Over 1 million tech questions and answers.

TOTAL CORRUPTION - HiJack This Log Included

Q: TOTAL CORRUPTION - HiJack This Log Included

Ok...I have my neighbors pc which is totally infested with virus, malware, hijack, you name it. I am able to connect to the internet via IE... page is continually re-directed by uschase.com and ads234.com, then it defaults to a blank about:blank page poof!

Here is startup lists and I am unable to "not load" specific items it always defaults to enabling "all" :
StartupList report, 11/17/2004, 9:08:01 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\ygztahrx.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
C:\WINDOWS\System32\nwufbgtg.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\b.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\jgaw400213a.exe
C:\WINDOWS\System32\vdplayd.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\iexplorr24.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
WildTangent CDA = RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
Spyware Stormer = C:\Program Files\Spyware Stormer\SpywareStormer.Exe
MS Updates = C:\Documents and Settings\John and Bryan\Local Settings\Temporary Internet Files\Content.IE5\GT6R4XQN\mscache[1].exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
lite.exe = C:\WINDOWS\System32\lite.exe
JUFPZHRC = C:\WINDOWS\JUFPZHRC.exe
JTBPZ = C:\WINDOWS\JTBPZ.exe
ildfwpb = C:\WINDOWS\System32\ygztahrx.exe
GrMeNIB8q = C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
eclpuufz = C:\WINDOWS\System32\nwufbgtg.exe
Dpi = C:\Program Files\Common Files\Dpi\dpi.exe
bxxs5 = RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
AVGCtrl = "C:\Program Files\AVPersonal\AVGNT.EXE" /min
AutoUpdater = "C:\Program Files\AutoUpdate\AutoUpdate.exe"
aufbmyqq = C:\WINDOWS\yapjybrm.exe
Aqua.exe = C:\WINDOWS\System32\Aqua.exe
Antivirus = C:\WINDOWS\b.exe
6xwG = C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
RegistryMechanic = C:\Program Files\Registry Mechanic\RegMech.exe /S
TV Media = C:\Program Files\TV Media\Tvm.exe
vdplayd = C:\WINDOWS\System32\vdplayd.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

traffic944c.exe = "C:\WINDOWS\System32\traffic944c.exe"
wmv9dmod945g.exe = "C:\WINDOWS\System32\wmv9dmod945g.exe"
SysUpd = C:\WINDOWS\sysupd.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyStartUp = C:\Program Files\Microsoft Money\System\Money Startup.exe
mindex474s.exe = "C:\WINDOWS\System32\mindex474s.exe"
jgaw400213a.exe = "C:\WINDOWS\System32\jgaw400213a.exe"
iexplorr24 = C:\WINDOWS\iexplorr24.exe
d3drm818a.exe = "C:\WINDOWS\System32\d3drm818a.exe"
clcd32973b.exe = "C:\WINDOWS\System32\clcd32973b.exe"
ccfgnt434d.exe = "C:\WINDOWS\System32\ccfgnt434d.exe"
AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
Aida = C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\WINDOWS\System32\mmfutil279p.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------
Enumerating Browser Helper Objects:

(no name) - (no file) - SOFTWARE
(no name) - (no file) - {00000000-0000-0000-0000-000000000221}
(no name) - C:\WINDOWS\mxTarget.dll - {0000607D-D204-42C7-8E46-216055BF9918}
(no name) - C:\WINDOWS\bxxs5.dll - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
(no name) - (no file) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E}
(no name) - C:\WINDOWS\System32\nkn.dll - {3DD8695A-9310-4EC8-DA25-6C5505DA7341}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\2_0_1browserhelper2.dll - {83DE62E0-5805-11D8-9B25-00E04C60FAF2}
(no name) - C:\WINDOWS\System32\nvms.dll - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
IE Redirector - C:\WINDOWS\System32\ieredir.dll - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
(no name) - C:\WINDOWS\System32\mscb.dll - {CE188402-6EE7-4022-8868-AB25173A3E14}
Search Help - C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Local Settings\Temp\zCdjP2Qk7.dll - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
(no name) - C:\WINDOWS\System32\msbe.dll - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}

--------------------------------------------------

Enumerating Download Program Files:

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\System32\lspak.dll
Protocol #2: C:\WINDOWS\System32\lspak.dll
Protocol #3: C:\WINDOWS\System32\lspak.dll
Protocol #9: C:\WINDOWS\System32\lspak.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,108 bytes
Report generated in 0.657 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Other than spyware stormer to identify malicious activity, they had nothing set to protect themselves.

Downloaded and ran stinger.exe (McAffee) with latest defs 8 Nov. It identified and cleaned over 246,000 files.

Installed Spybot, Spyware Blaster, Ad-Aware 6. SpyBot can not clean all issues. Also installed Reg Editor trial...numerouse errors. I REALLY DON'T WANT TO RE-INSTALL THERE PC ... Just get cleaned and internet accessible..with my recommendations for the "right fix"

Installed and ran HiJack This...Here's what I got... they have soooo much on there system, I'm not sure what's good and what's not...

