Over 1 million tech questions and answers.

Possible Infection. Can't Determine Hijack Log Enclosed

Q: Possible Infection. Can't Determine Hijack Log Enclosed

Hi there... I'm not even sure if I'm infected with anything actually.. but something seems to wrong. It's the windows folders... errors began happening while in the folders.. I tried changing it to the classic viewing and that didn't help it.. the Dr.Watson thing kept popping up with this message... "DrWatson Postmortem Debugger has encountered a problem and needs to close "We are sorry for the inconvenience". I can't seem to find much info about it, only that it's possible there is another problem. Sometimes multiple sessions of it are running when I look at the processing running. The only way to get out of the folder is to end the drwatson from the task manager. So I ran ad-aware, spybot, bit defender and the mcafee avert stinger - basically everything on your "preparation guide". Things were found and deleted with both ad-aware and spybot... Nothing appeared from the mcafee scan. So finally heres the hijack log. This might show something. Any help or suggestions would be appreciated.Thanks.Logfile of HijackThis v1.99.1Scan saved at 3:52:02 PM, on 3/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\WINDOWS\system32\drivers\dcfssvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exeC:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Softwin\BitDefender8\bdmcon.exeC:\Program Files\Softwin\BitDefender8\bdnagent.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\WINZIP\winzip32.exeC:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.caR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qus8.hpwis.com/N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.ca/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\kgexsbdc.slt\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\kgexsbdc.slt\prefs.js)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe"O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6A5C36D7-B329-43AF-953D-52D8957F935E}: NameServer = 142.161.130.155 142.161.2.155O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E9249B-F741-4A10-AAED-61338FFCBA4F}: NameServer = 142.161.130.155,142.161.2.155O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeO23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

RELEVANCY SCORE 200
Preferred Solution: Possible Infection. Can't Determine Hijack Log Enclosed

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Possible Infection. Can't Determine Hijack Log Enclosed

Hello and welcome to BC. Sorry for the delayed response. If you've not been helped elsewhere and still need help, please post a fresh HijackThis log and I'll be happy to help you.

Read other 16 answers
RELEVANCY SCORE 56.4

Alright to start off i regularly run Avast professional aswell as Adaware. I recently started using ccleaner also. Two weeks ago i kept getting google redirects in IE and Firefox. NOW, i cant even access my browsers. Ive tried Google Chrome, IE, Firefox, AND Opera 10 Beta! The only browser i can access is Blackbird for some reason. All the others get a proxy denied! Heres a picture ( http://tinypic.com/r/33tmiqq/5 )So i installed HJT and i couldn't run it, after doing some google searching i found that sometime virus's block HJT from running by its name, so i simply reinstalled with a new name and new folder and the renamed the program in the folder and wah-laa i got it too run. Which is telling me that something IS blocking it from running with its usual name! In the HJT File "thenew****.exe" is hijackthis rennamed so i could get it to work.Ive ran Avast Scan and Adaware scan and found several items but i quarantined and deleted them all, although some seem to be reappearing. Also When running CCleaner one file doesn't delete, it seems some other Thinkpad t43 users are having this problem aswell, and im not sure of what it is. (Update: i just ran CCleaner again and this item didn't show up, but other thinkpad t43 users can get rid of it, so im baffled by this now aswell.)Once again heres the picture of all 5 browsers trying to run ( http://tinypic.com/r/33tmiqq/5 ) and heres my HJT Log, Someone help please because i'm beyond having no idea at this point... Read more

A:All browser Hijack, Virus Blocking Hijack This from running. HJTLogfile Enclosed! HELP!

my apologies.

Read other 3 answers
RELEVANCY SCORE 54

Hello all,

does anyone have any idea of how to find out the source of a virus? like on a private network? a few of my coworkers keep getting hit with the conficker and my anti-virus program tells me that it has detected and stoped threats while i was logged out. i am using Symantec Endpoint. Any help would be greatful.

--thanks

A:How to determine where the infection came from

You can try checking logs from your security software. It should show network attack attemtpts with recorded IP adresses.

Read other 2 answers
RELEVANCY SCORE 53.6

How do I learn to read HijackThis logs and determine with what virus/spyware/malware is infected particular computer?

A:How Do I Learn To Determine What Is Infection?

