Over 1 million tech questions and answers.

TOTAL CORRUPTION - HiJack This Log Included

Q: TOTAL CORRUPTION - HiJack This Log Included

Ok...I have my neighbors pc which is totally infested with virus, malware, hijack, you name it. I am able to connect to the internet via IE... page is continually re-directed by uschase.com and ads234.com, then it defaults to a blank about:blank page poof!

Here is startup lists and I am unable to "not load" specific items it always defaults to enabling "all" :
StartupList report, 11/17/2004, 9:08:01 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\ygztahrx.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
C:\WINDOWS\System32\nwufbgtg.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\b.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\jgaw400213a.exe
C:\WINDOWS\System32\vdplayd.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\iexplorr24.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
WildTangent CDA = RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
Spyware Stormer = C:\Program Files\Spyware Stormer\SpywareStormer.Exe
MS Updates = C:\Documents and Settings\John and Bryan\Local Settings\Temporary Internet Files\Content.IE5\GT6R4XQN\mscache[1].exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
lite.exe = C:\WINDOWS\System32\lite.exe
JUFPZHRC = C:\WINDOWS\JUFPZHRC.exe
JTBPZ = C:\WINDOWS\JTBPZ.exe
ildfwpb = C:\WINDOWS\System32\ygztahrx.exe
GrMeNIB8q = C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
eclpuufz = C:\WINDOWS\System32\nwufbgtg.exe
Dpi = C:\Program Files\Common Files\Dpi\dpi.exe
bxxs5 = RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min
AutoUpdater = "C:\Program Files\AutoUpdate\AutoUpdate.exe"
aufbmyqq = C:\WINDOWS\yapjybrm.exe
Aqua.exe = C:\WINDOWS\System32\Aqua.exe
Antivirus = C:\WINDOWS\b.exe
6xwG = C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /S
TV Media = C:\Program Files\TV Media\Tvm.exe
vdplayd = C:\WINDOWS\System32\vdplayd.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

traffic944c.exe = "C:\WINDOWS\System32\traffic944c.exe"
wmv9dmod945g.exe = "C:\WINDOWS\System32\wmv9dmod945g.exe"
SysUpd = C:\WINDOWS\sysupd.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyStartUp = C:\Program Files\Microsoft Money\System\Money Startup.exe
mindex474s.exe = "C:\WINDOWS\System32\mindex474s.exe"
jgaw400213a.exe = "C:\WINDOWS\System32\jgaw400213a.exe"
iexplorr24 = C:\WINDOWS\iexplorr24.exe
d3drm818a.exe = "C:\WINDOWS\System32\d3drm818a.exe"
clcd32973b.exe = "C:\WINDOWS\System32\clcd32973b.exe"
ccfgnt434d.exe = "C:\WINDOWS\System32\ccfgnt434d.exe"
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Aida = C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\System32\mmfutil279p.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------
Enumerating Browser Helper Objects:

(no name) - (no file) - SOFTWARE
(no name) - (no file) - {00000000-0000-0000-0000-000000000221}
(no name) - C:\WINDOWS\mxTarget.dll - {0000607D-D204-42C7-8E46-216055BF9918}
(no name) - C:\WINDOWS\bxxs5.dll - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
(no name) - (no file) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E}
(no name) - C:\WINDOWS\System32\nkn.dll - {3DD8695A-9310-4EC8-DA25-6C5505DA7341}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\2_0_1browserhelper2.dll - {83DE62E0-5805-11D8-9B25-00E04C60FAF2}
(no name) - C:\WINDOWS\System32\nvms.dll - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
IE Redirector - C:\WINDOWS\System32\ieredir.dll - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
(no name) - C:\WINDOWS\System32\mscb.dll - {CE188402-6EE7-4022-8868-AB25173A3E14}
Search Help - C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Local Settings\Temp\zCdjP2Qk7.dll - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
(no name) - C:\WINDOWS\System32\msbe.dll - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}

--------------------------------------------------

Enumerating Download Program Files:

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\System32\lspak.dll
Protocol #2: C:\WINDOWS\System32\lspak.dll
Protocol #3: C:\WINDOWS\System32\lspak.dll
Protocol #9: C:\WINDOWS\System32\lspak.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,108 bytes
Report generated in 0.657 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Other than spyware stormer to identify malicious activity, they had nothing set to protect themselves.

Downloaded and ran stinger.exe (McAffee) with latest defs 8 Nov. It identified and cleaned over 246,000 files.

Installed Spybot, Spyware Blaster, Ad-Aware 6. SpyBot can not clean all issues. Also installed Reg Editor trial...numerouse errors. I REALLY DON'T WANT TO RE-INSTALL THERE PC ... Just get cleaned and internet accessible..with my recommendations for the "right fix"

Installed and ran HiJack This...Here's what I got... they have soooo much on there system, I'm not sure what's good and what's not...

