Over 1 million tech questions and answers.

I Am A New User.. I Hope Somebody Can Analysis This Hijack Log For Me.thanks

Q: I Am A New User.. I Hope Somebody Can Analysis This Hijack Log For Me.thanks

Logfile of HijackThis v1.99.1Scan saved at 1:39:48 PM, on 2/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exeC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\BitComet\BitComet.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /optiO4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeO4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytrayO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [winsysupd] C:\\winsysupd11.exeO4 - HKLM\..\Run: [winsysban] C:\\winsysban11.exeO4 - HKLM\..\Run: [gimmygames] C:\\gimmygames11.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37610.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

RELEVANCY SCORE 200
Preferred Solution: I Am A New User.. I Hope Somebody Can Analysis This Hijack Log For Me.thanks

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: I Am A New User.. I Hope Somebody Can Analysis This Hijack Log For Me.thanks

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *Download & install CleanUp.exe (not recommended for WinXP64)Download and install Ewido Security SuiteWhen installing, under "Additional Options", uncheck - Install background guardHave Ewido update itself & then exit the program.If you are having problems with the updater, you can use this link to manually update Ewido'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankO4 - HKLM\..\Run: [winsysupd] C:\\winsysupd11.exeO4 - HKLM\..\Run: [winsysban] C:\\winsysban11.exeO4 - HKLM\..\Run: [gimmygames] C:\\gimmygames11.exe * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3. Instead of Windows loading as normal, a menu should appear4. Select the option to run Windows in Safe Mode.* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *If you have not done so already, please enable the viewing of Hidden filesFrom Windows Explorer, go to Tools -> Folder Options -> View tab. Tick - 'Show hidden files and folder' Untick - 'Hide file extensions for known types' Untick - 'Hide protected operating system files'Click Yes to confirm & then click OKLocate and delete the following files/folders: (let me know if you fail to find/delete any) C:\winsysupd11.exe
C:\winsysban11.exe
C:\gimmygames11.exe * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *Run Cleanup! using the following configuration:1. Click Options...2. Set the slider initially to Standard CleanUp!3. Uncheck the following:Delete Newsgroup cacheDelete Newsgroup SubscriptionsScan local drives for temporary files4. Click OK5. Press the CleanUp! button to start the program. 6. Do NOT reboot/logoff if prompted. * CleanUp! will not create any backups!!* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean filesWith the first file it prompts to clean, select the option: "Perform action on all infections" .Choose clean and click OK.Once finished, click the Save report button & save the report to your desktop** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online ScannerAnswer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database:ExtendedScan Options:Scan ArchivesScan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply* Turn off the real time scanner of any existing antivirus program while performing the online scan* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *In your next post, please include fresh logs from: HiJackThis log Online Scan Ewido Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Read other 16 answers
RELEVANCY SCORE 52

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-02-01.01)Microsoft? Windows Vista? Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 10/17/2007 7:02:58 PMSystem Uptime: 2/8/2009 8:08:17 PM (1 hours ago)Motherboard: Quanta | | 30CCProcessor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/667mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 225 GiB total, 176.819 GiB free.D: is FIXED (NTFS) - 8 GiB total, 1.825 GiB free.E: is CDROM ()==== Disabled Device Manager Items ================= System Restore Points ===================RP453: 1/19/2009 7:08:35 PM - Scheduled CheckpointRP454: 1/20/2009 10:06:25 PM - Windows UpdateRP455: 1/21/2009 9:41:04 PM - Windows UpdateRP456: 1/22/2009 5:32:33 PM - Windows UpdateRP457: 1/26/2009 5:16:32 PM - Windows UpdateRP458: 1/27/2009 9:31:14 PM - Restore OperationRP459: 1/27/2009 9:46:26 PM - Windows UpdateRP460: 1/28/2009 10:08:05 PM - Windows UpdateRP461: 1/28/2009 10:12:04 PM - Windows UpdateRP462: 1/29/2009 7:36:46 PM - Windows UpdateRP463: 2/3/2009 8:38:49 PM - Windows UpdateRP464: 2/5/2009 5:13:51 PM - Windows Update==== Installed Programs ======================2007 Microsoft Office Suite Service Pack 1 (SP1)ABBYY FineReader 6.0 SprintActivation Assistant for the 2007 Microsoft Office suitesAd-AwareAdobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)Adobe Flash Player 10 ActiveXAdobe Reader 8.1.2Adobe Reader 8.1.2 Se... Read more

