Over 1 million tech questions and answers.

HijackThis Log: Please Help Diagnosis

Q: HijackThis Log: Please Help Diagnosis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:33:19 AM, on 10/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1" target="_blank" class="wLink">http://g.msn.com/HPDSK/1" target="_blank" class="wLink">http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NetAccelerator_Service (NetAccelerator) - Unknown owner - C:\Program Files (x86)\FileJo\NetAccelerator.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16475 bytes

RELEVANCY SCORE 200
Preferred Solution: HijackThis Log: Please Help Diagnosis

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HijackThis Log: Please Help Diagnosis

NOTE: When running Task Manager, I've found a 10 instances of svchost.exe, atleast 2 csrss.exe, 1 or so lsass.exe and lsm.exe, and among other things I'm extremely new to coding and processes etc so forgive my lack of jargon. I just need help, so the sooner the better. Thank you.

Read other 5 answers
RELEVANCY SCORE 54.8

Hey there,i recently noticed that i have a Win32-rootkit-gen (rtk), so i scanned it with Hijackthis. But i can't quite understand the report.Here it is: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 15:11:33, on 17/08/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18943)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Moon Secure Antivirus\moontray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\Larousse\Encyclop?die Universelle Larousse 2009\bin\hyperappel.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Utilisateurs\Coll?gien\AppData\Roaming\GabPath\gabpath.exeC:\Utilisateurs\Coll?gien\AppData\Roaming\Micro... Read more

A:help with hijackthis diagnosis

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hello, ive created a log below before doing so i have checked my computer with AVG 8.0 on all scan settings ( slow,automatic,quick) all scanned with sby bot search and destroy and malwarebytes. but still having the same problem. "windows explorer has encountered a problem and needs to close", this seems to happen when i access my c drive or transferring any files either to my external hard drive or to my wm device i.e videos picture music ect, i have scoured the web looking for answers but to no avail, error report info APPNAME: EXPLORER EXE. APPVER:6.0.2900.5512 MODANAME:UNKNOWN. MODVER:0.0.0.0. OFFSET:06141468 please help thank you in advance to all. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:47:29, on 15/01/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exeC:&... Read more

A:HijackThis Log: please help diagnosis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

can you help please?

I have two annoying problems ( both only happen occassionally)

1. when I open Internet Explorer 7 I am unable to enter any type either into google search or to open another web-page or enter any type into an already open web page selected from "my favorites" ( If I open "Word" the keyboard works perfectly and I can enter type)
2. Sometimes after the computer has been left unused for a couple of hours ( but still fully operational) the main taskbar along the bottom of the screen has dissapeared. Sometimes it will return on its own, sometimes the only solution is to switch off and re-boot

Have I been infected?

I have run Spybot Search & Destroy, Spydoctor, and Ad-Aware and all report no infection or problem.

A:Hijackthis Log; Please Help Diagnosis

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 54.8

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:03:57 PM, on 7/11/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxpers.exeC:\Windows\System32\hkcmd.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\WordWeb\wweb32.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Sony\Content Transfer\ContentTransfer.exeC:\Windows\System32\mobsync.exeC:\Users\Jesse\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\... Read more

A:HijackThis Log Diagnosis

Hello, ViperX.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by righ... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:41:39 AM, on 10/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\D-Link\RangeBooster G WDA-2320\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Pro... Read more

A:Hijackthis: help with diagnosis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Disable SpySweeper: You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. Open it click >Options over to the left then >program options>Uncheck "load at windows startup" Over to the left click "shields" and uncheck all there. Uncheck" home page shield". Uncheck ''automatically restore default without notification".After all of the fixes are complete it is very important that you enable SpySweeper again. [*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll (file missing)O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll (file missing)O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeClick on... Read more

Read other 5 answers
RELEVANCY SCORE 54.8

greetings i've tried spybot and panda to get rid of this virus/homepage hijacker, but to no avail. the thing keeps reloading when i attempt to fix the problem. i'm on windows 98se. here's the latest log from hijackthis:(Mod edit: moved to HJT log forum for team analysis.jgweed) Logfile of HijackThis v1.99.1Scan saved at 8:32:22 PM, on 5/24/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\RUNDLL32.EXEC:\PROGRAM FILES\NETZERO\EXEC.EXEC:\WINDOWS\SYSTEM\RNAAPP.EXEC:\WINDOWS\SYSTEM\TAPISRV.EXEC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\PROGRAM FILES\NETZERO\EXEC.EXEC:\WINDOWS\SLRUNDLL.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\AIM\AIM.EXEC:\HIJACKTHIS\HIJACKTHIS.EXEC:\WINDOWS\NOTEPAD.EXEC:\WINDOWS\SYSTEM\PSTORES.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c: ... Read more