Logfile of HijackThis v1.98.2
Scan saved at 9:16:07 AM, on 11/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\ygztahrx.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
C:\WINDOWS\System32\nwufbgtg.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\b.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\jgaw400213a.exe
C:\WINDOWS\System32\vdplayd.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.exe
C:\WINDOWS\iexplorr24.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uchase.com/scan.php?ask=&a=1367
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: (no name) - {3DD8695A-9310-4EC8-DA25-6C5505DA7341} - C:\WINDOWS\System32\nkn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\ieredir.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Local Settings\Temp\zCdjP2Qk7.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [MS Updates] C:\Documents and Settings\John and Bryan\Local Settings\Temporary Internet Files\Content.IE5\GT6R4XQN\mscache[1].exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [lite.exe] C:\WINDOWS\System32\lite.exe
O4 - HKLM\..\Run: [JUFPZHRC] C:\WINDOWS\JUFPZHRC.exe
O4 - HKLM\..\Run: [JTBPZ] C:\WINDOWS\JTBPZ.exe
O4 - HKLM\..\Run: [ildfwpb] C:\WINDOWS\System32\ygztahrx.exe
O4 - HKLM\..\Run: [GrMeNIB8q] C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
O4 - HKLM\..\Run: [eclpuufz] C:\WINDOWS\System32\nwufbgtg.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [aufbmyqq] C:\WINDOWS\yapjybrm.exe
O4 - HKLM\..\Run: [Aqua.exe] C:\WINDOWS\System32\Aqua.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [6xwG] C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [vdplayd] C:\WINDOWS\System32\vdplayd.exe
O4 - HKCU\..\Run: [traffic944c.exe] "C:\WINDOWS\System32\traffic944c.exe"
O4 - HKCU\..\Run: [wmv9dmod945g.exe] "C:\WINDOWS\System32\wmv9dmod945g.exe"
O4 - HKCU\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [mindex474s.exe] "C:\WINDOWS\System32\mindex474s.exe"
O4 - HKCU\..\Run: [jgaw400213a.exe] "C:\WINDOWS\System32\jgaw400213a.exe"
O4 - HKCU\..\Run: [iexplorr24] C:\WINDOWS\iexplorr24.exe
O4 - HKCU\..\Run: [d3drm818a.exe] "C:\WINDOWS\System32\d3drm818a.exe"
O4 - HKCU\..\Run: [clcd32973b.exe] "C:\WINDOWS\System32\clcd32973b.exe"
O4 - HKCU\..\Run: [ccfgnt434d.exe] "C:\WINDOWS\System32\ccfgnt434d.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {4D8E6154-D6B1-4770-A9A1-4919686F415E} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E7854C-559B-4518-BB8D-3DB7407A6367}: NameServer = 198.6.1.60 198.6.1.70
O20 - AppInit_DLLs: C:\WINDOWS\System32\mmfutil279p.dll
Your feedback and support is greatly appreciated...

RELEVANCY SCORE 200
Preferred Solution: TOTAL CORRUPTION - HiJack This Log Included

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: TOTAL CORRUPTION - HiJack This Log Included

Read other 16 answers
RELEVANCY SCORE 59.6

Hello everyone!

I am here today with yet another XP problem, but I am sad to say this is not your average run of the mill registry corruption.

Background:
During an architectural rendering - my apartment's power went out - immediately shutting off my computer. Upon resetting the circuit breaker and rebooting, I was mortified to discover my computer would not boot at all. (I think it is important to note prior to the power outage - my computer was freezing periodically, {besides other applications, utorrent would always make it freeze.})

After reboot, when it comes to the screen that gives you several boot options (safe mode, last known good... etc.) any option I click won't work and it simply freezes until I force shut down.

I tried repairing windows XP but during the installation it says something in the nature of "cannot find original windows installation, please contact sys..."

I successfully loaded up a BartPE bootable windows - but the OS could not detect my hard drives (the drives are just empty.)

*I suspect my hard drives died

I have windows installed on a data drive, and I have another 2 500gb hitachi drives raided together. (Not the raid setup that mirrors - the one that screws my career over)

What can I do to recover my data? Is there any external enclosure that I can get or some way of repairing windows through BartPE even though it doesnt read c: drive? Midterm presentations are around the corner and I cannot afford to pay for da... Read more

A:XP Total Corruption?

You have a Raid 0 setup and likely had a Bios crash so you need someone to set your Bios up for Raid again and then it might actually just boot up OK (provided you haven't messed things up too much).

I would suggest a shop.

Read other 3 answers
RELEVANCY SCORE 56.8

I believe I've a corrupt file system/registry. The windows explorer hangs a lot. Accessing files in drives takes too long. Ran Malwarebytes, NOD32 online scanner. It's all clean. SFC doesn't run.

So, I've run SFCfix.exe & attached the generated SFCfix.txt. I've also attached CBS.zip. Please help.

Read other answers
RELEVANCY SCORE 56.4

I've previously posted for help under "Performance & Maintenance". I thought it would be more appropriate to ask for help here.

I believe I've a corrupt file system/registry. The windows explorer hangs a lot. I've a hard time accessing files on the hard drive. Ran Malwarebytes, NOD32 online scanner. It's all clean. SFC doesn't run.

So, I've run SFCfix.exe & attached the most recent version of SFCfix.txt & CBS.zip.

I've attempted some repairs by running Windows Update Readiness tool, looking at CHECKSUR.log, by downloading the individual updates mentioned in the log, placing them in C:\windows\temp\checksur\packages folder, and running WURT again & the summary of checksur.log reads.

