Over 1 million tech questions and answers.

All Logs Required For Analysis..windows Xp..novice User..

Q: All Logs Required For Analysis..windows Xp..novice User..

I have familiarized myself with this enough to fix any problem that is fixable..Hopefully someone can help me out..I use my computer daily for different tasks and have been unable to do so because of all the popups/ads...mostly for the spymaxx..My pc is really eaten up with this stuff..I don't even surf porn yet "asian nudes" etc..came up in the scans...look foward to hearing something..Kind Regards,DrewHijack this LogLogfile of HijackThis v1.99.1Scan saved at 5:32:46 PM, on 5/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\LimeWire\LimeWire.exeC:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\WINDOWS\notepad.exeC:\WINDOWS\notepad.exeC:\Program Files\Hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alaweb.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTelF2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTARTO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [nrfgpwua] c:\windows\system32\nrfgpwua.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.alaweb.comO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/12ee51d9cfedb4...ip/RdxIE601.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{FA27BC56-28E3-4665-B822-E3CA352663E9}: NameServer = 64.91.89.2 64.91.92.21O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: NT Driver Manager (ntdrv) - Unknown owner - C:\WINDOWS\system32\dllcache\win32\winlogon.exe (file missing)O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeDSS SCANDeckard's System Scanner v20071014.68Run by Owner on 2008-05-26 17:23:12Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-05-26 22:23:44 UTC - RP2 - Deckard's System Scanner Restore Point1: 2008-05-26 20:22:19 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 83% (more than 75%).Total Physical Memory: 254 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-26 17:27:44Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXEC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXEC:\WINDOWS\system32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Owner\Desktop\dss.exeC:\WINDOWS\explorer.exeR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...mp;Ar=ie5updateR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.alaweb.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTelR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CenturyTelF2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTARTO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [nrfgpwua] c:\windows\system32\nrfgpwua.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmsp9dmo.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CABO16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cabO16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} () - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} () - http://software-dl.real.com/12ee51d9cfedb4...ip/RdxIE601.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupdate.microsoft.com/CAB/...8174.5710416667O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{FA27BC56-28E3-4665-B822-E3CA352663E9}: NameServer = 64.91.89.2 64.91.92.21O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXEO23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXEO23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEO23 - Service: NT Driver Manager (ntdrv) - Unknown owner - C:\WINDOWS\system32\dllcache\win32\winlogon.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exeO23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exeO23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exeO23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE--End of file - 8980 bytes-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------backup-20080526-131319-435 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)backup-20080526-131320-236 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)backup-20080526-131320-261 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)backup-20080526-131320-470 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)backup-20080526-131320-550 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)backup-20080526-131320-733 O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)backup-20080526-131320-891 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)backup-20080526-131320-920 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)backup-20080526-131321-270 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)backup-20080526-131321-570 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)backup-20080526-131321-602 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)backup-20080526-131321-619 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)backup-20080526-131321-749 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)backup-20080526-131321-769 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)backup-20080526-140909-131 O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)backup-20080526-140909-138 O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dllbackup-20080526-140909-194 O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)backup-20080526-140909-340 O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)backup-20080526-140909-371 O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)backup-20080526-140909-384 O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)backup-20080526-140909-390 O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)backup-20080526-140909-398 O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)backup-20080526-140909-470 O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)backup-20080526-140909-523 O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)backup-20080526-140909-556 O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)backup-20080526-140909-784 O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)backup-20080526-140909-953 O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)backup-20080526-140909-974 O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)backup-20080526-164750-292 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 GhPciScan (GhostPciScanner) - c:\program files\norton systemworks\norton ghost\ghpciscan.sys <Not Verified; Symantec Corporation; Symantec Ghost PCI Scanner>R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>S3 USB-100 (Realtek RTL8150 USB 10/100 Fast Ethernet Adapter) - c:\windows\system32\drivers\rtl8150.sys <Not Verified; Realtek; Realtek 8150-series USB NIC>S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 GhostStartService - c:\progra~1\norton~1\norton~2\ghosts~2.exe <Not Verified; Symantec Corporation; Norton Ghost Start Service>R2 Speed Disk service - c:\progra~1\norton~1\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>S2 ntdrv (NT Driver Manager) - c:\windows\system32\dllcache\win32\winlogon.exe (file missing)-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-05-26 15:28:19 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job2008-05-26 15:25:58 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job2008-05-26 10:30:00 496 --a------ C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job2008-05-24 14:42:12 482 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job2008-05-23 17:37:48 280 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job-- Files created between 2008-04-26 and 2008-05-26 -----------------------------2008-05-26 16:08:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP2008-05-26 16:06:35 0 d-------- C:\Program Files\Spyware Doctor2008-05-26 16:06:35 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools2008-05-26 15:21:09 0 d-------- C:\WINDOWS\pss2008-05-26 12:00:53 1152 --a------ C:\WINDOWS\system32\windrv.sys2008-05-26 12:00:34 0 d-------- C:\Program Files\SpyNoMore2008-05-26 12:00:26 0 d-------- C:\Program Files\Common Files\Download Manager2008-05-26 11:01:35 2174 --a------ C:\WINDOWS\system32\tmp.reg2008-05-26 10:47:04 0 d-------- C:\Program Files\seekmo2008-05-26 10:47:03 0 d-------- C:\Program Files\180search assistant2008-05-26 10:47:02 0 d-------- C:\Program Files\zango2008-05-26 10:47:02 0 d-------- C:\Program Files\180searchassistant2008-05-26 10:47:00 0 d-------- C:\Program Files\180solutions2008-05-26 10:29:48 0 d-------- C:\Documents and Settings\Owner\Application Data\AdwareAlert2008-05-26 10:29:32 0 d-------- C:\Program Files\AdwareAlert2008-05-26 10:11:58 1203 --a------ C:\Documents and Settings\Owner\fixme.reg2008-05-26 00:00:01 25344 --a------ C:\WINDOWS\2020search2.dll2008-05-26 00:00:01 32512 --a------ C:\WINDOWS\2020search.dll2008-05-25 23:59:53 0 d-------- C:\WINDOWS\FLEOK2008-05-25 21:58:55 0 d-------- C:\Program Files\Windows Defender2008-05-25 21:01:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-05-25 17:07:50 11776 --a------ C:\WINDOWS\voiceip.dll2008-05-25 17:07:50 24576 --a------ C:\WINDOWS\swin32.dll2008-05-25 17:07:50 22272 --a------ C:\WINDOWS\stcloader.exe2008-05-25 17:07:50 0 d-------- C:\Program Files\stc2008-05-25 17:07:49 30720 --a------ C:\WINDOWS\mssvr.exe2008-05-25 17:07:49 8960 --a------ C:\WINDOWS\cdsm32.dll2008-05-25 17:07:49 11776 --a------ C:\WINDOWS\bokja.exe2008-05-25 17:07:48 23808 --a------ C:\WINDOWS\mspphe.dll2008-05-25 17:07:48 9728 --a------ C:\WINDOWS\bjam.dll2008-05-25 17:07:43 23808 --a------ C:\WINDOWS\system32\WER8274.DLL2008-05-25 17:07:43 8960 --a------ C:\WINDOWS\system32\MSIXU.DLL2008-05-25 17:07:41 32000 --a------ C:\WINDOWS\180ax.exe2008-05-25 17:07:40 18432 --a------ C:\WINDOWS\salm.exe2008-05-25 17:07:39 8704 --a------ C:\WINDOWS\updatetc.exe2008-05-25 17:07:39 21760 --a------ C:\WINDOWS\system32\MSNSA32.dll2008-05-25 17:07:39 11008 --a------ C:\WINDOWS\saiemod.dll2008-05-25 17:07:38 15104 --a------ C:\WINDOWS\msapasrc.dll2008-05-25 17:07:38 14592 --a------ C:\WINDOWS\msa64chk.dll2008-05-25 17:07:37 32512 --a------ C:\WINDOWS\system32\SIPSPI32.dll2008-05-25 17:07:35 28928 --a------ C:\WINDOWS\system32\shdocpe.dll2008-05-25 17:07:34 13312 --a------ C:\WINDOWS\system32\ntnut32.exe2008-05-25 17:07:34 22528 --a------ C:\WINDOWS\shdocpl.dll2008-05-25 17:07:34 24832 --a------ C:\WINDOWS\ntnut.exe2008-05-25 17:07:33 28160 --a------ C:\WINDOWS\shdocpe.dll2008-05-25 17:07:32 25856 --a------ C:\WINDOWS\winsb.dll2008-05-25 17:07:32 0 d-------- C:\Program Files\Sysmnt2008-05-25 17:07:31 28160 --a------ C:\WINDOWS\browserad.dll2008-05-25 17:07:31 11776 --a------ C:\WINDOWS\aviwrap32.dll2008-05-25 17:07:31 8960 --a------ C:\WINDOWS\avisynthex32.dll2008-05-25 17:07:31 25856 --a------ C:\WINDOWS\avifile32.dll2008-05-25 17:07:30 15104 --a------ C:\WINDOWS\autodisc32.dll2008-05-25 17:07:30 22272 --a------ C:\WINDOWS\audiosrv32.dll2008-05-25 17:07:30 16640 --a------ C:\WINDOWS\ati2dvag32.dll2008-05-25 17:07:29 8960 --a------ C:\WINDOWS\changeurl_30.dll2008-05-25 17:07:29 9984 --a------ C:\WINDOWS\ati2dvaa32.dll2008-05-25 17:07:29 17920 --a------ C:\WINDOWS\athprxy32.dll2008-05-25 17:07:29 13056 --a------ C:\WINDOWS\asycfilt32.dll2008-05-25 17:07:29 19200 --a------ C:\WINDOWS\asferror32.dll2008-05-25 17:07:29 8960 --a------ C:\WINDOWS\apphelp32.dll-- Find3M Report ---------------------------------------------------------------2008-05-26 13:49:26 0 d-------- C:\Program Files\Java2008-05-26 12:00:26 0 d-------- C:\Program Files\Common Files2008-05-25 22:30:45 0 d-------- C:\Program Files\MyWay2008-05-25 22:30:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint2008-05-16 22:00:30 0 d-------- C:\Program Files\Norton SystemWorks2008-05-14 15:30:43 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire2008-03-27 22:48:35 90537 --a------ C:\WINDOWS\system32\sbwltbxa.exe <Not Verified; Microsoft; runbll>-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [12/02/2003 06:11 PM]"P2P Networking"="C:\WINDOWS\System32\P2P Networking\P2P Networking.exe" []"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]"nrfgpwua"="c:\windows\system32\nrfgpwua.exe" [][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [][HKEY_USERS\.default\software\microsoft\windows\currentversion\run]"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exeC:\Documents and Settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [12/3/2007 4:35:53 PM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"DisableTaskMgr"=1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)"NoAdminPage"=1"DisableTaskMgr"=1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]"Userinit"="C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"*Newly Created Service* - IKFILESEC*Newly Created Service* - IKSYSFLT*Newly Created Service* - IKSYSSEC*Newly Created Service* - MCHINJDRV*Newly Created Service* - SDAUXSERVICE*Newly Created Service* - SDCORESERVICE-- Hosts -----------------------------------------------------------------------127.0.0.1 adultmoviemax.com127.0.0.1 www.adultmoviemax.com127.0.0.1 allteens.com127.0.0.1 www.allteens.com127.0.0.1 asiannudes.com127.0.0.1 www.asiannudes.com127.0.0.1 bangdolls.com127.0.0.1 www.bangdolls.com127.0.0.1 bikinihookups.com127.0.0.1 www.bikinihookups.com802 more entries in hosts file.-- End of Deckard's System Scanner: finished at 2008-05-26 17:31:16 ------------

