Over 1 million tech questions and answers.

About:Blank...Hijack Log included

Q: About:Blank...Hijack Log included

Please help me I am computer stupid. I have terrible virus problems. I have the "about:blank" virus and the PWSteal.Trojan virus in file C:\WINDOWS\tgbcde\library32.dll
Please talk to me as though I am stupid...I am when it comes to this stuff!

Here is my HijackThis log:
HijackThis v1.98.2
Scan saved at 5:42:19 PM, on 8/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50138
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 169.254.78.159
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Courtney\Local Settings\Temp\4oUn9.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.projecx.net/server.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50138/QDow_AS2.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livephish.com/nugster/dlControl.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
O20 - AppInit_DLLs: C:\\Winnt\System32\wdm.dll

RELEVANCY SCORE 200
Preferred Solution: About:Blank...Hijack Log included

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: About:Blank...Hijack Log included

Welcome to TSF.

Please do not post multiple times. Doing so will not make us answer your question faster. If no one replies about a day or so, reply to your original message with a bump.

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it’s clean, you may turn it back on and create a new restore point.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Please download Adaware and install it if you don’t have it already. Make sure it’s the newest version and check for any updates before running it. Download the VX2 Cleaner Add-On and follow the online instructions to install it properly. Also make sure to customize the settings in Adaware for better scan results. Run the scan and fix everything that it finds.

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

Reboot into Safe Mode (hit F8 key until menu shows up).

Hopefully Adaware has removed some entries for you already. So if you see that something doesn’t exist anymore, Adaware probably fixed/deleted it already. Just continue on with the other fixes/deletions.

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn’t be – but double check it):

C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\PROGRA~1\Save\Save.exe
C:\PROGRA~1\CLOCKS~1\Sync.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Common Files\WinTools\WSup.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

WinTools – any entry that has this word
ClockSync
Viewpoint
MaxSpeed

Make sure to close any open browsers you have. Check and fix the following in HijackThis if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50138
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50138
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = 169.254.78.159
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: G1.GZ - {79C03BC5-6C55-4B5B-921F-C02B6F1ABD7B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\Pribi.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Courtney\Local Settings\Temp\4oUn9.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [WhenUSave] C:\PROGRA~1\Save\Save.exe
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://www.projecx.net/server.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50138/QDow_AS2.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livephish.com/nugster/dlControl.CAB
O20 - AppInit_DLLs: C:\\Winnt\System32\wdm.dll

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\Program Files\Common Files\WinTools\
C:\PROGRA~1\Save\
C:\PROGRA~1\CLOCKS~1\
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pribi\
C:\Documents and Settings\Courtney\Local Settings\Temp\ - delete all the files in the folder only
C:\Program Files\SEP\
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\Program Files\Viewpoint\
C:\Program Files\Common Files\slmss\
C:\WINDOWS\mwsvm.exe
C:\Program Files\VBouncer\
C:\WINDOWS\System32\ms.exe

Reboot into Normal Mode.

After that’s done, restart and post a new HijackThis log file so we can make sure it’s clean.

To help prevent future spyware installations/infections, please read my anti-spyware section and use the tools provided.

Read other 1 answers
RELEVANCY SCORE 64.4

Hello,
I am infected with the about:blank problem and everytime i change my homepage it always goes back to about:blank with a search engine of somekind, i have run spybot. I also ran CWShredder which fixed it for an hour or two but the problem came back.
Thank you

Logfile of HijackThis v1.97.7
Scan saved at 5:36:34 PM, on 5/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\docume~1\glenn\locals~1\temp\DRb9.exe
C:\docume~1\glenn\locals~1\temp\DRb9.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\System32\dp-him.exe
C:\WINDOWS\System32\tcmeftp.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Reese Family\Application Data\rncr.exe
C:\WINDOWS\System32\wnscpsv.... Read more

A:about:blank help please! Hijack log included

***

Get, install, update and run free Ad-aware (and its HexDump plug-in) from http://www.lavasoftusa.com/software/adaware/

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use Custom Scanning Options' then click Customize' and have these options selected: Under Drives and Folders put a check by Scan Within Archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select: Unload recognized processes during scanning and under Cleaning Engine select: Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
 