Seconds executed: 1718
Found 106 errors
CSI Manifest All Zeros Total count: 2
CSI Payload File Missing Total count: 1
CSI Payload File Corrupt Total count: 1
CBS MUM Missing Total count: 3
CBS MUM Corrupt Total count: 6
CBS Catalog Missing Total count: 5
CBS Catalog Corrupt Total count: 3
CBS Registry Error Total count: 13
CBS Watchlist Package Missing Total count: 72

Unavailable repair files:
winsxs\manifests\x86_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.22853_none_f074c244483f4149.manifest
winsxs\manifests\x86_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.18645_none_eff7f4132f17bb15.manifest
servicing\packages\Gin8IP-Microsoft-Windows-DownlevelApisets-Com-WinIP-Package~31bf3856ad364e35~x86~ja-JP~7.1.7601.1649... Read more

Read other answers
RELEVANCY SCORE 48

When I click on a link from the Google search page it gets hijacked to 83.133.124.109 and then to some bogus search site or other website.I also have a problem that when I run a McAfee scan a bunch of trojan files show up that I need to remove with other software.DDS (Ver_09-12-01.01) - NTFSx86 Run by Brad at 21:57:57.25 on Fri 01/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.809 [GMT -8:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\IObit\IObit Security 360\IS360srv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService... Read more

A:google hijack and McAfee corruption

I ran Kaspersky TDSSKiller and it found a problem in atapi that it fixed. Things seem to be better.

Read other 2 answers
RELEVANCY SCORE 48

I don't know if this pc's problems are related to anything that's been downloaded. I've run Spybot and cleaned it up some. Please take a look at the attached and let me know if I need to do anything further. TIA.

Betsy
 

A:boot sector corruption - hijack this log

I'll just post this up, to make it quicker for others to check

Logfile of HijackThis v1.93.0
Scan saved at 4:41:01 PM, on 9/4/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.cnn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CstlFaxTray] C:\Program Files\Castelle\FaxPress\FaxTray.exe
O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Novell Application Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'T... Read more

Read other 3 answers
RELEVANCY SCORE 47.6

Greetings! Recently I ran into some nasty malicious software. My browser is redirected when I do a web search. What I know, "askalot.com" or viruses associated with this website seem to be the problem I am facing. I have run Malaware-Bites and it cleaned 10 infections a few days ago. Since then the problem has persisted and Malaware-bites has been unable to detect anything else. the following items i have tried to remove already.... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')they keep coming back... Any help would be appreciated as I am terribly paranoid about what information the software could be stealing form me. thank you for your time. ========================================================================================== HIJACK THIS LOG FILE ====... Read more

A:Browers Hijack ( possible windows explorer corruption as well )

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 23 answers
RELEVANCY SCORE 46.8

My computer was recently hijacked by one of those nasty moneypak viruses. I can't access the os normally or in either of the two safe modes. I've scoured through all of the self help guides to no avail. I've even tried using the hitman bootloader but that doesn't work either. I was instructed to post a dds log but am unable to do that at the moment. This computer has all of the company financials on it and it is imperative that I get it working again. Please help! Thanks

A:total hijack

My original post:
Help please! My computer is on complete lock down and I am at my wits end.
I was on Google Chrome when all of a sudden the screen was hijacked by a window that claimed to be from the department of justice. At this point, I couldn't do anything with the computer except force a reboot. Then, upon restart in normal mode, a dialog box comes up that says windows is shutting down because of the nt authority\system and that the dcom server process launcher terminated unexpectedly.
So far, I have tried to restart normally with no success. I've tried to restore to the last known good configuration with no success. I've tried to restart into safe mode but I get a blue screen that says to check for viruses on the computer. Lastly, I've tried to reboot the system with hitman which didn't work either. Normal system startup is working except for the nt authority system error and the hijack. Needless to say, I'm beyond frustrated at this point.
Please help. Thanks

Read other 31 answers
RELEVANCY SCORE 46

System specs:

Dell 410 XPS
2GB RAM
WindowsXP Home SP2
1 installed Intel 82566DC Gigabit Network Connection
DSL phone-line modem to Earthlink
(I just bought a new D-link Dir-655 wireless router, and will probably switch to Comcast cable, but want to fix this first.)
nVidia GeForce 7600GT video card
Dell 2405 monitor

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:28 AM, on 4/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\rund... Read more

Read other answers
RELEVANCY SCORE 46

Hi,

I ran AdAware and Spybot on this system and wanted to do an HJT scan. This is the message I get when I try to instal HJT -

" Hijack This.exe - Bad Image

The application or DLL C:\WINDOWS\system\MSVBVM60.DLL is not a valid Windows image. Please check this against your installation diskette."
What do I do?

Many thanks...Raj.
 

A:Very Close to TOTAL HIJACK!!

