Over 1 million tech questions and answers.

About:Blank...Hijack Log included

Q: About:Blank...Hijack Log included

Please help me I am computer stupid. I have terrible virus problems. I have the "about:blank" virus and the PWSteal.Trojan virus in file C:\WINDOWS\tgbcde\library32.dll
Please talk to me as though I am stupid...I am when it comes to this stuff!

Here is my HijackThis log:
HijackThis v1.98.2
Scan saved at 5:42:19 PM, on 8/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50138
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 169.254.78.159
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Courtney\Local Settings\Temp\4oUn9.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.projecx.net/server.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50138/QDow_AS2.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livephish.com/nugster/dlControl.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
O20 - AppInit_DLLs: C:\\Winnt\System32\wdm.dll

RELEVANCY SCORE 200
Preferred Solution: About:Blank...Hijack Log included

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: About:Blank...Hijack Log included

Welcome to TSF.

Please do not post multiple times. Doing so will not make us answer your question faster. If no one replies about a day or so, reply to your original message with a bump.

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it’s clean, you may turn it back on and create a new restore point.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Please download Adaware and install it if you don’t have it already. Make sure it’s the newest version and check for any updates before running it. Download the VX2 Cleaner Add-On and follow the online instructions to install it properly. Also make sure to customize the settings in Adaware for better scan results. Run the scan and fix everything that it finds.

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

Reboot into Safe Mode (hit F8 key until menu shows up).

Hopefully Adaware has removed some entries for you already. So if you see that something doesn’t exist anymore, Adaware probably fixed/deleted it already. Just continue on with the other fixes/deletions.

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn’t be – but double check it):

C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\Save\Save.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

WinTools – any entry that has this word
ClockSync
Viewpoint
MaxSpeed

Make sure to close any open browsers you have. Check and fix the following in HijackThis if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50138
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 169.254.78.159
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Courtney\Local Settings\Temp\4oUn9.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.projecx.net/server.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50138/QDow_AS2.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livephish.com/nugster/dlControl.CAB
O20 - AppInit_DLLs: C:\\Winnt\System32\wdm.dll

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Program Files\Common Files\WinTools\
C:\PROGRA~1\Save\
C:\PROGRA~1\CLOCKS~1\
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\
C:\Documents and Settings\Courtney\Local Settings\Temp\ - delete all the files in the folder only
C:\Program Files\SEP\
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Program Files\Viewpoint\
C:\Program Files\Common Files\slmss\
C:\WINDOWS\mwsvm.exe
C:\Program Files\VBouncer\
C:\WINDOWS\System32\ms.exe

Reboot into Normal Mode.

After that’s done, restart and post a new HijackThis log file so we can make sure it’s clean.

To help prevent future spyware installations/infections, please read my anti-spyware section and use the tools provided.

Read other 1 answers
RELEVANCY SCORE 64.4

Hello,
I am infected with the about:blank problem and everytime i change my homepage it always goes back to about:blank with a search engine of somekind, i have run spybot. I also ran CWShredder which fixed it for an hour or two but the problem came back.
Thank you

Logfile of HijackThis v1.97.7
Scan saved at 5:36:34 PM, on 5/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\docume~1\glenn\locals~1\temp\DRb9.exe
C:\docume~1\glenn\locals~1\temp\DRb9.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\dp-him.exe
C:\WINDOWS\System32\tcmeftp.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Reese Family\Application Data\rncr.exe
C:\WINDOWS\System32\wnscpsv.... Read more

A:about:blank help please! Hijack log included

***

Get, install, update and run free Ad-aware (and its HexDump plug-in) from http://www.lavasoftusa.com/software/adaware/

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use Custom Scanning Options' then click Customize' and have these options selected: Under Drives and Folders put a check by Scan Within Archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
 

Read other 2 answers
RELEVANCY SCORE 63.6

My daughter's computer is running extremely slow. I ran Spybot S&D and Lavasoft AdAware to remove some things, but it is still acting up. about:Blank comes up when exiting out of IE7 and then asks about sending error report. Do I have some sort of virus? I've included a HJT logfile.
-----------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 7:17:50 AM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Progr... Read more