Hello strix and to BCThe answer to your question is rather simple. Join the malware removal program of course!In this program, you learn how to identify malware and other infections, as well as how to remove them. The best thing is that you can ask many questions as you please, and work at your own pace.I personally am glad i joined the program. I get insight into what the HJT do, am able to look at my own log and help others!If you are interested, click here

Read other 4 answers
RELEVANCY SCORE 53.6

We are a small, fairly tech-savvy family who about a month ago was hit by malware. My son turned on the computer which had been running pristine clean the night before and went to a site he's been patronizing for years. The site is Gamewinners.com. He was asked if he wanted to download an updated driver and clicked No. Within seconds the computer was running slowly and he turned it off and left me a note. When I rebooted, I was faced with 4 days worth of malware removal (aided in part by information gleaned from this site and the internet). Finally my computer was back to her old self. I kept my son off the computer for 2 weeks. After thinking it was a one time occurrence since previously we hadn't had problems at the gamewinners site I let him back on the computer. When he went back to gamewinners again, we got the malware infection again. This one took me about 2 days to get rid of since I knew most of the techniques from the first time. Again, computer working great!

I was at the store Sunday and yup...my son stopped to look at that site and boom, infected again. How can I find out what the heck is going on at that site? Since my system is clean again, I don't want to go back there to try and report problems. How exactly does one go about telling someone they are doing something bad? It seems like they are attempting to sell malware removal software and oh dear does it strong arm you!

Sad to say, we can't go back there but I'd like to let some... Read more

A:Determine Cause Of Malware Infection

Well, it is possible that the site has been "Hi-Jacked" By hackers. I used to use that site long ago. You could give your son some safe game information sites such as gamefaqs.com
It could also be that the infection is not completly removed, and is there any sign of pop-ups, if so, what are they regarding?

Read other 8 answers
RELEVANCY SCORE 53.6

I am hoping to get some expert insight about a recent infection--specifically, whether or not I have truly once-and-for-all removed it, and if not, what my next step should be.

OS: XP Professional SP2 (5.1.2600)

Two days ago, I noticed my computer running significantly slower than usual. After poking around a bit and noticing that attempts to visit antivirus research destinations were being blocked or redirected, I concluded that there was obviously a problem. I saw a twex.exe entry in HijackThis and went to work.

My attempts to run Spybot were being blocked by the infection. I do not recall the precise sequence of events, but I believe it was something like this:

Yesterday:

1. ComboFix (identified and claimed to remove rootkit infection, c:\windows\system32\drivers\TDSSghdi.sys and various other files)
2. Spybot (identified and claimed to remove agent.pz and banker.xe)
3. AVG Antivirus scan (identified and claimed to remove Cryptor, c:\program files\mozilla firefox\a.exe)

After that, I ran Spybot and MBAM and both came up clean.

AVG scan ran again overnight. It located and quarantined twex.exe and other files stored in ComboFix's C:\Qoobox directory, as well as various trojan files in C:\System Volume Information\_restore*.

This morning I ran Spybot again and it came up with one instance of agent.pz again.

Today:

4. Spybot (identified and claimed to remove agent.pz)
5. SDFix (didn't claim to find any infecti... Read more

A:Agent.pz : Trying to determine if infection is gone

I got the answer to my own question the hard way--yes, my system was still infected, and it became reinfected. So an answer to this initial query won't help me. I will open a new thread if need be.

Read other 1 answers
RELEVANCY SCORE 52.8

Hi all,

I'm not really one to be posting logs ect but I'm not having any luck on my own, was wondering if maybe someone could have a look and maybe catch something out what I have missed.

I have recently (in the past few days) noticed that my web browser, regardless of whether it is FF2 or IE7, has been having issues.. i.e. some web pages wont load up, or some pages take ages to open... other issues such as the browsers completely freezing or hanging.

I have also noticed that while playing games recently (F.E.A.R) that on the same settings as I always use it is noticeably slower and choppier and quite frankly a bit annoying.

I have Kaspersky Internet Security v. 6.0.2.614 running on my computer, which I update every day and probably do a full or quick scan every day too. I also use Spybot and Adaware, both of which I run scans and update often. None of these programs have come up with any negative results so far though... and I'm stumped of what it could be.

I ran a defrag about 3 weeks ago.. haven't installed any major software or hardware since.
Run a Cclean almost every day (just cleaning the temp files).
I've checked the start-up programs and they all seem ok, just all the basics running.

Here's my specs, and I also have the HJT log and Combo fix logs below:

Windows XP MCE 2005 (SP2 and fully updated)
P4 3.2 GHz CPU
1024MB Memory
WDL 200GB HDD
256MB 6600 V/C
ComboFix 07-08-17.2 - "Karl & Teo" 2007-08-20 23:13:09.1 - N... Read more

A:Possible Malware Infection Hjt&combo Logs Enclosed:

No ideas? I see this thread has had plenty of views.
 