Logfile of HijackThis v1.98.2
Scan saved at 9:16:07 AM, on 11/17/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\WINDOWS\System32\ygztahrx.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
C:\WINDOWS\System32\nwufbgtg.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\b.exe
C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\jgaw400213a.exe
C:\WINDOWS\System32\vdplayd.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Desktop\HijackThis.exe
C:\WINDOWS\iexplorr24.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uchase.com/scan.php?ask=&a=1367
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: CSIECore Class - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: (no name) - {3DD8695A-9310-4EC8-DA25-6C5505DA7341} - C:\WINDOWS\System32\nkn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\System32\ieredir.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Local Settings\Temp\zCdjP2Qk7.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [MS Updates] C:\Documents and Settings\John and Bryan\Local Settings\Temporary Internet Files\Content.IE5\GT6R4XQN\mscache[1].exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [lite.exe] C:\WINDOWS\System32\lite.exe
O4 - HKLM\..\Run: [JUFPZHRC] C:\WINDOWS\JUFPZHRC.exe
O4 - HKLM\..\Run: [JTBPZ] C:\WINDOWS\JTBPZ.exe
O4 - HKLM\..\Run: [ildfwpb] C:\WINDOWS\System32\ygztahrx.exe
O4 - HKLM\..\Run: [GrMeNIB8q] C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\GrMeNIB8q.exe
O4 - HKLM\..\Run: [eclpuufz] C:\WINDOWS\System32\nwufbgtg.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [aufbmyqq] C:\WINDOWS\yapjybrm.exe
O4 - HKLM\..\Run: [Aqua.exe] C:\WINDOWS\System32\Aqua.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\b.exe
O4 - HKLM\..\Run: [6xwG] C:\documents and settings\kaitlyn.walshfamilycomp.000\local settings\temp\6xwG.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [vdplayd] C:\WINDOWS\System32\vdplayd.exe
O4 - HKCU\..\Run: [traffic944c.exe] "C:\WINDOWS\System32\traffic944c.exe"
O4 - HKCU\..\Run: [wmv9dmod945g.exe] "C:\WINDOWS\System32\wmv9dmod945g.exe"
O4 - HKCU\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyStartUp] C:\Program Files\Microsoft Money\System\Money Startup.exe
O4 - HKCU\..\Run: [mindex474s.exe] "C:\WINDOWS\System32\mindex474s.exe"
O4 - HKCU\..\Run: [jgaw400213a.exe] "C:\WINDOWS\System32\jgaw400213a.exe"
O4 - HKCU\..\Run: [iexplorr24] C:\WINDOWS\iexplorr24.exe
O4 - HKCU\..\Run: [d3drm818a.exe] "C:\WINDOWS\System32\d3drm818a.exe"
O4 - HKCU\..\Run: [clcd32973b.exe] "C:\WINDOWS\System32\clcd32973b.exe"
O4 - HKCU\..\Run: [ccfgnt434d.exe] "C:\WINDOWS\System32\ccfgnt434d.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\kaitlyn.WALSHFAMILYCOMP.000\Application Data\ttuh.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {4D8E6154-D6B1-4770-A9A1-4919686F415E} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E7854C-559B-4518-BB8D-3DB7407A6367}: NameServer = 198.6.1.60 198.6.1.70
O20 - AppInit_DLLs: C:\WINDOWS\System32\mmfutil279p.dll
Your feedback and support is greatly appreciated...

RELEVANCY SCORE 200
Preferred Solution: TOTAL CORRUPTION - HiJack This Log Included

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: TOTAL CORRUPTION - HiJack This Log Included

Read other 16 answers
RELEVANCY SCORE 59.6

Hello everyone!

I am here today with yet another XP problem, but I am sad to say this is not your average run of the mill registry corruption.

Background:
During an architectural rendering - my apartment's power went out - immediately shutting off my computer. Upon resetting the circuit breaker and rebooting, I was mortified to discover my computer would not boot at all. (I think it is important to note prior to the power outage - my computer was freezing periodically, {besides other applications, utorrent would always make it freeze.})

After reboot, when it comes to the screen that gives you several boot options (safe mode, last known good... etc.) any option I click won't work and it simply freezes until I force shut down.

I tried repairing windows XP but during the installation it says something in the nature of "cannot find original windows installation, please contact sys..."

I successfully loaded up a BartPE bootable windows - but the OS could not detect my hard drives (the drives are just empty.)

*I suspect my hard drives died

I have windows installed on a data drive, and I have another 2 500gb hitachi drives raided together. (Not the raid setup that mirrors - the one that screws my career over)

What can I do to recover my data? Is there any external enclosure that I can get or some way of repairing windows through BartPE even though it doesnt read c: drive? Midterm presentations are around the corner and I cannot afford to pay for da... Read more

A:XP Total Corruption?

You have a Raid 0 setup and likely had a Bios crash so you need someone to set your Bios up for Raid again and then it might actually just boot up OK (provided you haven't messed things up too much).

I would suggest a shop.

Read other 3 answers
RELEVANCY SCORE 56.8

I believe I've a corrupt file system/registry. The windows explorer hangs a lot. Accessing files in drives takes too long. Ran Malwarebytes, NOD32 online scanner. It's all clean. SFC doesn't run.

So, I've run SFCfix.exe & attached the generated SFCfix.txt. I've also attached CBS.zip. Please help.

Read other answers
RELEVANCY SCORE 56.4

I've previously posted for help under "Performance & Maintenance". I thought it would be more appropriate to ask for help here.