A:hijackthis log - need help with diagnosis

Hello buholley and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Please perform the following steps:Download Cwshredder.exe and save it to a folder of its own. Start the program and click on the Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).Download SpSeHjfix.zip and unzip it to it's own folder. Do not run it yet.Download CleanUp! and install it. Start CleanUp! and click on the CleanUp! button. Let it run to completion. It may take a few minutes depending on the size of your hard drive so be patient.Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Disconnect from the net and Close ALL OPEN PROGRAMS.Run SpSeHjfix and click on Start Disinfection.
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder that SpSeHjfix is located in.Now run CWShredder and click on the Fix -> button.Reboot and repeat the above process.Reboot and post a fresh HijackThis log and the log that was created by SpSeHjfix.Cheers.OT

Read other 11 answers
RELEVANCY SCORE 54.8

Hello, (forgot to put conime in title!)

I think I may have a specific infection as I noticed another user here had similar symptoms and he was suggested to use HijackThis. I've done the same and here's my logfile. I've read the instructions here and is it still useful to analyze the HijackThis results without DDS and the GMER logs?

Here's my file, please tell me what you think. Is it safe to removce the program missing files as well as conime?

Thanks for your time!
 hijackthis.log   8.12KB
  1 downloads

EDIT: here's the plain text log to make it easier to read. I'll be back and following procedure a little bit later with DDS and GMER but the laptop that this report is from ran out of batteries as I was posting...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:04 AM, on 2/4/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\bassyerta\AppData\Roaming\Uhig\omhe.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackT... Read more

A:HijackThis Log Diagnosis?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:
Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the button.Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedAfter downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconne... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

Hello everyone,This is my first time on using this sort of forum so I apologise if i'm not doing it right. Basically, over the last few days my new laptop started running slower and now freezes and beeps. I have to manually reboot!!!I looked on other forums and from suggestions I downloaded Spyware Doctor, Avast antivirus, and Adware destroyer. Initially they removed several viruses including one called virtumonde, vundo, and backdoor agent. Since I removed the viruses/torjans I can now turn on my automatic updates, but it is still crashing and beeping at me! Yet no viruses are picked up anymore?My computer knowledge is restricted to what I have picked up on these forums and running Hijack This seems to be my last idea. I've followed the tutorial to upload my log so I hope someone can look at it for me and tell me if anything is wrong???And i have also downloaded a registry cleaner and still no improvement!Much much appreciated Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:53:56, on 15/01/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Fi... Read more

A:HijackThis log: please help diagnosis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

This has been driving me crazy.....I appreciate any help at all! Thanks so muchLogfile of HijackThis v1.97.7Scan saved at 1:51:23 PM, on 10/25/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXEC:\WINDOWS\SYSTEM\DEVLDR16.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\HIDSERV.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\PROFILES\JESSNEW\DESKTOP\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bgqsmuuiibhbhqiehqm.com/7zdbnzr...cuExBzjBylZ.htmR0 - HKCU\Software\... Read more

A:HijackThis log - Diagnosis please!

Hi jmwellst,You have a LOP infection, when you downloaded Messenger Plus! you were given the option to opt out of the sponsorship installation. Unfortunately you didn't opt out and here you are.Go to Add/Remove in your control panel then look for and uninstall if found, Window Search, Window Searching, Lop.com, LOP Search, Browser Enhancer, Ultimate Browser Enhancer . If you are given a code to insert, do so.If those that are listed above are not installed then d/l the LOP uninstaller. Download the LOP uninstaller from HERE. Close IE and run the uninstaller; click OK>it will then ask you to type in a number that it supplies, do so and click 'uninstall'>yes>OK>OK.You don't have the latest version of HijackThis. Open HijackThis again then, on the right hand side, click on Other stuff, then Config, then Misc Tools, then Check for update online.If that doesn?t work delete the copy you have and download a new copy from one of the following links:LINK 1LINK 2LINK 3Then post a new log back here.