Read other 1 answers
RELEVANCY SCORE 52.8

Hello,

I have run Adaware, and spybot prior to generating this hijack log. Any assistance would be greatly appreciated.

Dos

Logfile of HijackThis v1.97.7
Scan saved at 12:04:19 PM, on 5/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\documents and settings\administrator\local settings\temp\juHgxLlZ.exe
C:\windows\temp\hL69glO0.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\My Documents\apps\anti_virus_stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70... Read more

A:Hijack this log enclosed

First run this uninstaller to get rid of the peper trojan:

Just click on the uninst.exe and let it run. When it is finished it will just close. There will be no dialogue. Also you must be connected to the internet for the uninstaller to be effective.

Restart your computer and post a new HJT log.
 

Read other 1 answers
RELEVANCY SCORE 52.8

Enclosed is a hijack this log this machine is very slow and won't run properly outside of safe mode.
Logfile of HijackThis v1.99.1
Scan saved at 7:28:42 PM, on 3/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.130.185.122/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50249
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50249
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50249
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://hometab.bellsouth.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: CControl Object... Read more

Read other answers
RELEVANCY SCORE 52.8

I've installed spybot, adaware SE, done online scans, lots of things found but nothing fixed. i couldn't figure out what's on my machine to do a search, i'm sorry if this problem has been answered already. Thanks in advance!!

Logfile of HijackThis v1.99.1
Scan saved at 7:55:53 AM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\RGFtaW5h\command.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\windows\sp2update00.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\... Read more

A:Need help please, hijack log enclosed

Read other 16 answers
RELEVANCY SCORE 52.8

I am using Windows XP SP1 and am trying to attach a copy of the Hijack This log I just created.Logfile of HijackThis v1.98.0
Scan saved at 1:14:53 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ntng.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\atlwt32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PAL SPYREM\spyrem.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\desktop weather\desktopweather_1509204.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MATT DANIELS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\... Read more

A:Enclosed Hijack This Log

Begin by running the online virus scan by clicking the colored link below.

***

Your HJT log shows you have no firewall installed. If you are not computing behind a firewall-embedded network router enable ICF immediately:

To turn on the WinXP Internet Connection Firewall (ICF):

- On the taskbar at the bottom of your screen, click Start, and then click Control Panel.

- Click the Network and Internet Connections category. (If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)

- Click Network Connections.

- Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the shortcut menu.

- On the Advanced tab, under Internet Connection Firewall, select Protect my computer and network, and then click OK. The Windows XP firewall is now enabled.

***
In the Add/Remove Programs control panel, remove all entries you're not sure of (unknowns) plus any demos or freebies you may have downloaded. Restart your computer after each uninstall.

***

Make sure you have all the Critical Updates and Service Packs from http://windowsupdate.microsoft.com

***

Get, install, update and run free Ad-aware (and its HexDump plug-in) from http://www.lavasoftusa.com/software/adaware/

First in the main window look in the bottom right corner and click on Check for updates now and download the latest reference files.

Make s... Read more

Read other 1 answers
RELEVANCY SCORE 52.8

my internet explorer is running super slow and will not accept my address in the homepage, when i change the address under tools/internet options/homepage
please view this log and tell me what is wrong. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 9:39:26 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WeatherStudio Desktop\WeatherStudio Desktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\WINDOWS\... Read more

A:Hijack this enclosed please help

Read other 12 answers
RELEVANCY SCORE 52.8

Microsoft anti spyware detected vx2.zserv. Could you please check my log to see if it's clean? Thanks so much.
Logfile of HijackThis v1.99.1
Scan saved at 2:07:45 PM, on 4/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\vswturvs\ZUACDkBN.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\PROGRA~1\vswturvs\NBkDCAUZ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.epix.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL... Read more

A:VX2 possible, hijack enclosed

Microsoft AntiSpyware is good but you still need to do some more things:

Run through Steps 1 through 3 Completely using the Optimize XP Guide, then use Autoruns in Step 5 to clean up your startup applications.

Use the VX2 plugin to confirm it has been removed. Once your system is completely clean (you did all those steps) install SP2.
 

Read other 2 answers
RELEVANCY SCORE 52.8

Logfile of HijackThis v1.99.0
Scan saved at 11:24:18 PM, on 12/16/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Documents and Settings\Administrator\Application Data\sica.exe
C:\WINNT\system32\??rss.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINNT\System32\rsvp.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Win... Read more

Read other answers
RELEVANCY SCORE 52.8

Seem to have a problem when I installed Verizon DSL. Neutralized Lovsan.A , Agobot.9.E , and SDDROP with AVG free...Ran Spybot, Adaware....Please help, Thank you

Logfile of HijackThis v1.97.7
Scan saved at 9:22:59 PM, on 4/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Documents and Settings\tyler\Local Settings\Temp\FreeRAM XP Pro 1.40.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1.5&bm=ho_search
R0 - H... Read more

A:Hijack...Log enclosed

Log looks okay. Are there any particular problems?
 