Read other 2 answers
RELEVANCY SCORE 63.6

My daughter's computer is running extremely slow. I ran Spybot S&D and Lavasoft AdAware to remove some things, but it is still acting up. about:Blank comes up when exiting out of IE7 and then asks about sending error report. Do I have some sort of virus? I've included a HJT logfile.
-----------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 7:17:50 AM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Progr... Read more

A:Solved: about:Blank, HiJack This included

Read other 13 answers
RELEVANCY SCORE 63.2

Internet will not open in browser, home page keeps refering back to about:blank

Logfile of HijackThis v1.99.1
Scan saved at 10:51:26 PM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Cindy Ro\Desktop\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\Cu... Read more

A:Solved: Think I have about blank virus, and maybe more, hijack log included

Read other 11 answers
RELEVANCY SCORE 63.2

Hi, I'm having problem with my Winxp Pro. What happened, my desktop is blank after startup. I can run Task Manager and there's explorer.exe running. I end this task, run it again and then icons and everything else start. Anyway, it's quite inconvenient to start system like that every single time... I tried few solution from my 'googling' but they don't work for me. I thought Alcohol 120% caused this problem so I unistalled it but issue didn't disappear.

Please, review my hijack log file and try to find the issue... I'd appreciate any response...



And one more thing - I have Polish version of Windows, so there are few Polish words in my log:

In line "R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lacza" the last word means "Links",

there are two more Polish words - "USLUGA LOKALNA" is "LOCAL SERVICE" and "USLUGA SIECIOWA" is "NETWORK SERVICE"...


That'll be all.




this is my hijack log:


Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:08, on 2008-07-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\w... Read more

Read other answers
RELEVANCY SCORE 62.4

Computer is running very slow. All kinds of problems
with applications crashing. Including notepad, when trying to edit hijack log and fix myself. On top of that I am not really comfortable killing proccess and trying
to fix my computer myself.


Logfile of HijackThis v1.98.2
Scan saved at 7:43:44 PM, on 11/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\sdkgl32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\CAPM1RSK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Progra... Read more

A:computer running slow. about blank. Hijack log included

Hi srath79
Make sure you have already run Adaware, Spybot S & D and CWshreader(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted in RED will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gcdpf.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gcdpf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gcdpf.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
R1 - HKLM\Software\Microsoft\I... Read more

Read other 7 answers
RELEVANCY SCORE 55.2

am having recurrting problems with my preferred browser site being changed to a form of adware called "about blank." I have run the CW Shredder and it did not remove anything. It also affects my ability to use the address bar to launch a search, as it redirects everything to an unknown site of no help.

Below is my HJT log. Would appreciate somebody's guidance to help remove what appears to be an imbedded trojan.
Logfile of HijackThis v1.97.7
Scan saved at 3:35:26 AM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wan... Read more

A:"About Blank" probleml Hijack This! Log included

Hi..........

Download and Install: "FINDnFIX.EXE"
From here:
http://freeatlast100.100free.com/

Run the "!LOG!.bat" file, post the results....
 

Read other 3 answers
RELEVANCY SCORE 51.6

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "blank: about" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Fil... Read more

Read other answers
RELEVANCY SCORE 51.6

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common File... Read more

Read other answers
RELEVANCY SCORE 51.6

Windows XP
SP 2

I have two main problems and from some of the other threads I've viewed they might be related. 1) Whenever I try to open "My Computer" or "Control Panel", etc. I get this "DrWatson Postmortem Debugger has encountered a problem and needs to close. We are sorry for the inconvenience." Then my system freezez up for a while until I CTRL ALT DEL and end "drwtsn" manually. 2) I think I have some adware. My internet hope page keeps reverting to "about:blank" regardless of what I change it to. I am also getting some porn links in my "favorites" list and if I delete them they just go back. I've run scans with Norton, AdAware SE, SpyBot, and Nod32 and I also have SpywareBlaster running. I don't know what to do! Please help!

Here's my hijack this scan:

Logfile of HijackThis v1.99.1
Scan saved at 6:33:20 PM, on 3/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common File... Read more

Read other answers
RELEVANCY SCORE 47.2

it started as a bunch of web pages finding their way into my favorites folder and a 'casino' icon on my desktop. now my home page has been reset to about:blank and web pages pop up randomly as i'm working. i can't even close those pages without getting a message asking me to continue or cancel.

i have run the programs and cleaners in the sticky's. also bhodemon. now i can catch the attempt to change my homepage and some dll's but it means that i have to click through a bunch of screens whenever i go to my homepage-- "your homepage has been changed. do you want to restore?" etc.

i am also concerned that the problem will worsen over time
here's my log.

