Over 1 million tech questions and answers.

TOTAL CORRUPTION - HiJack This Log Included

Q: TOTAL CORRUPTION - HiJack This Log Included

Ok...I have my neighbors pc which is totally infested with virus, malware, hijack, you name it. I am able to connect to the internet via IE... page is continually re-directed by uschase.com and ads234.com, then it defaults to a blank about:blank page poof!

Here is startup lists and I am unable to "not load" specific items it always defaults to enabling "all" :
StartupList report, 11/17/2004, 9:08:01 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\ygztahrx.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
C:\WINDOWS\System32\nwufbgtg.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\b.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\jgaw400213a.exe
C:\WINDOWS\System32\vdplayd.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\iexplorr24.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
WildTangent CDA = RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
Spyware Stormer = C:\Program Files\Spyware Stormer\SpywareStormer.Exe
MS Updates = C:\Documents and Settings\John and Bryan\Local Settings\Temporary Internet Files\Content.IE5\GT6R4XQN\mscache[1].exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
lite.exe = C:\WINDOWS\System32\lite.exe
JUFPZHRC = C:\WINDOWS\JUFPZHRC.exe
JTBPZ = C:\WINDOWS\JTBPZ.exe
ildfwpb = C:\WINDOWS\System32\ygztahrx.exe
GrMeNIB8q = C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
eclpuufz = C:\WINDOWS\System32\nwufbgtg.exe
Dpi = C:\Program Files\Common Files\Dpi\dpi.exe
bxxs5 = RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min
AutoUpdater = "C:\Program Files\AutoUpdate\AutoUpdate.exe"
aufbmyqq = C:\WINDOWS\yapjybrm.exe
Aqua.exe = C:\WINDOWS\System32\Aqua.exe
Antivirus = C:\WINDOWS\b.exe
6xwG = C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /S
TV Media = C:\Program Files\TV Media\Tvm.exe
vdplayd = C:\WINDOWS\System32\vdplayd.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

traffic944c.exe = "C:\WINDOWS\System32\traffic944c.exe"
wmv9dmod945g.exe = "C:\WINDOWS\System32\wmv9dmod945g.exe"
SysUpd = C:\WINDOWS\sysupd.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyStartUp = C:\Program Files\Microsoft Money\System\Money Startup.exe
mindex474s.exe = "C:\WINDOWS\System32\mindex474s.exe"
jgaw400213a.exe = "C:\WINDOWS\System32\jgaw400213a.exe"
iexplorr24 = C:\WINDOWS\iexplorr24.exe
d3drm818a.exe = "C:\WINDOWS\System32\d3drm818a.exe"
clcd32973b.exe = "C:\WINDOWS\System32\clcd32973b.exe"
ccfgnt434d.exe = "C:\WINDOWS\System32\ccfgnt434d.exe"
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Aida = C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\System32\mmfutil279p.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------
Enumerating Browser Helper Objects:

(no name) - (no file) - SOFTWARE
(no name) - (no file) - {00000000-0000-0000-0000-000000000221}
(no name) - C:\WINDOWS\mxTarget.dll - {0000607D-D204-42C7-8E46-216055BF9918}
(no name) - C:\WINDOWS\bxxs5.dll - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
(no name) - (no file) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E}
(no name) - C:\WINDOWS\System32\nkn.dll - {3DD8695A-9310-4EC8-DA25-6C5505DA7341}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\2_0_1browserhelper2.dll - {83DE62E0-5805-11D8-9B25-00E04C60FAF2}
(no name) - C:\WINDOWS\System32\nvms.dll - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
IE Redirector - C:\WINDOWS\System32\ieredir.dll - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
(no name) - C:\WINDOWS\System32\mscb.dll - {CE188402-6EE7-4022-8868-AB25173A3E14}
Search Help - C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Local Settings\Temp\zCdjP2Qk7.dll - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
(no name) - C:\WINDOWS\System32\msbe.dll - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}

--------------------------------------------------

Enumerating Download Program Files:

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\System32\lspak.dll
Protocol #2: C:\WINDOWS\System32\lspak.dll
Protocol #3: C:\WINDOWS\System32\lspak.dll
Protocol #9: C:\WINDOWS\System32\lspak.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,108 bytes
Report generated in 0.657 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Other than spyware stormer to identify malicious activity, they had nothing set to protect themselves.

Downloaded and ran stinger.exe (McAffee) with latest defs 8 Nov. It identified and cleaned over 246,000 files.

Installed Spybot, Spyware Blaster, Ad-Aware 6. SpyBot can not clean all issues. Also installed Reg Editor trial...numerouse errors. I REALLY DON'T WANT TO RE-INSTALL THERE PC ... Just get cleaned and internet accessible..with my recommendations for the "right fix"

Installed and ran HiJack This...Here's what I got... they have soooo much on there system, I'm not sure what's good and what's not...