A:Solved: about:Blank, HiJack This included

Read other 13 answers
RELEVANCY SCORE 62.8

Internet will not open in browser, home page keeps refering back to about:blank

Logfile of HijackThis v1.99.1
Scan saved at 10:51:26 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Cindy Ro\Desktop\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\Cu... Read more

A:Solved: Think I have about blank virus, and maybe more, hijack log included

Read other 11 answers
RELEVANCY SCORE 62.8

Hi, I'm having problem with my Winxp Pro. What happened, my desktop is blank after startup. I can run Task Manager and there's explorer.exe running. I end this task, run it again and then icons and everything else start. Anyway, it's quite inconvenient to start system like that every single time... I tried few solution from my 'googling' but they don't work for me. I thought Alcohol 120% caused this problem so I unistalled it but issue didn't disappear.

Please, review my hijack log file and try to find the issue... I'd appreciate any response...



And one more thing - I have Polish version of Windows, so there are few Polish words in my log:

In line "R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza" the last word means "Links",

there are two more Polish words - "USLUGA LOKALNA" is "LOCAL SERVICE" and "USLUGA SIECIOWA" is "NETWORK SERVICE"...


That'll be all.




this is my hijack log:


Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:08, on 2008-07-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\w... Read more

Read other answers
RELEVANCY SCORE 62.4

Computer is running very slow. All kinds of problems
with applications crashing. Including notepad, when trying to edit hijack log and fix myself. On top of that I am not really comfortable killing proccess and trying
to fix my computer myself.


Logfile of HijackThis v1.98.2
Scan saved at 7:43:44 PM, on 11/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkgl32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CAPM1RSK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Progra... Read more

A:computer running slow. about blank. Hijack log included

Hi srath79
Make sure you have already run Adaware, Spybot S & D and CWshreader(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted in RED will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gcdpf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gcdpf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gcdpf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
R1 - HKLM\Software\Microsoft\I... Read more

Read other 7 answers
RELEVANCY SCORE 55.2

am having recurrting problems with my preferred browser site being changed to a form of adware called "about blank." I have run the CW Shredder and it did not remove anything. It also affects my ability to use the address bar to launch a search, as it redirects everything to an unknown site of no help.

Below is my HJT log. Would appreciate somebody's guidance to help remove what appears to be an imbedded trojan.
Logfile of HijackThis v1.97.7
Scan saved at 3:35:26 AM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wan... Read more

A:"About Blank" probleml Hijack This! Log included

Hi..........

Download and Install: "FINDnFIX.EXE"
From here:
http://freeatlast100.100free.com/

Run the "!LOG!.bat" file, post the results....
 

Read other 3 answers
RELEVANCY SCORE 51.6

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common File... Read more

Read other answers
RELEVANCY SCORE 51.6

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common File... Read more

Read other answers
RELEVANCY SCORE 51.6

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "blank: about" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Fil... Read more

Read other answers
RELEVANCY SCORE 46.8

it started as a bunch of web pages finding their way into my favorites folder and a 'casino' icon on my desktop. now my home page has been reset to about:blank and web pages pop up randomly as i'm working. i can't even close those pages without getting a message asking me to continue or cancel.

i have run the programs and cleaners in the sticky's. also bhodemon. now i can catch the attempt to change my homepage and some dll's but it means that i have to click through a bunch of screens whenever i go to my homepage-- "your homepage has been changed. do you want to restore?" etc.

i am also concerned that the problem will worsen over time
here's my log.