Read other 12 answers
RELEVANCY SCORE 54.8

IE shuts down without even doing anything, and I found a bb post that suggested HijackThis, so here I am.Thank for you your help in advance! I appreciate it.Logfile of HijackThis v1.98.2Scan saved at 12:40:09 AM, on 12/13/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Nhksrv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\DELLMMKB.EXEC:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeC:\WINDOWS\system32\tbctray.exeC:\Program Files\Netropa\OSD.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\BitComet\BitComet.exeC:\WINDOWS\System32\WISPTIS.EXEC:\Program Files\Trillian\trillian.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\HiJackThis\HijackThis.exeO2 - BHO: AcroIEH... Read more

A:HijackThis Log: Need Diagnosis please

Your log looks clean.

Read other 3 answers
RELEVANCY SCORE 54.8

Anyway... Nice site, I came here through google reading the Understanding Spyware article. I tried the programs that I didn't already have from what was recommended. I've been having some trouble with a browser hijacker, I've spent nearly all of my Time awake today (or what is now yesterday... but then again, if I said today, it would be even more accurate, but only in the thought that today meant this Time period of 12:00:00 AM - 11:59:59 PM, in case someone would think that since it's dark outside they can't view it as a day...) trying to get rid of it. It will constantly change my homepage to http://find4u.net.index.htm, while the true default homepage is http://us8.hpwis.com/, which should take me to netscape.net or something like that. When ever I change it, it'll change back every few minutes. Quite a pest. This was my first log:Logfile of HijackThis v1.97.7Scan saved at 1:04:38 AM, on 6/9/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Softex\OmniPass ... Read more

A:In need of a diagnosis for this HijackThis-Log.

Hi TimeNoiseWelcome to BCuninstall through your control panel add/remove programsWildTangent ------------------------------------------Run hijack this put a check next to these close all browsers and hit fixMake sure not to miss one R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find4u.net/index.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://us8.hpwis.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://us8.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://us8.hpwis.com/R3 - URLSearchHook: (no name) - {0428FFC7-1931... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hey guys, I'm tryin to wipe out a Virtuemond deal. I guess it was the Win32.trojandownloader.zlob.

I ran the VundoFix.exe, which seemed to do some good. then i just scanned again with HijackThis and here is my log. Thanks for any help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:18 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\d-link d-viewcam\exes\wdsvc .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\D-Link D-ViewCam\Exes\Control.exe
C:\Program Files\D-Link D-ViewCam\Exes\VideoProxy.exe
C:\WINDOWS\STEM32~1\tracert.exe
C:\WINDOWS\STEM32~1\tracert.exe
C:\WINDOWS\STEM32~1\tracert.exe
C:\WINDOWS\STEM32~1\tracert .exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmm.exe
O4 - HKLM\..\Run: [WatchingService] "... Read more

Read other answers
RELEVANCY SCORE 54.8

I need help in finding what I need to fix on Hijackthis so please help if you can. Can't get rid of spyware with avast or adaware help meConstant pop-ups, Your computer is infected with spyware is on my wallpaper which I didn't do

A:Hijackthis Diagnosis Help

http://www.malwareremoval.com/tutorials/safemodeboot.phphave you run avast from safe mode?

Read other 1 answers
RELEVANCY SCORE 54.8

Hey everyone, I have been having some start-up issues with my computer that I believe I have resolved, but I would like to get any suggestions you might have about anything potentially malicious in the log below. Thanks!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:18:47 AM, on 4/18/2012Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exeC:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files (x86)\Allway Sync\Bin\syncappw.exeC:\Program Files\CrashPlan\CrashPlanTray.exeC:\Users\Rleavitt\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technolo... Read more

A:HijackThis Diagnosis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===HijackThis is not able to provide accurate information for 64 bit systems.In your case we need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Please just paste the contents of the DDS.txt log in your next post.===Third party programs if not up to date can be an open door for an infectionPlease run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please post the logs for my review.

Read other 2 answers
RELEVANCY SCORE 54.8

Do I past my hijackthis log here?

A:hijackthis log diagnosis

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===If you still need help please run these tools and post the logs for my review. Let me know what problems you are having with this computer.Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about ... Read more

Read other 3 answers
RELEVANCY SCORE 54.8

hey guys. just finished cleaning up my system. wondering if you'll check my HJT Log. thanks.