Logfile of HijackThis v1.98.2
Scan saved at 9:16:07 AM, on 11/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\ygztahrx.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
C:\WINDOWS\System32\nwufbgtg.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\b.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\jgaw400213a.exe
C:\WINDOWS\System32\vdplayd.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.exe
C:\WINDOWS\iexplorr24.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uchase.com/scan.php?ask=&a=1367
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: (no name) - {3DD8695A-9310-4EC8-DA25-6C5505DA7341} - C:\WINDOWS\System32\nkn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\ieredir.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Local Settings\Temp\zCdjP2Qk7.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [MS Updates] C:\Documents and Settings\John and Bryan\Local Settings\Temporary Internet Files\Content.IE5\GT6R4XQN\mscache[1].exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [lite.exe] C:\WINDOWS\System32\lite.exe
O4 - HKLM\..\Run: [JUFPZHRC] C:\WINDOWS\JUFPZHRC.exe
O4 - HKLM\..\Run: [JTBPZ] C:\WINDOWS\JTBPZ.exe
O4 - HKLM\..\Run: [ildfwpb] C:\WINDOWS\System32\ygztahrx.exe
O4 - HKLM\..\Run: [GrMeNIB8q] C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
O4 - HKLM\..\Run: [eclpuufz] C:\WINDOWS\System32\nwufbgtg.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [aufbmyqq] C:\WINDOWS\yapjybrm.exe
O4 - HKLM\..\Run: [Aqua.exe] C:\WINDOWS\System32\Aqua.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [6xwG] C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [vdplayd] C:\WINDOWS\System32\vdplayd.exe
O4 - HKCU\..\Run: [traffic944c.exe] "C:\WINDOWS\System32\traffic944c.exe"
O4 - HKCU\..\Run: [wmv9dmod945g.exe] "C:\WINDOWS\System32\wmv9dmod945g.exe"
O4 - HKCU\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [mindex474s.exe] "C:\WINDOWS\System32\mindex474s.exe"
O4 - HKCU\..\Run: [jgaw400213a.exe] "C:\WINDOWS\System32\jgaw400213a.exe"
O4 - HKCU\..\Run: [iexplorr24] C:\WINDOWS\iexplorr24.exe
O4 - HKCU\..\Run: [d3drm818a.exe] "C:\WINDOWS\System32\d3drm818a.exe"
O4 - HKCU\..\Run: [clcd32973b.exe] "C:\WINDOWS\System32\clcd32973b.exe"
O4 - HKCU\..\Run: [ccfgnt434d.exe] "C:\WINDOWS\System32\ccfgnt434d.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {4D8E6154-D6B1-4770-A9A1-4919686F415E} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E7854C-559B-4518-BB8D-3DB7407A6367}: NameServer = 198.6.1.60 198.6.1.70
O20 - AppInit_DLLs: C:\WINDOWS\System32\mmfutil279p.dll
Your feedback and support is greatly appreciated...

RELEVANCY SCORE 200
Preferred Solution: TOTAL CORRUPTION - HiJack This Log Included

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: TOTAL CORRUPTION - HiJack This Log Included

Read other 16 answers
RELEVANCY SCORE 59.6

Hello everyone!

I am here today with yet another XP problem, but I am sad to say this is not your average run of the mill registry corruption.

Background:
During an architectural rendering - my apartment's power went out - immediately shutting off my computer. Upon resetting the circuit breaker and rebooting, I was mortified to discover my computer would not boot at all. (I think it is important to note prior to the power outage - my computer was freezing periodically, {besides other applications, utorrent would always make it freeze.})

After reboot, when it comes to the screen that gives you several boot options (safe mode, last known good... etc.) any option I click won't work and it simply freezes until I force shut down.

I tried repairing windows XP but during the installation it says something in the nature of "cannot find original windows installation, please contact sys..."

I successfully loaded up a BartPE bootable windows - but the OS could not detect my hard drives (the drives are just empty.)

*I suspect my hard drives died

I have windows installed on a data drive, and I have another 2 500gb hitachi drives raided together. (Not the raid setup that mirrors - the one that screws my career over)

What can I do to recover my data? Is there any external enclosure that I can get or some way of repairing windows through BartPE even though it doesnt read c: drive? Midterm presentations are around the corner and I cannot afford to pay for da... Read more

A:XP Total Corruption?

You have a Raid 0 setup and likely had a Bios crash so you need someone to set your Bios up for Raid again and then it might actually just boot up OK (provided you haven't messed things up too much).

I would suggest a shop.

Read other 3 answers
RELEVANCY SCORE 56.8

I believe I've a corrupt file system/registry. The windows explorer hangs a lot. Accessing files in drives takes too long. Ran Malwarebytes, NOD32 online scanner. It's all clean. SFC doesn't run.

So, I've run SFCfix.exe & attached the generated SFCfix.txt. I've also attached CBS.zip. Please help.

Read other answers
RELEVANCY SCORE 56.4

I've previously posted for help under "Performance & Maintenance". I thought it would be more appropriate to ask for help here.