Logfile of HijackThis v1.98.0
Scan saved at 12:50:52 PM, on 10/07/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:... Read more

Read other answers
RELEVANCY SCORE 46.8

Well I refrained from throwing the computer off the roof so far but came really close. Here is my Hijack this log I hope that someone can give me a better understanding of what my problem is. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 6:48:54 PM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\progra~1\mcafee\MCAFEE~2\MssSrv.exe
C:\WINDOWS\system32\sistray.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\srvany.e... Read more

A:RE: Blank, Blank, Blank &^%$ Good old Hijack this

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.sfx.exe and run it. Uncompress the file and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish th... Read more

Read other 5 answers
RELEVANCY SCORE 46.4

You guys just fixed a hijack on my computer and now a buddy of mine needs help with a hijack he has. His homepage changes each time he opens IE. If he keeps IE open all day it will not change, but the minute he closes it and opens it again it will change.
Logfile of HijackThis v1.97.7
Scan saved at 9:26:17 AM, on 6/23/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Funk Software\Proxy Host\PH32SVC.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Funk Software\Proxy Host\PHOST32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\ctfmon.exe
C:... Read more

A:About:blank hijacked, HTJ log included

Bump.
 

Read other 1 answers
RELEVANCY SCORE 46.4

Hey guy, this recent reformat i did seems to of done more harm than good....
Any of you able to help me in my latest screw-up?
For some reason, whenever i play a game, for example, sims 2, company of heroes, supreme commander, Defcon etc. all end up going to a black screen after a varying amount of time. ive played around and whenever it goes to this black screen the computer will not respond, it ignores CD/DVD/Floppy drives if i insert a cd, when normally it starts autoruns etc. and my monitor actually reports that there is no signal....
I tried it by making sure anti-aliasing and antiostropic filtering was off, as i dont tihnk my gfx card can cope. (nVidia AGP FX5700LE)

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:10:12, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explo... Read more

A:Oh Noes, B(blank)SOD HJT log included!

I moved this to the malware forum; you will get more of a response there.
 

Read other 3 answers
RELEVANCY SCORE 46.4

Dear support team,

I have been reading all over the internet for the past week on the about:blank spyware, and ive tried it all. Ive got every spyware eliminator and done it all but i'm still having some trouble killing this one... I have ridded my computer in the past of this bug but this is the first time ive had to actually join a Forum to fix it. I'm not sure if i have another virus in the computer that PC-Chillin cant pick up, but all my definitions are up to date. I have included my hijackthis log. Thank you for any help you can give me on this matter.

Sincerely,

Doug C.


Logfile of HijackThis v1.99.0
Scan saved at 1:35:09 PM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\... Read more

A:About:blank issues, HJT log included

Dear support team,

I solved my issue, I feel ridiculious for not catching it in the first place. I have now taken care of it and have realtime virus scaning watching my activities I would just like to take a moment to acknowledge what you guys are doing here. Its great to see that there is other computer literate people out there helping people when they need it most and dont want to fall for the irony in a pop-up add claiming it will clean up your computer for a small price of $19.99. Yet sometimes even the guys who know a "good bit" of information about computers, need to turn to the specialists who can get'r done. Thank you for having a site like this around and i hope good fortune for you all.

sincerely with care,

Doug C.

Read other 2 answers
RELEVANCY SCORE 46.4

Hey guys, I can see that others are having to same trouble with this one... i know everyones computer is different so I posted my FindNFix log as well. I have run Adaware, Spybot, CWShredder and even though it appears to clean my system about 10 mins later the About:blank is back.

Any help would be greatly appreciated.

Thanks,

AARCUDA
»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»
--The directory 'junkxxx' is now included as a Subfolder in the FINDnfix folder
and is the destination for the file to be moved..
-*Previous directions will no longer work...
»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»

Microsoft Windows XP [Version 5.1.2600]
»»»IE build and last SP(s)
6.0.2800.1106 SP1-Q330994-Q824145-Q837009-Q832894
The type of the file system is NTFS.
C: is not dirty.

Tue 07/13/2004
9:37pm up 0 days, 13:43

»»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»»
The list will produce a small database of files that will match certain criteria.
You must know how to ID the file based on the filters provided in
the scan, as not all the files flagged are bad.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided should help narrow down the list, and hopefully
pinpoint the culprit.
Along with that,registry scan logged at the end should mat... Read more

A:Need help with About:blank Findnfixlog included

Read other 9 answers
RELEVANCY SCORE 46.4

Logfile of HijackThis v1.98.2
Scan saved at 1:47:42 AM, on 08/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\myLinker\myLinker.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ntoq32.exe
C:\WINDOWS\System32\lcobfp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\ntmh.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jveoo.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jveoo.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explor... Read more

A:about:blank hijackthis log included

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com. If you don’t have a fast internet connection, you can get the security update CD from Microsoft for free.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it’s clean, you may turn it back on and create a new restore point.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Desktop or Temp folder. This is required because HijackThis will create backups.