RELEVANCY SCORE 200
Preferred Solution: All Logs Required For Analysis..windows Xp..novice User..

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: All Logs Required For Analysis..windows Xp..novice User..

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 62.4

Hi
I have a Dell 9200 Desktop.(Purchased new in 2007)
The system is down.
Message at bottom of screen reads:-
Press F1 to Reboot. Press F2 .....

Can anyone talk me through?

Regards
Mike
 

A:Solved: Help Required by Novice.

Read other 11 answers
RELEVANCY SCORE 61.2

I have have several BSOD's a week almost daily for about three weeks. I have did research and took steps to record the circumstances since taking these steps there has only been one crash. This has happened whether I was just browsing, downloading or idle. The crash is sudden and the error message displayed is always "driver irql not less or equal ("netio sys")". There is a percentage counting up to 100% then the system restarts. I am at a loss and need assistance. I am a novice to things of this nature but I am a quick learner. Please be patient. I may ask a question that may seem not very insightful I ask again please be patient. I appreciate all useful advice and Thank you in advance.

The DM Log Collector file is attached.

DJ Decaf
DESKTOP-P3JVVPC-Sun_06_26_2016_162249_43.zip

A:Random BSOD's Novice here Patience required!

Hello

The zip file you uploaded appears to be empty. Please have another go at providing the files we need to investigate your BSOD.