Read other 16 answers
RELEVANCY SCORE 46

My internet is going crazy with hijacks. I think theres more than one. Please help.
Logfile of HijackThis v1.98.2
Scan saved at 11:56:51 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\dllhostxp.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\pxhping.exe
C:\WINDOWS\System32\extrac16.exe
C:\DOCUME~1\YURIYA~1\LOCALS~1\Temp\eehm.dat
C:\Program Files\Quintessential Player\QCDPlayer.exe
C:\Documents and Settings\Yuriy Ayzenberg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =... Read more

A:Total Internet Hijack!! Please help

Please help! I'm getting some weird windows messages
 

Read other 2 answers
RELEVANCY SCORE 45.2

alright im running xp home my comp is compaq nc6000 laptop. (build 2600.xpsp_sp3_gdr.090206-1234:service pack 3) i currently have and use firefox and opera browser. could not install the last two latest updates. no variation of chckdsk will work in safe mode, admin and home, or regular, at startup it tries to run chkdsk then says chckdsk is not available on RAW. After startup an error message says EXPLORER.EXE is invalid or corupted please run chckdsk utility.i have no desktop, not even in safe mode, i have to use new task from tast manager that works after 3 bad image errors lol. i'v been getting alot of out of virtual memory message's and i cant figure out how to ever get that back.every program on my computer i open is followed by the error message "invalid or corrupted please run chkdsk" the programs will still work, for a while but eventually start crashing and have to be reinstalled.

couple weeks ago im pretty sure i stumbled upon a fake guitar lesson website it gave me some nasty virus. it instantly opened a window in fullscreen looked just like windows security center and was scanning show hundreds of threats very fast i touched nothing and ctrl-alt-del, terminated opera's exe from task manager. the comp would shut down and crash again before it can even boot but i happened to download spybot s-d and run it in safe mode i have the log plus another in regular mode ill will give you, that kept my computer workable enought to talk to you guys.

... Read more

Read other answers
RELEVANCY SCORE 45.2

Hello all. This is my first post on this site and I hope that you can help me out. When I sign on to my regular user profile this error pops up: Windows cannot find 'C:\Windows\System32\wpcumi.exe'

After I close this box a box for Vista Total Security 2011 pops up and starts a scan. It shows that I have 29 infections and the only way to get rid of them is to purchase this software. I have been running AVG for years and had no issues. When I close this box and try to open my web browser it blocks it and says it is unsafe. The only way to make it safe is to...you guessed it, buy the software! I cannot figure out how to get this off of my computer. If I log in under administrator everything runs normal. I can access AVG and see that the most recent scan was this morning with no issues. What gives?

Oh BTW, I tried restarting and I get the same thing. Thanks for any help that you can give me.

A:Vist Total Security 2011 Hijack

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the I... Read more

Read other 3 answers
RELEVANCY SCORE 44

Up untill today my PC has been working a-ok. I first encountered the problem when i was palying a online mmo. After a couple of hours playing i entered a world and some graphical corruption occured where green pixels seem to appear in bands where the lighter colours where. After a short while the pc locked up,with loads of green pixels appearing and the last split second of sound caught in a loop.Nothing worked,mouse keyboard,even the lights for numlock,scroll lock and capslock did not respond to the keys being pressed.it has happened almost every time i tried a game since then.

I rebooted my pc and it was fine untill i was loging into the pc,where more of the same graphical corruption occured,when i logged in after a short while the pc froze on my desktop and hr monitor lost signal.after a few seconds it came back on an a message appeqred in the corner by the toolbar saying Kernel driver 258.96 had failed but had been recovered, his happened a few times. Windows works perfect in safe mode and i updated the graphics card drivers to try and resolve this but it did not work,i am posting this off my iPod so pardon the bad spelling,will upload a picture or video tomorrow wih more info if needed.
Runnng on a packard bell iXtreme with a quad core cpu and Nvidia 8400GS grqphics card. Hope somebody has a solution .thanks.
 

A:Pc locking up,graphical corruption,audio corruption

Read other 7 answers
RELEVANCY SCORE 42.8

Getting lots of pop-up ads such as antiwinvirus web page. Here is hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 4:07:40 PM, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Fil... Read more

A:Pop-up ads Hijack log included

Read other 16 answers
RELEVANCY SCORE 42.8

I downloaded a file with a trojan attached, and it royally screwed up my computer. AVG picked up 15 viruses and got rid of them but I'm still having a ton of problems, mainly annoying pop-ups that say my security is out of date, and that I need to download stuff to protect my computer (none of which I have clicked). It also made my Control Panel disappear and I can't access my C, D or F drives. They don't even show up under My Computer anymore. I ran spybot which detected quite a few problems and it fixed them but I'm still having all the same problems. Please help, I don't know how to fix this and I'm pulling out my hair.

Windows XP
Gateway PC
AVG Anti-Virus
Spybot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Netw... Read more

A:Please help! Hijack this log included!

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entri... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

My internet doesnt work anymore....tried everything...here we go....I dont know much about computers so make this simple please. THANK YOU!

Logfile of HijackThis v1.97.7
Scan saved at 9:27:54 AM, on 3/17/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v4.72 SP1 (4.72.3110.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\hpmdlbia.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\PROGRAM FILES\NETZERO\TOOLBAR.DLL
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [OEMCleanup] C:\WINDOWS\OPTIONS\OEMRESET.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\Rea... Read more

A:Hijack this log included!