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one:

C:\PROGRA~1\myLinker\myLinker.exe
C:\WINDOWS\system32\ntoq32.exe
C:\WINDOWS\System32\lcobfp.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\ntmh.exe

Uninstall the following via the Add/Remove Program’s Window if the... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

Greetings,

I run Windows XP and Internet Explorer. Three days ago, I got hit with About:blank. I used Adware Away to rid myself of the About:blank homepage, but now I am bombarded with pop-up ads for casinos and nude poker, as well as trojans and viruses--NTRootKit-H, SpoofDNS and Downloader-VJ. I've been scanning with AdAware, SpyBot and McAfee, but I can't seem to rid my machine of them. I followed similar issues on this forum and decided the safest thing would be to submit my own log. I would be grateful for any help.

Best,
Logan

P.S. Anyone familiar with Adware Away? I have my doubts--they offered to analyze my log but asked for my SMTP server account name and password, which seems highly dubious. Quickly uninstalled the software.
Logfile of HijackThis v1.99.0
Scan saved at 8:32:31 AM, on 3/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32... Read more

A:Solved: about:blank HJT log included

Read other 16 answers
RELEVANCY SCORE 46.4

I just yesterday got an alert from avast on acces virus scan saying that a trojan was trying to install itself. Now I have the annoying redirect to the about.blank and a "security" alert in my toolbar telling me that I have spyware and several popups telling me the same.
Here is my HJT log, thanks in advance for any help.

Logfile of HijackThis v1.99.1
Scan saved at 8:51:24 PM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:... Read more

A:About.blank redirect, HJT log included, help

Hello and Welcome Back to TSF!!!

All apologies on the delay.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Read other 8 answers
RELEVANCY SCORE 46

Need help! Please! about:blank keeps taking over my homepage, and i can't shift it! My hjt log is attached below. Please could you take a look and tell me exactly how to get this off my pc! It's really bugging me now! Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 18:20:55, on 26/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\qttask.exe
C:\Program Files\DelFin\PromulGate\PgMonitr.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINNT\System32\wjview.exe
C:\Program Files\ToPicks\Bin\Idhost.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\WINNT\Wast.exe
C:\Documents and Settings\Win2K User\Application Data\moot.exe
C:\WINNT\System32\wnsintsv.exe
C:\Program Files\CConnect\CConnect.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\WebRebates\WebRebates.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Win2K User\My Documents\Applications\HijackThis.... Read more

A:homepage defaulting to about:blank. hjt log included

Read other 12 answers
RELEVANCY SCORE 46

Infected by this Startpage-DU.dll trojan so my IE goes to about:blank page.

Ran the Ad-aware SE and scanned/deleted. Ran Mcafee which says that "A Trojan has been Detected and Cleaned" but it keeps coming back.

Already shut off system restore and clicked Show Hidden files and folders.

Ran Hijack This and Hijack This Analyzer and posted the logs below.

Any help would be great. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 7:29:32 AM, on 2/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\... Read more

A:about:blank problems / DLL trojan - log included

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Download CWShredder and run it. Click on 'I Agree' button ... Read more

Read other 3 answers
RELEVANCY SCORE 46

When I boot my computer up, Windows loads, but I have no taskbar or icons on the desktop. I can access programs through the Task Manager, but my modem is still not recognized. Booting in safe mode has no effect. If I reset the computer with the reset button, sometimes the desktop loads normally. Any help would be greatly appreciated. Here's my Hijack this log file. Thanks in advance.

Logfile of HijackThis v1.97.7
Scan saved at 5:36:34 PM, on 10/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Infra\CtInfra.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\ShareDL... Read more

A:Blank Desktop (Hijackthis Log included)

Read other 12 answers
RELEVANCY SCORE 46

Hello,

I newly updated IE6 to IE7 today and for some odd reason there is a blank toolbar that appears across IE7 under the tab. whenever I start IE7. It goes away when I click to add a tab or if I do almost anything on a webpage.