A:new hjt user posting logfile-(i hope)

About 2 weeks ago my comp started locking up after about 60-90 min. of use. The screen stays on monitor and can move cursor, but cant click anything, can't get to task mgr to close out programs.
DDS (Ver_09-02-01.01) - NTFSx86
Run by erv13 at 21:17:22.50 on Wed 02/11/2009
Internet Explorer: 7.0.6000.16764
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2038.833 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSv... Read more

Read other 21 answers
RELEVANCY SCORE 50.8

Hi my name is Jerry and I'm new to this site. My computer has been running a little slow latley and i was wondering if you guys could help me. One of my co-workers had recommended you guys. Id also like to improve my start up, it takes to long to load up.I have downloaded the hijack logfile and saved the log, please help me. Your help is much appreciated.
Sincerely,
Jerry

A:Log Analysis-plz Help New User

Sorry for got the log file lol. Here it is and thatnks again for any help.Logfile of HijackThis v1.99.1Scan saved at 10:20:31 AM, on 9/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\sys... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

not sure but i think my friends comp has some spyware or something...so i ran a hijack this...here is the log
Logfile of HijackThis v1.99.1
Scan saved at 18:37:22, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP ... Read more

A:i hope you can help...hijack this log

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new Hijack This log

 

Read other 3 answers
RELEVANCY SCORE 50.8

I was surfing and i believe i have been hijacked, I ran spy sweeper, ad aware and shredder. Those fix most of my problems, but i cant get rid of a search toolbar that shows up once in awhile and a some weird noises coming out of my puter when I hit the shift key.

This forum and website reminds me of
"The Lord of the Rings"
GOOD versus Evil

thanks in advance for any help with my log.

Logfile of HijackThis v1.97.7
Scan saved at 7:33:03 PM, on 3/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\MMKeybd.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\PROGRA~1\HOLEAN~1\piledogmore.exe
C:\WINDOWS\SYSTEM32\tbctray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Netropa\OSD.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-c... Read more

A:I hope you can help...hijack this log

Read other 11 answers
RELEVANCY SCORE 50.4

So I have Vista 32bit- Did a scan of all open ports, and I find a few funny looking things.

I've copied the report from CurrPoints below- Can anyone assist with identification- if I have some unwanted listening going on?!? Tried looking up a couple of the ports and they are not even found- wondering if my system has been compromised somehow-----


First attachment is the stuff I don't unerstand-

Second one is full report from CurrPorts program.

Thanks!


( PLEASE SEE ATTACHMENTS)

A:New User Needs Help-CurrPorts Log- Analysis Please?

Hi,

Try looking at the IP addresses here to see who they belong to: -

http://www.ip-adress.com/ip_tracer/68.228.22.192

Read other 1 answers
RELEVANCY SCORE 50.4

Well, here it is.Have a look, and pleeeeeease help. I'm having extreme lag on surfing, and other things.Using Windows XP.Thanks-MarcLogfile of HijackThis v1.99.1Scan saved at 4:28:46 PM, on 2/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe... Read more

A:Hijack This Log....help Me Guys, Yer My Only Hope.

Tried again, to no avail...

Read other 2 answers
RELEVANCY SCORE 50.4

Machine continues to send out and receive packets even though there isn't anything running. Netstat -an shows several dest IP with HTTP and SMTP. Hijack this output follows:

Logfile of HijackThis v1.97.3
Scan saved at 10:09:44 PM, on 11/3/2003
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\hidserv.exe
e:\Program Files\Intel\Shiva VPN Client\icsrv.exe
e:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
e:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINNT\Explorer.exe
e:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINNT\System32\tp4mon.exe
C:\WINNT\System32\ltmsg.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\WINNT\System32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\System32\RunDll32.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\Program files\ThinkPad\Utilities\tponscr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Washer\washer.exe
E:\Program Files\Adobe\Acrobat 5.0\Dis... Read more

A:Hijack? - Hope no rebuild

Read other 6 answers
RELEVANCY SCORE 50.4

When using Vista, I place my mouse on a item and the items above it starts scrolling and will it will not stay on the item that I have my mouse on. It looks like I am moving the mouse up and down. [

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:22 PM, on 12/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\explorer.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend... Read more

A:Hijack this log (Hope in right place)

...
 