Read other 1 answers
RELEVANCY SCORE 57.6

Hi there,I think I'am not out of virus problem.AVG finds out files infected (trojan horse dialer.8.BA and dialer.13.Q and dropper.Small.8.AW), but cannot heal nor move to V. Vault; the OS works at times very slowly. Here follows the HJT log. Plaese help fixing harmful files!Logfile of HijackThis v1.99.0Scan saved at 15.53.13, on 17/01/2005Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\ALISNDMG.EXEC:\WINDOWS\LTSMMSG.EXEC:\PROGRAMMI\ACER\POWERKEY\POWERKEY.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXEC:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXEC:\WINDOWS\SYSTEM\KEYMAP.EXEC:\WINDOWS\SYSTEM\CNXDSLTB.EXEC:\PROGRAMMI\ATHAN\ATHAN.EXEC:\PROGRAMMI\GRISOFT\AVG FREE\AVGCC.EXEC:\PROGRAMMI\GRISOFT\AVG FREE\AVGEMC.EXEC:\PROGRAMMI\GRISOFT\AVG FREE\AVGAMSVR.E... Read more

A:hjt log analysis required

Log is clean..wher eis it finding these files?

Read other 5 answers
RELEVANCY SCORE 57.6

This is my hijack this log. I know for a fact that i have 4 main problems, se.dll, ffis.exe, desktop.exe and naeiiz.exeAny help is much appreciated. I have tried numerous ways to eliminate these problems but when i do "delete" them, they respawn.ThanksLogfile of HijackThis v1.99.1Scan saved at 12:48:48, on 01/07/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exec:\windows\system32\pmxbh... Read more

A:Analysis Required Please

Hi Sargey and Welcome!!Thats a mess in there,lets do this a piece at a time!First I need you to upload a few files ASAP!http://www.bleepingcomputer.com/submit-malware.phpLocate these and Upload them for examination pleaseC:\windows\system32\pmxbhy.exeC:\windows\system32\naeiiz.exeC:\WINDOWS\System32\dbfc6214.exeC:\WINDOWS\system32\WmdcommSdk.dllLeave a Link to this post and under comments,put please advise Cretemonster!Please Download the L2MFix fromhttp://www.atribune.org/downloads/l2mfix.exeorhttp://www.downloads.subratam.org/l2mfix.exeSave the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to.

Read other 2 answers
RELEVANCY SCORE 56.8

Would someone be able to analyse my hijack this logfile, as my home page has turned to about:blank, and I am getting various adware.Logfile of HijackThis v1.99.1Scan saved at 10:37:40, on 01/07/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exeC:\WINDOWS\System32\msrexe.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\a2\a2guard.exeC:\Program Files\interMute\SpySubtract\SpySub.exeC:\Program Files\ntl\broadband medic\bin\mpbtn.exeC:\Progr... Read more

A:Hijack This Analysis Required

Hi TRIGGY and Welcome to the Bleeping ComputerYou have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem!!Please Create a Folder on the Desktop>>Right Click the Desktop>>Select New>>Select Folder>>Name it whatever you like!Please Download all the tools to the New Folder but please DO NOT run any of these until asked!!!Please Download SpSeHjfix112:http://www.derbilk.de/SpSeHjfix112.ziporhttp://www.trojaner-info.de/cgi-bin/downlo...gi?file=sphjfixOnce downloaded,Unzip it and Make sure to Extract All Files!Please Download CWShredder:http://cwshredder.net/bin/CWShredder.exeMake sure you Update this as soon as you download it!Download and install CleanUp!:http://downloads.stevengould.org/cleanup/CleanUp40.exeReboot into SAFE MODE(Tap F8 when restarting)Here is a link on how to boot into Safe Mode:http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_namAfter restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!Here is a link to help with that:http://www.bleepingcomputer.com/forums/ind...showtutorial=62Run SpSeHjfix112Click on "Start Disinfection".When it's finished it will reboot your machine to finish the cleaning process! (Make sure you Reboot back into Safe Mode!)The tool creates a log of the fix which will appear in the new folder!Please ... Read more

Read other 1 answers
RELEVANCY SCORE 56.8

Hi,I've got serious problems with explorer. It freezes frequently and works slowly. I've scanned the disk with AVG, but to no avail. Cen someone help me analysing the following log?Logfile of HijackThis v1.99.1Scan saved at 08:50:18 ق.ظ, on 2007/03/19Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Java\jre1.5.0_09\bin\jusched.exeC:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exeC:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exeC:\WINDOWS\System32\ctfmon.exeC:&#... Read more

A:Hijackthis Log Analysis Required

Welcome Alessandro Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.******************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/ComboFix.exehttp://www.techsupportforum.com/sectools/sUBs/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply,along with a new Hijackthis log please. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang.

Read other 31 answers
RELEVANCY SCORE 56.8

Looks like this machine has some malware, although it does appear to be gone i would still like to ensure it is actually gone.

I've done a few sys scans using spybot and norton, it got rid of a few things.

Machine Specs: XP Home Edition SP2
IE 6

The below is the HJT Log which was done after rebooting in safe mode, any help is greatly appreciated.
cheers.

-----

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:53:09 AM, on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=63&bd=PRESARIO... Read more

A:Solved: HJT Analysis required please.

Read other 8 answers
RELEVANCY SCORE 56.4

iam a new user and i need help been trying to down load winavi but all i get is error message sayingthere is aproblem (offset0003338d&mmtranslationdll) can anyone help i have uninstalled programetwice but still get same message

A:novice user

Do you get this message when you are downloading the file? or installing?

Read other 5 answers
RELEVANCY SCORE 56.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:04:31 AM, on 8/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\HPQ\SHARED\HPQWMI.... Read more

A:Help Required : Hijactthis Logfile Analysis

Hello and welcome aboard First things first, looks like you do not have an anti-virus client running.Please get the free version of AVG.Download & install it, configure it how you wish, update it. Make sure it's running in the background.Then, please download Combofix to your desktop:Double-click combofix.exe & follow the prompts.When finished, it shall produce a log for you. Post that log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 8 answers
RELEVANCY SCORE 56.4

Hi,

My last thread was closed because of lack of reply - sorry, I've been at work all week.

The web address for te previous thread is:

http://www.techsupportforum.com/secu...ed-please.html

I have done the suggested actions and attached the htj log file. I ran rsit and attached the file to my previous post and it can be found there (forums will not let me upload it twice).

There was a problem with the combofix log file. Initially I did the whole windows recovery bit but as my computer already has this installed it was skipped by combofix. Combofix continued to run and deleted various files and then rebooted my computer as expected. On reboot Combofix was preparing the log file but then the computer crashed and I got the friendly blue screen... "A problem has been detected and windows has shutdown to prevent damage to your computer. etc etc" Underneath this was "BAD_POOL_HEADER" . I then restarted the computer, but obviously the combofix log didnt have time to fully compile.

Many Thanks,

andrew2786

A:Possible Malware etc/ SP3 problems - analysis required please 2

Hello andrew.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Go Start > Run and copy/paste the following into the Run box and click OK:

C:\rsit\info.txt

A Notepad file should open. Please post info.txt in your next reply.