I believe I've a corrupt file system/registry. The windows explorer hangs a lot. I've a hard time accessing files on the hard drive. Ran Malwarebytes, NOD32 online scanner. It's all clean. SFC doesn't run.

So, I've run SFCfix.exe & attached the most recent version of SFCfix.txt & CBS.zip.

I've attempted some repairs by running Windows Update Readiness tool, looking at CHECKSUR.log, by downloading the individual updates mentioned in the log, placing them in C:\windows\temp\checksur\packages folder, and running WURT again & the summary of checksur.log reads.

Seconds executed: 1718
Found 106 errors
CSI Manifest All Zeros Total count: 2
CSI Payload File Missing Total count: 1
CSI Payload File Corrupt Total count: 1
CBS MUM Missing Total count: 3
CBS MUM Corrupt Total count: 6
CBS Catalog Missing Total count: 5
CBS Catalog Corrupt Total count: 3
CBS Registry Error Total count: 13
CBS Watchlist Package Missing Total count: 72

Unavailable repair files:
winsxs\manifests\x86_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.22853_none_f074c244483f4149.manifest
winsxs\manifests\x86_microsoft-windows-packager_31bf3856ad364e35_6.1.7601.18645_none_eff7f4132f17bb15.manifest
servicing\packages\Gin8IP-Microsoft-Windows-DownlevelApisets-Com-WinIP-Package~31bf3856ad364e35~x86~ja-JP~7.1.7601.1649... Read more

Read other answers
RELEVANCY SCORE 48

I don't know if this pc's problems are related to anything that's been downloaded. I've run Spybot and cleaned it up some. Please take a look at the attached and let me know if I need to do anything further. TIA.

Betsy
 

A:boot sector corruption - hijack this log

I'll just post this up, to make it quicker for others to check

Logfile of HijackThis v1.93.0
Scan saved at 4:41:01 PM, on 9/4/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.cnn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CstlFaxTray] C:\Program Files\Castelle\FaxPress\FaxTray.exe
O4 - HKLM\..\Run: [FPEXCNVT] C:\Program Files\Castelle\FaxPress\ExCnvt.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Novell Application Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'T... Read more

Read other 3 answers
RELEVANCY SCORE 48

When I click on a link from the Google search page it gets hijacked to 83.133.124.109 and then to some bogus search site or other website.I also have a problem that when I run a McAfee scan a bunch of trojan files show up that I need to remove with other software.DDS (Ver_09-12-01.01) - NTFSx86 Run by Brad at 21:57:57.25 on Fri 01/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.809 [GMT -8:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\IObit\IObit Security 360\IS360srv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService... Read more

A:google hijack and McAfee corruption

I ran Kaspersky TDSSKiller and it found a problem in atapi that it fixed. Things seem to be better.

Read other 2 answers
RELEVANCY SCORE 47.6

Greetings! Recently I ran into some nasty malicious software. My browser is redirected when I do a web search. What I know, "askalot.com" or viruses associated with this website seem to be the problem I am facing. I have run Malaware-Bites and it cleaned 10 infections a few days ago. Since then the problem has persisted and Malaware-bites has been unable to detect anything else. the following items i have tried to remove already.... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')they keep coming back... Any help would be appreciated as I am terribly paranoid about what information the software could be stealing form me. thank you for your time. ========================================================================================== HIJACK THIS LOG FILE ====... Read more

A:Browers Hijack ( possible windows explorer corruption as well )

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 23 answers
RELEVANCY SCORE 46.4

My computer was recently hijacked by one of those nasty moneypak viruses. I can't access the os normally or in either of the two safe modes. I've scoured through all of the self help guides to no avail. I've even tried using the hitman bootloader but that doesn't work either. I was instructed to post a dds log but am unable to do that at the moment. This computer has all of the company financials on it and it is imperative that I get it working again. Please help! Thanks

A:total hijack

My original post:
Help please! My computer is on complete lock down and I am at my wits end.
I was on Google Chrome when all of a sudden the screen was hijacked by a window that claimed to be from the department of justice. At this point, I couldn't do anything with the computer except force a reboot. Then, upon restart in normal mode, a dialog box comes up that says windows is shutting down because of the nt authority\system and that the dcom server process launcher terminated unexpectedly.
So far, I have tried to restart normally with no success. I've tried to restore to the last known good configuration with no success. I've tried to restart into safe mode but I get a blue screen that says to check for viruses on the computer. Lastly, I've tried to reboot the system with hitman which didn't work either. Normal system startup is working except for the nt authority system error and the hijack. Needless to say, I'm beyond frustrated at this point.
Please help. Thanks

Read other 31 answers
RELEVANCY SCORE 46

System specs:

Dell 410 XPS
2GB RAM
WindowsXP Home SP2
1 installed Intel 82566DC Gigabit Network Connection
DSL phone-line modem to Earthlink
(I just bought a new D-link Dir-655 wireless router, and will probably switch to Comcast cable, but want to fix this first.)
nVidia GeForce 7600GT video card
Dell 2405 monitor

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:28 AM, on 4/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\rund... Read more

Read other answers
RELEVANCY SCORE 46

Hi,

I ran AdAware and Spybot on this system and wanted to do an HJT scan. This is the message I get when I try to instal HJT -

" Hijack This.exe - Bad Image

The application or DLL C:\WINDOWS\system\MSVBVM60.DLL is not a valid Windows image. Please check this against your installation diskette."
What do I do?