Read other 1 answers
RELEVANCY SCORE 50.4

Logfile of HijackThis v1.99.1Scan saved at 9:05:02 PM, on 4/23/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Messenger&... Read more

A:HiJack This-I hope this is in the right place.

Hi Miriam. I do not currently see any problems in this log. It is clean.

Cheers.

OT

Read other 1 answers
RELEVANCY SCORE 49.6

Thank god i found you guys again, ages ago you guys helped me make my computer new again and I'm hoping you can help once more, My girlfriend's computer is nearly beyond repair I'm told And any help would be appreciated I'm going to enclose a HiJack Log and Then I'm at your disposal, Please Help!

this is my log after running spybot S&D:

Logfile of HijackThis v1.99.1
Scan saved at 12:59:54 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sammi\Desktop\GWEET\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
F3 - REG:win.ini: load=C:\WINDOWS\system32\uuelggu\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\uuelggu\csrss.e... Read more

A:Tech Guy To The Rescue I Hope (HiJack Log)

Read other 10 answers
RELEVANCY SCORE 49.6

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\IMAGEMATE COMPACTFLASH USB\SANDICON.EXE
C:\PROGRAM FILES\DATA CACHING\FLASHKSK.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE ANTISPYWARE\MSSCLI.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSW... Read more

Read other answers
RELEVANCY SCORE 49.6

I had some problems with some missing files, so I booted my windows xp cd, but couldn't repair anything as it kept going to a dos screen, so i went ahead and did a 'windows upgrade'.... when i rebooted my computer i had over 500 virus infected files and over 450 spyware components! I have NO idea how this happened!

I downloaded a trial of pc cillen. wiped a few. downloaded a trial of panda antivirus. it got rid of alot of files except two that i couldn't find manually to delete. every time i log in i get about four or five prompts for an ist toolbar and some other adware. that wouldn't be a problem but it seems that after being on the net a while i lose my connection. i have to keep refreshing my pages over and over again. until i can't get anything anymore and have to reboot. then it starts over. i've used adaware and spybot on every reboot and it seems to get rid of a bunch of files but they keep returning.

i went into safe mode and deleted a few files that way. i downloaded several windows security upadates.

i also get a prompt when i start my computer saying that it cannot find the file crss.exe. this is my hijack this log. i hope my version is up to date.

WHAT A MESS! why did this happen???

Logfile of HijackThis v1.98.2
Scan saved at 10:16:41 PM, on 12/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WIND... Read more

A:You guys are my last hope (hijack included)

Read other 6 answers
RELEVANCY SCORE 49.6

Ok, I recently got the win32.spybot virus and some kind of trojan virus. I broke down and formatted my computer and reinstalled windows xp. After all that I put my backups back on the pc and to my dismay, I put another virus on the pc! After beating my head against the wall for my stupidity, I did some research and found this lovely site and followed some of the great advise here.
I loaded a better antivirus software, adware, and spybot. I also loaded HiJack and wanted to post my log because I am still having some wierd issues:

I think the virus or trojan is gone but after running Norton systemworks, all the programs, internet explorer, and everything else stops working after repairing window issues. It seems that I lost my file associations. I found file association fixes but I am still having some trouble opening files and pc freeze issues.
Please, I beg you, someone help me. My eyes hurt from crying in fustration...

Logfile of HijackThis v1.97.7
Scan saved at 5:46:37 PM, on 4/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program... Read more

A:Help me HiJack team, you are my only hope...help with log please...begging please!

Read other 7 answers
RELEVANCY SCORE 49.6

i recently had trojan web.exe deleted i need someone to look at my hijac this log file to see if there is anthing bad in it thanks so much!
here is log file
Logfile of HijackThis v1.99.1
Scan saved at 3:18:11 PM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Secu... Read more