Logfile of HijackThis v1.98.0
Scan saved at 12:50:52 PM, on 10/07/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:... Read more

Read other answers
RELEVANCY SCORE 47.2

Well I refrained from throwing the computer off the roof so far but came really close. Here is my Hijack this log I hope that someone can give me a better understanding of what my problem is. Thanks for any help.

Logfile of HijackThis v1.99.1
Scan saved at 6:48:54 PM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\progra~1\mcafee\MCAFEE~2\MssSrv.exe
C:\WINDOWS\system32\sistray.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\srvany.e... Read more

A:RE: Blank, Blank, Blank &^%$ Good old Hijack this

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.sfx.exe and run it. Uncompress the file and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish th... Read more

Read other 5 answers
RELEVANCY SCORE 46.4

Logfile of HijackThis v1.98.2
Scan saved at 1:47:42 AM, on 08/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\myLinker\myLinker.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ntoq32.exe
C:\WINDOWS\System32\lcobfp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\ntmh.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jveoo.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jveoo.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explor... Read more

A:about:blank hijackthis log included

Please print out or copy this page to Notepad. You should not have any open browsers when you are following the procedures below.

Make sure to update Windows and Internet Explorer at http://windowsupdate.microsoft.com. If you don’t have a fast internet connection, you can get the security update CD from Microsoft for free.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it’s clean, you may turn it back on and create a new restore point.

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Desktop or Temp folder. This is required because HijackThis will create backups.

Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one:

C:\PROGRA~1\myLinker\myLinker.exe
C:\WINDOWS\system32\ntoq32.exe
C:\WINDOWS\System32\lcobfp.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\WINDOWS\ntmh.exe

Uninstall the following via the Add/Remove Program’s Window if the... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

Dear support team,

I have been reading all over the internet for the past week on the about:blank spyware, and ive tried it all. Ive got every spyware eliminator and done it all but i'm still having some trouble killing this one... I have ridded my computer in the past of this bug but this is the first time ive had to actually join a Forum to fix it. I'm not sure if i have another virus in the computer that PC-Chillin cant pick up, but all my definitions are up to date. I have included my hijackthis log. Thank you for any help you can give me on this matter.

Sincerely,

Doug C.


Logfile of HijackThis v1.99.0
Scan saved at 1:35:09 PM, on 1/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\... Read more

A:About:blank issues, HJT log included

Dear support team,

I solved my issue, I feel ridiculious for not catching it in the first place. I have now taken care of it and have realtime virus scaning watching my activities I would just like to take a moment to acknowledge what you guys are doing here. Its great to see that there is other computer literate people out there helping people when they need it most and dont want to fall for the irony in a pop-up add claiming it will clean up your computer for a small price of $19.99. Yet sometimes even the guys who know a "good bit" of information about computers, need to turn to the specialists who can get'r done. Thank you for having a site like this around and i hope good fortune for you all.

sincerely with care,

Doug C.

Read other 2 answers
RELEVANCY SCORE 46.4

Hey guy, this recent reformat i did seems to of done more harm than good....
Any of you able to help me in my latest screw-up?
For some reason, whenever i play a game, for example, sims 2, company of heroes, supreme commander, Defcon etc. all end up going to a black screen after a varying amount of time. ive played around and whenever it goes to this black screen the computer will not respond, it ignores CD/DVD/Floppy drives if i insert a cd, when normally it starts autoruns etc. and my monitor actually reports that there is no signal....
I tried it by making sure anti-aliasing and antiostropic filtering was off, as i dont tihnk my gfx card can cope. (nVidia AGP FX5700LE)

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:10:12, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explo... Read more

A:Oh Noes, B(blank)SOD HJT log included!

I moved this to the malware forum; you will get more of a response there.
 

Read other 3 answers
RELEVANCY SCORE 46.4

I just yesterday got an alert from avast on acces virus scan saying that a trojan was trying to install itself. Now I have the annoying redirect to the about.blank and a "security" alert in my toolbar telling me that I have spyware and several popups telling me the same.
Here is my HJT log, thanks in advance for any help.

