner Restore Point
38: 2007-04-27 1540 UTC - RP38 - Installed Ad-Aware SE Personal
37: 2007-04-27 10:20:11 UTC - RP37 - Installed Lineage II
36: 2007-04-27 10:18:36 UTC - RP36 - Removed Lineage II
35: 2007-04-27 03:08:26 UTC - RP35 - Installed Adobe Reader 8


-- First Restore Point --
1: 2007-04-23 13:20:56 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Nick.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:31:19 PM, on 4/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.E... Read more

A:High Jack this log.

*bump*

Read other 1 answers
RELEVANCY SCORE 51.6

I am runing win7 and iE8 and I have to use iE8.
 
I think I got Browser got HighJacked.
 
I Hear Ads playing for Sports and the Housewives of NJ.
 
I ran MailWere Bytes and it found nothing.
 
And I looked in msconfig and just my AntiVirus program is there.
 
What do I do?

A:iE8 High Jack

Read this and follow the instructions please.
http://www.bleepingcomputer.com/forums/t/182397/am-i-infected-what-do-i-do-how-do-i-get-help-who-is-helping-me/

Read other 3 answers
RELEVANCY SCORE 51.6

Could somebody please check this highjack this log and advice me on anything that is not safe as I seem to have a problem with my system crashing this started yesterday 29/12/05

Many Thanks

Ken

Logfile of HijackThis v1.99.1
Scan saved at 21:56:56, on 30/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program... Read more

A:High Jack This Log

Please do not start duplicate threads. Reply here:

http://forums.techguy.org/showthread.php?t=429733
 

Read other 1 answers
RELEVANCY SCORE 51.6

could someone have a read through this and let me know what you think i have ran spy bot and adaware still get pop ups,

thanksLogfile of HijackThis v1.97.7
Scan saved at 14:41:09, on 16/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ssghzf.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WI... Read more

A:high jack this log

you've got an old version of HJT. download the latest one. it should be v1.98.2. Then hopefully someone will read your log. You might have to put HJT in another location on your computer ie. c:\program files\HJT
 

Read other 2 answers
RELEVANCY SCORE 51.6

Hello. I am running win 2000 pro and i always use firefox. For some reason my physical memory is always being used a lot. Sometimes almost all of it. Even with nothing running at all but windows. Here is my high jack this log. If you guys need anything else then let me know. I am pretty computer savy.


Logfile of HijackThis v1.99.1
Scan saved at 7:48:53 PM, on 9/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\admin\Desktop\HijackThis1991.exe

O2 - BHO: Adobe PDF Reader Link ... Read more

A:High Jack This help!!!

Ok i forgot that i killed a couple programs with task manager before i ran hi jack this. So i rebooted and then did it again. Hope that helps! And thanks a lot!!!

Logfile of HijackThis v1.99.1
Scan saved at 8:03:54 PM, on 9/14/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\PnkBstrA.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iCall\iCall.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\admin\Desktop\HijackThis1991.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) ... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

hello can someone help me. i'm trying to clean up my computer. can some one read this please.

thank you

Logfile of HijackThis v1.97.3
Scan saved at 10:18:07 AM, on 11/15/2003
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\MY DOCUMENTS\MY PICTURES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http:///
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:///
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.earthlink.net/channel/START
O1 - Hosts: 157.238.59.46 uh-oh.net www.uh-oh.net www.thumbnailseries.com t... Read more

A:using high jack this

Read other 8 answers
RELEVANCY SCORE 51.6

SDFix: Version 1.100

Run by Administrator on Mon 08/27/2007 at 10:00 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...
Normal Mode:
Checking Files:

Trojan Files Found:

C:\~GLHTTP1.TMP - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*isabled:backWeb-7288971"
&qu... Read more

A:Another High Jack This

SDFix: Version 1.100

Run by Administrator on Mon 08/27/2007 at 10:00 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...
Normal Mode:
Checking Files:

Trojan Files Found:

C:\~GLHTTP1.TMP - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"="C:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*isabled:backWeb-7288971"
&qu... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Here is my HJT log file. I have Windows XP and really do not know anymore how to get rid of these spyware ads. It is killing my computer!!! Please help me.

Logfile of HijackThis v1.98.0
Scan saved at 1:47:06 PM, on 7/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\00THotkey.exe
C:\documents and settings\marisa akson\local settings\temp\iC6.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\WindowsSA\omniscient.exe
C:\WINDOWS\System32\fykanjo.exe
C:\PROGRA~1\INTERN~3\inetmgr.exe
C:\Program Files\VVSN\VVSN.exe
C:\documents and settings\marisa akson\local settings\temp\aeHXH.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\INTERN~3\inetsvc.exe
C:\Program... Read more

A:High Jack This Log

Read other 8 answers
RELEVANCY SCORE 51.6

Just wondering if i was alright.

thanks for helping me out.