---------------------------------------------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 5:02:21 AM, on 8/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Navnt2\navapsvc.exe
C:\PROGRA~1\Navnt2\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\EarthLink 5.0\ConMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Navnt2\navapw32.exe
C:\PROGRA~1\Navnt2\alertsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Zac's Documents\My Stuff\Programs\HijackThis\HijackThis.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.majorgeeks.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.earthlink.net/partner/more/msie/button/searc... Read more

A:HijackThis Diagnosis

================================================
Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows including this one and "fix checked"

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O4 - HKLM\..\Run: [fdoilev] C:\WINDOWS\System32\vmbpqf.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Locate and remove:
C:\WINDOWS\System32\vmbpqf.exe
C:\WINDOWS\conscorr.exe

Should be good to go after.

 

Read other 2 answers
RELEVANCY SCORE 54.8

So my mum fell for a scam where a "windows employee" called her and she allowed access to her computer. Computer is running glitchy, telling me there is another process running when I go to boot on, hijack this telling me access is denied to write access to Host files as well as some other unusual things. If someone could please help me diagnose any problem items in this log I would really appreciate it. thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:01:30 PM, on 12/6/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\ico.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files&... Read more

A:Hijackthis log - would appreciate help with diagnosis

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431077 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

hello everyone,

I am at my wits end and cannot figure out what to do. I am certain i have a hijacked browser because every time I click on a search link from google i get redirected. I have scanned my computer with ad-aware, malwarebytes, avast, avg and several other programs and nothing has worked. I have followed the instructions, please help!

A:HijackThis Log diagnosis help

Well

I got the blue screen of death, but was able to repair windows with my xp disks, so all the malware and everything is gone! I even got to keep my documents! You guys can go ahead and close this topic

Read other 2 answers
RELEVANCY SCORE 54.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:44:49, on 09/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exeC:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC: ... Read more

A:HijackThis : help diagnosis please

hi,I notice from your log that there's more than 1 Antivirus installed. Bitdefender and Panda.Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.Then reboot after uninstalling.Then, * Please download Malwarebytes' Anti-Malware from HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to ... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Hey, I'm new to these forums and i was hoping you guys could tell me if i have any problems in my hijackthis log and help me diagnose and problems you guys can find ... so here it is...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:27:45 PM, on 10/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\LClock\lclock.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\... Read more

A:Hijackthis log: diagnosis please!

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, p... Read more

Read other 2 answers
RELEVANCY SCORE 54.8

Thanks in advance for all your help! I recently got a virus and I thought I got rid of most of it. I would only get popups, but starting today Google searches get redirected to some spam pages. Here's my log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:58:56 AM, on 5/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\AlienGUIse\wbload.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZi... Read more

A:HijackThis Log Diagnosis

Hello ReemerWelcome to BleepingComputer ========================Download OTL to your desktop.Double click OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become available.If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO,... Read more

Read other 8 answers
RELEVANCY SCORE 54.8

Hi forum,I have a Virtumonde infection at least. So, perhaps somebody can take a look and see if they can help me out. There's also this 'winantivirus' thing trying to extort money from me. I'd be very thankful for any help you can give me. Here's my hijackthis diagnosis:Logfile of HijackThis v1.99.1Scan saved at 9:27:15 AM, on 7/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\CROSOF~1.NET\wowexec.exeC:\WINDOWS\??crosoft.NET\d?dplay.exeC:\WINDOWS\system32\ZoneLabs\isafe.exeC:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Windows NT�... Read more

A:Hijackthis Diagnosis: Please Help!

Welcome to BC! ===Uninstall ProgramsClick Start ? Control Panel ? Add/Remove ProgramsFind and remove the following program(s) (if present):

PuritySCAN By OIN
OIN
OuterInfo

Close Add/Remove Programs window after uninstalling.If there are no entries listed on Add/Remove programs, please download and run this uninstaller: OiUninstaller.exe=====================================Locate and delete the following folder(s), if present : C:\Program Files\PurityScan ===Please download VundoFix.exe to your Desktop.Double-click VundoFix.exe to run it.Put a check next to Run VundoFix as a task.You will receive a message saying vundofix will close and re-open in a minute or less. Click OKWhen VundoFix re-opens, click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.It will make a log in C:\vundofix.txt, please include that in your next reply.===Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present). Please copy/paste the content of that report ... Read more