I believe I've a corrupt file system/registry. The windows explorer hangs a lot. I've a hard time accessing files on the hard drive. Ran Malwarebytes, NOD32 online scanner. It's all clean. SFC doesn't run.

So, I've run SFCfix.exe & attached the most recent version of SFCfix.txt & CBS.zip.

I've attempted some repairs by running Windows Update Readiness tool, looking at CHECKSUR.log, by downloading the individual updates mentioned in the log, placing them in C:\windows\temp\checksur\packages folder, and running WURT again & the summary of checksur.log reads.

Seconds executed: 1718
Found 106 errors
CSI Manifest All Zeros Total count: 2
CSI Payload File Missing Total count: 1
CSI Payload File Corrupt Total count: 1
CBS MUM Missing Total count: 3
CBS MUM Corrupt Total count: 6
CBS Catalog Missing Total count: 5
CBS Catalog Corrupt Total count: 3
CBS Registry Error Total count: 13
CBS Watchlist Package Missing Total count: 72

Unavailable repair files:
winsxs\manifests\x86_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.22853_none_f074c244483f4149.manifest
winsxs\manifests\x86_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.18645_none_eff7f4132f17bb15.manifest
servicing\packages\Gin8IP-Microsoft-Windows-DownlevelApisets-Com-WinIP-Package~31bf3856ad364e35~x86~ja-JP~7.1.7601.1649... Read more

Read other answers
RELEVANCY SCORE 48

When I click on a link from the Google search page it gets hijacked to 83.133.124.109 and then to some bogus search site or other website.I also have a problem that when I run a McAfee scan a bunch of trojan files show up that I need to remove with other software.DDS (Ver_09-12-01.01) - NTFSx86 Run by Brad at 21:57:57.25 on Fri 01/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.809 [GMT -8:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\IObit\IObit Security 360\IS360srv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService... Read more

A:google hijack and McAfee corruption

I ran Kaspersky TDSSKiller and it found a problem in atapi that it fixed. Things seem to be better.

Read other 2 answers
RELEVANCY SCORE 48

I don't know if this pc's problems are related to anything that's been downloaded. I've run Spybot and cleaned it up some. Please take a look at the attached and let me know if I need to do anything further. TIA.

Betsy
 

A:boot sector corruption - hijack this log

I'll just post this up, to make it quicker for others to check

Logfile of HijackThis v1.93.0
Scan saved at 4:41:01 PM, on 9/4/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.cnn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CstlFaxTray] C:\Program Files\Castelle\FaxPress\FaxTray.exe
O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Novell Application Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'T... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

Greetings! Recently I ran into some nasty malicious software. My browser is redirected when I do a web search. What I know, "askalot.com" or viruses associated with this website seem to be the problem I am facing. I have run Malaware-Bites and it cleaned 10 infections a few days ago. Since then the problem has persisted and Malaware-bites has been unable to detect anything else. the following items i have tried to remove already.... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')they keep coming back... Any help would be appreciated as I am terribly paranoid about what information the software could be stealing form me. thank you for your time. ========================================================================================== HIJACK THIS LOG FILE ====... Read more

A:Browers Hijack ( possible windows explorer corruption as well )

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 23 answers
RELEVANCY SCORE 46.4

My computer was recently hijacked by one of those nasty moneypak viruses. I can't access the os normally or in either of the two safe modes. I've scoured through all of the self help guides to no avail. I've even tried using the hitman bootloader but that doesn't work either. I was instructed to post a dds log but am unable to do that at the moment. This computer has all of the company financials on it and it is imperative that I get it working again. Please help! Thanks

A:total hijack

My original post:
Help please! My computer is on complete lock down and I am at my wits end.
I was on Google Chrome when all of a sudden the screen was hijacked by a window that claimed to be from the department of justice. At this point, I couldn't do anything with the computer except force a reboot. Then, upon restart in normal mode, a dialog box comes up that says windows is shutting down because of the nt authority\system and that the dcom server process launcher terminated unexpectedly.
So far, I have tried to restart normally with no success. I've tried to restore to the last known good configuration with no success. I've tried to restart into safe mode but I get a blue screen that says to check for viruses on the computer. Lastly, I've tried to reboot the system with hitman which didn't work either. Normal system startup is working except for the nt authority system error and the hijack. Needless to say, I'm beyond frustrated at this point.
Please help. Thanks

Read other 31 answers
RELEVANCY SCORE 46

System specs:

Dell 410 XPS
2GB RAM
WindowsXP Home SP2
1 installed Intel 82566DC Gigabit Network Connection
DSL phone-line modem to Earthlink
(I just bought a new D-link Dir-655 wireless router, and will probably switch to Comcast cable, but want to fix this first.)
nVidia GeForce 7600GT video card
Dell 2405 monitor

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:28 AM, on 4/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\rund... Read more

Read other answers
RELEVANCY SCORE 46

Hi,

I ran AdAware and Spybot on this system and wanted to do an HJT scan. This is the message I get when I try to instal HJT -

" Hijack This.exe - Bad Image

The application or DLL C:\WINDOWS\system\MSVBVM60.DLL is not a valid Windows image. Please check this against your installation diskette."
What do I do?