Many thanks...Raj.
 

A:Very Close to TOTAL HIJACK!!

Read other 16 answers
RELEVANCY SCORE 46

My internet is going crazy with hijacks. I think theres more than one. Please help.
Logfile of HijackThis v1.98.2
Scan saved at 11:56:51 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\dllhostxp.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\pxhping.exe
C:\WINDOWS\System32\extrac16.exe
C:\DOCUME~1\YURIYA~1\LOCALS~1\Temp\eehm.dat
C:\Program Files\Quintessential Player\QCDPlayer.exe
C:\Documents and Settings\Yuriy Ayzenberg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =... Read more

A:Total Internet Hijack!! Please help

Please help! I'm getting some weird windows messages
 

Read other 2 answers
RELEVANCY SCORE 45.2

Hello all. This is my first post on this site and I hope that you can help me out. When I sign on to my regular user profile this error pops up: Windows cannot find 'C:\Windows\System32\wpcumi.exe'

After I close this box a box for Vista Total Security 2011 pops up and starts a scan. It shows that I have 29 infections and the only way to get rid of them is to purchase this software. I have been running AVG for years and had no issues. When I close this box and try to open my web browser it blocks it and says it is unsafe. The only way to make it safe is to...you guessed it, buy the software! I cannot figure out how to get this off of my computer. If I log in under administrator everything runs normal. I can access AVG and see that the most recent scan was this morning with no issues. What gives?

Oh BTW, I tried restarting and I get the same thing. Thanks for any help that you can give me.

A:Vist Total Security 2011 Hijack

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2IMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the I... Read more

Read other 3 answers
RELEVANCY SCORE 45.2

alright im running xp home my comp is compaq nc6000 laptop. (build 2600.xpsp_sp3_gdr.090206-1234:service pack 3) i currently have and use firefox and opera browser. could not install the last two latest updates. no variation of chckdsk will work in safe mode, admin and home, or regular, at startup it tries to run chkdsk then says chckdsk is not available on RAW. After startup an error message says EXPLORER.EXE is invalid or corupted please run chckdsk utility.i have no desktop, not even in safe mode, i have to use new task from tast manager that works after 3 bad image errors lol. i'v been getting alot of out of virtual memory message's and i cant figure out how to ever get that back.every program on my computer i open is followed by the error message "invalid or corrupted please run chkdsk" the programs will still work, for a while but eventually start crashing and have to be reinstalled.

couple weeks ago im pretty sure i stumbled upon a fake guitar lesson website it gave me some nasty virus. it instantly opened a window in fullscreen looked just like windows security center and was scanning show hundreds of threats very fast i touched nothing and ctrl-alt-del, terminated opera's exe from task manager. the comp would shut down and crash again before it can even boot but i happened to download spybot s-d and run it in safe mode i have the log plus another in regular mode ill will give you, that kept my computer workable enought to talk to you guys.

... Read more

Read other answers
RELEVANCY SCORE 44

Up untill today my PC has been working a-ok. I first encountered the problem when i was palying a online mmo. After a couple of hours playing i entered a world and some graphical corruption occured where green pixels seem to appear in bands where the lighter colours where. After a short while the pc locked up,with loads of green pixels appearing and the last split second of sound caught in a loop.Nothing worked,mouse keyboard,even the lights for numlock,scroll lock and capslock did not respond to the keys being pressed.it has happened almost every time i tried a game since then.

I rebooted my pc and it was fine untill i was loging into the pc,where more of the same graphical corruption occured,when i logged in after a short while the pc froze on my desktop and hr monitor lost signal.after a few seconds it came back on an a message appeqred in the corner by the toolbar saying Kernel driver 258.96 had failed but had been recovered, his happened a few times. Windows works perfect in safe mode and i updated the graphics card drivers to try and resolve this but it did not work,i am posting this off my iPod so pardon the bad spelling,will upload a picture or video tomorrow wih more info if needed.
Runnng on a packard bell iXtreme with a quad core cpu and Nvidia 8400GS grqphics card. Hope somebody has a solution .thanks.
 

A:Pc locking up,graphical corruption,audio corruption

Read other 7 answers
RELEVANCY SCORE 42.8

my son has been playin runescape on my laptop for some time now. and he's been getting all kinds of different .scape servers and client things and ever since my laptop has been runnin slow. i have c hecked for virus and etc and found nohting please help.

A:hijack this is included

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 16 answers
RELEVANCY SCORE 42.8

Hi guys,

Just getting stoopid random pop ups.. ran AVG / Spybot Search and Destroy. and Ewido in Safe mode...
Logfile of HijackThis v1.99.1
Scan saved at 12:43:47 AM, on 6/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSyn... Read more

A:Hijack.... Log included

Read other 12 answers
RELEVANCY SCORE 42.8

Hello!!The internet on my computer is running incredibly slow now as well as some of my programs. I've tried everything, including some of the techniques I learned from you guys. Can you please take a look and see what we can do. It's frustrating as hell!! The following is my LOG, and hope to hear from you soon: Logfile of HijackThis v1.99.1Scan saved at 11:16:52 PM, on 5/23/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exeC:\WINDOWS\System32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Adobe\Photoshop A... Read more

A:Please Help! Hijack Log Included

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogAlso please install the Windows update at http://www.windowsupdate.com