A:had web.exe trojan hope its gone please look at hijack this log file

Read other 7 answers
RELEVANCY SCORE 49.6

Hi, thanks for reading this.My computer got infected overnight, and when I came this morning to use it, my younger brother was trying to play a game. He told me that he was getting pop ups and that a 'program' was telling him to run a scan for protection. He said he got tired of receiving the message and closing it to have it back again a few moments later that he ran the 'scan'. When he told me what happened.. I expected the worst, because I know that I didn't install that particular program. So I saw the desktop and it had a few windows open, I tried running Malwarebytes and I couldn't, everything was getting frozen and it wouldn't open, so I thought I would restart the computer in safe mode but it didn't work.The computer now will not let me go in at all. Neither in safe mode, or last configuration work.I tried to follow the steps of this site, http://thinkinginpixels.com/quick-fixes/fi...onlog-off-loop/ because I had a similar problem a while back and this got it fixed, but this time it didn't work as expected. The scanner (Spybot S&D) that is included in the disk I make with the steps of the site, only got rid of a couple of things, and I still cant log in. Safe mode is not working, but at least I was able to do get a Hijackthis log with the automated help of the disk from that site.If only I could use the Hijackthis from the disk it would be better, but because it's automated, it won't let me use the program completely, I can only scan and save the log. I have a Hij... Read more

A:(My last hope)..what the bleep did it get in my comp? Hijack this log!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 7 answers
RELEVANCY SCORE 48.8

I have familiarized myself with this enough to fix any problem that is fixable..Hopefully someone can help me out..I use my computer daily for different tasks and have been unable to do so because of all the popups/ads...mostly for the spymaxx..My pc is really eaten up with this stuff..I don't even surf porn yet "asian nudes" etc..came up in the scans...look foward to hearing something..Kind Regards,DrewHijack this LogLogfile of HijackThis v1.99.1Scan saved at 5:32:46 PM, on 5/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\LimeWire\LimeWire.exeC:\PROGRA~1\NORTON~1\NORTON~2... Read more

A:All Logs Required For Analysis..windows Xp..novice User..

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 48.8

Hi,
in this video Laura E. Hunter from Microsoft describes behavior analytics: https://youtu.be/hNZdboDvnuU?t=1251
She says that ATA will analyze the behavior in a domain for 21 days and declare this as normal behavior. After the 21 days ATA will report unusual user behavior based on the 21 days analysis.
I have two questions about this:
1. Can we see the progress of the analysis somewhere? I searched through the ATA-center but there is nothing. Is it possible to see it in some kind of logfile or the Mongo-DB?
2. We have started ATA with one DC. What happens if we add our other DCs later? Will the analysis recognize behavior from those, also when the 21 days are already over?
I did not find anything about this 21 days analys period in the documentation. I'm more than happy with a hint if I have overseen something there.
Thanks in advance

Read other answers
RELEVANCY SCORE 48.8

Below please find a HijackThis scan from moments ago- performed the scan because I've develoepd a tendency for the last few hours of getting hung-up in the middle of downloads and having to resort to Ctrl-Alt-Del/Task manager to resume internet work- did a scandisk/defrag/restart in the hope of stabilizing things- but i dont want to ignore a problem, either-

Would greatly appreciate it if someone would be good enough to eye the following scan-

Thanks in advance!
Webz
________________HIJACK SCAN TO FOLLOW________________
Logfile of HijackThis v1.97.2
Scan saved at 2:47:43 PM, on 10/19/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\hijk\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} ... Read more

A:[SOLVED] hijack scan- hope not to find a virus....

Read other 6 answers
RELEVANCY SCORE 48.4

Hi there. I have a Hijack This log from my PC. Would someone be so kind as to help me determine what needs to go?

Many thanks.

Jason

Logfile of HijackThis v1.97.7
Scan saved at 3:38:52 AM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
D:\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
D:\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Winamp3\Winamp\winampa.exe
D:\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\wogkcbq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\nvsvc32.exe
D:\Norton SystemWorks\Norton Antivirus\SAVScan.exe
D:\Acrobat\Distillr\AcroTray.exe
D:\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
D:\Belkin\Nostromo\nost_LM.exe
C:\WINDOWS\System3... Read more

A:Hijack This Analysis Please?