Logfile of HijackThis v1.99.1
Scan saved at 8:51:24 PM, on 5/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:... Read more

A:About.blank redirect, HJT log included, help

Hello and Welcome Back to TSF!!!

All apologies on the delay.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Read other 8 answers
RELEVANCY SCORE 46.4

You guys just fixed a hijack on my computer and now a buddy of mine needs help with a hijack he has. His homepage changes each time he opens IE. If he keeps IE open all day it will not change, but the minute he closes it and opens it again it will change.
Logfile of HijackThis v1.97.7
Scan saved at 9:26:17 AM, on 6/23/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Funk Software\Proxy Host\PH32SVC.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Funk Software\Proxy Host\PHOST32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINNT\system32\ctfmon.exe
C:... Read more

A:About:blank hijacked, HTJ log included

Bump.
 

Read other 1 answers
RELEVANCY SCORE 46.4

Greetings,

I run Windows XP and Internet Explorer. Three days ago, I got hit with About:blank. I used Adware Away to rid myself of the About:blank homepage, but now I am bombarded with pop-up ads for casinos and nude poker, as well as trojans and viruses--NTRootKit-H, SpoofDNS and Downloader-VJ. I've been scanning with AdAware, SpyBot and McAfee, but I can't seem to rid my machine of them. I followed similar issues on this forum and decided the safest thing would be to submit my own log. I would be grateful for any help.

Best,
Logan

P.S. Anyone familiar with Adware Away? I have my doubts--they offered to analyze my log but asked for my SMTP server account name and password, which seems highly dubious. Quickly uninstalled the software.
Logfile of HijackThis v1.99.0
Scan saved at 8:32:31 AM, on 3/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32... Read more

A:Solved: about:blank HJT log included

Read other 16 answers
RELEVANCY SCORE 46.4

Hey guys, I can see that others are having to same trouble with this one... i know everyones computer is different so I posted my FindNFix log as well. I have run Adaware, Spybot, CWShredder and even though it appears to clean my system about 10 mins later the About:blank is back.

Any help would be greatly appreciated.

Thanks,

AARCUDA
*** freeatlast100.100free.com ***
--The directory 'junkxxx' is now included as a Subfolder in the FINDnfix folder
and is the destination for the file to be moved..
-*Previous directions will no longer work...


Microsoft Windows XP [Version 5.1.2600]
IE build and last SP(s)
6.0.2800.1106 SP1-Q330994-Q824145-Q837009-Q832894
The type of the file system is NTFS.
C: is not dirty.

Tue 07/13/2004
9:37pm up 0 days, 13:43

*** Note! ***
The list will produce a small database of files that will match certain criteria.
You must know how to ID the file based on the filters provided in
the scan, as not all the files flagged are bad.
Ex: read only files, s/h files, last modified date. size, etc.
The filters provided should help narrow down the list, and hopefully
pinpoint the culprit.
Along with that,registry scan logged at the end should mat... Read more

A:Need help with About:blank Findnfixlog included

Read other 9 answers
RELEVANCY SCORE 46

Need help! Please! about:blank keeps taking over my homepage, and i can't shift it! My hjt log is attached below. Please could you take a look and tell me exactly how to get this off my pc! It's really bugging me now! Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 18:20:55, on 26/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\qttask.exe
C:\Program Files\DelFin\PromulGate\PgMonitr.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINNT\System32\wjview.exe
C:\Program Files\ToPicks\Bin\Idhost.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\WINNT\Wast.exe
C:\Documents and Settings\Win2K User\Application Data\moot.exe
C:\WINNT\System32\wnsintsv.exe
C:\Program Files\CConnect\CConnect.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Program Files\WebRebates\WebRebates.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Win2K User\My Documents\Applications\HijackThis.... Read more

A:homepage defaulting to about:blank. hjt log included

Read other 12 answers
RELEVANCY SCORE 46

When I boot my computer up, Windows loads, but I have no taskbar or icons on the desktop. I can access programs through the Task Manager, but my modem is still not recognized. Booting in safe mode has no effect. If I reset the computer with the reset button, sometimes the desktop loads normally. Any help would be greatly appreciated. Here's my Hijack this log file. Thanks in advance.