Logfile of HijackThis v1.97.7
Scan saved at 12:20:41 PM, on 11/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\WINDOWS\essspk.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\CallWave\IAM.exe
C:\Documents and Settings\wes\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/
... Read more

A:high jack this log

Run Hijackthis again and fix the following items. Be sure all windows are closed except for Hijackthis

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [systray] C:\WINDOWS\System32\a.exe

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
Than boot to safe mode and delete this file (a.exe)

C:\WINDOWS\System32\a.exe
 

Read other 1 answers
RELEVANCY SCORE 51.6

Which ones can I delete?

Logfile of HijackThis v1.99.1
Scan saved at 10:58:23 AM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
... Read more

A:High Jack Log

Read other 7 answers
RELEVANCY SCORE 51.6

heres my high jack this log please tell me what needs to be done thanks

Logfile of HijackThis v1.98.2
Scan saved at 11:33:53 AM, on 2/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EX... Read more

A:high jack this log

Go to Control Panel - Add/Remove Programs
Uninstall:
LimeShop
WeatherBug
WuldTangent

Download and run the following:

Ad-Aware SE: http://www.lavasoftusa.com/support/download/

Install and run it. On the bottom right corner of Ad-Aware you will see an option called "Check for updates now", click on that and choose "connect". Download the updates. Next click on "Scan now" on the left side of Ad-Aware. Make sure that "Search for negligible risk entries" is crossed out and not ticked. Choose "Perform full system scan" and click "Next". After Ad-Aware scans your computer, Ad-Aware may find some bad files on your computer so make sure you tick them all and choose "Next". It will ask if you want to remove those items so just continue. After removing the items close Ad-Aware.

Reboot

Spybot S&D: http://majorgeeks.com/download2471.html

Install and run it. Choose "Search for updates". Next choose "Download updates". After that, choose "Search and Destroy" and click on "Check for problems". If Spybot finds any nasties on your computer, make sure that they are ticked and choose "Fix selected problems".

Reboot again

Get the latest version of Hijack This from here: http://www.thespykiller.co.uk/downloads.htm

Post a new log
 

Read other 1 answers
RELEVANCY SCORE 51.6

hi well basically my computer is really screwed up, i think i have some spyware or something, the background is all blue with a black square in the middle saying, "System Stopped" i don't know what is going on, but yea i tried running about 5 different ad aware, norton antivirus 2005 all kinds of things and nothing seems to work, but yea heres my high jack this log and spysherrif keeps popping up every time i restart my computer and i have to keep deleting it....




Logfile of HijackThis v1.99.1
Scan saved at 12:24:35 PM, on 6/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Analog Devices\Sound... Read more

A:High Jack This Log

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

During the course of disinfection, I may ask you to fix a program that you wish to retain. Please post back to inform me.


+++ WARNING +++

BroadJump - I see you have BroadJump on your system. This is the newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit. I suggest that you carry out the fixes indicated below but I would approach your ISP as soon as possible and ask them how to remove it and why they installed it in the first place. Do not attempt to uninstall the program yourself. (I suggest that you place this speech in all logs that contain Broadjump entries immediately after your speech advising the user to copy or print your instructions)

You are running HijackThis from an inappropriate location. It should be run from a permanent folder. This program creates backup files which we may need to use later. If the program is in a temporary folder, important backups may be accidentally deleted.
Please go into Windows Explorer
Click on C:\
Click on File > ... Read more

Read other 5 answers
RELEVANCY SCORE 51.6

Panda anti-virus found 2 virus and can't fix them. Are they in this log or what should i delete from this log.

Logfile of HijackThis v1.96.2
Scan saved at 5:56:09 PM, on 11/23/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Kazaa Li... Read more

A:new high jack this log

nhilar

The version of Hijack This you have is outdated. Pleas go here:

http://www.tomcoyote.org/hjt/

Download the latest version and post the log from it.
 

Read other 3 answers
RELEVANCY SCORE 51.6

i need to know if any if this is harmful to my computer because i see a bullseye toolbar in my control panel and i dont remember downloading it / Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:21:49 AM, on 6/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\PROMon.exeC:\Program Files\Charter Security Suite\Common\FSM32.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exeC:\Program Files\Charter Security Suite\Common\FSMA32.EXEC:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Charter Security Suite\Common\FSMB32.EXEC:\WINDOWS\system32\NMSSvc.exeC:\Program Files\Charter Security Suite\Common\FCH3... Read more

A:High jack this log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 51.6

Hi,

Please have a look at the attached log and let me kow if there is anything I should remove. I keep getting pop ups on my PC screen.