Read other 12 answers
RELEVANCY SCORE 48.4

HiMy friend had had me take my computer through a list of scans/analysis to get rid the spamming that seems to be going on to all those in my contact list. I have run malwarebytes.org and have performed a scan with Hijack this- and as a result generated a 'Log'... From what I understand I need to have this log analyzed and it seems to direct me tho this site? Please correct me if I am wrong.I am not how to analyze the good from the bad and I was wondering is someone could help me out? Or at least tell me if I am on the wrong track.This is a copy of my logThanks in advanceJoshLogfile of Trend Micro HijackThis v2.0.4Scan saved at 7:57:47 AM, on 22/03/2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.19019)Boot mode: Safe modeRunning processes:C:\Windows\Explorer.EXEC:\Windows\helppane.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&b... Read more

A:Analysis of Log from Hijack this

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Just ran HiJackThis and wanted to make sure my computer is ok.
Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:33 AM, on 12/17/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxp... Read more

Read other answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 7:03:07 PM, on 12/23/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeG:\Tools\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Common Files\Stardock\SDMCP.exeC:\Documents and Settings\Robert Guilkey\My Documents\Windows Blinds\WindowBlinds\wbload.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\UAService7.exeC:\Program Files\HHVcdV7Sys\VC7SecS.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\system32\RunDLL32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS ... Read more

A:Hijack This Analysis Log

I'd remove Spyware Cleaner read about it herehttp://www.spywarewarrior.com/rogue_anti-spyware.htm===========Get all of these and/or verify you have the current versionsSpywareBlaster 3.4 http://majorgeeks.com/download2859.htmlSpyBot V1.4 http://www.majorgeeks.com/download2471.html AdAware SE 1.06 http://www.majorgeeks.com/download506.html MS AntiSpy - http://www.microsoft.com/downloads/details...&displaylang=en (XP and W2K only)DownLoad them (they are free), install them, check each for their definition updates and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything they say.In SpywareBlaster - Always enable all protection after updatesIn SpyBot - After an update run immunize ============Log looks fine - Problems???

Read other 2 answers
RELEVANCY SCORE 48.4

Dear gents,
Trying to fix the PC of a friend of mine. I have made the following HijackThis log. Could someone please say which items to delete? Thanks

Logfile of HijackThis v1.97.7
Scan saved at 12:51:39, on 30-9-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\aeupivmy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\FD\Bureaublad\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=2193
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=2193
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchcentral.cc/index.php?v=4&aff=2193
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://searchcentral.cc/index.php?v=4&aff=2884
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O1 - Hosts file is located at: C:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.... Read more

A:HiJack This Log analysis

Read other 6 answers
RELEVANCY SCORE 48.4

I have been reading this forum trying to figure out how to get rid of Coolwwwsearch. I decided to download "HijackThis". Went to Major Geeks for download, found "CWShredder", got it too. Ran Spybot, Ad-Adware, and CWShredder. Then ran Hijack This. Could you tell me what else I can do to clean this systems up. I use to use Incredimail, would like to get the rest of program off this drive
Logfile of HijackThis v1.98.2
Scan saved at 5:44:38 PM, on 9/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PR... Read more

A:HiJack Analysis Please

Read other 16 answers
RELEVANCY SCORE 48.4

Thank you so much for this forum. I am having a problem with my google searches. Everytime I click on a link I am redirected to a website other than where I am supposed to go. I know nothing about computer programming, but I am a good "searcher" I typed in the sites I was redirected to in google followed by virus and happened upon this forum. I've read about the hijackthis program and downloaded it and followed the instructions and have generated a log. And learned a lot along the way I might add. Here is the log, I have stopped at this point. Thank you in advance for your help.Logfile of HijackThis v1.99.1Scan saved at 1:28:12 PM, on 10/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\APC\APC PowerChute Personal Edi... Read more

A:Hijack Log Analysis

I should also add that when I start my computer it takes about 10 minutes for my personal settings to load. It used to take about a minute or less. This problem has been going on for approximately a week fwiw.

Read other 17 answers
RELEVANCY SCORE 48.4

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 10:14:13 AM, on 11/8/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\desk95.exe
D:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Spam Inspector\siService.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\System Files\System.exe
C:\Program Files\Spam Inspector\siSpamFilterEngine.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www5.giantexplorer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3... Read more

A:Hijack This Analysis

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Download and install CleanUp! but do not run it yet.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download, install, and update Ewido Security SuiteInstall ewido security suite
Launch ewido, there should be a big E icon on your desktop... Read more

Read other 1 answers
RELEVANCY SCORE 48.4

Hi guyz, would really appreciate if you could do a HJ analysis of this.