Logfile of HijackThis v1.97.7
Scan saved at 5:36:34 PM, on 10/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Navnt\alertsvc.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Infra\CtInfra.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\ShareDL... Read more

A:Blank Desktop (Hijackthis Log included)

Read other 12 answers
RELEVANCY SCORE 46

Hello,

I newly updated IE6 to IE7 today and for some odd reason there is a blank toolbar that appears across IE7 under the tab. whenever I start IE7. It goes away when I click to add a tab or if I do almost anything on a webpage.

I used malware and superantispyware to check for any toolbars but nothing. msconfig doesn't show anything unusual. Any idea how to find out what this is?

Read other answers
RELEVANCY SCORE 46

can't get rid of about:BLANK. help!

below is my hijackthis log. but first let me tell you what i've
tried so far.

(i am running Windows XP.)

i booted in safe mode, ran CWShredder, then ran HiJackThis and
removed six things that specifically mentioned "about.blank." then
i tried to delete my temp directory. but i was not allowed to delete
se.dll ("cannot delete se: access is denied"). I'm logged with
admistrator privlidges; and in the past i've been able to delete
everything in my temp folder; but i don't claim to be any sort of
expert.

i should also say that i don't really know how to read a HiJackThis log.

also: obviously the about:blank entries i "fixed" came right back.

anyway, here's the log. what can you see?

Logfile of HijackThis v1.99.0
Scan saved at 9:33:54 AM, on 3/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
F:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Intern... Read more

A:Solved: can't get rid of about:BLANK. HiJackThis log included.

Read other 6 answers
RELEVANCY SCORE 46

I did try and post this yesterday, but my system froze and I lost the entire thread

The problem: My system keeps freezing and booting me off the www. I'm having rundll32.exe error messages and the system takes forever to shut down - one pop up after the other - and explorer.exe is using 60% and thats before I'm even started. The system freezes/hangs, then shows about:blank. I recheck my homepage and that still shows my ISP page.

I have the following installed and have run them, with no problems apparent:McAfee Firewall & Viruscan
SpySweeper
Spybot S&D
SpeedUpMyPC
Security Task Manager

I have performed numerous disk clean ups, defragmented, run the CWS search tool, cleared temp files/cache/history - rebooted and still the same old problems.

TBK

Hope this helps:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:14:38, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfe... Read more

A:PC freezing/Pop Ups+++/about:blank/explorer.exe 60% - HJT log included

And I forgot to mention, a tonne of script error messages on any page I visit!

Read other 2 answers
RELEVANCY SCORE 46

Infected by this Startpage-DU.dll trojan so my IE goes to about:blank page.

Ran the Ad-aware SE and scanned/deleted. Ran Mcafee which says that "A Trojan has been Detected and Cleaned" but it keeps coming back.

Already shut off system restore and clicked Show Hidden files and folders.

Ran Hijack This and Hijack This Analyzer and posted the logs below.

Any help would be great. Thanks.


Logfile of HijackThis v1.99.1
Scan saved at 7:29:32 AM, on 2/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\... Read more

A:about:blank problems / DLL trojan - log included

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Download CWShredder and run it. Click on 'I Agree' button ... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

My homepage is being continually hijacked and taken to about:blank. I have run Ad-Aware, Spybot, SpySweeper, and bought McAfee AntiSpyware. All of them detected spyware and browser changes, but my homepage keeps getting changed. Below is my log:

Logfile of HijackThis v1.97.7
Scan saved at 9:50:24 PM, on 9/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Piolet\Piolet.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
C:\Program Files\Mes... Read more

A:Homepage Is Changing To About:blank, Logfile Included; Please Help!!!!!!!!!

Read other 12 answers
RELEVANCY SCORE 45.6

Hi there,
Thanks in advance for your time
I'm having the following problems:

1. On startup, I get a message along the lines of "Enumerate USB device fail!!!". I click OK and it appears 3 more times.
2. My device manager is empty
3. When I tried to update my AMD graphics driver using their autodetect program, it failed with error "Could not enumerate PNP devices. Is the Plug and Play service disabled?"

I have checked to ensure plug and play has a status of 'started'.
Sorry but I don't know what ARK.txt is. Please let me know if you need it and if so how to get it.

I do have access to an OEM System Builder pack, legitimate Windows 7 disc. Running 64 bit.