------------------------------------------------------

Close any open browsers.

Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Get help here

------------------------------------------------------

Double-click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

Please close HijackThis now.

---------------------... Read more

Read other 13 answers
RELEVANCY SCORE 56.4

Hi,

Great work guys on a great website. Please could you take a look at my log file from RSIT which I've attached. I've noticed my computer slow down over the last month or so and I tried to install XP SP3 a while ago and encountered problems doing it (this may not be related). Something seems a bit wrong but I can't put my finger on it. Any help would be greatly appreciated!

Cheers

A:Possible Malware etc/ SP3 problems - analysis required please

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Go Start > Run and copy/paste the following into the Run box and click OK:

C:\rsit\info.txt

A Notepad file should open. Please post info.txt in your next reply... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

Hello, I ran, Norton Security, MalwareBytes, SpyBot SD, and a few others it seems not to detect anything. I assume its a Browser Hijack, because my web pages don't directly go to their page, it changes to:

Click.Sureonlinefind.com OR http://myfindhere.in/index.php?search=free pc help
 

Read other answers
RELEVANCY SCORE 56.4

Logfile of HijackThis v1.99.1Scan saved at 6:41:29 PM, on 1/22/2000Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\paytime.exeC:\Program Files\AutoUpdate\AutoUpdate.exeC:\WINDOWS\System32\paytime.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wpabaln.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\System32\amsorts.exeC:\WINDOWS\System32\arpcan.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer&#... Read more

A:MY LOGS AND ANALYSIS

Print out these instructions and then close all windows including Internet Explorer.Reboot your computer into Safe ModeThen I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://81.222.131.49/index.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/custo... Read more

Read other 1 answers
RELEVANCY SCORE 56.4

I have a heavily-infected computer that I've been working on for the past day or so now. I've removed about 20 or so infections so far, and I've been learning how to use Combofix at same time. (Please don't kill me! I made a full backup! )Anyways, there must still be several rootkits lurking because there are quite a few active infected .dat files in system32 that are not showing up in the logs, so I figured it was probably time to let you guys have a look. Attached are my most recent Combofix, OTL, and HijackThis logs. I'll refrain from attempting any more fixes on my own until we're done.Thanks in advance.P.S. Atapi.sys has a recent modification date because it was infected and I replaced it with a good version and it stuck. The net.sys and tcpip.sys I'm not sure about...EDIT: Added DDS and RKUnhooker Drivers & Stealth code logs

A:Logs need further analysis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

Hi all,

We have implemented the ATA in our environment, but in trying to analyze the logs to check for problems found in relation to user accounts, we are unable to identify much of the information found.
For example, there is a log field called "Unique Entity Profile Json", which contains a lot of information.
However, we can not identify what this information is.

At some point, an information called "ProtocolToTimeToActivityCountMapping" appears with a series of information inside brackets (in the format "ProtocolToTimeToActivityCountMapping": [[xxxxxxx]]).

We would like to know what this information refers to, we could not locate it anywhere.

Thank you very much for your attention.


<textarea autocapitalize="off" autocomplete="off" autocorrect="off" class="goog-textarea" dir="ltr" id="contribute-target" name="edit-text" rows="1" spellcheck="false"
style="height:auto;padding-right:20px;-ms-overflow-x:auto;-ms-overflow-y:hidden;box-sizing:border-box;" tabindex="0" wrap="SOFT"></textarea>

Read other answers
RELEVANCY SCORE 55.6

I downloaded HijackThis and have posted the log below. My computer speed has slowed due to numerous pop-up ads flooding my computer. Assistance would be appreciated. Thanks.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\FSI\F-Prot\F-StopW.EXE
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Microsoft Offic... Read more

A:Novice computer user needs HELP!!!

Welcome to TSG!!
First thing to do is make a folder on your hard drive, like My Documents\hjt.
Move hijackthis.exe into that folder. Don't run it from your Temporary Internet Files or Desktop!
Run HJT again and put a check in the following:

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 - Toolbar: My &Way Speedbar - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
- HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

Close all applications and browser windows before you click "fix checked".

Restart in Safe Mode
Delete the following:
C:\Program Files\Common files\WinTools --> folder
C:\Program Files\AWS --> folder

Reboot.

Download Spybot http://www.spybot.us/spybotsd13.exe

This is a new version, if you have been using 1.2 you can install right over ... Read more

Read other 1 answers
RELEVANCY SCORE 55.6

I am 100% military disabled and am a novice on the computer. I upgraded to Vista Home and IE 8 and I think I have a virus of some sort. Could someone Please Analyze this Hijack this Log for me and help me?Respectfully,Michel L. PenrodE-mail address removed to protect from spambots. ~ OBLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:38:28 PM, on 3/11/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\Windows\SOUNDMAN.EXEC:\Program Files\McAfee\MBK\McAfeeDataBackup.exeC:\Program Files\Windows Sidebar\sidebar.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\System32\mobsync.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\... Read more

A:Novice user - Hijack this Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 55.6

Been searching the web for about 3 hours now trying to solve a few problems. Below is my Hijack This log. If anybody see's anything suspicious please let me know. Secondly on my prgrammes list on the start>all programmes list i have an icon for "IwantSearch" Again any ideas? Thirdly I get NAV and NPF giving me messages concerning "HTTP_ActivePerl_Overflow", "HTTP_IIS_ISAPI_Extension" and "URL_Directory_Traversal" Are any of these worms/trojans/viruses etc. If so are they killing my PC running speed as it seems very slow. Any help at all guys would be appreciated. Thanks Ed

Logfile of HijackThis v1.98.2
Scan saved at 01:16:07, on 18/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1... Read more

A:[B]Novice Uk User Needing HELP[/B]

Get, install, update and scan with Spybot via the colored link below. Delete all items a updated Spybot finds by clicking Fix Checked, closing all open programs then restarting your computer.

***

Run HJT, click Scan, put a check mark by the following items, click Fix checked then close all open programs and restart your computer.

O17 - HKLM\System\CCS\Services\Tcpip\..\{3A421853-0751-4224-8B0E-A56905EB80A2}: NameServer = 213.1.119.100 213.1.119.99
 

Read other 1 answers
RELEVANCY SCORE 55.6

Well I'm all new to this so here goes....After recieving an email from our internet provider stating we'd used 80% of our 20G limit for the month, we wondered what was going on, considering we'd not downloaded any byte intensive files this month. (We discussed our internet use in the household and have not downloaded anything more than a couple of iTunes songs).Three days later, another email states we are up to 98%. Oh dear! On clicking the Network Status Icon in my system tray, it showed that in the past 14 days I had uploaded 7G and downloaded 11G of data.Um, not with my permission!!Rang service provider (24th Feb) who confirmed that since the 14th Feb we have been constantly chewing up our allowance. They told me to turn my pc off for one hour and they would monitor it, etc etc... end result is that it is definately "something" on my pc doing it.I regularly run Norton Internet Security scans on my system, it is set up to run automatically twice per week. It has not picked up anything for weeks now.I regularly run SpyBot and Adaware and they pick up the usual things each time - data miners, data tracking mostly. I run these once a fortnight.I have run all these programs several times over the past 2 days to no avail. The latter two got rid of a few things but whatever they were, it isn't the problem we have got because our internet is still constantly downloading info at the rate of about 2Kb per second on average. It hasn't uploaded anything since m... Read more

A:Analysis Required Please. Problem Unknown. At Wits End.