Computer dead slow but has enough RAM (256)

Have used spybot and adware plus updated antivirus scan. PC still dead slow though.


Logfile of HijackThis v1.98.2
Scan saved at 22:53:50, on 05/10/04
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
D:\HIJACKTHIS-OCT04.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
F1 - win.ini: run=C:\WINDOWS\dllreg.exe hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D... Read more

A:hijack this analysis

Read other 6 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 11:08:58 AM, on 12/15/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\recycler\bin32\services.exeC:\recycler\bin32\services.exeC:\recycler\bin32\lsass.exeC:\recycler\bin32\svchost.exeC:\WINDOWS\system32\atiptaxx.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\jre1.5.0_05\bin\jusched.e... Read more

A:Help Hijack This Analysis

Hi joayoel and Welcome to the Bleeping Computer!Download this program:Submit Files Packerhttp://www.safer-networking.org/files/sfp.zipHighlight the entries listed below in bold and right-click,then select Copy.C:\recycler\bin32\services.exeC:\recycler\bin32\lsass.exeC:\recycler\bin32\svchost.exeThen start the file packer program and right click in the white box and select paste to paste the copied file names in the field.Then press the Continue button.I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.Rename this file to yourmembername.cab (for example Monster.cab).Then go to:http://www.bleepingcomputer.com/submit-malware.phpand fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.Download WinPFind: http://www.bleepingcomputer.com/files/winpfind.phpRight Click the Zip Folder and Select "Extract All"Don't use it yetPlease download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck..Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
Y... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

I have another discussion going under "AntiVirus and Privacy" and they suggested I do one of these as well. I cannot open any of my programs. I keep getting error messages saying application not found. I cannot open control panel as is says C:\WINDOWS\system32\rundll32.exe not found". When I go to downloads.com to get this exe file, I download it but cannot install, as I get an error message saying "Application not Found" PLease ANalize! THanksLogfile of HijackThis v1.99.1Scan saved at 8:31:20 PM, on 12/24/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exec:\pr... Read more

A:Hijack Log For Your Analysis

http://www.kellys-korner-xp.com/regs_edits/exefix.reg - save target as exe.reg and double clickif that works=======================add remove programs - remove messenger plus 3 - it has given you a LOP infectionAdd remove programs - remove Bear Share - It has given you a ton of infection=================DL http://www.cexx.org/lspfix.htmLaunch the LSP application, and click the "I know what I'm doing" checkbox.Check all instances of mkls.dll (and nothing else), and move them to the "Remove" pane.Then click Finish.Restart in safe modeNow delete the c:\windows\system32\mkls.dll fileReboot.===============Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)? Install ewido.? During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".? Launch ewido? It will prompt you to update click the OK button and it will go to the main screen? On the left side of the main screen click update? Click on Start and let it update.? DO NOT run a scan yet. You will do that later in safe mode.Restart your computer into safe mode now. Perform the following steps in safe mode:(Start tapping F8 at the first black screen after power up)Run Ewido:? Click on scanner? Click Complete System Scan and the scan will begin.? During the scan it will prompt you to clean files, click OK? When the scan is finished, look at the bottom of the scre... Read more

Read other 1 answers
RELEVANCY SCORE 48.4

Here is the hijack this log for my computer. Can someone help identify which items are spyware/malware etc? Thanks!Logfile of HijackThis v1.99.1Scan saved at 9:37:11 PM, on 04/03/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\WINDOWS\System32\DSentry.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\program files\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee.com\Agent\mcregwiz.exeC:\Program Files\America Online 9.0\aoltray.ex... Read more

A:Hijack this log for analysis - help please!

Wrong board try posting on HijackThis Logs and Analysis board

Read other 1 answers
RELEVANCY SCORE 48.4

I have recently run Spycatcher, which removed Winfixer and 2 other programs running on my computer. However, I am still getting similar popups regarding the Bloodhound virus. And as I type this, I just recieved another message that states:"NOTICE: If your computer has errors in the...blah blah blahWould you like to install SysProtect...."I usually Alt+F4 to close it out, and a popup comes up with the following address...http://scanner.sysprotect.com/pages/scanne...er&ex=1&p=&ax=2Closing that bring up more WinAntiVirusPro crap. So in any event, this is my Hijack LogLogfile of HijackThis v1.99.1Scan saved at 11:42:34 PM, on 4/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exec:\toshiba\i... Read more