Read other 6 answers
RELEVANCY SCORE 42.8

Hey. My girlfriend's mom's computer is having some internet issues. She uses aol and she can connect to aol and read her email but when she tries to visit a web site she gets an error that says "internet explorer cannot open the webpage. An internal errow occurred in the windows extension." I was home last week and took a look at i. I verified that the problem is not just with aol by installing net zero which does not work either. I made sure all of the modem settings and internet settings were fine as far as i know and i followed all the guidelines in both troubleshooters. I ran and corrected problems that popped up with windows file checker and I even reinstalled windows. None of these solved the problem. I then reinstalled aol which likewise didn't solve the problem. I tried to reinstall/upgrade interent explorer. However it would act like it was working and then pop up with an error that said "command line option syntax error type command /? for help" It did this everytime I tried in install IE. When you type command /? a dos looking box pops up and then closes to fast for you to read. I am now back at school and sent her hijack this and had her run it. it is pasted below...hopefully whatever she needs to do is easy because i I will ahve to try to talk her though it over the phone.
Logfile of HijackThis v1.97.7
Scan saved at 10:27:54 PM, on 3/16/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v4.72 SP1 (4.72.3... Read more

A:Hijack this log included!

Read other 16 answers
RELEVANCY SCORE 42.8

Hi FLrman. Can u help me with this? (english is not my first language, so sorry if it isnīt that good):
Yesterday, i found some problems in my pc. Every time I open the internet explorer, this link is open as the home page (http://homepage.com@www.e-finder.cc/hp/). Sometimes, when I write for ej: www.yahoo.com and press enter, the internet explorer shows http://ehttp.cc/?www.yahoo.com.
What I decided to do is to download HijackThis v1.97.7 and scan. this is my log:

Logfile of HijackThis v1.97.7
Scan saved at 07:20:32 p.m., on 29/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\WinGate\WinGate.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\AddCLS.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zapro.exe
C:\Archivos de programa\WinGate\wgengmon.exe
C:\Archivos de programa\Sony Corporation\Image Transfer\SonyTray.exe
C:\ARCHIV~1\ICQ\ICQ.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Charles\Hij... Read more

A:Please Help - Hijack Log Included

Read other 6 answers
RELEVANCY SCORE 42.8

My brother's computer has been experiencing crashes and blue screen error messages. I've tried running AdAware, but kept getting an error message about "KRNL386.EXE" I don't know if this is related to a virus or spyware.

If someone could help me out, it would be greatly appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 6:28:00 PM, on 11/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDLOG.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\TRAYICON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDDB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\ESSSPK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
E:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EX... Read more

A:HiJack This log included

It seems there is another problem. Every time a person logs onto the computer, a blue error screen loads that says: ERROR: 06:0000:00000017.
Everytime I try to search for a file, the same screen comes up and as a result, I am unable to search for files.
 

Read other 1 answers
RELEVANCY SCORE 42.8

I have lots of crap on my computer I dont know how to get rid of. Please help. Any help is appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 11:40:04 PM, on 5/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\DOCUME~1\Jesse\LOCALS~1\Temp\A~NSISu_.exe
C:\Documents and Settings\Jesse\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com/
R1 - HKCU\Software\... Read more

A:Please Help(HiJack This Log included)

These programs might remove the 'craps' you're saying on your computer.

Download Spybot here

*First, open spybot, then Check for Updates, download all available Updates, then Scan. Fix all of the spywares scanned by Spybot.

Download Ad-Aware here

*Open Ad-Aware, then Check for the latest Updates, download them, and you're ready to scan. Remove all the adwares scanned by Ad-Aware.

Download Microsoft Antispyware Beta here

*Same as the 2 programs, update before scanning. Microsoft Antispyware Beta gets rid of the spywares missed by other programs.

Now, do an online scan on these sites.

HouseCall - http://housecall.trendmicro.com/
Panda - http://www.pandasoftware.com/activescan/
RAV AntiVirus Online - http://www.ravantivirus.com/scan
eTrust Antivirus Scanner - http://www3.ca.com/virusinfo/virusscan.aspx

Do at least 2 online scans. After doing all, post a new HJT log, and wait for a HJT log expert.
 

Read other 2 answers
RELEVANCY SCORE 42.8

Any help would be appreciated. I have tried everything and I it just comes back. I usually can run sdfix and be okay but this is a vista laptop. I'm pulling my hair out. Please anyone. I have ran ad-ware se, superantispyware, trojan remover, avg, sdfix(which didn't work) I do not know how to read these hijack so any help again would be appreciated. I have a big slow down in internet explorer and google searches don't work. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:24 AM, on 9/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Sorry I think I might have it...if not I will add the hijack listing back...thanks

A:Can't Seem To Get Rid Of This..hijack.log Included

I am glad you found your computer problem. Let us know if we can help you.

Thank you for letting us know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Read other 1 answers
RELEVANCY SCORE 42.8

I have been having problems with my computer being very slow and there are always too many programs running in my task manager.

I have Spybot S&D and Ad Aware...

Here is my HJT log,
what items can be removed from this list to help my computer run faster.