Many thanks...Raj.
 

A:Very Close to TOTAL HIJACK!!

Read other 16 answers
RELEVANCY SCORE 46

My internet is going crazy with hijacks. I think theres more than one. Please help.
Logfile of HijackThis v1.98.2
Scan saved at 11:56:51 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\dllhostxp.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\pxhping.exe
C:\WINDOWS\System32\extrac16.exe
C:\DOCUME~1\YURIYA~1\LOCALS~1\Temp\eehm.dat
C:\Program Files\Quintessential Player\QCDPlayer.exe
C:\Documents and Settings\Yuriy Ayzenberg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =... Read more

A:Total Internet Hijack!! Please help

Please help! I'm getting some weird windows messages
 

Read other 2 answers
RELEVANCY SCORE 45.2

Hello all. This is my first post on this site and I hope that you can help me out. When I sign on to my regular user profile this error pops up: Windows cannot find 'C:\Windows\System32\wpcumi.exe'

After I close this box a box for Vista Total Security 2011 pops up and starts a scan. It shows that I have 29 infections and the only way to get rid of them is to purchase this software. I have been running AVG for years and had no issues. When I close this box and try to open my web browser it blocks it and says it is unsafe. The only way to make it safe is to...you guessed it, buy the software! I cannot figure out how to get this off of my computer. If I log in under administrator everything runs normal. I can access AVG and see that the most recent scan was this morning with no issues. What gives?

Oh BTW, I tried restarting and I get the same thing. Thanks for any help that you can give me.

A:Vist Total Security 2011 Hijack

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the I... Read more

Read other 3 answers
RELEVANCY SCORE 45.2

alright im running xp home my comp is compaq nc6000 laptop. (build 2600.xpsp_sp3_gdr.090206-1234:service pack 3) i currently have and use firefox and opera browser. could not install the last two latest updates. no variation of chckdsk will work in safe mode, admin and home, or regular, at startup it tries to run chkdsk then says chckdsk is not available on RAW. After startup an error message says EXPLORER.EXE is invalid or corupted please run chckdsk utility.i have no desktop, not even in safe mode, i have to use new task from tast manager that works after 3 bad image errors lol. i'v been getting alot of out of virtual memory message's and i cant figure out how to ever get that back.every program on my computer i open is followed by the error message "invalid or corrupted please run chkdsk" the programs will still work, for a while but eventually start crashing and have to be reinstalled.

couple weeks ago im pretty sure i stumbled upon a fake guitar lesson website it gave me some nasty virus. it instantly opened a window in fullscreen looked just like windows security center and was scanning show hundreds of threats very fast i touched nothing and ctrl-alt-del, terminated opera's exe from task manager. the comp would shut down and crash again before it can even boot but i happened to download spybot s-d and run it in safe mode i have the log plus another in regular mode ill will give you, that kept my computer workable enought to talk to you guys.

... Read more

Read other answers
RELEVANCY SCORE 44

Up untill today my PC has been working a-ok. I first encountered the problem when i was palying a online mmo. After a couple of hours playing i entered a world and some graphical corruption occured where green pixels seem to appear in bands where the lighter colours where. After a short while the pc locked up,with loads of green pixels appearing and the last split second of sound caught in a loop.Nothing worked,mouse keyboard,even the lights for numlock,scroll lock and capslock did not respond to the keys being pressed.it has happened almost every time i tried a game since then.

I rebooted my pc and it was fine untill i was loging into the pc,where more of the same graphical corruption occured,when i logged in after a short while the pc froze on my desktop and hr monitor lost signal.after a few seconds it came back on an a message appeqred in the corner by the toolbar saying Kernel driver 258.96 had failed but had been recovered, his happened a few times. Windows works perfect in safe mode and i updated the graphics card drivers to try and resolve this but it did not work,i am posting this off my iPod so pardon the bad spelling,will upload a picture or video tomorrow wih more info if needed.
Runnng on a packard bell iXtreme with a quad core cpu and Nvidia 8400GS grqphics card. Hope somebody has a solution .thanks.
 

A:Pc locking up,graphical corruption,audio corruption

Read other 7 answers
RELEVANCY SCORE 42.8

never seen this before. I've run ad-aware, spybot, microsoft's beta spyware cleaner and we've got norton anti-virus corporate edition and STILL the pop ups keep coming. The anti-virus keeps catching a ton of stuff and putting it in quarantine...I clean that out and it catches more stuff. the microsoft caught something called the "peper trojan" and it supposedly cleaned it, but didn't fix the problem. Anyhoo...here's the hijack log..this log was after all of the scans with the aforementioned programs. I did update them before I ran them and also did thorough scans instead of quick scans.

