Over 1 million tech questions and answers.

Using Analyzer to determine if traffic is encrypted

Q: Using Analyzer to determine if traffic is encrypted

Hi everyone!!!

I've been tasked with running message analyzer to determine if data is encrypted from an endpoint. We are using MBAM and want to ensure that any data sent to MBAM application server is encrypted. Now, we know it is via https, but, we still need to verify this
(for audit purposes).

Can anyone provide some insight as to how I could use microsoft message anaylzer (or perhaps something better) ?

We are planning to run a capture for 24 hours. We also want to ensure data is encrypted from app server to sql server.



Thanks all!

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Using Analyzer to determine if traffic is encrypted

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 66.8

I'm looking for a good network analyzer software that allows me to monitor the network. maybe have some features on discovering devices, ports, bandwidth in a certain amount of time, etc. Thanks.
 

A:network traffic analyzer

That would depend on the network topology. Any global network monitoring will have to be done with access to a common point where all the traffic converges. Addressed traffic between workstations will go directly between them via any switches and gateways in the path, so you can't do this with just a workstation.
 

Read other 1 answers
RELEVANCY SCORE 66

Hi guys,

I hope you guys could provide me with a few sites on

Traffic Generator Functions or Performance Analyzer

these are for networking, layer 1 and layer 2 switches
I cant seem to find any, so i hope you guys could help me out
thanks
 

Read other answers
RELEVANCY SCORE 65.2

Lately I've been having some unusual network traffic. I've checked with Network Monitor 3.4 and the process name is either svchost or system or unknown.
How can I find out what generates the traffic ? There were mainly TCP packets, but others too.

I don't expect to solve the problem for me, just want some guides that you might know of, or tools to analyze network traffic, or some info on how to interpret Network Monitor frame details.

edit: antivirus/firewall/.. is hopeless

A:How to determine what generates network traffic?

You could try a packet sniffer/analyzer such as WinPcap... but they arent easy to figure out initially!

Read other 3 answers
RELEVANCY SCORE 65.2

My network seems to be slowing way down. I have basic networking knowledge and moderate Server knowledge. I, however, do not have very good analyzer skills.

Just like how we have an awsome sticky on RAID, I was wondering if we could have one on analyzing tools.

Personally I am looking for something either built into Server 2003, downloadable form Microsoft, or even free or expensive software that lets me monitor my network for traffic problems.

I am getting lots of users who are connected to a database on our server, and about every 5 minutes it looses the connection. I am trying to track the problem and don't know where to start.
 

Read other answers
RELEVANCY SCORE 65.2

Hello,
I've used Message Analyzer in the past to decrypt HTTPS traffic after importing the certificate used by the web server and it was a tremendous improvement over Netmon & NMDecrypt.    I'm looking at a trace I took of LDAPS traffic (TCP.port==636)
and the traffic after the SSL handshake Message Analyzer is not decrypting the traffic.   

Is the decryption sub-routines in Message Analyzer only supposed to work with HTTPS traffic, or should we be expecting to see success on LDAPS traffic as well?
Thank you,
John

Read other answers
RELEVANCY SCORE 65.2

I want to capture both local and network traffic for connections and disconnections unrelated to http
Capture filter "(tcp.RST || tcp.SYN) && tcp.Port != 80 && tcp.Port != 443"

I found that I can do one or the other, but when I add both below, I capture neither ???
>> What is the trick to capturing both ?
Thanks

Read other answers
RELEVANCY SCORE 64.4

How does ATA deal with packet inspection of encrypted traffic?

Thanks

Read other answers
RELEVANCY SCORE 64.4

Message Analyzer has not had any significant updates (apart from minor parser updates) for some time. The mechanism that out-of-the-box Message Analyzer uses to decrypt
TLS is based on access to the server certificate private key (and therefore does not work with ephemeral session keys). Since Message Analyzer is very flexible and configurable, I wanted to check whether it could be adapted to use SSLKEYLOGFILE information
and indeed the answer is yes.
 