Read other 1 answers
RELEVANCY SCORE 52.8

My computer is being crashed by popuppers and I need help Please. here's my Hijack log,
Logfile of HijackThis v1.97.7
Scan saved at 10:35:55 AM, on 10/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\cjmy.exe
C:\Program Files\webHancer\Programs\whAgent.exe
C:\WINDOWS\upcogcal.exe
C:\windows\180ax.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\WINDOWS\medload.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:... Read more

A:Hijack log enclosed Please help

Read other 9 answers
RELEVANCY SCORE 52.8

My husband is a bit miffed with me as I use his computer and I think it is my fault that in the past week the computer freezes up about once a day totally frozen you have to power down to get it to work again. It also sometimes restarts by itself but not that often.
Please help enclosed find hijack file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:32, on 06/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\KMaestro\KMaestro.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real... Read more

Read other answers
RELEVANCY SCORE 52.8

Problem: Windows 2000, after booting up Win2000, after about 30 seconds to a minute PC reboots itself consistently. I can run in safe mode but not in regular mode. I changed parameters to not reboot on Windows error so now I get blue screen of death with the following error. Also attaching hijackthis log. Any help is appreciated. Thanks.
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000005cc, 0x00000002, 0x00000000, 0xeb6aaba7). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini051605-02.dmp.
Logfile of HijackThis v1.99.1
Scan saved at 9:46:35 PM, on 5/16/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\any\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\any\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Int... Read more

A:Need help...hijack log enclosed

Read other 16 answers
RELEVANCY SCORE 52.8

I'm helping someone with their computer. They claim that the google searchbar is not working correctly (that search results go to an ad site rather than the correct site) but I've been unable to duplicate their problem. I've run spybot S&D and AdAware, and HijackThis. Spybot S&D found a bunch of ad tracking cookies (advertising.com, doubleclick, fastclick etc.) but there were also several worrisome entries:Microsoft.WindowsSecurityCenter.AntiVirusOverride (registry change)Smitfraud-CSpySheriffSpywareSheriff.FakeAlertI had Spybot S&D fix all these items. But I know how registry hacks can pop back up. I then ran HijackThis. I'd appreciate a quick scan of the HijackThis log - let me know if there's anything here that might be causing this problem or just any nasties I should be getting rid of.I'm accessing this computer using LogMeIn remote access software. I can't reboot it (I'll lose the LogMeIn session) or reboot and startup in safe mode. If that is necessary to fix anything I'm going to have to talk the computer's owner thru it. Otherwise I can handle most diagnosis and repair tasks once I know where to look and what I'm looking for. So here's the log:Logfile of HijackThis v1.99.1Scan saved at 1:10:16 AM, on 3/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.... Read more

A:Trying To Determine If There's An Infection (trojan, Spyware)

Ooops! Sorry to have wasted your time - the user has 2 computers and the problem was on the *other* computer. I searched your archives and found the fix. If I get stuck fixing it I'll post a hijackthis log from the correct computer in a new thread.

Read other 2 answers
RELEVANCY SCORE 52.4

It is unclear whether my Thinkpad is infected.  There are no popups or browser redirects or rogue programs; however, computer speed has slowed.
 
Windows Lag time, after booting into windows has increased.  Does this determine Trojan infection?
 
Please explain wat I need to tell you and how to gather this information.
 
Help from experienced Computer Experts is appreciated.
 
Hear from you soon
 
Thank you
 
Computer Specification
 
IBM Thinkpad R51
Windows 7 Ultimate
1 Gb RAM
80Gb Hard Drive
AVG Antivirus 2011
 
 
 
 

A:Computer Behavior has slowed. Determine Possible Infection.