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Admin at 23:51:03 on 2012-10-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.16339.14214 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrx... Read more

Read other answers
RELEVANCY SCORE 45.6

I dont know are these blank white boxes called popups or info windows but they are blank and they shouldn`t be blank. How to fix them so they show information ?
 

Read other answers
RELEVANCY SCORE 45.2

Hi,
A friend of mine dl'd a virus or trojan that caused his computer to boot to a blank desktop (no icons or taskbar), the "click here to remove spyware" popups, and constantly try to connect to the internet. I was able to ctrl-alt-del into task manager to get the desktop back to normal but it seems to restart explorer every 10 secs or so and seemed to prevent me from running any programs. I saw that their antivirus was out of date so I uninstalled pccillin, and installed AVG Free 8, which finds the Win32/Huer virus and efcASlkj.dll, but cant seem to remove. I searched online and found info on the zlob trojan that caused the same "symptoms" but not all the processes that it listed in the removal showed up, so I dont think that's the one. I did have msmsgs.exe, that when I ended its process, stopped the explorer restart but not the internet attempts. here is the HTJ log AFTER ending the msmsgs.exe process.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:43 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spools... Read more

A:Solved: virus causing blank desktop, HTJ log included

Read other 16 answers
RELEVANCY SCORE 45.2

last night my computer was working fine, I shut it down and then this morning tried to start it and i get the startup toshiba screen but then it goes blank. Just a black screen despite all the lights on the front lightint up. the bit where i enter my password and then windows usually loads....wont load. Its just a blank screen. Tired plugging into external screen but to no avail which means its not a screen issue. I have NOD32 installed but that didn't pick up any viruses last night, today i can't run it because i'm currently in safe mode. just done two online virus scans - one with mcafee and one with trend micro, the trend micor found a trojan virus called troj_gen.AX4088. Just ran a hijack this scan and got the following.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00:14, on 21/10/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system... Read more

Read other answers
RELEVANCY SCORE 42.8

Hello all,

Firstly, I hoope this post reaches you as I am having so many problems on my computer at the moment that I am struggling to say onlne for more than 10 minutes without the system freezing up then cashing on me.

I have a hared couter and ever since a new housemate has moved in I have noticed he computer get slower and slower. Examples are:

Typing on the internet is very slow and delayed.
Loading up a webpage takes forever even though my broadband spee currently downloads at 2mbps.
Opening my documents, my pictures and music takes a painfully long time and opening individual files also take a long time to open.
When I close the PC down I have to wait a minute for screen to pop up asking me if I want to entask on an application that I have no idea what it does.

^ Those are the main problems. At the moment I am desperately trying to backup my files as I am expecting my compuer to die on me and I am prepared to buy a laptop. But at the moment it is running so slow that simple tasks like burning a cd of 700mb of data can take over an hour from start to finish. I now have loads of extra programs in my system tray and start menu including a file sharing program which surely is not helping!

I hope someone here can help - in the past I have had great help from this website when it comes to hijack this logs. I have posted the log below...I even hope I can access this thread sometime soon!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:16, on 20/01/2... Read more

A:PC will die on me....Hijack this log included

UPDATE:

Since downloading a new windows service pack I have internet explorer 7. A lot of pop ups come up telling me that I am infected and to download a certian fix or rogram. The pop up pages look like it s scanning my system and it looks legitimate but I have no idea if they are legit or what.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hey. My girlfriend's mom's computer is having some internet issues. She uses aol and she can connect to aol and read her email but when she tries to visit a web site she gets an error that says "internet explorer cannot open the webpage. An internal errow occurred in the windows extension." I was home last week and took a look at i. I verified that the problem is not just with aol by installing net zero which does not work either. I made sure all of the modem settings and internet settings were fine as far as i know and i followed all the guidelines in both troubleshooters. I ran and corrected problems that popped up with windows file checker and I even reinstalled windows. None of these solved the problem. I then reinstalled aol which likewise didn't solve the problem. I tried to reinstall/upgrade interent explorer. However it would act like it was working and then pop up with an error that said "command line option syntax error type command /? for help" It did this everytime I tried in install IE. When you type command /? a dos looking box pops up and then closes to fast for you to read. I am now back at school and sent her hijack this and had her run it. it is pasted below...hopefully whatever she needs to do is easy because i I will ahve to try to talk her though it over the phone.
Logfile of HijackThis v1.97.7
Scan saved at 10:27:54 PM, on 3/16/2004
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v4.72 SP1 (4.72.3... Read more

A:Hijack this log included!