Read other 2 answers
RELEVANCY SCORE 54

I think my computer may be infected. When I run Spybot S&D lately, it stops with an error message that says "problem with trojan.sbi -- see error log." When I look at the error log, it says something about DNSChanger. I followed the instructions to install and run HijackThis. The log follows. Any help is greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:27:47 PM, on 9/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\Program Files\Borland\Interbase\Bin\IBGuard.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Borland\... Read more

A:Hijackthis Log: Please Assist With Diagnosis

Welcome to the BleepingComputer HijackThis Logs and Analysis forum harahawk My name is Richie and i'll be helping you to fix your problems.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Download SmitfraudFix (by S!Ri), to your desktop.Double click on Smitfraudfix.cmdSelect option 1 ? Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy and paste the content of that report into your next reply.*IMPORTANT* Do NOT run any other options until you are asked to do so!Also post a new Hijackthis log please.

Read other 7 answers
RELEVANCY SCORE 54

Hi, I have been having a few computer issues lately and was wondering if someone could do a quick diagnosis of my hijackthis log. I have used adaware, spybot, smitfraud, and AVG but was wondering if there is something that is still running in the background. Thank you for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:53:01 AM, on 6/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeC:\PROGRA~1\AVG\AVG8\avgr... Read more

A:Hijackthis Log: Diagnosis Needed Please

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
That log doesn't indicate any malware present. If you are having malware symptoms we can look into it in more detail, but from what I see you look to be clean.

Read other 3 answers
RELEVANCY SCORE 54

hey whats up. i've cleared as much of this as i can. help with the rest? thanks.

--------------------------------------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 2:19:13 PM, on 7/25/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Navnt2\navapsvc.exe
C:\PROGRA~1\Navnt2\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Navnt2\alertsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\System32\vmbpqf.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Zac\Application Data\atob.exe
C:\Program Files\Navnt2\navapw32.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Zac\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe
O... Read more

A:[solved]HijackThis Diagnosis

Read other 10 answers
RELEVANCY SCORE 54

Logfile of HijackThis v1.99.1Scan saved at 2:36:08 AM, on 12/27/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Dell AIO Printer A940\dlbabmgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Dell AIO Printer A940\dlbabmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\DIGStream\digstream.exeC:\Program Files\ESPNRunTime\DIGServices.exeC:\WINDOWS\System32\syshost.exeC:\WINDO... Read more

A:Hijackthis Log Diagnosis - Not Sure Of Infection

Hello,yes; your system is infected.First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.So I strongly advise to unzip/extract hijackthis.zip.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlCreate a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on Program Files.In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!First of all, I see you have Spyware Cleaner installed. I strongly recommend you uninstall it, because this is a so called spywarecleaner with a bad reputation.So go to start > controlpanel > software > add/remove programs and uninstall Spyware Cleaner* Please set your system to show all files; please see here if you're unsure how to do this.* Download and install CCleanerDo not use it yet.Please download Ewido anti-malware ; it is a free v... Read more

Read other 9 answers
RELEVANCY SCORE 54

I've been getting some IE pop-ups (despite using Firefox) for things like Registry Defender and when I try to open Task Manger using ctrl-alt-delete I get an error message saying that "taskmgr.exe has failed to initialize properly (0xc0000005)." We do have Norton, but when I ran a scan it didn't pull up anything. So your help would be much appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:15:08 PM, on 4/27/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Microsoft Small Busin... Read more

A:Hijackthis Log Diagnosis Needed!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 54

i've got audio and video skipping like crazy, but i'm not sure how to interpret the results of the following logfile. this is a clean install of XP. i spybot s&d and defrag often. every time i reinstall XP, a couple of months go by, and the skipping problem recurs. i would be eternally grateful for any step-by-step tips on how to proceed from this logfile!

-impossibleJ

Logfile of HijackThis v1.99.1
Scan saved at 12:11:25 AM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common File... Read more

A:need diagnosis of hijackthis logfile

Read other 15 answers
RELEVANCY SCORE 54

It's the old Hooowah.com nasty - and the commonly associated richedtr.dll file isn't on my system, so if you can help, would be greatly, greatly appreciated, as I want to get rid of the damn pop-ups on IE.Logfile of HijackThis v1.99.1Scan saved at 19:03:46, on 8/28/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINNT\system32\internat.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINNT\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\WINZIP\winzip32.exeC:\Documents and Settings\user\My Documents ... Read more

A:HiJackThis Log - diagnosis needed!