The OPN programming language is Turing complete, but it would not be an ideal choice for implementing all of the necessary cryptographic routines that are needed for
this task ? it would be better to use existing cryptographic libraries. Fortunately OPN does include a mechanism for calling external routines ? the ?Handcoded? declaration:
 
binary DecryptData(string suite, byte ct, array<byte> ver, binary data, array<byte> key, array<byte> salt, ref array<byte>
iv, long ctr, out bool ok) with DeclarationInfo { Handcoded = true };
 
One simple way of using this is to place the ?Handcoded? definitions in a small OPN ?module?. The OPN has to be included as a resource in the DLL built from the ?Handcoded?
implementation. The resource is located by means of a .NET assembly level attribute:
 
[assembly: ExtensionOpnModel("TLSex.opn", false)]
 
The exposed hand-coded routine also needs to be decorated with attributes (for the containing ... Read more

Read other answers
RELEVANCY SCORE 64.4

Hi,
Is is possible to monitor the DHCP server logs and traffic on a Windows 2012 R2 DHCP load balanced server using Message Analyzer?
Mike

Read other answers
RELEVANCY SCORE 64

Upgraded to Windows 10 today, and Message Analyzer no longer seems to be capturing traffic (build 4.0.7540.0).

Get-NetEventSession shows that there's a session running, but nothing shows up in the Message Analyzer window.
 

Read other answers
RELEVANCY SCORE 64

While I open my the ETL file captured in Windows 10, the PID/VID seems to be incorrect (compared to what I read in Network Monitor 3.4 and I plugged the devices myself, I know what's the right VID/PID).
I did discover there are some error messages in the log, and I only put two examples below,
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(173,45-173,62):  undeclared 'EventTemplate_130'
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(197,50-197,67):  undeclared 'EventTemplate_130'

Could you help me to understand what I should do to overcome it?

Read other answers
RELEVANCY SCORE 63.2

Hi!
Is there a way to look inside GRE tunnel traffic captured with Wireshark in Message Analyzer? I'm troubleshooting a scenario where I need to correlate event log entries from a server with network trace captured on by another person using ERSPAN protocol.
Thanks,
Ivan

Ivan Seriavin

Read other answers
RELEVANCY SCORE 62.4

Sorry for the inconvenience, about 3 days to the date this message is appearing to me, usually when visiting microsoft sites.



This happens to me both with version 10 of ESS and Kaspersky. But it does not happen with other antivirus and version 8 of ESET Smart.

It happens in Chrome and occasionally with Internet explorer 9.

Please, I am very worried about this behavior, which had never been presented to me before.

Read other answers
RELEVANCY SCORE 60.4

Dear all,
it should be possible to
"Capture firewall discard Events - This feature allows you to discover how the firewall is affecting network traffic.  New messages tell you when traffic is blocked and associated IDs point to the specific firewall rule responsible
for dropping the message."
Source
Does anybody of you know a little bit more about how Message Analyzer has to be configured to show which rule blocks (in my case Outbound) traffic?
This would be a great improvement to the pfirewall.log, where this important information is missing...
Best regards

Peter

Read other answers
RELEVANCY SCORE 43.6

I keep getting this alert despite the amount of resources that I add to my Gateway.  
Our DC and Gateway are running virtually in VMware.  Distributed Virtual Switches are not an option so I have to resort to configuring Promiscuous Port Group.  
I configured a Promiscuous Port Group on the same Virtual Switch that the DC (and the rest of our servers) is connected , and assigned it the same VLAN ID as the DC. 
ATA is capturing and reporting traffic but I continually receive an alert for some network traffic is not being analyzed.  I have thrown double the resources at our Gateway's
than what the sizing tool identified, and still receive this alert.  At this point I have 24GB of RAM and 10 Cores allocated to my Gateway which is only capturing reporting on 1 DC.  At this point I am about ready to scrap ATA because of how resource
intense it is.  
Any ideas or suggestions?  Does it sound like I have the Promiscuous Port Group configured correctly, or is it possible that I am capturing ALL traffic for the VLAN assigned?  

Read other answers
RELEVANCY SCORE 42.8

Is there a good network traffic/broadband monitor that actually keeps track of ALL (really ALL) traffic in a network?
I have used quite a few (eg, Ethereal, ntop, network probe) but all of them kinda keep track of only traffic that is coming in and out of the PC they are run from.

I need one that really tracks every single transaction that goes on in the network, including PCs talking to PCs, PCs talking to servers, servers talking to PCs, PCs talking to printers, etc.

Would help a great deal if they are FREE too!

Anyone know of any good ones?
 

A:Network traffic/bandwidth monitor that tracks GLOBAL network traffic

Hi.