Bump.... I think my request got lost in the ether overnight...
TY
NC

Read other 2 answers
RELEVANCY SCORE 55.6

Logfile of HijackThis v1.99.1Scan saved at 3:18:46 AM, on 4/19/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\jre1.5.0_03\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\PROGRA~1\Grisoft\... Read more

A:Hijackthis Logs And Analysis

Hi Ravnos316You may wish to Subscribe to this thread (Options) so that you are notified when you receive a reply.Vundo FixPlease download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 55.6

Request for Analysis of LogsI've done all the procedures required in Topic Journal ...======================================1 - The Problem:Whenever I open the folder: C: \ Documents and Settings \ x4NG3L.X4NG3L-DE17A6A0Appears a message suspicion that I had never seen before in my life.A Message pops up, the simple fact of opening the folder:This is my folder of User.Other folders in the system, eg"All Users" or "Default User.WINDOWS" for example, nothing unusual happens.Below a picture of the suspected message:http://img403.imageshack.us/img403/6677/problema1j.jpg======================================2 - What has been done by me:2.1 - Complete Virus Scan using AVG 8.02.2 - Full Scan for Malware, using SpyBot2.3 - Full Scan for Malware, Using Malwarebytes Anti-Malware2.4 - Cleaning and corra?ao of record, using CCleaner2.5 - Cleaning and correction the registry, using Marcos Velozo Reg CleanAll procedures above were carried out with software update.======================================Here my log for examination:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:30:39, on 28/4/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\ARQUIV~1\GbPlugin\GbpSv.exeC:\WINDOW... Read more

A:Request for Analysis of Logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 55.6

Thank you for looking at my log. I 'v been having AD's pop up without me being on the internet. Also a several web pages would pop up when I'm browing the web to. I have used Microsoft Anti spware, Spy Subtract, Trend Micro, Alert Spy, Pest Patrol. I been tring to use Adawre 6, but it stops at a certain number of files and freezes.HIJACJ THIS LOG:Logfile of HijackThis v1.99.1Scan saved at 2:55:32 PM, on 05/03/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeC:\windows\system32\rundll32.exeC:\windows\Explorer.exeC:\PROGRA~1\TWEAKM~2\TWEAKM~1\TMTray.exeC:\Program Files\Trend Micro\Internet Security\TMOAgent.exeC:\Program Files\Trend Micro\Internet Security\PCClient.exeC:\Program Files\Trend Micro\Internet Security\pccguide.exeC:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exeC:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\WinTools\... Read more

A:HijackThis Logs and Analysis

Hello johnnycoolwhip and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Download and install ewido security suite. Update the program and then close it. Do not run it yet.Step #2Open Notepad and copy/paste the text in the quotebox below into the new document:@ECHO OFFcd\windowsNail.exe /FULLREMOVEsc config SvcProc start= disabledsc stop SvcProcsc delete SvcProcattrib -s -r -h nail.exeattrib -s -r -h svcproc.exedel nail.exedel svcproc.execd system32attrib -s -r -h kt44l7hq1.dlldel kt44l7hq1.dllexitSave the document to your desktop as fixnail.bat and close Notepad. Step #3Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #4Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exeO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD... Read more

Read other 15 answers
RELEVANCY SCORE 55.6

Hello, I hope I have done this correctly. Is this clean?Many many thanks for your time.Logfile of HijackThis v1.99.1Scan saved at 18:38:08, on 16/05/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exeC:\HP\KBD\KBD.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS... Read more

A:Hijackthis Logs And Analysis

Hi Jooz,

Sorry for the wait. If you still need help with this, can I ask you to post a fresh log in this topic for me please so I can see if anything has changed.
Regards,

John

Read other 1 answers
RELEVANCY SCORE 55.6

Hi guys, i am new to this site and was wondering if someone could take at look at my hijack this logs as well as my netstat log to tell me if i am at risk of being infected or attacked.

Your help is apprecaited

Duncan

A:Hijack This Logs Analysis

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 55.6

Hello All,I'm new to this forum and would like to thank you all for creating a place to help with computer problems. I ran Hijack this .... and just like you said, it is very confusing .... I am pasting the log file ... please help and let me know if there is anything i should delete. I am receiving many unwanted pop ups and script error messages, it's just a mess. Thanks in advance .... Logfile of HijackThis v1.98.2Scan saved at 1:06:31 PM, on 6/5/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\svchost.exeC:\Progra~1\WaystoAssess\tomcat... Read more

A:hijack this logs and analysis

Welcome teaqch141 to Bleeping Computer.I suggest you remove NewDotNet unless you deliberately installed it. It is extremely dubious and commercially sponsored:First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:? From a computer that has Internet access, click on the following link:http://www.new.net/support/uninstall6_76.exe.? Download and save uninstall6_76.exe to Local Disc C? Click on Start.? Click on Run.? In the Open window type, C:\uninstall6_76.exe.? Click on the OK button.? After removal, you may be prompted to reboot. Please reboot if not prompted.***Please download the latest version of HiJack This. Click here to download the latest version (1.99.1). Please save it in a permanent folder (such as C:\HJT). This is to ensure that backups are saved and accessible in the event you should need it. Follow the instructions below if you are unsure how to save it in a permanent folder:1.) Click on the link to download HiJackThis.exe.2.) When it pulls up the box (for you to pick a location to save the file), click on the pulldown menu and select "[C:]".3.) Click on the button to "create new folder" and name the folder HiJackThis4.) Double click on the folder you just made (to go into the folder) and click "save" on the bottom of the box.Post back here in this topic with a fresh log using HijackThis.