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download
Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save Com... Read more

Read other 1 answers
RELEVANCY SCORE 52.4

I have a Racer PC, Windows ME, 56K Modem, 92 MB RAM. I have Stinger from McAfee downloaded on my computer as well as Spybot Search and Destroy. For some reason, everytime I use Ad-ware it freezes up and I uninstalled it. I have recently been overtaken by Begin2Search, WinTools, and Ebates Money Maker. I was on the Internet checking my e-mail when all of the sudden I noticed my connection was really slow and I could hardly navigate from message to another, then at the bottom of my screen where the time is I saw a few icons pop up and when I minimized my browser window there were at least fifteen icons on the screen from different things. Also I have the Yahoo pop up blocker, search bar and underneath it is the "Begin2Search.com" toolbar. I just right-clicked and took the check out for now. I went to Add/Remove Programs and got rid of them there plus I deleted all the icons and went to "C", "Windows" and then deleted all the folders for Begin2Search, Ebates Money Maker, and any other ones I saw. But its still on my computer. I have a copy of my Hijack This log. I think I know which ones to fix but I would rather have a professional tell me so that I don't delete something I might need. Here it is:

Logfile of HijackThis v1.98.2
Scan saved at 9:30:51 PM, on 10/2/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV3... Read more

A:spyware has taken over Hijack Log enclosed

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscope.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\SYSTEM\AANTX.DLL
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\SYSTEM\WINB2S32.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL

O3 - Toolbar: Begin2Sear... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

Hi,Hi can't seem to get rid of this sucker. Everytime I log on to Internet, go.targetsearch.info is my startpage and it ads Absoluagency, Adoultsearch, and Reasearch to my favourites. I clean my computer unsing Hijack This and Adaware 6, and yet it shows up again when I restart my computer. If any kind soul would be able to help me out I'd be very grateful!!Logfile of HijackThis v1.97.7Scan saved at 21:14:19, on 2004-07-29Platform: Windows 2000 SP2 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\slserv.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\Explorer.EXEC:\Program\QuickTime\qttask.exeC:\Program\Delade filer\Real\Update_OB\realsched.exeC:\Program\ICQLite\ICQLite.exeC:\WINNT\System32\internat.exeC:\Program\a2 free\a2start.exeC:\Program\a2 free\a2scan.exeC:\Documents and Settings\Fredrik Rydell\Skrivbord\HijackThis.exeC:\Program\Internet Explorer\iexp... Read more

A:Help Needed - Hijack Log enclosed

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsPlease make sure all windows and folders are closed down and run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://go.targetsearch.info/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://targetsearch.info/left.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://targetsearch.info/left.phpR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.targetsearch.info/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://targetsearch.info/left.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://go.targetsearch.info/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.targetsearch.info/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://targetsearch.info/left.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://targetsearch.info/left.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Sea... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

Something really has a hold on my computer. I followed the advice given to me, and things were fine for about "a day or two." Now, the pop ups are back, and my computer is running extremely slow. And I've got DSL!!! I'm really not technically savvy AT ALL, and I'm beginning to become a little concerned. PLEASE HELP!!! Thanks, in advance:

Logfile of HijackThis v1.98.2
Scan saved at 6:26:30 PM, on 9/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\QuickBrowser.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\L... Read more

Read other answers
RELEVANCY SCORE 52.4

Hello again - I told a friend about the help you gave me and wondered if you can help me again on their behalf. I have added the log from their pc.

Logfile of HijackThis v1.99.1
Scan saved at 12:06:50, on 16/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\PCEye2000\pceye.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\pcwpx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avge... Read more

A:Solved: hijack log enclosed

Read other 13 answers
RELEVANCY SCORE 52.4

I can't change any of the settings on my old IBM Thinkpad laptop running Windows XP.
When I go into control panel I cannot change any settings
and this comes up "Windows cannot find C:\WINDOWS\System32\rundll32.exe.................."

Here is the Highjack scan log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:50, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1197738057\ee\AOLSoftware.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\tp4mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CyberLink\CyberLink Live\CLSomaMonitorService.exe
C:\Program Files\CyberLink\CyberLink Live\CLSomaService.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AOL9~1.1\waol.exe
C:\PROGRA~1\AOL9~1.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltps... Read more

Read other answers
RELEVANCY SCORE 52.4

One of my friends starting suddenly started getting redirected to a http://ads234.com..... when trying to access sites. He hasn't installed anything lately that he's aware of. He is unable to post a log here so I am doing it for him. I would appreciate any input.
Here's the original log:

Logfile of HijackThis v1.99.0
Scan saved at 9:40:16 PM, on 12/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\Common Files\Symantec Shared\ccProxy.exe
G:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Norton Internet Security\ISSVC.exe
G:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
G:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
G:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
G:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
G:\WINDOWS\System32\CTHELPER.EXE
G:\WINDOWS\System32\activeds.exe
G:\WINDOWS\System32\mqdinit.exe
G:\Program Files\Common Files\Symantec Shared\ccApp.exe
G:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
G:\Program Files\QuickTime\qttask.exe
G:\WINDOWS\System32\vmss\vmss.exe
G:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\BTV\btv.exe
G:\Program Files\Common Files\Real\Update_O... Read more

A:ads234.com... hijack this enclosed - help

Read other 8 answers
RELEVANCY SCORE 52.4

hey guys...
i hope someone can help me out here...my machine yesterday afternoon just started booting up VERY slowly...i'm not aware of anything i did that may have caused this...i read through this site daily and have noticed that when someone has this problem, you usually request a logfile from hijack this...so...here it is...