Hello soulman and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.ImportantYour copy of HijackThis needs to be in a folder of it's own. If it is run from Temporary folders the backups and HijackThis itself could be accidentally deleted if the Temporary folders are cleaned. If it is run from the desktop then the backup files and folders can clutter up the desktop and be accidentally deleted. If it is run from inside a compressed file then the backups are not created at all.Please open My ComputerDouble-click on Local Disk (C:)Click on the File menu, point to New and then click on Folder. Name the folder 'HijackThis' or 'HJT'.Unzip to or copy and paste HijackThis.exe to the new folder (do not run HijackThis directly out of the sfx or compressed file).Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINNT\system32\pkshbbgt.dllO2 - BHO: RXResultTracker Class - {59879FA4-4... Read more

Read other 1 answers
RELEVANCY SCORE 54

Hey this is my logfile, if an expert could come by and diagnose my computer's problems, could you send an e-mail directly to me through [email protected] anways here goesC:\Program Files\RALINK\Common\RaUI.exeC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\System32\wuauclt.exeC:\Documents and Settings\Username\Desktop\HiJackThis_v2.exeC:\WINDOWS\System32\taskmgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\explorer.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS&... Read more

A:Hijackthis Logfile Diagnosis

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ambervoid First please find and delete:C:\Documents and Settings\Username\Desktop\HiJackThis_v2.exeNow download and install Hijackthis.This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default.A desktop shortcut can be created during install under 'Select Additional Tasks'.*************************Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and ... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

Hey all,Running ESET NOD32, plus superANTISPYWARE plus Spybot. Eset cannot remove the mebroot trojan, the malware scanners do detect and remove but it still is here :X. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:27:09 AM, on 21/07/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\System32\svchost.exeC:\Progr... Read more

A:HijackThis Log Diagnosis (Mebroot Trojan)

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Please tell me if the symptoms have changed or any new ones have appeared.Download and Run DDSPlease download DDS by sUBs from any of the links below:DDS.scr, DDS.pifDouble click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".When the scan is finished, two logs will open.Post DDS.txt directly into your reply. Attach Attach.txt.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.Close all other open programs as there is a slight chance your computer will crash.Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.You may see a warning saying "GMER has detected rootkit activity". If so, select NO.Leaving the settings at default, click Scan.When the scan is complete, click Save and save the log onto your desktop.Please include the log in your next reply.With Regards,The Panda

Read other 2 answers
RELEVANCY SCORE 53.6

Hi everyone! I had gotten a nasty rootkit virus on my desktop. I formatted it twice only to find out that the virus will still there! So then I ran KillDisk on the drive and then I ran fixmbr from the Windows Recovery Console. I started reinstalling my programs via USB jump drive and there the virus came back! So I realized that the virus made its way onto the MBRs of my USB jump drives! I ran killdisk on them as well. But before I realized that they were infected, they infected my laptop! Now, if I made any wrong moves my computer would have become unbootable like the desktop did. So I ran sdfix and Malwarebytes' Anti-Malware and SUPERAntiSpyware and between all of them I got a lot of stuff out! My computer seems to be running perfectly fine, but I would like you all to take a look at my hijackthis log if possible just to see if I got it all out. Thanks in advance!

-cablenut8286

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:53 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr... Read more

A:Hijackthis Log For Diagnosis...rootkit Specific

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.

Read other 2 answers
RELEVANCY SCORE 52.4

Hi there,

msconfig closes immediately when run, and I've read that this usually means a virus. I've run Adaware, Spybot search and destroy, both of which found nothing. AVG found and removed two Trojan startpages, but the computer is running a little slow, and, as I've said, msconfig closes immediately.

Here's my system info, followed by my HijakcThis log, and DDS logs. I've attached the GMER log.

Thanks in advance for any help you can give.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 1023 Mb
Graphics Card: Radeon X1650 Series , 512 Mb
Hard Drives: C: Total - 114400 MB, Free - 17962 MB;
Motherboard: Dell Computer Corp., 0M2035, , ..CN4811236N177N.
Antivirus: AVG Anti-Virus Free Edition 2011, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:36:25, on 19/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents ... Read more