Read other 1 answers
RELEVANCY SCORE 55.6

Maybe those archives are virus.C:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\WINDOWS\SYSTEM\AUDISSRP.EXEI don't know what to do.This is my Hijack log. What do I got to do?Logfile of HijackThis v1.99.1Scan saved at 11:26:15 p.m., on 05/04/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v5.50 (5.50.4134.0600)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCSETMGR.EXEC:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCEVTMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\ARCHIVOS DE PROGRAMA\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXEC:\COMPAQ\INTERNET\CISRVR.EXEC:\ARCHIVOS DE PROGRAMA\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXEC:\WINDOWS\ptsnoop.exeC:\ARCHIVOS DE PROGRAMA\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXEC:\ARCHIVOS DE PROGRAMA\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXEC:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\SYMANTEC SHARED\CCAPP.EXEC:\WINDOWS�... Read more

A:HijackThis Logs and Analysis

Hi there,It's better to print this out or save into notepad, because you will have to work into safe mode, and this page wouldn't be available then.And it's also important you don't miss any steps!!I see you have WareOut installed. This is a so called spywareremover with a dubious reputation. So I strongly suggest you to uninstall it!!DAP is also present on your system. This is not spyware, but it is known that DAP brings spyware with it. There are better alternatives.Read here for more info: http://www.spywareinfo.com/downloads.php?cat=dlman#dlmanREBOOT after you uninstalled. Download and install CCleanerDo not use it yet.Download remv3.zip You will find remv3.zip as an attachement there, so download it.Unzip all the files to a permanent folder.Download CWShredder. Start CWShredder and click FIX* Please set your system to show all files: Open My Computer. Select the View menu and click Folder Options. Select the View Tab. In the Hidden files section select Show all files. Click OK.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\DSKRFUOUI.DLL/sp.html (obfuscated)R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res:/... Read more

Read other 3 answers
RELEVANCY SCORE 55.6

Logfile of HijackThis v1.99.1
Scan saved at 7:03:16 PM, on 3/3/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program... Read more

A:Hijackthis Logs And Analysis Please Help!

We can help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to reinfection and we're both just wasting our time.Click here: http://www.microsoft.com/downloads/details...&DisplayLang=enApply the update, reboot, and post a fresh Hijack This log.

Read other 2 answers
RELEVANCY SCORE 55.6

I have tried several times to Change my desktop with no luck.System XP home sp2HJT log:Logfile of HijackThis v1.99.1Scan saved at 10:23:59 AM, on 8/16/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ZoneLabs\isafe.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\PROGRA~1\NORTON~2&#... Read more

A:HijackThis logs and Analysis

Hello Ideawerker and welcome to the BC HijackThis forum. Let's start out by doing the following.Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:C:\Program Files\Anonymizer\tss\tss.exeSeveral scanning engines will be used to check the file for any threats. Please post the results of the scans back here.Also download WinPFind.zip and unzip the contents to the C:\ folder.Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here along with a new HijackThis log and I will review the information when it comes in.OT

Read other 1 answers
RELEVANCY SCORE 55.6

Hi everyone, my computer is dog and my CA security cannot remove sillydlthankyouI am attaching the log

A:hijack logs analysis

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 55.6

PLEASE HELP I CAN NOT CHANGE MY HOME PAGE FROM A-SEARCH.BIZ. I HAVE TRYED ANTI-SPY AND SO MANY OTHER AD WARE REMOVERS AND NOTHING HAPPENS TO WORK . PLEASE POST BACK / THANK YOU IN ADVANCE.MY LOGLogfile of HijackThis v1.99.1Scan saved at 3:18:30 PM, on 4/20/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\ctfmon.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\d3dim.exeC:\HijackThis\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Defa... Read more

A:HijackThis Logs and Analysis

Have you run ad-aware against this?

Read other 1 answers
RELEVANCY SCORE 55.6

Logfile of HijackThis v1.99.1Scan saved at 6:10:53 PM, on 18/09/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\ISSVC.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\arservice.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Pr... Read more

A:Hijackthis Logs And Analysis

Hello,* Download Roguescanfix Download it to your desktop.Doubleclick roguescanfix_setup.exeSelect the language setup and click ok.Proceed with the installation. Make sure the 'Start Roguescanfix' is checked.Once you click Finish, it will start the fix.Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.If your firewall gives an alert, allow it instead of blocking it.In case you still get the message BFU.exe is not present, download BFU.zip from here.Unzip it and place BFU.exe in the Roguescanfix-folder, present in your Program Files-folder. Then doubleclick Roguescanfix.bat.When you start roguescanfix.bat you'll see a menu:1. Run Roguescanfix2. Run sharedtasksremType 1 and click enter for Run Roguescanfix(Note! Don't click 2 unless advised!!)The tool will uninstall some programs and delete related files and registrykeys.When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.Please make sure the uninstall of the programs are finished before you click Yes to reboot.Post the log (task.txt) that will open in your next reply. (task.txt will be present in folder Program Files\Roguescanfix) together with a new hijackthislog

Read other 2 answers
RELEVANCY SCORE 55.6

hey, i'm with trouble with those 2 things... i'm a new user and i want to fix all the problems of my computerhere is my HJT log:Logfile of HijackThis v1.97.7Scan saved at 09:15:12 a.m., on 14/11/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\WINDOWS\system32\gearsec.exeC:\WINDOWS\system32\gearsec.exeC:\ARCHIV~1\NORTON~1\NORTON~4\GHOSTS~2.EXEC:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Archivos de programa\Norton SystemWorks\Norton Antivirus\navapsvc.exeC:\ARCHIV~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\ARCHIV~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\WINDOWS\System32\MsPMSPSv.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exeC:\WIND... Read more

A:HijackThis Logs and Analysis

Rotting, hola and welcome. Please print this out and follow ALL these directions carefully.You got infected with lop.com because you installed Messenger Plus!You need to remove all infections from each User Account IDs and then install the prevention protection on each account to prevent the system from being infected.Download the latest v1.98.2 version of HijackThis to post your new log:http://aumha.org/downloads/hijackthis.exeorhttp://tools.radiosplace.com/HijackThis.exeImportant: Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT. Move HijackThis.exe into this folder as you do not want the HijackThis backup logs all over your Mis documentos folder.When you run HijackThis from C:\HJT folder by double clicking on it and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.Make sure 'show all files' is enabled:http://service1.symantec.com/SUPPORT/tsgen...=&osv=&osv_lvl=Boot into Safe Mode by tapping F8 key repeatedly at bootup.More detailed instructions here:http://service1.symantec.com/SUPPORT/tsgen...001052409420406Find and delete if still present:Search.vbsC:\WINDOWS\System32\doriot.exe <== fileC:\Documents and Settings\All Users\Datos de programa\MeowPartMpegRectC:\Archivos de programa\Messenger Plus! 3C:\DOCUM... Read more

Read other 12 answers
RELEVANCY SCORE 55.6

having trouble with homepage. unremovable homepage for spyware cleaning ad keeps coming up .The attached log has been remvoved so as not to cause a panic. Please see this note: http://www.bleepingcomputer.com/forums/fin...0513-67406.html

A:HijackThis Logs and Analysis

Hi xtr2005,Need you to do a few things please,First,Download the attached zip file and unzip it to your desktop.http://www.mvps.org/winhelp2002/DelDomains.infRight-click on the deldomains.inf file and select 'Install'Next,Create a folder on the C: drive called C:\HJT. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJTDrag HJT into it please,Next,We need you to fix the following entries please. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thenewsearch.com/search.ht... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

I recently bought the Amazon Fire TV Stick and am having problems with it maintaining a connection with my cheap, 4-yr.-old D-Link DIR-601 router. The connections are effemeral, in that they work much of the time, but randomly refuse to connect or tell me my connection is too slow. So I'm considering buying a MUCH faster router, like an ASUS RT-AC68U or -68W (the latter being noticeably cheaper). The only devices in my home using wireless technology are my laptop, my wife's laptop, my Canon printer, and the Fire stick.