You may find something here...

http://www.freewarehome.com/Internet/Networking/Network_Monitoring_t.html
 

Read other 2 answers
RELEVANCY SCORE 40.8

Hello everyone here
Seem like I am and idiot to it's seem funny it's like lock the door and then throw the key to that room.
I was wondering whether how can I open certificate.ptx file if it's already encrypted. I suddenly found a video on youtube
about encryption thing that can be done by CMD i have no idea what is about just try and follow it i'm not really know
that all the files that save on my desktop are being encrypted automatically. I saw windows asked to save the certificate then I save it on my desktop later on my PC error so I move all my files on desktop to external drive and do Windows reset tool completely
reset. And I've just noticed I can open all my files which I back up :/
Please if somebody have solution please let's me know. Now i'm stuck with all my files like 120Gb :/
Regard,
Sela 

Read other answers
RELEVANCY SCORE 39.2

I know I have been hit by CryptoWall. I do however seem to see something that I have heard shouldn't be the case. I am hoping that this is a good sign. I have files that are duplicated but it seems that the original file is still there. ex.
 
Kidz Club.jpg   
 
AND
 
Kidz Club.jpg.5aa
 
Problem remains the same both files are encrypted. Didn't know If this has been reflected in other forums and is something that is recoverable.
 
A response would be appreciated
 
Thanks for all you guys do.

A:Files encrypted but both regular and encrypted files remain.

A repository of all current knowledge regarding CryptoWall is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQReading that Guide will help you understand what CryptoDefense does and provide information for how to deal with it and possibly decrypt/recover your files. At this time there is no fix tool for CryptoWall.There is also a lengthy ongoing discussion in this topic: CryptoWall - new variant of CryptoDefense. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion....from the above topic.CryptoWall victims,If you are thinking about paying the ransom, have decided to pay, or want to help test a few things for me, Please email me at [email protected] or PM me first.There may be other options for you, or can receive assistance with the infection.Nathan (DecrypterFixer), Security Colleague Post #273ThanksThe BC StaffNote: Although this infection has numerous similarities to CryptoLocker and CryptorBit, there is no evidence that they are related other than that they do the same thing.

Read other 1 answers
RELEVANCY SCORE 35.2

Thanks in advance.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 9:15:19 AM, on 12/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\System32\CTsvcCDA.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINDOWS\System32\nvsvc32.exe
F... Read more

A:Here is my HJT Analyzer log-

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

You have the Peper infection. Download PeperUninstall. Ma... Read more

Read other 4 answers
RELEVANCY SCORE 35.2

Guys -

I closed down everything that I could, ran Ad Aware, Spybot, CW Shreader and PepperFix and then ran HJT and HJT Analyzer to produce the following log. Can you help me to figure out what stays and what goes ?

Thanks,

MotownMark

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 7:42:53 PM, on 12/19/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Dell TrueMobile 1150\Client Manager\CmDEL.exe
C:\Documents and Settings\Andrew Joseph\Start Menu\Programs\Startup\ziphelp[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.find-online.net/... Read more

A:Can you look at my HJT analyzer log ?

Did you close done any processes on this log? I need a log with all processes running to ID the bad ones. I'll run the fix on what you posted...but when you repost the next log..shut NOTHING down!

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..

Make sure you run CWShedder as you have a coolweb varient in the system!

If you have a highspeed connection please Run an online virus scan from TrendMicro Please select the ?autoclean? option when prompted to do so.


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed.

WildTangent
WeatherBug
System Soap Pro
Miniclip

Kazza?? I did not list it or it's files for removal but do recommend you remove it as it's a HUGH security risk for adware/spyware/

Go into HijackThis->Config->Mis... Read more

Read other 6 answers
RELEVANCY SCORE 35.2

Guys -

Trying to get this PC clean - can you help ? The HJT Analyzer file is below.

Thanks,

MotownMark

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 10:35:19 PM, on 12/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\Fmx274e8.exe
C:\WINDOWS\system32\Bxe0n.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no f... Read more

A:Can you look at my HJT Analyzer Log ?

Hi
You have the Peper infection. Download PeperFix and save it to your Desktop. Run it and click Find and Fix (reboot if prompted).

After that....
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES When done Download Cleanup and run it...Please reboot and post a new log when finished...