Read other 1 answers
RELEVANCY SCORE 42.8

My PC is running very slowly and it just 'feels' like something isn't right. I've downloaded and run Hijack This. The log is posted below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:43 AM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\KACE\KBOX\KBOXSMMPService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Ult... Read more

Read other answers
RELEVANCY SCORE 42.8

This is from my best friend's computer....she can't get online to do this! She has a dail up connection and she can get online....but can't get anywhere....says cant find page, etc.....and can't get email at all either. What can be done? Thanks in advance! I had previously posted this on the wrong thread......

ogfile of HijackThis v1.98.2
Scan saved at 9:55:03 AM, on 10/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\WINDOWS\SYSTEM\PTSWRAUP.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILE... Read more

A:Please help----hijack this log included!

Read other 7 answers
RELEVANCY SCORE 42.8

Any help would be appreciated. I have tried everything and I it just comes back. I usually can run sdfix and be okay but this is a vista laptop. I'm pulling my hair out. Please anyone. I have ran ad-ware se, superantispyware, trojan remover, avg, sdfix(which didn't work) I do not know how to read these hijack so any help again would be appreciated. I have a big slow down in internet explorer and google searches don't work. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:24 AM, on 9/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Sorry I think I might have it...if not I will add the hijack listing back...thanks

A:Can't Seem To Get Rid Of This..hijack.log Included

I am glad you found your computer problem. Let us know if we can help you.

Thank you for letting us know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Read other 1 answers
RELEVANCY SCORE 42.8

Hiya,

Everytime i go on the internet on my pc i'm getting lots of pop up ads. Please can someone help?! Below is my Hijack this log - if there's any other info i need to provide just let me know.

Thanks :)

-------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:02, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAU... Read more

A:Pop ups - Hijack This log included

Hi, welcome to TSF!

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
C:\Qoobox\Add-Remove Programs.txt
New HijackThis log.

Read other 7 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 9:19:06 PM, on 11/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)lately my computer has been running god awful slow, and i've run almost every program Ad-aware, SW doctor, registry doctor, norton, the works, and i was told to run this hijack log to let an expert determine whats wrong. Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\... Read more

A:Help Please, Hijack Log Included

Hello and welcome to BC Sorry for the delayed response. I cannot see anything malware related in your log. I would suggest that you click here and see if the recommendations there would help you.

Read other 31 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 12:45:25 AM, on 6/18/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\EXPLORER.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com/start.htmlR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&mem=nas...&N=PLHS&O=I&UT=O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exeO4 - HKLM\..\Run: [SystemTray] systray.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiCwd32] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /minO4 - HKLM\..\Run: [AtiKey] ... Read more

A:need help please. hijack log included

Hello computerclueless2005 and welcome to the BC forums. It appears that this log was run from Safe Mode. I need you to boot normally and run the HijackThis scan from normal mode and post a new log back here.

Thanks.

OT

Read other 1 answers
RELEVANCY SCORE 42.8

Hoping someone here can help me out.

I am having a problem access certain websites on my computer. Normally, I don't let it bother me, but I can't access any of my university's webpages, which is a big problem considering I do some school work online. When I type the web address, MSN pops up and says "We can't find "www.trentu.ca Did you mean to go to one of these sites..." and then its lists the Trent site, but I still can't access the pages. I also cannot access Yahoo.com. I get the same message as I do when trying to access the uni sites.

Someone mentioned that it might be a spyware problem, but I have SpySweeper and AdAdware SE installed and keep checking them for updates. I've emptied my cookies, cleared all temporary internet files and cleared the history.

We are on a network here and all my other housemates have no problems access any of the above sites.

This is becoming a pain in the butt to deal with. I've included a Hijack This log as well. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 4:15:52 PM, on 2/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\S... Read more

Read other answers
RELEVANCY SCORE 42.8

hi, got this damm msn virus someone sent me something say bout a pic to look at and stupid me downloaded iot now my msn is sending all contact this same ****.. anyway u know all bout it .. thanks in advance..

heres the log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:59 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\cvisvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\I... Read more

A:can u help pls!, hijack his log included already..

any help asap would be appreciated thank u
 

Read other 1 answers
RELEVANCY SCORE 42.8

hi. i recently had a long battle with spyware/adware. it got so bad that i had to switch to safe mode with networking because my internet explorer was clogged with ads (in addition to being directed to a search page because of a worm) and my computer was running extremely slow. then i used many programs (Norton Anti-Virus 2003, TrojanScan, Bazooka, Pest Patrol Corporate Edition, X Cleaner, Spybot Search and Destroy, and Adaware Pro 6.0 with all the lastest updates) to find what was wrong. all the programs found something different and i deleted whatever was found. can anyone please look at my HijackThis log and see if i'm still infected with adware/spyware/viruses/worms? also, do i have to run in normal mode for everything to be detected or can i safely go back to using normal mode?