Given the above, I have some questions:

Which of these routers will give me the performance I need for the Firestick?
Is buying one of these (expensive) routers overkill?
Do you have any cheaper recommendations for solving my problem?
Any help is much appreciated.
 

A:Solved: Novice router user

Read other 7 answers
RELEVANCY SCORE 55.2

I would welcome suggestions for a reliable & simple to use Registry Editing tool. I have tried RegCleaner (free) by Juoni Viourno, but am having problems as it seems not to launch - see thread on uninstalling Realplayer in this forum.

I did find a beginners guide tp the Windows Registry at

http://www.bleepingcomputer.com/tutorials/tutorial74.html
 

A:Registry Editors for novice user

Some here:
http://www.techspot.com/downloadid14by4.html
Here's a free one:
http://www.techspot.com/downloads/3234-fix-my-registry.html
 

Read other 2 answers
RELEVANCY SCORE 55.2

Hello!Let me introduce myself first, since I am a new member here.My name is Lilly and I am a Greek translator living in Greece.Norton has found this trojan in my computer, access is denied and repair fails.I am quite novice as regards removal techniques etc.I have visited Symantec page and followed the procedure suggested there but running the Norton scan in safe mode returned no results. The trojan was no longer found in the activity log of Norton.However, when coming back to normal mode the trojan was again in the activity log.I cannot understand what happens here.Running regedit and trying to find it under the current version of Microsoft was again ineffective.I have tried to find a solution by browsing through the forums here but I am a novice when it comes to such things and I cannot really understand what I should do to get rid of that trojan.For your information, I am running on Windows XP Professional with Norton Antivirus 2003 and Lavasoft Ad Aware 6.I have already scanned my computer using Ad-Aware and Spybot SD.Below are the results of the hijackthis scan:Logfile of HijackThis v1.99.1Scan saved at 5:13:24 μμ, on 24/06/05Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.ex... Read more

A:Svchos1at infected my pc (novice user)

Hello elzosim and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Form Filler\CPFillerCoE.dll (file missing)O4 - HKLM\..\Run: [HDAudio Driver] C:\WINDOWS\System32\qdhoh.exeO4 - HKLM\..\Run: [Communicator] C:\WINDOWS\avsoft.exe /iO20 - Winlogon Notify: -dvlhpnlz - C:\WINDOWS\System32\gsdvlh.dllO20 - Winlogon Notify: -uyktefna - C:\WINDOWS\System32\vjuykt.dllNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Step #4We need to make sure all hidden files are showing so please:Click Start.Open My Computer.Select the Tools menu and click Folder Options.Select the View tab.Under the Hidden files and folders heading select Show hidden files and folders.Uncheck the Hide f... Read more

Read other 7 answers
RELEVANCY SCORE 55.2

Hi,.right, ive had my pc a while,.have tried to launch various games which havent worked,.and until now ive just put them to one side,.or took them back to the shop and got my money back,..and giving up playing them,.........anyway,.ive got Panzer Elite Action game,..and really want to play it,.but guess wat,.it doesnt work,..so after emailing them,and getting no reply,.iv turned to you guys on here which i only found tonight after surfing,......anyway,.imjust going to list what ive got,.and then what it requires,.and hopefully someone can tell me what i need to do to get this flippin game to work!! right,.ive got Windows XP home edition,..dell dimension 3000,.intel celeron cpu 2.66ghz,.direct x 9.0,.....intel 82865G Graphics Controller,..SoundMAX AudioThe game needs 3D Direct x 8 or more,..(is this what ive got???),....Direct X 9.0 compatible soundcard with 3D support,...hard drive with 1.5 GB free spaceany help would be greatly appreciated cuz im pulling my hair out here!lol,..thankscalibra146athotmaildotcom,...in case its easier to tell me in chat rather than written on here.Mod Edit: email altered with at and dot to foil spambots ~ Animal

A:Novice Pc User Needs Help Loading Game!

Well I can tell you right out, the problem is that you need a new graphics card. Back in the day (way back) when I was also a novice I was presented with the same issue. Right now your probably running about 11MB ot something low and insignificant. Your best bet would be to get a PCI 64MB or 128MB video card. The best would be to get ATI-based technology. This is the only problem I can see that you'd have with running a game. Everything else seems to be fine. If you have any other issues, be sure to tell us.Also, How much RAM do you have? How much is required? (Find it by going to Start -> All Programs -> Accesories -> System Tools -> System Information and it will display the basics of your computer, which will include your RAM.)

Read other 4 answers
RELEVANCY SCORE 55.2

Can someone help me!!! Here is my Hijackthis log. Please - simple and step by step instructions as I'm notecho at all!!!
Logfile of HijackThis v1.97.7
Scan saved at 9:03:06 PM, on 17/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Vet\isafe.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Vet\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Vet\VetTray.exe
C:\Program Files\RF Wireless Mouse\RF Wireless Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\julie\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vikingsswim.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ugynsqrzebvjfbxqrezn.org...Aae5hHW2O8.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reade... Read more

A:[Solved] Hijack log from Novice user

Read other 16 answers
RELEVANCY SCORE 55.2

Hi
This is my first post here so im not sure if this is in the right place...

Ive come to this site alot whenever ive experienced any pc difficulties and thus far it has proven to be very helpful, particularly the forums.

Anyway, onto my question. First things first, im a novice with pcs; i dont really understand much about them only the very basics and selective areas of which.
I have a dell dimension 3000 pc which at first i thought was a pretty good computer, untill i got the sims 2 and other newer pc games. then i found out that it was far from the best for playing more hardware demanding games.
At first i figured id just upgrade the graphics card to the best available for PCI slots but the more research i did the more obvious it became that this might not be enough and that, especially given how fast the dell dim3000 has aged, it might be a wiser decision to get a new motherboard too.

As ive mentioned, im not really pc-savvy and some of this stuff will be way over my head.
So if anybody could give me, in lamans terms, any advice on what to do? i want to definitly upgrade my pcs graphics card (also anybody know a good PCI slot graphics card to use with games such as the sims2?) but im sure about upgrading my motherboard.