Logfile of HijackThis v1.99.1
Scan saved at 5:10:51 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\S... Read more

Read other answers
RELEVANCY SCORE 52.4

Well i started my computer up this morning and was deluged with huge amounts of pop ups. Things also starting installing. I managed to do a Spybot. I got rid of a new searchbar, but one is there there. also, when i ran the spybot i got a dozen or so virus alerts about different trojans but they didnt come up in the spybot. i dunno what to do because i feel my computer security is at risk.
Logfile of HijackThis v1.97.3
Scan saved at 9:14:51 PM, on 5/4/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
C:\PROGRAM FILES\LOGITECH\KEY COMMANDER\COMMANDR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TEMP\MCFBRV.EXE
C:\WINDOWS\SYSTEM\IEHOST.EXE
C:\WINDOW... Read more

A:More Problems HiJack enclosed

Read other 8 answers
RELEVANCY SCORE 52.4

Logfile of HijackThis v1.99.1
Scan saved at 4:42:30 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Administrator\My Documents\HijackT... Read more

A:Help me Hijack this logfile enclosed

Read other 6 answers
RELEVANCY SCORE 52.4

a friend told me about this site i have ran adaware and spyware x terminator i am still having problems with popups and my cable connection runs sooooooooooooo slow thank you for your help!
Logfile of HijackThis v1.98.2
Scan saved at 8:08:31 AM, on 9/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\WINDOWS\System32\ohutkq.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPMemCheck.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\PPControl.exe
C:\PROGRA~1\STOMPS~1\SPYWAR~1\CookiePatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WebSecureAlert\WebSecureAlert.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Prog... Read more

A:[Solved] help please hijack log enclosed

Read other 7 answers
RELEVANCY SCORE 52.4

Can someone help me? When I click on IE search compnaion is missing, no error mssg shows up just a blank page where search companion used to be.
 

A:Solved: Hijack log enclosed

try tools/options/programes & press reset web settings
 

Read other 3 answers
RELEVANCY SCORE 52.4

Thanks,

My kids downloaded a virus last week and despite my amateur efforts my browser is still painfully slow. I have, in safe mode, ran Spy-bot and ewido's latest spyware and manually deleted some registry keys with hijackthis. Still not sure. Below you will see this which replaces itself "O4 - HKLM\..\Run: [Jqiheci] rundll32.exe "C:\WINDOWS\ofepebas.dll",e"

Also the MY Web search reappears. I have deleted with hijack and tried (and failed) with the ADD/Remove function.

Any help will be greatly appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 15:10, on 2009-04-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lxczcoms.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe
C:\Program Files\In... Read more

A:Hijack log enclosed. Can an expert look at if for me?

Read other 16 answers
RELEVANCY SCORE 52.4

Got hit 4 days ago with this antiviruswinpro spyware crap and every program I've tried to solve this problem hasn't!

Here is my hijack log..hope someone can find an answer in this..thanks!:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:34 PM, on 8/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\... Read more

A:Need help with spyware..hijack log enclosed

Read other 16 answers
RELEVANCY SCORE 51.6

Hi everyone,

I read the 'please read before posting' file so I'll try and provide as much information as I can. 2 things happened in the last 3 days that have led me to believe that my computer is infected.

1. I received an e-mail with 3 photo attachments from a known friend - I usually never open these, but these were from a friend who I didn't believe had my gmail address in their address book (I guess I naiively thought that viruses only spread through addresses in the address book of the infected person). The files got through the gmail scanning system, so I clicked one. It redirected to a url: hxxp://www.cli.gs/yqLXz3 (x=t)which didn't show anything

2. I inserted a usb into my computer that I brought home from the office, and I got a warning from AVG that there was a trojan...I had the option of 'fixing' it (whatever that means) and the warning went away.

3. Ever since the email incident, my firefox has been lagging. In particular, every time I type the words 'ebay' or 'paypal' into my browser address field, or into the google search field, the browser lags. The ebay website also severely lags.

I ran Spybot-search and destroy, and it found a whole bunch of random things, but I stupidly didn't keep a log since I figured it caught everything. However, the lagging is still happening every time I visit ebay. It doesn't seem to lag when I type the word here though.

I'm running Windows Vista, and my... Read more

A:Suspicions of keylogger/trojan infection - firefox lagging. Log enclosed.