A:msconfig closes immediately - HijackThis log diagnosis needed

Read other 14 answers
RELEVANCY SCORE 36.8

OK, for starters, I read all your instructions and first introduced myself. I have offered to help people with questions related to my professional field in return for hopefully getting some help with my computer. Not looking for something for free without giving back something, I am trying to be polite.This problem began last fall. My hard drive spins like a dremel tool going 30,000 RPM. Being somewhat computer savvy, I suspected a virus, trojan, or spyware. This happens on startup, or when I connect to the internet, or when I am typing an email. Also, when typing into my Word Processor and not connected to the web.I am running the following preventative programs now:AVAST! AntivirusSygate FirewallPC Tools Spyware DoctorSpybot Search and DestroyAd-Aware SE, Plus (subscription version)PC Tools Registry MechanicI have run CWS shredderUsing latest version of Firefox and Thunderbird. Firefox noscript plug-in installed. I'm on a dial-up connection.While several progressive iterations of this software found and neutralized Trojan LazarC, Netsky, a CWS file, and Perfect Keylogger, I am still not out apparently of the woods yet.What I have noticed thru careful monitoring of my firewall, is that when I am online and the hard drive starts spinning, I get a lot of port scans originating from Mainland China. For example, I was downloading some files using Internet Dowload Accelerator, and had it set to disconnect from the web and shut the computer down after completing all ... Read more

A:Help With Diagnosis, Please

Hello thejunknetwork and welcome to the BC HijackThis forum. The first thing we need to do is update the operating system on this computer.Your operating system is extremely out of date. By not keeping the OS updated the computer is vulnerable to every infection on the net and in emails today and trying to repair an unpatched system is virtually impossible. For update purposes, Microsoft has even stopped supporting a system that is this far out of date. Go to the Microsoft Windows XP Service Pack 1.a site and install Service Pack 1a. Once that is done, go back to the Windows Update site and install all available Critical Updates but do not install SP2 at this time. This will patch the system with the most current security fixes and plug all the known holes which are present on this system. If you are not on a broadband connection the Service Pack can be obtained from Microsoft for a nominal shipping fee.After all of the updates have been performed post a new HijackThis log back here using the Add Reply button and I will review it when it comes in.Cheers.OT

Read other 3 answers
RELEVANCY SCORE 36.8

Here is my log, just finished ad--aware and spybot-s&dLogfile of HijackThis v1.97.7Scan saved at 2:50:11 PM, on 12/1/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Trend Micro\Internet Security\pccguide.exeC:\Program Files\Trend Micro\Internet Security\PCClient.exeC:\Program F... Read more

A:Please help diagnosis, thanks

Please run these two online scans. Make sure they are set to clean automatically:TrendMicro's HouseCallActiveScanYou should try to delete any files that these scanners are unable to clean. Then let us know if its working better and what the scans found.You are using an old version of HijackThis, please download the latest version and post a new log.Download Hijackthis:http://www.spywareinfo.com/~merijn/files/hijackthis.ziphttp://computercops.biz/downloads-cat-14.htmlIf you cannot reach either site it is available from my signature.

Read other 5 answers
RELEVANCY SCORE 36.8

Greetings all, I have the opportunity to pick up a dead laptop for free.
The owner suspects that she was infected by a virus as she spewed out infected emails to her entire saved address list. She then said that she suffered catastrophic hard drive failure. So she is giving it to me.
I can easily replace the hard drive and install a Windows OS. Is there anything else I need to look at?

A:Diagnosis

I wouldn't necessarily take her word for the HDD being dead, just set the BIOS up to boot from a CD and run the usual utilities on the machine (BART PE disk, etc, if you have such tools to hand...)

Read other 3 answers
RELEVANCY SCORE 36.8

I have a broken Compaq Presario 900z laptop.

SYMPTOMS:
1. With everything still assembled I push the power button. The power LED comes on, and the speakers make a light pop like they do when they get powered. Nothing else; no fans, or HDD spin up, or apparent power to the screen, nothing else.

2. I removed the processor and push the power button. The power LED comes on, the case and cpu fan come on full speed, and the speakers make a light pop like they do when they get powered. Nothing else.

3. Another hint? I'm not sure if this provides any clues:
I borrowed an old but working Socket A Duron (I suppose it SHOULDN'T work). But when i pushed power the same thing happened as when there was no processor in there. As I already stated, this may or may not provide any additional clues. I don't know.

What's different between processor and no processor?
Without the original processor in, the fans spin up.

DIAGNOSIS?
Does this mean the CPU is bad, or the mobo is bad?
Is there any hope in finding a new processor to put in there?
 