Thank you!
Jim

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Virtual CD v5\System\VC5Tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1... Read more

Read other answers
RELEVANCY SCORE 42.8

I'm not sure if I have a virus or not but my computer has been very slow and when I did a system scan in safemode using Norton, it said I had one infected file. I deleted it but it still shows up in my HiJack This log:

Logfile of HijackThis v1.97.7
Scan saved at 2:00:22 PM, on 2/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\S... Read more

A:HiJack This log included...

Go to add/remove programs and uninstall NewDotNet.
And go here:
http://www.majorgeeks.com/download.php?det=3446
Download and run "KazaaBegone"
Thats is where all this crap came from.

Then....
Download and run CWShredder by Merijn Bellekom
It's from The CoolWebSearch Chronicles which you should read.
And remember to click "Fix" (Not "Scan only")
In particular pay attention to the patches for the operating system regarding the ByteVerify vulnerability.
Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan itīs just to click the "Scan" button.

When scan is fin... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

I have a friends computer here and she was having some issues with itunes. So i went over, tried to uninstall it and it wouldnt. I realized she had like 4 toolbars, which im sure are infections. One is fast browser search which i tried uninstalling thru firefox, restarted it and its still there. I tried accessing your site and it says cannot display web page. It redirects me to other stupid sites. she has AVG free on there but its out of date and says its not connected to the internet when it is. I tried uninstalling avg in add/remove restarted the computer and its still in the add/remove. There are other programs that wont delete but say at first they were deleted and to restart. i tried running it in safe mode, gives me a blue screen after loading the drivers, and reboots...so no luck there. I have also tried to do an online scan thru trend micro, norton etc and it says not connected, yet it goes to a few choice sites.......what can i do to fix this issue without having to reformat the drive? I have also tried cccleaner to remove itunes to no availability, and also the windows removal tool which says it cannot remove it cuz the msi file is missing. Oh and adaware locks up 1/4 of the way into the scan and i have to hold down the power button. i had to download hijack this from my computer and transfer it to hers, and here is the log....
Scan saved at 3:04:57 PM, on 7/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mod... Read more

A:Please help...hijack this included.

bump
 

Read other 1 answers
RELEVANCY SCORE 42.8

i believe i had a leech. it was filling up my hard drive and saying it was full. it stopped filling up my hard drive after i ran avast antivirus. but it must of filled up 100 gigs and i dont know where to find it. i ran hijack this and theres a lot of missing files which some of them i believe is important.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:10 PM, on 6/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files... Read more

A:need help hijack this log included.

can anybody please help before a have to do a clean install
 

Read other 1 answers
RELEVANCY SCORE 42.8

recently, my media player has begun playing music with a 'chopped up' sound (not quite like skipping). it happens when playing saved files, cds, even live365radio. it will do this for a typical period of 5-15 seconds; sometimes, but rarely, longer as well. but i became curious and i was observing my task manager during this problem, and i believe it may be caused by my computer being overworked or maxed out. I noticed when watching the CPU usage under the Processes tab in the task manager, that the media player typically runs using 10-25% of my CPU. however, sometimes it jumps up to 60-80% and this is when this problem occours. also, keep in mind that i have have 50+ processes running at any given time. but then, moments later, it will drop back to normal and it's ok for a few minutes or so.

i'm no computer expert, but this is what i've put together. i've also posted a HJT logfile below if it may be to any assistance in solving this problem.

thank you,

Josh
Logfile of HijackThis v1.99.0
Scan saved at 3:29:48 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Stardock\... Read more

Read other answers
RELEVANCY SCORE 42.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:14:05 AM, on 10/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Sof... Read more

A:Hijack Log Included, please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Would appriciate anyone who could suggest what to fix
Logfile of HijackThis v1.97.7
Scan saved at 1:40:07 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\william\local settings\temp\69eiXKn.exe
C:\WINDOWS\iecx32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\ntwo.exe
C:\WINDOWS\System32\ZsgFezZ.exe
C:\WINDOWS\System32\VebQQl42.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\William\Local Settings\Temp\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Softw... Read more

Read other answers
RELEVANCY SCORE 42.8

Hi i'm running windows xp service pack 2 with mcafee and recently it has picked up a trojan virus in the file c:\\windows\systems32\antiwpa.dll and mcafee is calling it a generic.dx trojan.

it also picks up another trojan on the same file but it detects it as another file with all the letters capitalized (ANTIWPA.DLL) not sure what that means.

here is the hijackthis report log.

Logfile of HijackThis v1.99.1
Scan saved at 2:13:51 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WI... Read more

A:Please Help hijack log included

i also wanted to say that i tried to download combofix after shutting off my mcafee and there is a combofix icon on my desktop but it can't be open, or deleted...and the mcafee sheild on my taskbar is gone.
 

Read other 3 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 9:19:06 PM, on 11/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)lately my computer has been running god awful slow, and i've run almost every program Ad-aware, SW doctor, registry doctor, norton, the works, and i was told to run this hijack log to let an expert determine whats wrong. Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\... Read more

A:Help Please, Hijack Log Included

Hello and welcome to BC Sorry for the delayed response. I cannot see anything malware related in your log. I would suggest that you click here and see if the recommendations there would help you.