A:Hijack Analysis

Delete that VundoFix you have now, it might be an older version of the tool. Download it again:Please download VundoFix.exe to your Desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.It will make a log in C:\vundofix.txt, I need you to post that later.====In your next reply, please post a new HijackThis log and the contents of C:\vundofix.txt

Read other 10 answers
RELEVANCY SCORE 48.4

I tried to do everything on the "read this first" page. It worked well until I tried to run GMER. It starts to scan but freezes at \Device\Ide\IdeDeviceP1T1L0-20. Tried 4 times, same result every time. It was unavailable when I checked to see if it could be run in SAFE MODE.

HiJack log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:31:56 PM, on 1/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\TEMP\Desktop\HijackThis.exe
C:\WINDOWS\system32\w... Read more

A:Hijack This Log Analysis

Read other 16 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 12:26:38, on 04/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5450.0004)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeE:\Programs\AVGANT~1\avgamsvr.exeE:\Programs\AVGANT~1\avgupsvc.exeE:\Programs\AVGANT~1\avgemc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\Explorer.EXEE:\Programs\AVGANT~1\avgcc.exeC:\WINDOWS\System32\svchost.exeE:\Programs\Opera\Opera.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\Documents and Settings\Adam\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Pag... Read more

A:Hijack Log Analysis

Hello,

What problem is that you are having? Because I can't see anything suspicious here.

Read other 2 answers
RELEVANCY SCORE 48.4

I need help folks. My system shuts down abruptly. Kasprsky active hai. I ran hijackthis and i found the following log. Please tell me whether i have to do complete PC reformatting.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:13 AM, on 11/4/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54... Read more

Read other answers
RELEVANCY SCORE 48.4

Please see attached. TrendMicro keeps finding virusus/trojans and IE keeps opening random pages. Here's my log. Any help would be much appreciated. Logfile of HijackThis v1.99.1Scan saved at 11:37:57 PM, on 7/30/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exeC:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exeC:\WINDOWS\system32\... Read more

A:Need Hijack Log Analysis

Hello and welcome aboard Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YES.Once you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply along with the others requested.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.=====Please download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply along with the VundoFix log aswell as a fresh HijackThis log (may need to post several replies to get them all fit). Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 2 answers
RELEVANCY SCORE 48.4

Dear gents,

I have been working on a laptop, removing spyware and such. After having been over everything with Adaware, this is what the HijackThis log says:

Logfile of HijackThis v1.99.0
Scan saved at 18:51:42, on 17-1-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Trust\Ami Mouse 250S Cordless\Amoumain.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\MSN Apps\Updater... Read more

A:Hijack log analysis

Add/remove programs and remove Web Hancer

Run this http://www.newdotnet.com/removal.html

Fix these with HJT with IE closed (Print this out)
Some entries may not be there after the fix

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50193

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Delete these folders
C:\Program Files\webHancer
C:\Program Files\NewDotNet

Boot and post a new log Do not post it in Dutch ;-)
 

Read other 2 answers
RELEVANCY SCORE 48.4

The problem I'm having is an error popping up, saying that my system will be shut down by NT AUTHORITY\SYSTEM in 60 seconds (and counting down). There is an additional message: "System proces C:\WINNT\system32\lsass.exe has quit unexpectedly with status code -1073741819". I've been looking for info about lsass.exe, and found out about the confusion between l as capital i or as small L, but I only found the good file in my system32 folder (also when showing hidden files).
After running virus scans and antispyware scans, I ran a Hijack This scan, with the following results. Could anyone help me finding the bad ones? Thank you very much!

Logfile of HijackThis v1.99.1
Scan saved at 16:58:26, on 31/10/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\software\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\software\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\software\SYMANT~1\vptray.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\taskmnegr.exe
C:\WINNT\System32\MSED32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\software\SpyCatcher\SpyCatcher.exe
C:\software\SpyCatcher\Sc... Read more

A:My Hijack This log --> analysis?

Read other 16 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 5:13:37 AM, on 5/9/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\pctech\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\... Read more

A:Hijack Log For Analysis (please)

*Topic closed,duplicate*

Read other 1 answers
RELEVANCY SCORE 48.4

Obviously it is Vista PC which is not always adding up to performance... however I don't trust this one at the moment.