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Seagate Software\WCS\pageserver.exe
C:\Program Files\Seagate Software\WCS\WebCompServer.exe
C:\Program Files\Seagate Software\WCS\cacheserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe
C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe
C:\Program Files\Seagate Software\WCS\JobServer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\starter.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Fil... Read more

A:pop ups have taken over...hijack included

Someone will work on your log shortly.

Read other 5 answers
RELEVANCY SCORE 42.8

Hi All

Today a message appeared next to my clock on the bottom right hand corner saying " VIRUS ALERT! " ?? Ive tried Adware , spybot and a couple other spyware / antivirus program but cant seem to rid of it ? Does anyone know what this is ? or has anyone had the same problem ? Its driving me mad as cant get rid off it < Heres my Hijack this log that i done a few minutes ago.

Thanks in Advance for any help

Keigan1888
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\burst\burst.exe
C:\Program Files\burst\core-new1.1.3\btd... Read more

Read other answers
RELEVANCY SCORE 42.8

I'm not even sure if this is a security question, but since my mother insists on opening forwarded emails, it's #1 on my list. I'm working with Windows XP w/Internet explorer.

Here's the problem: My dial-up ISP has been running super slow recently. It is close call america (it's a small company), and I connect through a software program we installed with a CD they sent us. This was maybe 3 years ago, and we haven't had any problems.

I went into the network settings to change the phone # we were using to connect. It then dialed the number, not going through the software. It came back with an error message, and I was not surprised.

But now, when I double-click the software icon to open the software to start the dialing, the little box comes up (like the icon/ad box NetZero uses but with no ad), the little box that usually says "dialing" flashes up (doesn't start dialing), then disappears, and the entire application shuts down.

I've restarted the computer, I've checked my username and password. I tried reinstalling the CD software but I get a runtime error. I tried setting up a new connection and doing it without the software, but it gives me some sort of "the server doesn't recognise you" error. I've tried calling their tech support, but they're obviously people off the street just reading off of info packets (she didn't know what an IP is...uhhh).

I definately think it's a proble... Read more

A:Need help please - hijack included

http://forums.techguy.org/windows-nt-2000-xp/485363-application-closes-itself-i-dont.html

Closing duplicate, please reply there.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Any help would be appreciated. I have tried everything and I it just comes back. I usually can run sdfix and be okay but this is a vista laptop. I'm pulling my hair out. Please anyone. I have ran ad-ware se, superantispyware, trojan remover, avg, sdfix(which didn't work) I do not know how to read these hijack so any help again would be appreciated. I have a big slow down in internet explorer and google searches don't work. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:24 AM, on 9/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Sorry I think I might have it...if not I will add the hijack listing back...thanks

A:Can't Seem To Get Rid Of This..hijack.log Included

I am glad you found your computer problem. Let us know if we can help you.

Thank you for letting us know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Read other 1 answers
RELEVANCY SCORE 42.8

My net is really going slow, but only the browsing speed. Downloading is fine, as i saw when i got HJT. I already ran adware 6 and Spybot Search and Destroy, and they cant find anything. The programs on the pc are running ine, i.e. word an media player, it is just the browser. PLEASE help!

Logfile of HijackThis v1.97.7
Scan saved at 08:07:49, on 07/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AOL 8.0a\waol.exe
C:\Program Files\AOL 8.0a\shellmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Liptrot\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ads.softwareoutfit.com/start_search.php?... Read more

A:HELP!!! Hijack this log included

Should be posted in security,normally i would move you there but the log is clean.

You can have HijackThis "Fix" this one:
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
 

Read other 2 answers
RELEVANCY SCORE 42.8

Hello all,

Thanks for looking. I try clicking Age Of Empires shortcut on my desktop and I recieve this response.....

The application has failed to start because MSVCR71.dll cannot be found. Re-installing the application may fix this problem

I tried clicking ewido security suite and it say the same thing.

What could this be?

Thought I'd include a Hijack this log.
Logfile of HijackThis v1.99.0
Scan saved at 10:00:51 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\... Read more

A:Hijack this.......log included

Read other 9 answers
RELEVANCY SCORE 42.8

Hi FLrman. Can u help me with this? (english is not my first language, so sorry if it isnīt that good):
Yesterday, i found some problems in my pc. Every time I open the internet explorer, this link is open as the home page (http://homepage.com@www.e-finder.cc/hp/). Sometimes, when I write for ej: www.yahoo.com and press enter, the internet explorer shows http://ehttp.cc/?www.yahoo.com.
What I decided to do is to download HijackThis v1.97.7 and scan. this is my log:

Logfile of HijackThis v1.97.7
Scan saved at 07:20:32 p.m., on 29/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\WinGate\WinGate.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\AddCLS.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zapro.exe
C:\Archivos de programa\WinGate\wgengmon.exe
C:\Archivos de programa\Sony Corporation\Image Transfer\SonyTray.exe
C:\ARCHIV~1\ICQ\ICQ.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Charles\Hij... Read more

A:Please Help - Hijack Log Included

Read other 6 answers
RELEVANCY SCORE 42.8

This is from my best friend's computer....she can't get online to do this! She has a dail up connection and she can get online....but can't get anywhere....says cant find page, etc.....and can't get email at all either. What can be done? Thanks in advance! I had previously posted this on the wrong thread......

ogfile of HijackThis v1.98.2
Scan saved at 9:55:03 AM, on 10/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\WINDOWS\SYSTEM\PTSWRAUP.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILE... Read more

A:Please help----hijack this log included!