Read other 31 answers
RELEVANCY SCORE 42.8

i ran a hijack this log (included). My biggest problem is I get a message saying there is an IP address conflict with another user. Not sure how to remove it but would love some help. Thanks for all the great work you guys do Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:09:14 PM, on 2/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_10\bin\jusched.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:&#... Read more

A:Hijack This Log Included

Welcome to the BleepingComputer HijackThis Logs and Analysis forum majicparty My name is Richie and i'll be helping you to fix your problems.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 3 answers
RELEVANCY SCORE 42.8

hi. i recently had a long battle with spyware/adware. it got so bad that i had to switch to safe mode with networking because my internet explorer was clogged with ads (in addition to being directed to a search page because of a worm) and my computer was running extremely slow. then i used many programs (Norton Anti-Virus 2003, TrojanScan, Bazooka, Pest Patrol Corporate Edition, X Cleaner, Spybot Search and Destroy, and Adaware Pro 6.0 with all the lastest updates) to find what was wrong. all the programs found something different and i deleted whatever was found. can anyone please look at my HijackThis log and see if i'm still infected with adware/spyware/viruses/worms? also, do i have to run in normal mode for everything to be detected or can i safely go back to using normal mode?

Logfile of HijackThis v1.97.7
Scan saved at 1:41:16 AM, on 5/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\mIRC\mirc.exe
c:\Program Files\PestPatrol\PPControl.exe
C:\Documents and Settings\Dre\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dre\Desktop\HijackThis.exe

R0 - HKC... Read more

A:Please help (Hijack This log included)

Run hijackthis and fix the following items. Be sure all windows are closed except for hijackthis

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O2 - BHO: (no name) - {212DBA39-DCCE-FC5F-2462-79EDD2147026} - (no file)

O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - (no file)

O3 - Toolbar: (no name) - {9FF6D113-83CA-B09D-C352-3EDF3C189CF7} - (no file)

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dkvaget/x.chm::/load.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab


Reboot and post a new hijackthis log
 

Read other 2 answers
RELEVANCY SCORE 42.8

Hello!!The internet on my computer is running incredibly slow now as well as some of my programs. I've tried everything, including some of the techniques I learned from you guys. Can you please take a look and see what we can do. It's frustrating as hell!! The following is my LOG, and hope to hear from you soon: Logfile of HijackThis v1.99.1Scan saved at 11:16:52 PM, on 5/23/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exeC:\WINDOWS\System32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Adobe\Photoshop A... Read more

A:Please Help! Hijack Log Included

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogAlso please install the Windows update at http://www.windowsupdate.com

Read other 1 answers
RELEVANCY SCORE 42.8

My friend's computer is not allowing them to use Internet Explorer. We cleaned off all the spyware that AdAware found, but its still not running properly. Its picking up at 100% usage but won't even load a web page. Can anyone take a look at the Hijack This log and tell me what's wrong with it?

Logfile of HijackThis v1.97.7
Scan saved at 9:39:04 AM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\Program Files\OfferApp\OfferApp.exe
C:\WINDOWS\System32\hctacmi.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsof... Read more

A:Can't use IE. Hijack This Log included.

Anybody know what's wrong with it? We can even get the page to move in order to get to a virus scanner. Please help.
 

Read other 2 answers
RELEVANCY SCORE 42.8

Hi....i'm new here...pls correct me if there's any mistakes...
recently, i received a file from msn messenger and i'd open it...the result is...
the messenger keeps sending pictures bout every 5 minutes to all my contacts...then i deleted the file received...
the worst part is....every time i switch on the pc...the wallpaper is gone and the active desktop recovery appear...the active desktop recovery notice will appear for about 30 seconds...then gone with all the icons and taskbar...n come back bout 5 seconds later...the goes on and on for a few times n the desktop will freeze with my original wallpaper without any icons and taskbar...however, i'm still able to use the programs in my pc...
if it's possible...i do not want my pc to be reformat because i have so many important stuff in there...i need help...

here's the hijack log...thanks in advance...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:34 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Fi... Read more

A:i need help-hijack log included

....everything is fine now after i run the combofix...
 

Read other 1 answers
RELEVANCY SCORE 42.8

hi, got this damm msn virus someone sent me something say bout a pic to look at and stupid me downloaded iot now my msn is sending all contact this same ****.. anyway u know all bout it .. thanks in advance..

heres the log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:59 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\cvisvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\I... Read more

A:can u help pls!, hijack his log included already..

any help asap would be appreciated thank u
 

Read other 1 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 12:45:25 AM, on 6/18/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\EXPLORER.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com/start.htmlR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&mem=nas...&N=PLHS&O=I&UT=O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exeO4 - HKLM\..\Run: [SystemTray] systray.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiCwd32] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /minO4 - HKLM\..\Run: [AtiKey] ... Read more

A:need help please. hijack log included

Hello computerclueless2005 and welcome to the BC forums. It appears that this log was run from Safe Mode. I need you to boot normally and run the HijackThis scan from normal mode and post a new log back here.

Thanks.

OT

Read other 1 answers
RELEVANCY SCORE 42.8

I'm not even sure if this is a security question, but since my mother insists on opening forwarded emails, it's #1 on my list. I'm working with Windows XP w/Internet explorer.