I used malware and superantispyware to check for any toolbars but nothing. msconfig doesn't show anything unusual. Any idea how to find out what this is?

Read other answers
RELEVANCY SCORE 46

I did try and post this yesterday, but my system froze and I lost the entire thread

The problem: My system keeps freezing and booting me off the www. I'm having rundll32.exe error messages and the system takes forever to shut down - one pop up after the other - and explorer.exe is using 60% and thats before I'm even started. The system freezes/hangs, then shows about:blank. I recheck my homepage and that still shows my ISP page.

I have the following installed and have run them, with no problems apparent:McAfee Firewall & Viruscan
SpySweeper
Spybot S&D
SpeedUpMyPC
Security Task Manager

I have performed numerous disk clean ups, defragmented, run the CWS search tool, cleared temp files/cache/history - rebooted and still the same old problems.

TBK

Hope this helps:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:14:38, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfe... Read more

A:PC freezing/Pop Ups+++/about:blank/explorer.exe 60% - HJT log included

And I forgot to mention, a tonne of script error messages on any page I visit!

Read other 2 answers
RELEVANCY SCORE 46

can't get rid of about:BLANK. help!

below is my hijackthis log. but first let me tell you what i've
tried so far.

(i am running Windows XP.)

i booted in safe mode, ran CWShredder, then ran HiJackThis and
removed six things that specifically mentioned "about.blank." then
i tried to delete my temp directory. but i was not allowed to delete
se.dll ("cannot delete se: access is denied"). I'm logged with
admistrator privlidges; and in the past i've been able to delete
everything in my temp folder; but i don't claim to be any sort of
expert.

i should also say that i don't really know how to read a HiJackThis log.

also: obviously the about:blank entries i "fixed" came right back.

anyway, here's the log. what can you see?

Logfile of HijackThis v1.99.0
Scan saved at 9:33:54 AM, on 3/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
F:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Intern... Read more

A:Solved: can't get rid of about:BLANK. HiJackThis log included.

Read other 6 answers
RELEVANCY SCORE 45.6

Hi there,
Thanks in advance for your time
I'm having the following problems:

1. On startup, I get a message along the lines of "Enumerate USB device fail!!!". I click OK and it appears 3 more times.
2. My device manager is empty
3. When I tried to update my AMD graphics driver using their autodetect program, it failed with error "Could not enumerate PNP devices. Is the Plug and Play service disabled?"

I have checked to ensure plug and play has a status of 'started'.
Sorry but I don't know what ARK.txt is. Please let me know if you need it and if so how to get it.

I do have access to an OEM System Builder pack, legitimate Windows 7 disc. Running 64 bit.

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Admin at 23:51:03 on 2012-10-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.16339.14214 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrx... Read more

Read other answers
RELEVANCY SCORE 45.6

I dont know are these blank white boxes called popups or info windows but they are blank and they shouldn`t be blank. How to fix them so they show information ?
 

Read other answers
RELEVANCY SCORE 45.6

My homepage is being continually hijacked and taken to about:blank. I have run Ad-Aware, Spybot, SpySweeper, and bought McAfee AntiSpyware. All of them detected spyware and browser changes, but my homepage keeps getting changed. Below is my log:

Logfile of HijackThis v1.97.7
Scan saved at 9:50:24 PM, on 9/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Piolet\Piolet.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Mes... Read more

A:Homepage Is Changing To About:blank, Logfile Included; Please Help!!!!!!!!!