Logfile of HijackThis v1.97.7
Scan saved at 1:41:16 AM, on 5/3/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\mIRC\mirc.exe
c:\Program Files\PestPatrol\PPControl.exe
C:\Documents and Settings\Dre\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dre\Desktop\HijackThis.exe

R0 - HKC... Read more

A:Please help (Hijack This log included)

Run hijackthis and fix the following items. Be sure all windows are closed except for hijackthis

R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)

O2 - BHO: (no name) - {212DBA39-DCCE-FC5F-2462-79EDD2147026} - (no file)

O2 - BHO: (no name) - {397D7D63-816E-4ECF-8761-775C932C5CF1} - (no file)

O3 - Toolbar: (no name) - {9FF6D113-83CA-B09D-C352-3EDF3C189CF7} - (no file)

O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://hard-virgins.com/dkvaget/x.chm::/load.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab


Reboot and post a new hijackthis log
 

Read other 2 answers
RELEVANCY SCORE 42.8

Help - having major issues, pop-ups, etc. Can someone analyze my hijack log and tell me what to do. Remember, be specific, I'm new at this and I'm blonde!

Logfile of HijackThis v1.98.2
Scan saved at 7:39:28 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\Hehxl.exe
C:\WINDOWS\pgtaff.exe
C:\WINDOWS\System32\winmonv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ipsbk32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WIN... Read more

A:HELP! Hijack This Log included

Read other 7 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 1:41:09 PM, on 8/16/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\PROGRA~1\WEATHE~1\Weather.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\keyexp\KEYEXP.EXEC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Documents and Settings\Marlena Bauer\Desktop\hijackthis\HijackThis.exeO3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\P... Read more

A:Pop Ups And Such (hijack Log Included)

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.1) You are using the Ares p2p file sharing program.This is not technically malware by itself, but it installs malware in order to run properly.It also opens the door for every other nasty program you can think of. I strongly recommend that you remove it from your computer.Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/I suggest you remove the program now. Of course if you decide to keep it, it's not a problem.Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:AresThis is another article you can read:http://www.cexx.org/adware.htm2) Start HijackThis, close all open windows leaving only HijackThis... Read more

Read other 12 answers
RELEVANCY SCORE 42.8

I need help. Somehow letting my brother use my computer he got this internet security virus/popup on my computer. please help. thanks -- here is my hijack this (i still want the warez on my computer if thats possible)Logfile of HijackThis v1.99.1Scan saved at 1:55:41 AM, on 7/30/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IntCodec\isamonitor.exeC:\Program Files\IntCodec\pmsngr.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AIM\aim.exeC:\Program Files\IntCodec\pmmon.exeC:\Program Files\IntCodec\isamini.e... Read more

A:I Need Help... Have The "hijack This" Included

help please

Read other 9 answers
RELEVANCY SCORE 42.8

i ran a hijack this log (included). My biggest problem is I get a message saying there is an IP address conflict with another user. Not sure how to remove it but would love some help. Thanks for all the great work you guys do Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:09:14 PM, on 2/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_10\bin\jusched.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:&#... Read more

A:Hijack This Log Included

Welcome to the BleepingComputer HijackThis Logs and Analysis forum majicparty My name is Richie and i'll be helping you to fix your problems.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 3 answers
RELEVANCY SCORE 42.8

recently, my media player has begun playing music with a 'chopped up' sound (not quite like skipping). it happens when playing saved files, cds, even live365radio. it will do this for a typical period of 5-15 seconds; sometimes, but rarely, longer as well. but i became curious and i was observing my task manager during this problem, and i believe it may be caused by my computer being overworked or maxed out. I noticed when watching the CPU usage under the Processes tab in the task manager, that the media player typically runs using 10-25% of my CPU. however, sometimes it jumps up to 60-80% and this is when this problem occours. also, keep in mind that i have have 50+ processes running at any given time. but then, moments later, it will drop back to normal and it's ok for a few minutes or so.

i'm no computer expert, but this is what i've put together. i've also posted a HJT logfile below if it may be to any assistance in solving this problem.

thank you,

Josh
Logfile of HijackThis v1.99.0
Scan saved at 3:29:48 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Stardock\... Read more

Read other answers
RELEVANCY SCORE 42.8

My friend's computer is not allowing them to use Internet Explorer. We cleaned off all the spyware that AdAware found, but its still not running properly. Its picking up at 100% usage but won't even load a web page. Can anyone take a look at the Hijack This log and tell me what's wrong with it?

Logfile of HijackThis v1.97.7
Scan saved at 9:39:04 AM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\Program Files\OfferApp\OfferApp.exe
C:\WINDOWS\System32\hctacmi.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Michelle\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsof... Read more

A:Can't use IE. Hijack This Log included.

Anybody know what's wrong with it? We can even get the page to move in order to get to a virus scanner. Please help.
 

Read other 2 answers
RELEVANCY SCORE 42.8

I'm not sure if I have a virus or not but my computer has been very slow and when I did a system scan in safemode using Norton, it said I had one infected file. I deleted it but it still shows up in my HiJack This log:

Logfile of HijackThis v1.97.7
Scan saved at 2:00:22 PM, on 2/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\S... Read more

A:HiJack This log included...

Go to add/remove programs and uninstall NewDotNet.
And go here:
http://www.majorgeeks.com/download.php?det=3446
Download and run "KazaaBegone"
Thats is where all this crap came from.

Then....
Download and run CWShredder by Merijn Bellekom
It's from The CoolWebSearch Chronicles which you should read.
And remember to click "Fix" (Not "Scan only")
In particular pay attention to the patches for the operating system regarding the ByteVerify vulnerability.
Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan itīs just to click the "Scan" button.