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [N5pG9... Read more

Read other 5 answers
RELEVANCY SCORE 35.2

Hello...new to the forum. I really appreciate your help. Ever since I installed Win XP SP2 I've had probs with adware. Pop up ads everywhere when browsing web. Luckily hasn't slowed the PC down much but very annoying. I use NAV 2004 antivirus (I know, I know) and keep it updated and periodically run housecall also.

SInce having this prob I've used updated AdAware, CWShredder, and Spybot Search and Destroy several times with many objects removed. Seems to work for short while but then problem returns.

So, finally getting serious...carefully followed instructions of what to do before posting log. Here is my hjt log. It is the "new log" generated by hjt analyzer. I REALLY thank you for your help. I will search the forum for some areas where I might be of help to thers too.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\cc... Read more

A:my hjt analyzer log

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..

Download and install CleanUp http://cleanup.stevengould.org/

Please run this uninstaller....ClearSearch Uninstaller http://www.hijackthislogs.com/dl/ClrSchUninstall.exe


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove the following if listed.

ZESOFT
VBouncer
CSBB (Clear Search)

Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)

C:\WINDOWS\system32\boostcln.exe
C:\Documents and Settings\John Munson\Application Data\osoa.exe
C:\WINDOWS\system32\w?nspool.exe

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HK... Read more

Read other 5 answers
RELEVANCY SCORE 35.2

Every so often I get a message that pops up especially after longer periods of non use that says there was an issue and SMS needed to fix this problem.
Having been a victim of a virus that looked almost exactly like this I close down the message rather than choose either of the prompts.

My question is what is this application? I can not seem to find much information if any on it.
Do I need it?
What does it do?
BTW this forum rocks!!!!
Thanks in advance peoples.

A:SMS Analyzer - What is it?

Produces no useful hits.

Please post the exact text of the message in it's entirety.

Read other 4 answers
RELEVANCY SCORE 35.2

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 1:15:41 PM, on 4/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\runservice.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\kxlhoymy.exe
C:\WINDOWS\System32\mianmi.exe
C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
C:\WINDOWS\System32\wpnecab.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\msw\BMan.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Documents and Settings\Jason Baer\Application Data\eetu.exe
C:\WINDOWS\System32\vermg11n.exe
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\QBDAgent.exe
C:\Program Files\eFax Messenger 3.4\J2GDllCmd.exe
C:\Program Files\eFax Messenger 3.4\J2GTray.exe
C:\PR... Read more

A:HJT Analyzer log- please help

Hi , and welcome to TSF.

I am currently reviewing your log, under the supervision of an expert analyst. I will be back with a fix for your problem a.s.a.p. Please be patient with me during this time.

You may wish to subscribe to this thread (Thread Tools) so that you are notified when a reply has been made.

-POADB

Read other 19 answers
RELEVANCY SCORE 35.2

To those familiar with HJT logs...please check this out and see if it is really of use for those in a hurry to have their logs analyzed.

Their disclaimer:

Disclaimer: This system is to be used as a generalized guide, this will not be right 100% of the time. We are of course trying our best to make it as accurate as possible. Even when an item is "red flagged" you need to double check this before deleting.

http://hjt.iamnotageek.com/
 

A:HJT Log Analyzer V1.0-Is It Useful?

I see Tony Klein is mentioned on the page..and sorry if this has been posted elsewhere! I was having trouble using search!
 

Read other 2 answers
RELEVANCY SCORE 35.2

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 12:34:14 AM, on 1/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\WINDOWS\Explorer.EXE
F:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\WINDOWS\System32\CTHELPER.EXE
F:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
F:\WINDOWS\Sy... Read more

A:How is my HJT analyzer log?

Other than fixing this entry via HJT:

R3 - Default URLSearchHook is missing

Your log is clean. Are there any specific problems?

Read other 1 answers
RELEVANCY SCORE 35.2

Please help if you can....

Logfile of HijackThis v1.99.0
Scan saved at 3:51:59 AM, on 4/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Documents and Settings\WJM3\Desktop\HijackThis.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O21 - SSODL: GRnqVMPLrle - {AC52CC33-06F8-6699-3265-E7D69FBF68EB} - C:\WINDOWS\System32\tdv.dll
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE


End of HijackThis Analyzer Log.
====================================================================================


Thanks,
Trey

A:Help with my HJT Analyzer log !

That's a very small log. Was it run in Safe Mode. If so, we need one run in Normal Mode.