Read other 12 answers
RELEVANCY SCORE 44.8

Hi,
A friend of mine dl'd a virus or trojan that caused his computer to boot to a blank desktop (no icons or taskbar), the "click here to remove spyware" popups, and constantly try to connect to the internet. I was able to ctrl-alt-del into task manager to get the desktop back to normal but it seems to restart explorer every 10 secs or so and seemed to prevent me from running any programs. I saw that their antivirus was out of date so I uninstalled pccillin, and installed AVG Free 8, which finds the Win32/Huer virus and efcASlkj.dll, but cant seem to remove. I searched online and found info on the zlob trojan that caused the same "symptoms" but not all the processes that it listed in the removal showed up, so I dont think that's the one. I did have msmsgs.exe, that when I ended its process, stopped the explorer restart but not the internet attempts. here is the HTJ log AFTER ending the msmsgs.exe process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:43 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spools... Read more

A:Solved: virus causing blank desktop, HTJ log included

Read other 16 answers
RELEVANCY SCORE 44.8

last night my computer was working fine, I shut it down and then this morning tried to start it and i get the startup toshiba screen but then it goes blank. Just a black screen despite all the lights on the front lightint up. the bit where i enter my password and then windows usually loads....wont load. Its just a blank screen. Tired plugging into external screen but to no avail which means its not a screen issue. I have NOD32 installed but that didn't pick up any viruses last night, today i can't run it because i'm currently in safe mode. just done two online virus scans - one with mcafee and one with trend micro, the trend micor found a trojan virus called troj_gen.AX4088. Just ran a hijack this scan and got the following.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:14, on 21/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system... Read more

Read other answers
RELEVANCY SCORE 42.8

Would appriciate anyone who could suggest what to fix
Logfile of HijackThis v1.97.7
Scan saved at 1:40:07 PM, on 6/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\documents and settings\william\local settings\temp\69eiXKn.exe
C:\WINDOWS\iecx32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\ntwo.exe
C:\WINDOWS\System32\ZsgFezZ.exe
C:\WINDOWS\System32\VebQQl42.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\William\Local Settings\Temp\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Softw... Read more

Read other answers
RELEVANCY SCORE 42.8

Hi i'm running windows xp service pack 2 with mcafee and recently it has picked up a trojan virus in the file c:\\windows\systems32\antiwpa.dll and mcafee is calling it a generic.dx trojan.

it also picks up another trojan on the same file but it detects it as another file with all the letters capitalized (ANTIWPA.DLL) not sure what that means.

here is the hijackthis report log.

Logfile of HijackThis v1.99.1
Scan saved at 2:13:51 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WI... Read more

A:Please Help hijack log included

i also wanted to say that i tried to download combofix after shutting off my mcafee and there is a combofix icon on my desktop but it can't be open, or deleted...and the mcafee sheild on my taskbar is gone.
 

Read other 3 answers
RELEVANCY SCORE 42.8

I downloaded a file with a trojan attached, and it royally screwed up my computer. AVG picked up 15 viruses and got rid of them but I'm still having a ton of problems, mainly annoying pop-ups that say my security is out of date, and that I need to download stuff to protect my computer (none of which I have clicked). It also made my Control Panel disappear and I can't access my C, D or F drives. They don't even show up under My Computer anymore. I ran spybot which detected quite a few problems and it fixed them but I'm still having all the same problems. Please help, I don't know how to fix this and I'm pulling out my hair.

Windows XP
Gateway PC
AVG Anti-Virus
Spybot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Netw... Read more

A:Please help! Hijack this log included!

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entri... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

I'm not even sure if this is a security question, but since my mother insists on opening forwarded emails, it's #1 on my list. I'm working with Windows XP w/Internet explorer.

Here's the problem: My dial-up ISP has been running super slow recently. It is close call america (it's a small company), and I connect through a software program we installed with a CD they sent us. This was maybe 3 years ago, and we haven't had any problems.

I went into the network settings to change the phone # we were using to connect. It then dialed the number, not going through the software. It came back with an error message, and I was not surprised.

But now, when I double-click the software icon to open the software to start the dialing, the little box comes up (like the icon/ad box NetZero uses but with no ad), the little box that usually says "dialing" flashes up (doesn't start dialing), then disappears, and the entire application shuts down.

I've restarted the computer, I've checked my username and password. I tried reinstalling the CD software but I get a runtime error. I tried setting up a new connection and doing it without the software, but it gives me some sort of "the server doesn't recognise you" error. I've tried calling their tech support, but they're obviously people off the street just reading off of info packets (she didn't know what an IP is...uhhh).