Many Thanks In Advance
NAte

A:Q: HIJACK THIS ANALYSIS

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

I have run ad aware and spybot and AVG free and window washer and I can't get this stupid SPYLOCKED off my computer. Here is my hijackthis log. Any help would be greatly appreciated!!! Thanks so much in advance.Logfile of HijackThis v1.99.1Scan saved at 10:36:06 PM, on 4/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Atievxx.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\system32\rmctrl.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Webroot\Washer\wwDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\NETGEAR\WG51... Read more

A:Hijack This Log Analysis

Hello and welcome to BC. Sorry for the delay in response. If you've not received help elsewhere and still need help, please post a fresh HijackThis log and I'll be happy to assist you.

Read other 2 answers
RELEVANCY SCORE 48.4

Hi

I am suspecting that I have a virus in my system

I am posting the log file

Thanks for the trouble

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:01:14 PM, on 01/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\ATI Technologies\ATI... Read more

A:Hijack this log Analysis-Help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 25 answers
RELEVANCY SCORE 48.4

just saw this unique tool and wanted to try it out.posting my hijackthis log and waiting for suggestions to make my PC betterWhat are to be done and if there is any malwares please help me recognise them
Attaching my hijack this log:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:20 AM, on 5/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Advanced System Optimizer\wallpaper.exe
E:\Program Files\Orbitdownloader\orbitdm.exe
E:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http... Read more

Read other answers
RELEVANCY SCORE 48.4

I am helping someone clean up their IBM thinkpad laptop. This computer was infected with several viruses, and many adware/spyware programs. I have ran almost everthing I could find on this computer nodaware, spybot, ad-aware, trojan hunter, and norton. All of these now come back finding nothing but there are still a couple of processes that I cannot find any info on and somthing just does not add up to me. The computer is running good right now but wanted to get a second opinion on this hijackthis log. the last run produced this log:Logfile of HijackThis v1.99.1Scan saved at 9:43:23 PM, on 8/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\NavNT\defwatch.exeC:\WINDOWS\system32\kbdbe.exeC:\WINDOWS\System32\NALNTSRV.EXEC:\Program Files\NavNT\rtvsc... Read more

A:Help with Hijack log analysis

Hello johnny O and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Now we need to remove a service.Open Notepad and Copy/Paste the contents of the quote box below into the new document:  Const title = "Service Removal Tool"Set oWS = CreateObject("Wscript.Shell")sService = inputbox("Removing Service:",title,"kbdbe")If sService = "" thenmsgbox "Script halted. No changes were made.", vbInformation, titlewscript.quitEnd IfstrComputer = "."Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set colListOfServices = objWMIService.ExecQuery _("Select * from Win32_Service Where Name = '" & sService & "' or displayName = '" & sService & "'")If colListOfServices.count > 0 ThenFor Each objService In colListOfServicesobjService.StopService()wscript.Sleep 5000objService.ChangeStartMode("Disabled")wscript.Sleep 2000objService.Delete()Msgbox "The " & sService & " service has been removed or marked for deletion.", vbInformation, titleNextElseMsgbox "The " & sService & " service was not found.", vbInform... Read more

Read other 5 answers
RELEVANCY SCORE 48.4

will not allow me to boot to my desktop. When I cntrl-alt-del, the task manager shows no active tasks. I can not do anything else. I ran the hijackthis program from my daughters profile. The virus is running on mine. Thanks for any help.

A:Hijack This Analysis, Please

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 2 answers
RELEVANCY SCORE 48.4

Logfile of HijackThis v1.99.1Scan saved at 5:13:37 AM, on 5/9/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\pctech\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\... Read more

A:Hijack Log For Analysis (please)

Hi,Based on CW Shredder from TREND; found MSCONFIG.EXEThis is a false positive. You have been using msconfig previously, as I see in your log and Cwshredder sees this as a so called infection.And most probably Teatimer is interfering here as well.Restart your computer and when the message appears after reboot that something had been modified in your system configuration, check the box there where it says not to display this message anymore (or something similar).Or, alternatively, check and fix next entry in Hijackthis:O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoIt could be possible that Teatimer will give an alert, please ALLOW the changes, because otherwise Teatimer will restore this msconfig entry again in your startup (and I guess this is what's happening all the time)

Read other 2 answers