Read other 7 answers
RELEVANCY SCORE 42.8

I'm not sure if I have a virus or not but my computer has been very slow and when I did a system scan in safemode using Norton, it said I had one infected file. I deleted it but it still shows up in my HiJack This log:

Logfile of HijackThis v1.97.7
Scan saved at 2:00:22 PM, on 2/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\S... Read more

A:HiJack This log included...

Go to add/remove programs and uninstall NewDotNet.
And go here:
http://www.majorgeeks.com/download.php?det=3446
Download and run "KazaaBegone"
Thats is where all this crap came from.

Then....
Download and run CWShredder by Merijn Bellekom
It's from The CoolWebSearch Chronicles which you should read.
And remember to click "Fix" (Not "Scan only")
In particular pay attention to the patches for the operating system regarding the ByteVerify vulnerability.
Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan itīs just to click the "Scan" button.

When scan is fin... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 9:19:06 PM, on 11/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)lately my computer has been running god awful slow, and i've run almost every program Ad-aware, SW doctor, registry doctor, norton, the works, and i was told to run this hijack log to let an expert determine whats wrong. Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\... Read more

A:Help Please, Hijack Log Included

Hello and welcome to BC Sorry for the delayed response. I cannot see anything malware related in your log. I would suggest that you click here and see if the recommendations there would help you.

Read other 31 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 12:45:25 AM, on 6/18/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\EXPLORER.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com/start.htmlR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&mem=nas...&N=PLHS&O=I&UT=O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exeO4 - HKLM\..\Run: [SystemTray] systray.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiCwd32] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /minO4 - HKLM\..\Run: [AtiKey] ... Read more

A:need help please. hijack log included

Hello computerclueless2005 and welcome to the BC forums. It appears that this log was run from Safe Mode. I need you to boot normally and run the HijackThis scan from normal mode and post a new log back here.

Thanks.

OT

Read other 1 answers
RELEVANCY SCORE 42.8

My PC is running very slowly and it just 'feels' like something isn't right. I've downloaded and run Hijack This. The log is posted below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:43 AM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Ult... Read more

Read other answers
RELEVANCY SCORE 42.8

Hi,
I have been having a terrible time with trojans, pop-ups, etc. for about 5 days now. Have been doing daily scans with McAfee, also using Adaware and spybot S&D. I have downloaded spyware blaster, and last night downloaded a personal firewall.

After cleaning trojans using McAfee, Panda ActiveScan (online) and Symantec Security Check (online), I ran Ad-aware, SE and Spybot S&D. I then downloaded HJT. The log of that scan is below. I'm hoping someone can help me clean up this headache. I don't have alot of computer savvy, but do know enough to follow directions.

Thanks!

Logfile of HijackThis v1.98.2
Scan saved at 11:54:18 AM, on 9/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\QuickBrowser.exe
C:\PROGRA~1\AWS\WEATHE~1\Wea... Read more

A:HELP! Hijack This Log included

Hello!

We will use the tools, first.

Download Ad-aware SE from here. Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
? Automatically save log-file
? Automatically quarantine objects prior to removal
? Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
? Scan Within Archives
? Scan Active Processes
? Scan Registry
? Deep Scan Registry
? Scan my IE favorites for banned URL?s
? Scan my Hosts file
? Under Click here to select drives + folders, choose:
? All of your hard drives
Click on the Advanced button on the left and select:
? Include additional process information
? Include additional file information
? Include environment information
Click the Tweak button and select:
? Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
? Under the Cleaning Engine:
o Let Windows remove files in use at next reboot
Click on Proceed to save the settings.

Click Start and on the next screen choose:
? Use Custom Scanning Options
Click Next and Ad-aware will scan your hard drive(s) with t... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

Getting lots of pop-up ads such as antiwinvirus web page. Here is hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 4:07:40 PM, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Fil... Read more

A:Pop-up ads Hijack log included

Read other 16 answers
RELEVANCY SCORE 42.8

Would appriciate anyone who could suggest what to fix
Logfile of HijackThis v1.97.7
Scan saved at 1:40:07 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\william\local settings\temp\69eiXKn.exe
C:\WINDOWS\iecx32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\ntwo.exe
C:\WINDOWS\System32\ZsgFezZ.exe
C:\WINDOWS\System32\VebQQl42.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\William\Local Settings\Temp\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Softw... Read more

Read other answers
RELEVANCY SCORE 42.8

Hiya,

Everytime i go on the internet on my pc i'm getting lots of pop up ads. Please can someone help?! Below is my Hijack this log - if there's any other info i need to provide just let me know.