I definately think it's a proble... Read more

A:Need help please - hijack included

http://forums.techguy.org/windows-nt-2000-xp/485363-application-closes-itself-i-dont.html

Closing duplicate, please reply there.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hoping someone here can help me out.

I am having a problem access certain websites on my computer. Normally, I don't let it bother me, but I can't access any of my university's webpages, which is a big problem considering I do some school work online. When I type the web address, MSN pops up and says "We can't find "www.trentu.ca Did you mean to go to one of these sites..." and then its lists the Trent site, but I still can't access the pages. I also cannot access Yahoo.com. I get the same message as I do when trying to access the uni sites.

Someone mentioned that it might be a spyware problem, but I have SpySweeper and AdAdware SE installed and keep checking them for updates. I've emptied my cookies, cleared all temporary internet files and cleared the history.

We are on a network here and all my other housemates have no problems access any of the above sites.

This is becoming a pain in the butt to deal with. I've included a Hijack This log as well. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 4:15:52 PM, on 2/7/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\S... Read more

Read other answers
RELEVANCY SCORE 42.8

I keep getting random pop-ups. I think I may have a trojan virus. AVG found something, and I thought that it deleted it, but still getting pop-ups. Here is my hijack log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:44 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Mic... Read more

A:HELP! POP UPS! Hijack log included.

Read other 6 answers
RELEVANCY SCORE 42.8

This is from my best friend's computer....she can't get online to do this! She has a dail up connection and she can get online....but can't get anywhere....says cant find page, etc.....and can't get email at all either. What can be done? Thanks in advance! I had previously posted this on the wrong thread......

ogfile of HijackThis v1.98.2
Scan saved at 9:55:03 AM, on 10/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\ACCSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ISP50\BIN\BARTSHEL.EXE
C:\WINDOWS\SYSTEM\PTSWRAUP.EXE
C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILE... Read more

A:Please help----hijack this log included!

Read other 7 answers
RELEVANCY SCORE 42.8

Hi guys,

Just getting stoopid random pop ups.. ran AVG / Spybot Search and Destroy. and Ewido in Safe mode...
Logfile of HijackThis v1.99.1
Scan saved at 12:43:47 AM, on 6/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSyn... Read more

A:Hijack.... Log included

Read other 12 answers
RELEVANCY SCORE 42.8

Hello all,

Firstly, I hoope this post reaches you as I am having so many problems on my computer at the moment that I am struggling to say onlne for more than 10 minutes without the system freezing up then cashing on me.

I have a hared couter and ever since a new housemate has moved in I have noticed he computer get slower and slower. Examples are:

Typing on the internet is very slow and delayed.
Loading up a webpage takes forever even though my broadband spee currently downloads at 2mbps.
Opening my documents, my pictures and music takes a painfully long time and opening individual files also take a long time to open.
When I close the PC down I have to wait a minute for screen to pop up asking me if I want to entask on an application that I have no idea what it does.

^ Those are the main problems. At the moment I am desperately trying to backup my files as I am expecting my compuer to die on me and I am prepared to buy a laptop. But at the moment it is running so slow that simple tasks like burning a cd of 700mb of data can take over an hour from start to finish. I now have loads of extra programs in my system tray and start menu including a file sharing program which surely is not helping!

I hope someone here can help - in the past I have had great help from this website when it comes to hijack this logs. I have posted the log below...I even hope I can access this thread sometime soon!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:16, on 20/01/2... Read more

A:PC will die on me....Hijack this log included

UPDATE:

Since downloading a new windows service pack I have internet explorer 7. A lot of pop ups come up telling me that I am infected and to download a certian fix or rogram. The pop up pages look like it s scanning my system and it looks legitimate but I have no idea if they are legit or what.
 