You have an outdated version of HijackThis. Download the newest version at http://www.greyknight17.com/spy/HijackThis.exe and run it.

Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the co... Read more

Read other 13 answers
RELEVANCY SCORE 35.2

This log is for a different computer than the post i made earlier.
Thanks in advance!

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 4:48:03 PM, on 12/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
E:\WINDOWS\System32\CTsvcCDA.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
E:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
E:\Progr... Read more

A:My HJT Analyzer log

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on an... Read more

Read other 3 answers
RELEVANCY SCORE 35.2

There this program continusely installing on my comp called Copy (which I believe is some virus or something). And so since I want to remove this pain I did this and that and the directions told me to post here and so here I am...

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:07:00 PM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\HHVcdV5Sys\VC5Play.exe
C:\Program ... Read more

A:HJT Analyzer Log

I don't see it here. Is that program running when you did the HijackThis scan?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

If you have a fast internet connection (broadband), run an online virus scan at TrendMicro. Just follow the instructions on the site to run the online scan. Otherwise, make sure your antivirus program has the latest definitions and run a full system scan.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.

Read other 1 answers
RELEVANCY SCORE 35.2

I'm having frequent crashes and IE is totally messed up. If someone would look at this HJT log and tell me what I can do to fix it, I will forever be in their debt. Thank you.

Here is my current log:

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 10:07:45 AM, on 2/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\essspk.exe
C:\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.att.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {15AF3771-C312-75C4-8750-10557CD22F18} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61... Read more

A:I have used HJT Analyzer, can someone help, please??

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until ... Read more

Read other 13 answers
RELEVANCY SCORE 35.2

hello and thanks in advance for the help and thanks to greyknight for the analyzer!

system:
P4 2.53
80 gig HD
512 RAM
XP sp2
IE v. 6
(guess all this is in log)

Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:03:03 PM, on 7/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\HP\DigitalHomeNetworking\hpsystray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Xfire\Xfire.exe sorry forgot to shut xfire off
C:\Documents and Settings\Sully\Desktop\hijackthis\HijackTh... Read more

A:my hjt log - w/ KRC Analyzer

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcyd...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Expl... Read more

Read other 4 answers
RELEVANCY SCORE 35.2

Please take a look at my HijackThis Analyzer log and help if you can.

Thanks,
Trey

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 12:18:14 AM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\open32.exe
C:\Documents and Settings\WJM3\Start Menu\Programs\Startup\winupdate47818549[1].exe
C:\Documents and Settings\WJM3\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O4 - HKLM\..\Run: [Systems Restart] Rundll32... Read more

A:New HJT Analyzer log HELP!!

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed.

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Please do not run HJT on the desktop or a temp folder.Its best run in a dedicated folder of its own.

Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Download and run Adaware and Spybot (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.

How to setup and run SpyBot
Download from Spybot
Save spybotsd13.exe into its own directory, NOT in a TEMPorary folder or on the Desktop.
I recommend c:/program files/spybot/
Doubleclick spybotsd13.exe. Make sure to direct ... Read more

Read other 1 answers
RELEVANCY SCORE 35.2

Does anyone know a good one? I am trying to find a good channel for my wireless router. Internet is so slow right now and I know changing channels helps but I want to know which one. Have an Arris Router from Time Warner Cable.
 

A:Wi Fi Analyzer

------------------------------------------------------------------------
Run Xirrus Wi-Fi Inspector
Download and install
If you cannot access the internet with this PC, then you will need to copy the program across to the faulty PC
Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file to the faulty PC and install the program.
You will now need to take a screen shot and copy that back to the working PC and attach the screen shot in a reply on the forum here.

If you do not have another PC - do you have a phone connected to the internet - can you photograph the result and post the image in a reply

http://go.pardot.com/l/66982/2015-01-26/2361i
enter you details
Download this file "DOWNLOAD WI-FI INSPECTOR Vx.xx "
( the site now appears to allow webbased emails like gmail, hotmail, outlook and yahoo now )

There is also a xirrus gadget, But that does not have all the fuctionality "DOWNLOAD GADGET Vx.xx

Alternative links - Use the links below
Do NOT use any of the download managers offered - Cnet , just use the direct link below - and click on the download button
http://www.softpedia.com/get/Network-Tools/Network-Monitoring/Xirrus-Wi-Fi-Inspector.shtml
http://download.cnet.com/Xirrus-Wi-Fi-Inspector/3000-18508_4-75758254.html
Then run and install the program - on a wireless enabled PC/Laptop
if you get an error - You will need to have NET Framework installed for the WiFi Inspec... Read more