Best regards,
Olan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:45, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\... Read more

Read other answers
RELEVANCY SCORE 51.6

could some one check this to see if I have any problems? Thank you.Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\program files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\BellSouth\Client Foundation\CFD.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CMS Peripherals\ABSplus Ba... Read more

A:High Jack This Log

Read other 9 answers
RELEVANCY SCORE 51.6

Hi, was highjacked and ran panda,spy-bot,adaware,microsoft adware,deleted what i could find but not sure what else i should clean.please check my log and advise.thanksLogfile of HijackThis v1.99.1Scan saved at 10:37:17 AM, on 6/12/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Highjackthiis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.shopnbc.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lavasoftnews.com/ms/display_mai...=IBIS%20ToolbarR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;O1 - Hosts: auto.search.msn.com 127.0.0.1O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-... Read more

A:High Jack this log

Hello Elm and welcome to BleepingComputer. We have quite a lot to do here.I need to get samples of some of your files. Please create a folder on your desktop and name it Elm. Now copy the following files into that directory:lpt.exeInpriseMon.exe^ You will need to use Windows Search to locate these filesTo copy the files simply navigate to the directory they are in and right click on the file name, and then click on copy option. Now go back to the newly created desktop folder <Elm> and right click in the folder and select the paste option. Do not 'Drag & Drop' as that will move the files instead of copying them. Once the files are all copied zip the folder. If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a Compressed folder. You will now see a folder called Elm.zip on your desktop. If you are using another version of Windows, you will need to use a zip utility of your choice to compress the folder. When the files are zipped, go to: http://www.bleepingcomputer.com/submit-malware.php and fill in the required fields and browsing to the file you are submitting. Please note in your comments in which folders these files were found. Finally click on the Send File button.You have Microsoft Antispyware running. The MSAS real-time protection can interfer with the fixes we are about to do so we need to disable it for the duration of this cleanup.Open Microsoft AntiSpyware.Click on Tools, Settings.In the left ... Read more

Read other 32 answers
RELEVANCY SCORE 51.6

i recently used highjack this to see if theres any weird programs running i like to do this every once in a while to check up but im not sure whats bad and whats good so im going to put sown all the things running and see if someone can tell me if theres something i need to get rid of ty.
Logfile of HijackThis v1.99.1
Scan saved at 11:45:44 AM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDO... Read more

Read other answers
RELEVANCY SCORE 51.6

I see alot of people using High jack this.I searched for it on my computer but no luck.Is it somthing that you buy.Do I need it.
 

A:High Jack this

Read other 14 answers
RELEVANCY SCORE 51.6

Hello Techguys
My lap top is running extremely slow!!! I have run Malwarebytes,Addaware,Spybot,AVG and system clean up and defrag.I might also add when I ran the highjack software I was denied write access to the host file.I have followed instructions from the pop up saying to manually edit file and reboot which I did but running the software again I got the same pop up.

This is my system-Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.73GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 502 Mb
Graphics Card: Standard VGA Graphics Adapter, 4 Mb
Hard Drives: C: Total - 76308 MB, Free - 36723 MB;
Motherboard: Acer, Inc., LuganoII
Antivirus: None

This is my hijack log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:17:21 PM, on 2/6/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Xtreme N Dual Band DWA-160\AirNCFG.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?... Read more

A:Here is my High jack log

Here is a link to the Acer TravelMate 4061WLMi laptop that you have listed.

It comes with an Intel Pentium M 725 1.60 GHz processor and 512 MB of DDR2 RAM and Windows XP, so you've obviously upgraded it to Windows 7.

With those wimpy hardware specs, you can expect Windows 7 to run like a turtle.

On top of that, you've installed AVG 2012 and Lavasoft Ad-Aware and Spybot - Search & Destroy - which are all system-hungry and slowing it down even more.

If you plan to keep Windows 7 in it, I strongly suggest that you max it out to its fully-supported amount of 2048 MB(2 GB) of RAM.

My advice to you is to format the hard drive and do a clean reinstall of Windows XP.

--------------------------------------------------------
 

Read other 1 answers
RELEVANCY SCORE 51.6

Please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:23 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\windows\system\hpsysdrv.exe
C:\Program ... Read more

A:High Jack This Log...

Read other 11 answers
RELEVANCY SCORE 51.6

I'm having a problem with a slow PC, and it locks up. Maybe somebody can see if I have any problems.

Logfile of HijackThis v1.97.7
Scan saved at 1:59:32 PM, on 7/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\msniasvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co... Read more

A:Please look at my High Jack log

Post this in the security forum, they can help you there
 

Read other 2 answers
RELEVANCY SCORE 51.6

this is my high jack this log could someone tell me what i need to do ? thanks

Logfile of HijackThis v1.98.2
Scan saved at 11:33:53 AM, on 2/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALC... Read more

A:high jack this log

The hijackthis you used is out of date,you can get the current version here http://www.majorgeeks.com/download3155.html then repost your log .....
 