Bump - no ideas?
 

Read other 1 answers
RELEVANCY SCORE 51.6

im running windows xp service pack 2 im worried i have a trogen i looked in my avg log and it says it picked one up on march 26 and then again 28th enclosed is my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:15:43 AM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\winhlp32.exe
C:\PROGRA~1\Grisoft\AVG7\avgvv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\So... Read more

A:Solved: trogan? enclosed hijack log thank you

Read other 10 answers
RELEVANCY SCORE 51.6

My sisters pc has been running sluggish and her internet explorer isnt closing. I ran various anti virus, spyware, etc programs and nothing works. Here is my sisters hijack this log, hopefully u guys can help me and tell me what to remove.
Logfile of HijackThis v1.97.7
Scan saved at 10:22:46 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Common Files\Microsoft Sh... Read more

A:Cleaning up Sisters PC.. Hijack this log enclosed!

Hello.

You still have an adware program running.

http://www.pestpatrol.com/PestInfo/a/adblaster.asp

I see you've run Ad-aware, but do you have it configured for a deep scan?
***NOTE*** If you already know the basics of Ad-aware skip to Step #4 and configure it accordingly.

The Ad-aware tutorial shows how to configure Ad-aware for a deep scan, the default settings are are always changed
per advice from the security experts on these forums.

How to configure Ad-aware for a deep scan
 

Read other 3 answers
RELEVANCY SCORE 51.6

Hellorecently my computer was infected by spyware, and the symptoms are1. I get a pop-up on my desktop about every 3 minutes stating its from "Windows Security Center" and that I have a virus. If I click on the link it provides to remove the virus, it opens a browser window with an ad for Spymaxx and Antispy Storm 2008.2. My default wallpaper has been changed to a blue screen with a computer virus warning. Again, a link it provides opens a browser window and goes to h[i]tt[/]p://livesecuritycenter.com/?aid=373 which is an ad for Spymaxx and Antispy Storm. If I go into the control panel and reset the wallpaper, then within a minute or two, the virus will change it back to the new default with virus warning.3. Task Manager has been disabled.4. I have Spyware Doctor running and about every other minute I get a message from Spyware Doctor saying that it has blocked malicious code from sbwltbxa.exe that was trying to access the registry hklm/software/microsoft/windows/currentversions/explorer/browser help objects/{5FA6752A-C4A0-4222-88C2-928AF}I have run a full system scan with Spyware Doctor, a full system scan with Ad Aware, and Microsoft Malicious Software Removal Tool.These programs found lots of stuff, and said it successfully removed all items found. But the above problems still exist. After i used a few tricks i found from the internet, most if not all of those symptoms are no-longer exist.still, i would like you guys to help me take a look.thanksLogfile of Trend ... Read more

A:Desktop Hijack(hijackthis Log Enclosed)

error
sorry i copied the post from anther person who have almost identical symptoms(i did post my own HJT log)

I did not run a full system scan with Spyware Doctor, nor Microsoft Malicious Software Removal Tool.

I used spybot S&D and Adaware.

sorry

Read other 2 answers
RELEVANCY SCORE 51.6

I am running a Windos XP approx 4 year old computer--one of 3 computers on a Linksys router--but the slowest of the 3. It takes approx 10 minutes when I restart my computer to be able to access the internet--and then once I am able to access the internet it takes a while for the page to refresh. I am protected by McAfee Internet Security Suite, and am running scans with Spybot, Adaware, AVG and Spyware Blaster. Can you please help?

Enclosed is a copy of a log file that I just ran this morn from hijack this. I look forward to your assistance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:22 AM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Pro... Read more

A:Very slow computer--Hijack Log enclosed

I understand this is a busy site--can someone please help with this posting? Thanks so much.

Read other 1 answers
RELEVANCY SCORE 51.6

Several months ago, I had a Trojan Vundo infection. A tech friend reformatted my computer to fix it. Since then, no problems.

Last night, I got what looked like a genuine MSE warning pop up from my tool bar. It said my computer was at risk because my AV was turned off and said to click the box to fix it. There was a little red shield icon on toolbar. I clicked and the window that opened looked like the MSE interface. It showed AV turned off and had a "recommended" button to repair it. When I clicked the button, it said to download a new AV program and gave a link. Not "update MSE" but download a new program. At that point, I became suspicious.

I used task list to close the window and the red icon on the toolbar disappeared. I expanded the tool bar to see that MSE was turned on the whole time and realized the red shield icon was different from the normal MSE "house with a flag" icon.