When scan is fin... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Getting lots of pop-up ads such as antiwinvirus web page. Here is hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 4:07:40 PM, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Fil... Read more

A:Pop-up ads Hijack log included

Read other 16 answers
RELEVANCY SCORE 42.8

Hi,
I have been having a terrible time with trojans, pop-ups, etc. for about 5 days now. Have been doing daily scans with McAfee, also using Adaware and spybot S&D. I have downloaded spyware blaster, and last night downloaded a personal firewall.

After cleaning trojans using McAfee, Panda ActiveScan (online) and Symantec Security Check (online), I ran Ad-aware, SE and Spybot S&D. I then downloaded HJT. The log of that scan is below. I'm hoping someone can help me clean up this headache. I don't have alot of computer savvy, but do know enough to follow directions.

Thanks!

Logfile of HijackThis v1.98.2
Scan saved at 11:54:18 AM, on 9/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\QuickBrowser.exe
C:\PROGRA~1\AWS\WEATHE~1\Wea... Read more

A:HELP! Hijack This Log included

Hello!

We will use the tools, first.

Download Ad-aware SE from here. Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
? Automatically save log-file
? Automatically quarantine objects prior to removal
? Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
? Scan Within Archives
? Scan Active Processes
? Scan Registry
? Deep Scan Registry
? Scan my IE favorites for banned URL?s
? Scan my Hosts file
? Under Click here to select drives + folders, choose:
? All of your hard drives
Click on the Advanced button on the left and select:
? Include additional process information
? Include additional file information
? Include environment information
Click the Tweak button and select:
? Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
? Under the Cleaning Engine:
o Let Windows remove files in use at next reboot
Click on Proceed to save the settings.

Click Start and on the next screen choose:
? Use Custom Scanning Options
Click Next and Ad-aware will scan your hard drive(s) with t... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

My net is really going slow, but only the browsing speed. Downloading is fine, as i saw when i got HJT. I already ran adware 6 and Spybot Search and Destroy, and they cant find anything. The programs on the pc are running ine, i.e. word an media player, it is just the browser. PLEASE help!

Logfile of HijackThis v1.97.7
Scan saved at 08:07:49, on 07/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AOL 8.0a\waol.exe
C:\Program Files\AOL 8.0a\shellmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Liptrot\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ads.softwareoutfit.com/start_search.php?... Read more

A:HELP!!! Hijack this log included

Should be posted in security,normally i would move you there but the log is clean.

You can have HijackThis "Fix" this one:
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
 

Read other 2 answers
RELEVANCY SCORE 42.8

please can some help




Logfile of HijackThis v1.98.2
Scan saved at 9:27:39 PM, on 10/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\WINDOWS\webshots.scr
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://crackspider.net/ie/sbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com
R1 - HKLM\Software\Microsoft\Internet Explore... Read more

A:can someone help please hijack log included

Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log?..


Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://crackspider.net/ie/sbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webcrawler.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

Hello all,

Firstly, I hoope this post reaches you as I am having so many problems on my computer at the moment that I am struggling to say onlne for more than 10 minutes without the system freezing up then cashing on me.

I have a hared couter and ever since a new housemate has moved in I have noticed he computer get slower and slower. Examples are:

Typing on the internet is very slow and delayed.
Loading up a webpage takes forever even though my broadband spee currently downloads at 2mbps.
Opening my documents, my pictures and music takes a painfully long time and opening individual files also take a long time to open.
When I close the PC down I have to wait a minute for screen to pop up asking me if I want to entask on an application that I have no idea what it does.

^ Those are the main problems. At the moment I am desperately trying to backup my files as I am expecting my compuer to die on me and I am prepared to buy a laptop. But at the moment it is running so slow that simple tasks like burning a cd of 700mb of data can take over an hour from start to finish. I now have loads of extra programs in my system tray and start menu including a file sharing program which surely is not helping!

I hope someone here can help - in the past I have had great help from this website when it comes to hijack this logs. I have posted the log below...I even hope I can access this thread sometime soon!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:16, on 20/01/2... Read more

A:PC will die on me....Hijack this log included

UPDATE:

Since downloading a new windows service pack I have internet explorer 7. A lot of pop ups come up telling me that I am infected and to download a certian fix or rogram. The pop up pages look like it s scanning my system and it looks legitimate but I have no idea if they are legit or what.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hi FLrman. Can u help me with this? (english is not my first language, so sorry if it isnīt that good):
Yesterday, i found some problems in my pc. Every time I open the internet explorer, this link is open as the home page (http://homepage.com@www.e-finder.cc/hp/). Sometimes, when I write for ej: www.yahoo.com and press enter, the internet explorer shows http://ehttp.cc/?www.yahoo.com.
What I decided to do is to download HijackThis v1.97.7 and scan. this is my log:

Logfile of HijackThis v1.97.7
Scan saved at 07:20:32 p.m., on 29/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\WinGate\WinGate.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\AddCLS.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zapro.exe
C:\Archivos de programa\WinGate\wgengmon.exe
C:\Archivos de programa\Sony Corporation\Image Transfer\SonyTray.exe
C:\ARCHIV~1\ICQ\ICQ.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Charles\Hij... Read more

A:Please Help - Hijack Log Included

Read other 6 answers
RELEVANCY SCORE 42.8

I downloaded a virus. So for some reason I went into my system.msc folder and started disabling things and now I cant restore my computer or even get onto the windowsupdate here is a copy of my hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 9:36:31 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sbqaw.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,evwdhyw.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WIN... Read more

A:Please help!!!! hijack included

Hi, kimhaze73.