Read other 1 answers
RELEVANCY SCORE 51.6

Logfile of HijackThis v1.98.2Scan saved at 12:25:24 AM, on 9/20/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\windows\system32\sain.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\PROGRA~1\Toolbar\TBPS.exeC:\Program Files\Common Files\WinTools\WToolsA.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\AIM\aim.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\w?nspoolwowexec.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\PROGRA~1\Toolbar\PIB.exeC:\WINDOWS\System32\devld... Read more

A:my high jack log

agdelt03Please read this.How to submit a Hijackthis LogThe same log is also here:http://www.bleepingcomputer.com/forums/t/2857/searchmiracle-help/This topic is now closed.

Read other 1 answers
RELEVANCY SCORE 51.6

Logfile of HijackThis v1.99.1
Scan saved at 6:52:55 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common ... Read more

A:High Jack This Log

Do not post multiple threads - this will be closed

Being helped here

http://forums.techguy.org/malware-removal-hijackthis-logs/607621-my-hjtl-please.html
 

Read other 1 answers
RELEVANCY SCORE 51.6

Hi

Although I am new to this forum, I have been following the relevant post, and may I say how knowledgeable the replies have been.

I am a complete novice in relation to computers, and I mean a complete novice, I can just about switch it on.

I have searched on Google for highjackthis but not found a direct hit, can anyone confirm if highjackthis has their own site.

I am operating Windows XP home.

Thanks in advance
 

A:High Jack This

Read other 15 answers
RELEVANCY SCORE 51.6

Hello all. It's my first time here. Need some help, please Woke up this morning to find my computer going mental thanks to my **** of a brother. Can someone help, please? I used HJT analyzer, FYI. Hope I did it right!

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 5:39:30 PM, on 2/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\sm.exe
C:\WINDOWS\system32\d3gq.exe
C:\DOCUME~1\default\LOCALS~1\Temp\8.tmp.exe
C:\WINDOWS\System32\mspsubs.exe
C:\WINDOWS\qbddgfvx.exe
C:\WINDOWS\System32\mshla.exe
C:\WINDOWS\system32\iesi32.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\System32\tibs5.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
c:\program files\180solutions\sais.exe
C:\HJT\hijackthis\HijackThis.exe

R1 -... Read more

A:Another High Jack This Log, please help!

Welcome to TSF.

Let's do this first:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download and install Spybot S&D. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, c... Read more

Read other 19 answers
RELEVANCY SCORE 50.8

Here is my HighJack this list...
I've removed a bunch of stuff from it, however, still not performing as well as it should. HELP...HELP....HELP...
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\IAMAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
D:\PROGRAM FILES\POPUP KILLER\POPUPKILLER.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\SYMPROXYSVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-explorer.net/search_page.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myt... Read more

A:High Jack This log..is this why my comp is a POS?

Fix these items, and to clean up the rest, run Spybot Search & Destroy from http://security.kolla.de
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-explorer.net/search_page.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.search-explorer.net/search_page.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-explorer.net/search_page.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.search-explorer.net/search_page.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search-explorer.net/search_page.php

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx

R3 - URLSearchHook: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

O2 - BHO: (no name) - {D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - C:\PROGRA~1\COMMON~1\BTLINK\BTLINK.DLL

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH304181.DLL
 

Read other 1 answers
RELEVANCY SCORE 50.8

can someone help me with this?
I need help on seeing what i need and dont.
Logfile of HijackThis v1.99.1
Scan saved at 5:46:38 PM, on 6/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
c:\windows\system32\mszzad.exe
C:\WINDOWS\system32\accwiz.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Zigma\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\M... Read more

A:I need help with my high jack log file

Hello rindok

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the follow... Read more

Read other 4 answers
RELEVANCY SCORE 50.8

OK I downloaded HJT and did a scan. I did not deleat anything yet heres the log

Logfile of HijackThis v1.99.1
Scan saved at 1:41:44 PM, on 8/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\WINDOWS\system32\LXSUPMO... Read more

A:High jack this scan

I know theres nothing wrong but Sinse I downloaded it I figured it would not hurt to do a scan
 

Read other 2 answers
RELEVANCY SCORE 50.8

Popups and adweare have taken over my computer even throwing me offline. I have run Microsoft MRT tool and ESET scans and nothing was found. Your TSG SysInfo says that I don't have antivirus but it's loaded on my machine. I'm not tech savvy but I welcome any help. Thanks Puck. Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 7991 Mb
Graphics Card: Intel(R) HD Graphics, -324 Mb
Hard Drives: C: Total - 939685 MB, Free - 370993 MB; I: Total - 1907728 MB, Free - 877687 MB;
Motherboard: Dell Inc., 0C2KJT
Antivirus: None
 

A:Computer High Jack

Welcome to Tech Support Guy,

Please run the following diagnostic tool:

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Read other 1 answers