Read other 16 answers
RELEVANCY SCORE 42.8

recently, my media player has begun playing music with a 'chopped up' sound (not quite like skipping). it happens when playing saved files, cds, even live365radio. it will do this for a typical period of 5-15 seconds; sometimes, but rarely, longer as well. but i became curious and i was observing my task manager during this problem, and i believe it may be caused by my computer being overworked or maxed out. I noticed when watching the CPU usage under the Processes tab in the task manager, that the media player typically runs using 10-25% of my CPU. however, sometimes it jumps up to 60-80% and this is when this problem occours. also, keep in mind that i have have 50+ processes running at any given time. but then, moments later, it will drop back to normal and it's ok for a few minutes or so.

i'm no computer expert, but this is what i've put together. i've also posted a HJT logfile below if it may be to any assistance in solving this problem.

thank you,

Josh
Logfile of HijackThis v1.99.0
Scan saved at 3:29:48 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Stardock\... Read more

Read other answers
RELEVANCY SCORE 42.8

I have been having problems with my computer being very slow and there are always too many programs running in my task manager.

I have Spybot S&D and Ad Aware...

Here is my HJT log,
what items can be removed from this list to help my computer run faster.

Thank you!
Jim

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Virtual CD v5\System\VC5Tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
c:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=5.1... Read more

Read other answers
RELEVANCY SCORE 42.8

Hi FLrman. Can u help me with this? (english is not my first language, so sorry if it isnt that good):
Yesterday, i found some problems in my pc. Every time I open the internet explorer, this link is open as the home page (http://homepage.com@www.e-finder.cc/hp/). Sometimes, when I write for ej: www.yahoo.com and press enter, the internet explorer shows http://ehttp.cc/?www.yahoo.com.
What I decided to do is to download HijackThis v1.97.7 and scan. this is my log:

Logfile of HijackThis v1.97.7
Scan saved at 07:20:32 p.m., on 29/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Archivos de programa\WinGate\WinGate.exe
C:\WINDOWS\System32\LVCOMS.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\AddCLS.exe
C:\Archivos de programa\Zone Labs\ZoneAlarm\zapro.exe
C:\Archivos de programa\WinGate\wgengmon.exe
C:\Archivos de programa\Sony Corporation\Image Transfer\SonyTray.exe
C:\ARCHIV~1\ICQ\ICQ.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Charles\Hij... Read more

A:Please Help - Hijack Log Included

Read other 6 answers
RELEVANCY SCORE 42.8

Hi All

Today a message appeared next to my clock on the bottom right hand corner saying " VIRUS ALERT! " ?? Ive tried Adware , spybot and a couple other spyware / antivirus program but cant seem to rid of it ? Does anyone know what this is ? or has anyone had the same problem ? Its driving me mad as cant get rid off it < Heres my Hijack this log that i done a few minutes ago.

Thanks in Advance for any help

Keigan1888
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\burst\burst.exe
C:\Program Files\burst\core-new1.1.3\btd... Read more

Read other answers
RELEVANCY SCORE 42.8

Hello all,

Thanks for looking. I try clicking Age Of Empires shortcut on my desktop and I recieve this response.....

The application has failed to start because MSVCR71.dll cannot be found. Re-installing the application may fix this problem

I tried clicking ewido security suite and it say the same thing.

What could this be?

Thought I'd include a Hijack this log.
Logfile of HijackThis v1.99.0
Scan saved at 10:00:51 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Handspring\HOTSYNC.EXE
C:\... Read more

A:Hijack this.......log included

Read other 9 answers
RELEVANCY SCORE 42.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:14:05 AM, on 10/26/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Sof... Read more

A:Hijack Log Included, please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Any help would be appreciated. I have tried everything and I it just comes back. I usually can run sdfix and be okay but this is a vista laptop. I'm pulling my hair out. Please anyone. I have ran ad-ware se, superantispyware, trojan remover, avg, sdfix(which didn't work) I do not know how to read these hijack so any help again would be appreciated. I have a big slow down in internet explorer and google searches don't work. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:24 AM, on 9/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Sorry I think I might have it...if not I will add the hijack listing back...thanks

A:Can't Seem To Get Rid Of This..hijack.log Included

I am glad you found your computer problem. Let us know if we can help you.