Any help or suggestions on the matter would be really appreciated.
 

A:Advice for novice computer user...

if you are wanting to play graphically demanding games a PCI video card is a waste of money. If you decide to upgrade your going to need a new mobo AND a copy of Windows XP. your dell disk will not install windows on a non dell mobo.

download and run SIW it will tell you what MOtherboard, ram, and video card you presently have. list it here and we can assist you in what your best options are.





http://www3.sympatico.ca/gtopala/Click to expand...


 

Read other 15 answers
RELEVANCY SCORE 54.8

HelloMy probleme is that i have a lot of pop up and massages alerthere is my HijackThis Logs after execution of the steps in "Preparation Guide for use before posting a HijackThis Log" on http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Logfile of HijackThis v1.99.1Scan saved at 19:20:51, on 29/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\mysql\bin\mysqld-nt.exeC:\oracle\ora92\bin\omtsreco.exeC:\oracle\ora92\bin\agntsrvc.exeC:\oracle\ora92\Apache\Apache\apache.exeC:\oracle\ora92\BIN\TNSLSNR.exeC:\WINDOWS\system32\cmd.exec:\oracle\ora92\bin\ORACLE.EXEC:\oracle\ora92\bin\dbsnmp.exec:\oracle\ora92\bin\ORACLE.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\oracle\ora92\Apache\Apache\apache.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\oracle\ora92\jdk\bin\java.exeC:\oracle\ora92\jdk\bin\java.exec:\oracle\ora92\bin\isqlplusC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\Sys... Read more

A:I'm Infected Hijackthis Logs And Analysis

Hello,My probleme is that i have a lot of pop up and massages alertmassages alert? I wish I had these too Ok, let's get rid of this..It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!I note in your log that you have FlashGet the download manager - Be aware that the trial copy bundles Cydoor adware, but when you register the Ads disappear.To remove the program: Go to Start > Settings > Control Panel > Add/Remove Programs and remove it. * Open notepad and copy and paste next present in the quotebox below in it:(don't forget to copy and paste REGEDIT4)REGEDIT4[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]Save this as fix.reg Choose to save as *all files and place it on your desktop.It should look like this: Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.(In case you are unsure how to create a reg file, take a look here with screenshots.)* Download smitRem and save the file to your desktop.Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.* Go to start > controlpanel > software > add and remove programs and uninstall next programs if present ( don't worry if yo... Read more

Read other 4 answers
RELEVANCY SCORE 54.8

Due to my having clicked on a link that I shouldn't, I now have an extremely annoying dialer installed on my computer that keeps reappearing no matter how many times I try and delete it. It installs itself under the name 0202 and dials a 1-900 number - specifically 1(900) 643-2888t - hat's inaccessible from my area (which is good), but it keeps interrupting my regular Internet connection to do so (which is bad).Short of wiping my hard drive and reinstalling everything, does anyone know of a good piece of antivirus or dialer removing software that I can use to get rid of it? I've already tried SpyBot, AdAware, AVG, XoftSpy, SpywareDoctor, and several other programs to no avail. I've posted my HijackThis logs for analysis and can post a link to where the virus came from if that is at all helpful.Thanks in advance for any help. The Lunar Archivist-----------------------------------------------------------------------------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 11:55:04 PM, on 04/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng... Read more

A:Hijackthis Logs Help Analysis Request

Hi Lunar Archivist and Welcome to the Bleeping Computer!Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.After posting the new ... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

Dear Sirs:Will all do respect I must call on your help with my computer. I have been overrun by secthought f and tv media. Spysweeper says that it is a trojan. i have been to my program files and removed all way possible i know. my anti-virus healed a couple of files and i just tried to wipe them off the drive. This stinking program overruns my browser and i've only been on this new computer 2 weeks.you were miracle workers the last time around and if there is any information I am failing to give you here: Please let me know how I can assist you in my endeavor to restore my system to normal.Grinler was my hero the last time i posted to your site and consequently was my first experience with you fine folks. Here is my Msconfig start up file:StartupList report, 7/8/2004, 4:22:35 PMStartupList version: 1.52Started from : C:\My Download Files\hijackthis\HijackThis.EXEDetected: Windows XP SP1 (WinNT 5.01.2600)Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:�... Read more

A:hijackthis logs & analysis need your expertise

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hostsO2 - BHO: (no name) - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLLO3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLLO4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exeO4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exeReboot your computer into Safe Mode and delete the following files:Then delete these files or directories (Do not be c... Read more

Read other 5 answers
RELEVANCY SCORE 54.8

Just seeking advice as to whether I'm clean or not. I do have some issues when restarting the PC as I noticed that the "welcome" screen stays for a while and my wireless and wired internet go bonkers. Not sure what is being sent out, so I thought it best to check here. Just looking to see which process are booting that I don't need which should help the boot process. Many thanks to whoever helps me.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Peter at 14:28:49.79 on Thu 07/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2395 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090716-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files... Read more

A:Logs for analysis.....just checking if I'm safe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 8 answers
RELEVANCY SCORE 54.8

My computer just randomly started booting into a temporary user. I have my computer set up to automatically boot into my account, but now it is loading a temporary user that has everything set back to normal. Even if I logout and try to login to my user, it just goes to this. When I click on "My Documents", it goes to C:\Documents and Settings\TEMP\My Documents .

Is there anyway to fix this? Thank you.
 

Read other answers
RELEVANCY SCORE 54.4

Hello from Canada!!!.....I have a serious? Infection...Details:
On Dec/6/11, I was checking emails and found one in "Junk".....it said it was from Canada Post......Just by pure coincidence, I just happen to waiting on an Important Letter(Credit Related) from them
so I selected "Safe" and read it.....It came with an Attachment...unfortunatly I downloaded It...STUPID!! I know....The file was a Zip, which I scanned with Both Malwarebytes+Microsoft Security
Essentials...both came up clean!!!...so I unzipped it, deleted the original zip and opened the folder...it contained 1 .pdf and several .txt (0bytes)...I opened the .pdf and the Nightmare Began!!!
Immediatly my screen changed/flashed to a Black screen. Then a bunch (over 20) of rectangular windows showed up...all indicating that my hard drive was failing!!!.there was an option to "Fix" by selecting "OK"....However I didnot..I just forced shutdown by pressing the Start Buttion on my HP. I then started up and the same windows showed up...I shut down again and started with the
Kaspersky Rescue DVD....I would "Boot"..BUT at a certain point it would not continue...."could not find cd"!!....so I restarted in safe mode, ran some scans & was able to start normally, BUT
my desktop was still Black....other symptoms as followed: Start Menu would only show Admin(Empty)...ALL folders were Hidden (I could see then... Read more

A:Novice Computer User-Infection Newbie

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431845 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 23 answers