Thanks :)

-------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:02, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAU... Read more

A:Pop ups - Hijack This log included

Hi, welcome to TSF!

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
C:\Qoobox\Add-Remove Programs.txt
New HijackThis log.

Read other 7 answers
RELEVANCY SCORE 42.8

Help - having major issues, pop-ups, etc. Can someone analyze my hijack log and tell me what to do. Remember, be specific, I'm new at this and I'm blonde!

Logfile of HijackThis v1.98.2
Scan saved at 7:39:28 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\Hehxl.exe
C:\WINDOWS\pgtaff.exe
C:\WINDOWS\System32\winmonv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ipsbk32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WIN... Read more

A:HELP! Hijack This Log included

Read other 7 answers
RELEVANCY SCORE 42.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:14:05 AM, on 10/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Sof... Read more

A:Hijack Log Included, please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

I keep getting random pop-ups. I think I may have a trojan virus. AVG found something, and I thought that it deleted it, but still getting pop-ups. Here is my hijack log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:44 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Mic... Read more

A:HELP! POP UPS! Hijack log included.

Read other 6 answers
RELEVANCY SCORE 42.8

I cannot open several items in my start menu. when i click them it doesnt open. i even right click and hit run and it still will not open....also cannot open several icons on my desktop... any help would be appreciated... thanks, Chris below is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:50 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\dleacoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA... Read more

A:please help....hijack log included

did i do something wrong or can nobody help me???
 

Read other 1 answers
RELEVANCY SCORE 42.8

My brother's computer has been experiencing crashes and blue screen error messages. I've tried running AdAware, but kept getting an error message about "KRNL386.EXE" I don't know if this is related to a virus or spyware.

If someone could help me out, it would be greatly appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 6:28:00 PM, on 11/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDLOG.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\TRAYICON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDDB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\ESSSPK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
E:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EX... Read more

A:HiJack This log included

It seems there is another problem. Every time a person logs onto the computer, a blue error screen loads that says: ERROR: 06:0000:00000017.
Everytime I try to search for a file, the same screen comes up and as a result, I am unable to search for files.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hi....i'm new here...pls correct me if there's any mistakes...
recently, i received a file from msn messenger and i'd open it...the result is...
the messenger keeps sending pictures bout every 5 minutes to all my contacts...then i deleted the file received...
the worst part is....every time i switch on the pc...the wallpaper is gone and the active desktop recovery appear...the active desktop recovery notice will appear for about 30 seconds...then gone with all the icons and taskbar...n come back bout 5 seconds later...the goes on and on for a few times n the desktop will freeze with my original wallpaper without any icons and taskbar...however, i'm still able to use the programs in my pc...
if it's possible...i do not want my pc to be reformat because i have so many important stuff in there...i need help...

here's the hijack log...thanks in advance...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:34 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Fi... Read more

A:i need help-hijack log included

....everything is fine now after i run the combofix...
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hi,

I'm hoping someone can help.

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:55:00 AM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\p... Read more

A:Help, please... (Hijack This log included)

Read other 8 answers
RELEVANCY SCORE 42.8

I have been having problems with my computer being very slow and there are always too many programs running in my task manager.

I have Spybot S&D and Ad Aware...

Here is my HJT log,
what items can be removed from this list to help my computer run faster.

Thank you!
Jim

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Virtual CD v5\System\VC5Tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1... Read more

Read other answers
RELEVANCY SCORE 42.8

I downloaded a virus. So for some reason I went into my system.msc folder and started disabling things and now I cant restore my computer or even get onto the windowsupdate here is a copy of my hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 9:36:31 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sbqaw.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,evwdhyw.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WIN... Read more

A:Please help!!!! hijack included

Hi, kimhaze73.

Welcome to TSG.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Click here to download Look2Me-Destroyer.exe and save it to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt in your next reply.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from here a... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

hi, got this damm msn virus someone sent me something say bout a pic to look at and stupid me downloaded iot now my msn is sending all contact this same ****.. anyway u know all bout it .. thanks in advance..

heres the log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:59 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\cvisvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\I... Read more

A:can u help pls!, hijack his log included already..

any help asap would be appreciated thank u
 

Read other 1 answers
RELEVANCY SCORE 42.8

recently, my media player has begun playing music with a 'chopped up' sound (not quite like skipping). it happens when playing saved files, cds, even live365radio. it will do this for a typical period of 5-15 seconds; sometimes, but rarely, longer as well. but i became curious and i was observing my task manager during this problem, and i believe it may be caused by my computer being overworked or maxed out. I noticed when watching the CPU usage under the Processes tab in the task manager, that the media player typically runs using 10-25% of my CPU. however, sometimes it jumps up to 60-80% and this is when this problem occours. also, keep in mind that i have have 50+ processes running at any given time. but then, moments later, it will drop back to normal and it's ok for a few minutes or so.