Thank you for letting us know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

Read other 1 answers
RELEVANCY SCORE 42.8

I cannot open several items in my start menu. when i click them it doesnt open. i even right click and hit run and it still will not open....also cannot open several icons on my desktop... any help would be appreciated... thanks, Chris below is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:50 PM, on 3/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\dleacoms.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA... Read more

A:please help....hijack log included

did i do something wrong or can nobody help me???
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hiya,

Everytime i go on the internet on my pc i'm getting lots of pop up ads. Please can someone help?! Below is my Hijack this log - if there's any other info i need to provide just let me know.

Thanks :)

-------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:02, on 25/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAU... Read more

A:Pop ups - Hijack This log included

Hi, welcome to TSF!

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
C:\Qoobox\Add-Remove Programs.txt
New HijackThis log.

Read other 7 answers
RELEVANCY SCORE 42.8

I downloaded a virus. So for some reason I went into my system.msc folder and started disabling things and now I cant restore my computer or even get onto the windowsupdate here is a copy of my hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 9:36:31 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\sbqaw.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,evwdhyw.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WIN... Read more

A:Please help!!!! hijack included

Hi, kimhaze73.

Welcome to TSG.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Click here to download Look2Me-Destroyer.exe and save it to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt in your next reply.

If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from here a... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

I'm not sure if I have a virus or not but my computer has been very slow and when I did a system scan in safemode using Norton, it said I had one infected file. I deleted it but it still shows up in my HiJack This log:

Logfile of HijackThis v1.97.7
Scan saved at 2:00:22 PM, on 2/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\S... Read more

A:HiJack This log included...

Go to add/remove programs and uninstall NewDotNet.
And go here:
http://www.majorgeeks.com/download.php?det=3446
Download and run "KazaaBegone"
Thats is where all this crap came from.

Then....
Download and run CWShredder by Merijn Bellekom
It's from The CoolWebSearch Chronicles which you should read.
And remember to click "Fix" (Not "Scan only")
In particular pay attention to the patches for the operating system regarding the ByteVerify vulnerability.
Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan its just to click the "Scan" button.

When scan is fin... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

My net is really going slow, but only the browsing speed. Downloading is fine, as i saw when i got HJT. I already ran adware 6 and Spybot Search and Destroy, and they cant find anything. The programs on the pc are running ine, i.e. word an media player, it is just the browser. PLEASE help!

Logfile of HijackThis v1.97.7
Scan saved at 08:07:49, on 07/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\AOL 8.0a\waol.exe
C:\Program Files\AOL 8.0a\shellmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Liptrot\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ads.softwareoutfit.com/start_search.php?... Read more

A:HELP!!! Hijack this log included

Should be posted in security,normally i would move you there but the log is clean.

You can have HijackThis "Fix" this one:
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flash.ladbrokescasino.com/ladbrokes/FlashAX.cab
 

Read other 2 answers
RELEVANCY SCORE 42.8

My brother's computer has been experiencing crashes and blue screen error messages. I've tried running AdAware, but kept getting an error message about "KRNL386.EXE" I don't know if this is related to a virus or spyware.

If someone could help me out, it would be greatly appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 6:28:00 PM, on 11/03/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDSCHD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDLOG.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\TRAYICON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP INSTANT DELIVERY\HPIDDB.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\ESSSPK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
E:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EX... Read more

A:HiJack This log included

It seems there is another problem. Every time a person logs onto the computer, a blue error screen loads that says: ERROR: 06:0000:00000017.
Everytime I try to search for a file, the same screen comes up and as a result, I am unable to search for files.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Logfile of HijackThis v1.99.1Scan saved at 9:19:06 PM, on 11/20/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)lately my computer has been running god awful slow, and i've run almost every program Ad-aware, SW doctor, registry doctor, norton, the works, and i was told to run this hijack log to let an expert determine whats wrong. Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\... Read more

A:Help Please, Hijack Log Included

Hello and welcome to BC Sorry for the delayed response. I cannot see anything malware related in your log. I would suggest that you click here and see if the recommendations there would help you.

Read other 31 answers