Here's the problem: My dial-up ISP has been running super slow recently. It is close call america (it's a small company), and I connect through a software program we installed with a CD they sent us. This was maybe 3 years ago, and we haven't had any problems.

I went into the network settings to change the phone # we were using to connect. It then dialed the number, not going through the software. It came back with an error message, and I was not surprised.

But now, when I double-click the software icon to open the software to start the dialing, the little box comes up (like the icon/ad box NetZero uses but with no ad), the little box that usually says "dialing" flashes up (doesn't start dialing), then disappears, and the entire application shuts down.

I've restarted the computer, I've checked my username and password. I tried reinstalling the CD software but I get a runtime error. I tried setting up a new connection and doing it without the software, but it gives me some sort of "the server doesn't recognise you" error. I've tried calling their tech support, but they're obviously people off the street just reading off of info packets (she didn't know what an IP is...uhhh).

I definately think it's a proble... Read more

A:Need help please - hijack included

http://forums.techguy.org/windows-nt-2000-xp/485363-application-closes-itself-i-dont.html

Closing duplicate, please reply there.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Here's the log - thanks!-------------------------------Logfile of HijackThis v1.97.7Scan saved at 2:15:55 PM, on 12/2/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exeC:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\Program Files\Picasa\PicasaMediaDetector.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\windows\salm.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Ado... Read more

A:need Hijack this help please - log included

You are running an outdated version of HijackThis.. Delete the copy you have and download the latest version of HijackThis!: Download here HJT 1.98.2. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Please post a new hijackthis log.

Read other 2 answers
RELEVANCY SCORE 42.8

My net is really going slow, but only the browsing speed. Downloading is fine, as i saw when i got HJT. I already ran adware 6 and Spybot Search and Destroy, and they cant find anything. The programs on the pc are running ine, i.e. word an media player, it is just the browser. PLEASE help!

Logfile of HijackThis v1.97.7
Scan saved at 08:07:49, on 07/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AOL 8.0a\waol.exe
C:\Program Files\AOL 8.0a\shellmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Liptrot\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ads.softwareoutfit.com/start_search.php?... Read more

A:HELP!!! Hijack this log included

Should be posted in security,normally i would move you there but the log is clean.

You can have HijackThis "Fix" this one:
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
 

Read other 2 answers
RELEVANCY SCORE 42.8

Help - having major issues, pop-ups, etc. Can someone analyze my hijack log and tell me what to do. Remember, be specific, I'm new at this and I'm blonde!

Logfile of HijackThis v1.98.2
Scan saved at 7:39:28 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\Hehxl.exe
C:\WINDOWS\pgtaff.exe
C:\WINDOWS\System32\winmonv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ipsbk32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WIN... Read more

A:HELP! Hijack This Log included

Read other 7 answers
RELEVANCY SCORE 42.8

I need help. Somehow letting my brother use my computer he got this internet security virus/popup on my computer. please help. thanks -- here is my hijack this (i still want the warez on my computer if thats possible)Logfile of HijackThis v1.99.1Scan saved at 1:55:41 AM, on 7/30/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IntCodec\isamonitor.exeC:\Program Files\IntCodec\pmsngr.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AIM\aim.exeC:\Program Files\IntCodec\pmmon.exeC:\Program Files\IntCodec\isamini.e... Read more

A:I Need Help... Have The "hijack This" Included

help please

Read other 9 answers
RELEVANCY SCORE 42.8

Hello all,

Thanks for looking. I try clicking Age Of Empires shortcut on my desktop and I recieve this response.....

The application has failed to start because MSVCR71.dll cannot be found. Re-installing the application may fix this problem

I tried clicking ewido security suite and it say the same thing.

What could this be?

Thought I'd include a Hijack this log.
Logfile of HijackThis v1.99.0
Scan saved at 10:00:51 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\... Read more

A:Hijack this.......log included

Read other 9 answers
RELEVANCY SCORE 42.8

never seen this before. I've run ad-aware, spybot, microsoft's beta spyware cleaner and we've got norton anti-virus corporate edition and STILL the pop ups keep coming. The anti-virus keeps catching a ton of stuff and putting it in quarantine...I clean that out and it catches more stuff. the microsoft caught something called the "peper trojan" but it supposedly cleaned it, but didn't fix the problem. Anyhoo...here's the hijack log..this log was after all of the scans with the aforementioned programs. I did update them before I ran them and also did thorough scans instead of quick scans.
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Seagate Software\WCS\pageserver.exe
C:\Program Files\Seagate Software\WCS\WebCompServer.exe
C:\Program Files\Seagate Software\WCS\cacheserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe
C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe
C:\Program Files\Seagate Software\WCS\JobServer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\starter.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Progra... Read more

A:pop up ads have taken over...hijack included

Read other 7 answers
RELEVANCY SCORE 42.8

I cannot open several items in my start menu. when i click them it doesnt open. i even right click and hit run and it still will not open....also cannot open several icons on my desktop... any help would be appreciated... thanks, Chris below is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:50 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\dleacoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA... Read more

A:please help....hijack log included

did i do something wrong or can nobody help me???
 

Read other 1 answers