Read other 1 answers
RELEVANCY SCORE 42.8

i believe i had a leech. it was filling up my hard drive and saying it was full. it stopped filling up my hard drive after i ran avast antivirus. but it must of filled up 100 gigs and i dont know where to find it. i ran hijack this and theres a lot of missing files which some of them i believe is important.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:10 PM, on 6/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files... Read more

A:need help hijack this log included.

can anybody please help before a have to do a clean install
 

Read other 1 answers
RELEVANCY SCORE 42.8

hi, got this damm msn virus someone sent me something say bout a pic to look at and stupid me downloaded iot now my msn is sending all contact this same ****.. anyway u know all bout it .. thanks in advance..

heres the log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:59 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\essspk.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\cvisvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\I... Read more

A:can u help pls!, hijack his log included already..

any help asap would be appreciated thank u
 

Read other 1 answers
RELEVANCY SCORE 42.8

i ran a hijack this log (included). My biggest problem is I get a message saying there is an IP address conflict with another user. Not sure how to remove it but would love some help. Thanks for all the great work you guys do Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:09:14 PM, on 2/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_10\bin\jusched.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:&#... Read more

A:Hijack This Log Included

Welcome to the BleepingComputer HijackThis Logs and Analysis forum majicparty My name is Richie and i'll be helping you to fix your problems.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 3 answers
RELEVANCY SCORE 42.8

never seen this before. I've run ad-aware, spybot, microsoft's beta spyware cleaner and we've got norton anti-virus corporate edition and STILL the pop ups keep coming. The anti-virus keeps catching a ton of stuff and putting it in quarantine...I clean that out and it catches more stuff. the microsoft caught something called the "peper trojan" but it supposedly cleaned it, but didn't fix the problem. Anyhoo...here's the hijack log..this log was after all of the scans with the aforementioned programs. I did update them before I ran them and also did thorough scans instead of quick scans.
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Seagate Software\WCS\pageserver.exe
C:\Program Files\Seagate Software\WCS\WebCompServer.exe
C:\Program Files\Seagate Software\WCS\cacheserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe
C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe
C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe
C:\Program Files\Seagate Software\WCS\JobServer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\starter.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Progra... Read more

A:pop up ads have taken over...hijack included

Read other 7 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 12:45:25 AM, on 6/18/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\EXPLORER.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e4me.com/start.htmlR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.juno.com/s/sp?r=al&cf=sp&mem=nas...&N=PLHS&O=I&UT=O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCXO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorunO4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exeO4 - HKLM\..\Run: [SystemTray] systray.exeO4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrSchemeO4 - HKLM\..\Run: [AtiCwd32] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /minO4 - HKLM\..\Run: [AtiKey] ... Read more

A:need help please. hijack log included

Hello computerclueless2005 and welcome to the BC forums. It appears that this log was run from Safe Mode. I need you to boot normally and run the HijackThis scan from normal mode and post a new log back here.

Thanks.

OT

Read other 1 answers
RELEVANCY SCORE 42.8

Help - having major issues, pop-ups, etc. Can someone analyze my hijack log and tell me what to do. Remember, be specific, I'm new at this and I'm blonde!

Logfile of HijackThis v1.98.2
Scan saved at 7:39:28 PM, on 11/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\Hehxl.exe
C:\WINDOWS\pgtaff.exe
C:\WINDOWS\System32\winmonv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\ipsbk32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WIN... Read more

A:HELP! Hijack This Log included

Read other 7 answers
RELEVANCY SCORE 42.8

Hi FLrman. Can u help me with this? (english is not my first language, so sorry if it isn´t that good):
Yesterday, i found some problems in my pc. Every time I open the internet explorer, this link is open as the home page (http://homepage.com@www.e-finder.cc/hp/). Sometimes, when I write for ej: www.yahoo.com and press enter, the internet explorer shows http://ehttp.cc/?www.yahoo.com.
What I decided to do is to download HijackThis v1.97.7 and scan. this is my log:

Logfile of HijackThis v1.97.7
Scan saved at 07:20:32 p.m., on 29/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\WinGate\WinGate.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\AddCLS.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zapro.exe
C:\Archivos de programa\WinGate\wgengmon.exe
C:\Archivos de programa\Sony Corporation\Image Transfer\SonyTray.exe
C:\ARCHIV~1\ICQ\ICQ.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Charles\Hij... Read more

A:Please Help - Hijack Log Included

Read other 6 answers