Read other 5 answers
RELEVANCY SCORE 35.2

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 7:22:50 PM, on 2/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\hicom.exe
C:\WINDOWS\System32\hiden.exe
C:\Documents and Settings\WJM3\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allwebsearcher.com/1212.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allwebsearcher.com/1212.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.allwebsearcher.com/1212.htm
O4 - HKLM\..\Run: [hiden.exe] hiden.exe
O4 - Startup: w... Read more

A:Help with my HJT Analyzer Log

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Ma... Read more

Read other 3 answers
RELEVANCY SCORE 35.2

Hi folks:

I've got a case of annoying adware pop-ups. Did everything in the "What to do before you post a log..." Just want to make sure my log now looks clean. I really appreciate your help. Thanks!

John

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service:... Read more

A:HJT Analyzer Log: Pop-Ups

Your log is clean. If you disabled System Restore, make sure to enable it now.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial (http://www.greyknight17.com/spyware.htm#prevent) and use the tools provided.

Are there any problems now? If not, you should be set to go.

Read other 1 answers
RELEVANCY SCORE 35.2

Can someone help me figure out how to get rid of some malware permanently? I've run Norton anti-virus and Housecall. Both find no problems. Running Ad-aware and spybot find the salm.exe, qevogjco.exe, and Win Ad Control shown in the log. I clean it, and next scan they have reappeared. Same story when I use regedit to delete and HJT. Ad-watch notifies me of the registry change, but I cannot block the change. Clicking on block just brings the same thing back up and stays in that loop, locking up my computer until I accept the change. Can you help resolve this problem? I would GREATLY appreciate any help--it's driving me crazy! Here's my HJT Analyzer log. Thanks. irbuggy
==========================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NProtect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Comm... Read more

A:Help with HJT analyzer log

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

The Temp folders should be cleaned out periodically as inst... Read more

Read other 5 answers
RELEVANCY SCORE 35.2

I am currently running my computer in Safe Mode with Networking under the Administrator log on because my personal log on's desktop has been disabled [blank screen, no icons, no taskbar] I have had many problems with spyware, pop ups and viruses on my computer. I have Adware SE, Norton, etc. I have no idea how to fix this or if its even fixable. My goal is to be able to use my personal log on again so that i may access my files and back them up. Thank you in advance!

HouseCall Found the Following that were not deletable:

TROJ DLOADER.FN[cannot access] C:\WINDOWS\SYSTEM32\picsvr\picsvr.exe
TROJ AGENT.CAC [cannot access] C:\WINDOWS\SYSTEM32\calsp.dll

It said the files were in use.

Logfile of HijackThis v1.99.1
Scan saved at 5:07:53 PM, on 4/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\eZula\mmod.exe
C:\PROGRA~1\WEBOFF~1\wo.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\picsvr\picsvr.exe
C:\WINDOWS\system32\MTE1Mzc6ODoxMg.exe
C:\WINDOWS\system32\vanlkr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\instant messenger\aim.exe
C:\Documents and Settings\Administrator\Desktop\Hijack... Read more

A:--HJT log with analyzer--

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes.

Download any of the required programs before attempting to start any of the fixes.

Please do NOT run Hijack This in a TEMPorary folder or on the Desktop. I recommend c:/program files/HJT/

Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Download and run SpyBot (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.



How to setup Spybot Search & Destroy

Download SpyBot
Save spybotsd13.exe into its own directory, NOT... Read more

Read other 11 answers
RELEVANCY SCORE 35.2

Hi, I am posting a log for my work computer which is on a network (I work for Bechtel, which shows up a lot in the log). My internet connection has been considerably slowed and I am getting a lot of popups. The whole computer has actually been slowing down a lot lately too. I followed the guide post and ran ad-aware 6.0 professional and the online virus scan. I also ran Spybot 1.3 to double check. The log below is the result.txt file that HJT Analyzer put out. My anti virus program is Symantec Antivirus Corporate Edition 8.00.9374. Please let me know if you need anymore information. Thanks so much for your help.

Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:37:46 PM, on 2/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\Syste... Read more

A:HJT Analyzer Log

Hi ronda......I'm gonna assume that you recognize the Start Page and Trusted Zone entries as being valid for your Bechtel intranet. You really should be having this conversation with your IT staff.

================

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kil... Read more

Read other 4 answers
RELEVANCY SCORE 35.2

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 11:15:24 AM, on 7/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\REGDOCTOR\REGDOCTOR.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\... Read more

A:HJT Log with KRC Analyzer

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Please state your problem in detail. The log you posted is mostly clean. You can run hijackthis and fix the following entrys...

O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\WINDOWS\TEMP\~DlfnTmp0\imgSizer.ocx
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - http://www.cabeagent.com/netagent/objects/custappx3.CAB

C:\WINDOWS\TEMP <--delete all files in that folder

Read other 3 answers
RELEVANCY SCORE 35.2

i tried running the analyzer but could not get it to work but these are the results from the hjt log. can u tell me what i need to remove? my computer freezes up and has poor preformance.


Logfile of HijackThis v1.99.0
Scan saved at 1:31:22 AM, on 01/30/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\VETMSG9X.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETTRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/ext/gw/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Copper.net Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN... Read more

A:Need Help Could Not run hjt analyzer

I see you are running two firewalls....that could be the problem.Its a conflict.

Read other 1 answers
RELEVANCY SCORE 35.2

I have tried everything but still have problems. I removed Viewpoint, Wild Tangent, Ebates, I thought offeroptimizer but still probs.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/16/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O23 - Service: McAfee.com McShield - Unknown - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~... Read more

A:Tried Everything HJT Analyzer Used

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Reboot into Safe Mode (hit F8 key until ... Read more

Read other 4 answers
RELEVANCY SCORE 35.2

Here is my HJT log with analyer anyone help me out please?
==========================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:35:11 AM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.exe
F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
F:\WINDOWS\System32\wtsi.exe
F:\WINDOWS\System32\nvsvc32.exe
f:\windows\system32\zwmhpe.exe
F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
F:\WINDOWS\System32\sstray.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
F:\Program ... Read more

A:HJT Analyzer used

Hi and Welcome to TSF!

Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".


~~~~~~~~~~~~~~

Download L2mfix - Save to Desktop

This is a self extracting file. By double clicking on it, it will automatically extract it's contents to a new folder on Desktop.Close ALL other programs
Double click L2mfix.exe
When prompted, answer Accept
Then click the Install button to extract the files to a newly created folder named - L2mfix
Open the L2mfix folder & double click L2mfix.bat
Select option #2 for Run Fix by typing 2 and then press enter
Press any key to reboot your computer.
After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, you will be presented with a log. Copy the contents of that log and paste it here, along with a new HJT log

If you receive an error - \system32\Autoexec.nt is not suitable for running MS-Dos applications, you will need to visit this website to download additional files.

Please Do NOT run any other files in the l2mfix folder until you are told to

Read other 8 answers
RELEVANCY SCORE 35.2

Spybot keeps coming up with something about the virus protection disabled, but of course everything says it's on and working. I would surely apreciate your help with reviewing this HJT analyzer file.


====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Pro... Read more

A:HJT analyzer log

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e... Read more

Read other 1 answers
RELEVANCY SCORE 35.2

I've followed the general steps to this point. I'd appreciate any help you can give on what issues I still have at this point. Here is my HJT Analyzer log. Thank you.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/23/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 5:59:31 PM, on 1/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\system32\ZAFaf.exe
C:\WINDOWS\System32\w?auclt.exe
C:\Documents and Settings\thomas\Application Data\eetu.exe
C:\Documents and Settings\thomas\Start Menu\Programs\Startup\winupdate45676305[1].exe
C:\WINDOWS\SYSTEM32\ZAFaf.exe
C:\WINDOWS\System32\Xhrs.exe
C:\WINDOWS\System32\Vgsz3ud6.exe
C:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94... Read more

A:HJT Analyzer log - need help please

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Right click on this link (http://www.greyknight17.com/spy/D... Read more

Read other 3 answers
RELEVANCY SCORE 35.2

Here is my HJT analyzer log

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSr... Read more

A:HJT Log and analyzer log

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)


Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx


Download and unzip BFUzip from http://computercops.biz/zx/Merijn/bfu.zip
Run the program and click the Web button as shown here:


Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/p2pnetwork.bfu

Execute the script by cli... Read more

Read other 1 answers