I updated MSE and did a full scan, then updated MBAM and did a quick scan with it. No infections found. My computer is running fine and I haven't noticed anything unusual. But after my experience with Vundo, I want to double check. My Hijack This log is below. Please let me know if you see anything that shouldn't be there or if I need to do something more.

Thank you.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:30:04 PM, on 8/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17098)
Boot mode: Norma... Read more

A:Fake MSE warning, Hijack This log enclosed

Read other 16 answers
RELEVANCY SCORE 51.6

My computer is barely moving the last few days and I'm not sure why. Sometimes it will seem to be okay when I'm working then it will suddenly just seem to freeze, and after a few minutes of this it will finally move again but much slower than it was. Can someone please look at my hijack this log and tell me if you see anything that I need to remove? I really appreciate any help. I've run several different virus/spyware scans and nothing has been found.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:41:24 AM, on 3/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=... Read more

Read other answers
RELEVANCY SCORE 51.6

Hi,
I believe I have a virus but I can't seem to find information about it. I am unable to clear it up when I run virus checks either.
What's happening is this. When ever I open a web page (aol is my home page with ie as my brower) the page takes forever to load and then just after it does load I get a message saying "We're sorry, the content you requested is temporarily unavailable. Please try again later." My computer is also EXTREMELY slow to load pages - pages that use to load within 5 seconds (like when checking email) can take 5 minutes to open, if it opens at all.
I tried running AVG anti-spyware and even SUPERantispyware but with no luck. I just ran a Hijackthis scan and was hoping someone could help me or lead me in the right directions!
Below is the log - thanks in advance for your help!
Logfile of HijackThis v1.99.1
Scan saved at 3:27:48 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOW... Read more

A:May have virus? Hijack this file enclosed

Read other 12 answers
RELEVANCY SCORE 51.6

Someone please help.I need an angle I have been hijacked. It showed up Monday afternoon. It will take me to there site only. I don't have anything on my start bar. and can't get into the control panel. I do have object dock which has been my life saver, It has allowed me to gain access to internet and search and my computer. I diagnose the computer with hijack this and here is what it said. Please help me to know what to take out. Thanks for your time!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:19: VIRUS ALERT!, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Blue Coat K9... Read more

A:Help hijacked enclosed hijack this report. help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Antivir and AVG. While this may seem like better protection, they can actually conflict with one ... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Logfile of HijackThis v1.99.0
Scan saved at 2:27:20 AM, on 5/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\c9037028.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:... Read more

A:Solved: Ad-wared again, Hijack this log enclosed, help me plz!

Read other 6 answers
RELEVANCY SCORE 51.6

Hi system running Windows xp home.
It was having speed issues and alot of popups so i ran spybot s&D (updated), lavasoft adware (updated) and AVG (updated).
spybot and adware reported many problems so i chose fix selected problems.

spybot says it is unable to fix 2 of the selected problems and offers to try to fix on reboot.
The problem is Command Server hkey_local_machine\system\controlset001\cmdservice
Hkey_local_machine\system\currentcontrolset\services\cmdservice

It does not fix on reboot. I also tried scanning in safe mode but the spyware remains. Whenever i rescan with spybot it is keeps finding not only the cmdservice but also windows.security.center- firewall disable, sp2 update, update disable notify, antivirus disable notify, firewall overide.
Now when i choose "fix selected problems" it says if fixes these and unable to fix the 2 mentioned above but with every rescan it comes back.
Adaware says it can't remove coolwebsearch and c:\windows\system32\q4ps0e77eh.dll but i am pretty certain this file name changes on every scan.
So the popups keep coming and it also tries to download files like from Casino software (www.888.com).
It also pops a window up that is reporting the Blackworm virus an recommending a download (but i am not so certain that this is just not an advertisement).
Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:33 PM, on 2/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800... Read more

A:can't clean spyware, hijack log enclosed

Read other 16 answers
RELEVANCY SCORE 51.6

Hello! I am having a large problem with pop-ups. xlime.offeroptimizer and xadsj.offeroptimizer are taking over my computer, Any help would be greatly appreciated! Here is my hijack this log


Logfile of HijackThis v1.99.0
Scan saved at 5:35:40 PM, on 4/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:... Read more

A:Solved: HELP! Offeroptimizer has taken over! Hijack This enclosed!

Read other 13 answers
RELEVANCY SCORE 51.2

Logfile of HijackThis v1.99.0
Scan saved at 6:03:27 AM, on 4/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ntin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\mssj.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\xmsjv.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xmsjv.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xmsjv.dll/sp.html#44768
R1 - HK... Read more

A:God I hate spyware.. Hijack enclosed[RESOLVED]

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".

Read other 6 answers