i'm no computer expert, but this is what i've put together. i've also posted a HJT logfile below if it may be to any assistance in solving this problem.

thank you,

Josh
Logfile of HijackThis v1.99.0
Scan saved at 3:29:48 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Stardock\... Read more

Read other answers
RELEVANCY SCORE 42.8

hi. i recently had a long battle with spyware/adware. it got so bad that i had to switch to safe mode with networking because my internet explorer was clogged with ads (in addition to being directed to a search page because of a worm) and my computer was running extremely slow. then i used many programs (Norton Anti-Virus 2003, TrojanScan, Bazooka, Pest Patrol Corporate Edition, X Cleaner, Spybot Search and Destroy, and Adaware Pro 6.0 with all the lastest updates) to find what was wrong. all the programs found something different and i deleted whatever was found. can anyone please look at my HijackThis log and see if i'm still infected with adware/spyware/viruses/worms? also, do i have to run in normal mode for everything to be detected or can i safely go back to using normal mode?

Logfile of HijackThis v1.97.7
Scan saved at 1:41:16 AM, on 5/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\mIRC\mirc.exe
c:\Program Files\PestPatrol\PPControl.exe
C:\Documents and Settings\Dre\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dre\Desktop\HijackThis.exe

R0 - HKC... Read more

A:Please help (Hijack This log included)

Run hijackthis and fix the following items. Be sure all windows are closed except for hijackthis

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O2 - BHO: (no name) - {212DBA39-DCCE-FC5F-2462-79EDD2147026} - (no file)

O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - (no file)

O3 - Toolbar: (no name) - {9FF6D113-83CA-B09D-C352-3EDF3C189CF7} - (no file)

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dkvaget/x.chm::/load.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab


Reboot and post a new hijackthis log
 

Read other 2 answers
RELEVANCY SCORE 42.8

Hoping someone here can help me out.

I am having a problem access certain websites on my computer. Normally, I don't let it bother me, but I can't access any of my university's webpages, which is a big problem considering I do some school work online. When I type the web address, MSN pops up and says "We can't find "www.trentu.ca Did you mean to go to one of these sites..." and then its lists the Trent site, but I still can't access the pages. I also cannot access Yahoo.com. I get the same message as I do when trying to access the uni sites.

Someone mentioned that it might be a spyware problem, but I have SpySweeper and AdAdware SE installed and keep checking them for updates. I've emptied my cookies, cleared all temporary internet files and cleared the history.

We are on a network here and all my other housemates have no problems access any of the above sites.

This is becoming a pain in the butt to deal with. I've included a Hijack This log as well. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 4:15:52 PM, on 2/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\S... Read more

Read other answers
RELEVANCY SCORE 42.8

i believe i had a leech. it was filling up my hard drive and saying it was full. it stopped filling up my hard drive after i ran avast antivirus. but it must of filled up 100 gigs and i dont know where to find it. i ran hijack this and theres a lot of missing files which some of them i believe is important.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:10 PM, on 6/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files... Read more

A:need help hijack this log included.

can anybody please help before a have to do a clean install
 

Read other 1 answers
RELEVANCY SCORE 42.8

Here's the log - thanks!-------------------------------Logfile of HijackThis v1.97.7Scan saved at 2:15:55 PM, on 12/2/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exeC:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\Picasa\PicasaMediaDetector.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\windows\salm.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Ado... Read more

A:need Hijack this help please - log included

You are running an outdated version of HijackThis.. Delete the copy you have and download the latest version of HijackThis!: Download here HJT 1.98.2. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Please post a new hijackthis log.

Read other 2 answers
RELEVANCY SCORE 42.8

I have a friends computer here and she was having some issues with itunes. So i went over, tried to uninstall it and it wouldnt. I realized she had like 4 toolbars, which im sure are infections. One is fast browser search which i tried uninstalling thru firefox, restarted it and its still there. I tried accessing your site and it says cannot display web page. It redirects me to other stupid sites. she has AVG free on there but its out of date and says its not connected to the internet when it is. I tried uninstalling avg in add/remove restarted the computer and its still in the add/remove. There are other programs that wont delete but say at first they were deleted and to restart. i tried running it in safe mode, gives me a blue screen after loading the drivers, and reboots...so no luck there. I have also tried to do an online scan thru trend micro, norton etc and it says not connected, yet it goes to a few choice sites.......what can i do to fix this issue without having to reformat the drive? I have also tried cccleaner to remove itunes to no availability, and also the windows removal tool which says it cannot remove it cuz the msi file is missing. Oh and adaware locks up 1/4 of the way into the scan and i have to hold down the power button. i had to download hijack this from my computer and transfer it to hers, and here is the log....
Scan saved at 3:04:57 PM, on 7/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mod... Read more

A:Please help...hijack this included.

bump
 

Read other 1 answers