Welcome to TSG.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Click here to download Look2Me-Destroyer.exe and save it to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt in your next reply.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from here a... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

Hi....i'm new here...pls correct me if there's any mistakes...
recently, i received a file from msn messenger and i'd open it...the result is...
the messenger keeps sending pictures bout every 5 minutes to all my contacts...then i deleted the file received...
the worst part is....every time i switch on the pc...the wallpaper is gone and the active desktop recovery appear...the active desktop recovery notice will appear for about 30 seconds...then gone with all the icons and taskbar...n come back bout 5 seconds later...the goes on and on for a few times n the desktop will freeze with my original wallpaper without any icons and taskbar...however, i'm still able to use the programs in my pc...
if it's possible...i do not want my pc to be reformat because i have so many important stuff in there...i need help...

here's the hijack log...thanks in advance...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:34 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Fi... Read more

A:i need help-hijack log included

....everything is fine now after i run the combofix...
 

Read other 1 answers
RELEVANCY SCORE 42.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:14:05 AM, on 10/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Sof... Read more

A:Hijack Log Included, please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

never seen this before. I've run ad-aware, spybot, microsoft's beta spyware cleaner and we've got norton anti-virus corporate edition and STILL the pop ups keep coming. The anti-virus keeps catching a ton of stuff and putting it in quarantine...I clean that out and it catches more stuff. the microsoft caught something called the "peper trojan" but it supposedly cleaned it, but didn't fix the problem. Anyhoo...here's the hijack log..this log was after all of the scans with the aforementioned programs. I did update them before I ran them and also did thorough scans instead of quick scans.
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Seagate Software\WCS\pageserver.exe
C:\Program Files\Seagate Software\WCS\WebCompServer.exe
C:\Program Files\Seagate Software\WCS\cacheserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe
C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe
C:\Program Files\Seagate Software\WCS\JobServer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\starter.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Progra... Read more

A:pop up ads have taken over...hijack included

Read other 7 answers
RELEVANCY SCORE 42.8

About 2 weeks ago I started having problems with my computer. I never used to have pop ups but now I get them all the time from winfixer and sites like that and when I close one another pops up. I use google popup blocker and it has always stopped pretty much everything in the past. Also my computer has just seemed bogged down and been running slowly since this has started, when I try to put it in standby mode it goes into standby but this starts back up into normal mode right away, and it also takes forever to turn on if I restart the computer. All of these problems started about the same time. I have ran the free versions of the following on my computer to try to fix the problems and they have all found things to fix but my problems still exist; ewido security, adaware, online virus/spyware scan from trendmicro, and registry mechanic. Below is my hijack this log. Please help I dont know what else to do!!!!

Logfile of HijackThis v1.99.1
Scan saved at 8:43:53 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\System32\svc... Read more

A:I need help! Hijack this log included...

You have no active AntiVirus

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
You will first be presented with a warning and a list of forums to seek help at.
it should look like this
VundoFix V2.15 by Atri
By pressing enter you agree that you are using this at your own risk

Click to expand...
At this point press enter one time.
Next you will see:
Type in the filepath as instructed by the forum staff
Then Press EnterClick to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\yayyw.dll

Press Enter,
Next you will see:
Please type in the second filepath as instructed by the forum staff
Then Press Enter,Click to expand...
At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\system32\wyyay.*
If you have a script blocker running, you may get a... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

Hey. My girlfriend's mom's computer is having some internet issues. She uses aol and she can connect to aol and read her email but when she tries to visit a web site she gets an error that says "internet explorer cannot open the webpage. An internal errow occurred in the windows extension." I was home last week and took a look at i. I verified that the problem is not just with aol by installing net zero which does not work either. I made sure all of the modem settings and internet settings were fine as far as i know and i followed all the guidelines in both troubleshooters. I ran and corrected problems that popped up with windows file checker and I even reinstalled windows. None of these solved the problem. I then reinstalled aol which likewise didn't solve the problem. I tried to reinstall/upgrade interent explorer. However it would act like it was working and then pop up with an error that said "command line option syntax error type command /? for help" It did this everytime I tried in install IE. When you type command /? a dos looking box pops up and then closes to fast for you to read. I am now back at school and sent her hijack this and had her run it. it is pasted below...hopefully whatever she needs to do is easy because i I will ahve to try to talk her though it over the phone.
Logfile of HijackThis v1.97.7
Scan saved at 10:27:54 PM, on 3/16/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v4.72 SP1 (4.72.3... Read more

A:Hijack this log included!

Read other 16 answers
RELEVANCY SCORE 42.8

Hi All

Today a message appeared next to my clock on the bottom right hand corner saying " VIRUS ALERT! " ?? Ive tried Adware , spybot and a couple other spyware / antivirus program but cant seem to rid of it ? Does anyone know what this is ? or has anyone had the same problem ? Its driving me mad as cant get rid off it < Heres my Hijack this log that i done a few minutes ago.

Thanks in Advance for any help

Keigan1888
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\burst\burst.exe
C:\Program Files\burst\core-new1.1.3\btd... Read more

Read other answers