Read other answers
RELEVANCY SCORE 36.8

Hello,

My home pc is not taken care of very well since I go to school, and every time I return something is broken. There were a few BSoDs my family complained about but then I realized they blew the video card and I am forced to use the integrated inputs on the motherboard.

It seemed to work for a while, however after a bit of use I received a BSoD stating 0x00000024. I restarted and then I received the BSoD 0x00000050. I read around about memory errors however, I am pretty sure I checked the ram and it stated to be healthy still. I ran multiple check disks, re-installed windows. I am at a loss with this pc.

Is there anything I should do to help determine if its hardware or software?

A:Help with diagnosis!

Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

Read other 20 answers
RELEVANCY SCORE 36.8

I just ran my first HJT scan cos I kept getting redirected to popupsearch....I'd really appreciate it if someone could tell me what I need to do(I have AD-aware and Spybot and run them regularly).ThnxLogfile of HijackThis v1.99.0Scan saved at 2:35:06 PM, on 11/01/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINNT\System32\CTSvcCDA.exeC:\WINNT\System32\svchost.exeC:\Norman\NVC\BIN\Zanda.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\MsPMSPSv.exeC:\WINNT\system32\svchost.exeC:\NORMAN\nvc\BIN\NJEEVES.EXEC:\NORMAN\nvc\BIN\NVCSCHED.EXEC:\WINNT\Explorer.EXEC:\NORMAN\nvc\BIN\nvcoas.exeC:\Program Files\Creative\ShareDLL\CtNotify.... Read more

A:HJT Log- Can I get a diagnosis pls

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, --you should only see HijackThis on your Desktop--click scan, and put a checkmark next to each of these and click the Fix Checked button.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.popupsearches.com/sidesearch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.popupsearches.com/sidesearch.htmlO2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINNT\BTGrab.dllO2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINNT\system32\dsktrf.dllO4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Window... Read more

Read other 8 answers
RELEVANCY SCORE 36.8

hey heres my log, no idea what to delete and dont wanna destroy my comp, so i would love some help from somebody who does know.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:20:11 PM, on 1/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\svchost.exeC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exeC:\Windows\System32\svchost.exeC:\Windows\system32\spoolsv.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exeC:\Windows\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Windows\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Windows\system32\svchost.exeC:\WINDOWS\system32\WebUpdateSvc4.exeC:\Windows\RTHDCPL.EXEC:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exeC:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exeC:\Program Files\Common Files\Maxtor\Schedule2... Read more

A:Need Log Diagnosis

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.

Read other 2 answers
RELEVANCY SCORE 36.8

I need to confirm the current problem of my computer at this state, it's not functioning after startup. So I need someone that can expertly agree with my conclusion.

Okay first the specs:
Brand Model: Acer Aspire M3641
Memory: 4GB DDR2 PC2-6400
CPU: Intel Core 2 Duo E7200
Video Card: PNY 9600GT
PSU: 250W, that's what it says on the side of the psu.

Okay, I know it seems my system is seriously underpowered, but I want to know whether that could be the problem all this time. When I first upgraded to a 9600, I didn't bother changing the power supply because everything worked fined as is. The card is powered using a 2 end 4 pin molex power connector to 1 pci-express power connector.

What happened exactly from I believe was a strong indicator of my computer's arising issues: I was watching a youtube video later yesterday then right in the middle of the video my computer completely froze for about 2 seconds then restarted. No blue-screen, no warning. After that I kept using the computer after the abrupt restart, then when it came time to turn it off it wouldn't turn on. The computer would indeed exhibit lights from the power button but absolutely no lights to indicated hard disk and network adapter activity. No signal on my monitor, no lights from keyboard and mouse at turn on. I opened the computer to see if there was maybe issues with foreign materials inside that maybe causing short circuits but found nothing. No POST beep either.

I like to believe m... Read more

A:Need Diagnosis

Read other 11 answers
RELEVANCY SCORE 36.8

IE's been hijacked by a fun bit of malware and I'm not sure how to get rid of it. Browsed around and found that this place might help, so here's my HJT Log.Logfile of HijackThis v1.99.1Scan saved at 10:05:03 AM, on 5/6/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\windows\system\hpsysdrv.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exeC: ... Read more

A:HJT Log: Diagnosis please

Download cwshredder 2.12 from here:http://cwshredder.net/bin/CWShredder.exeRun the file after it is downloaded and click on the fix button. Let it do its thing and when its done, even if it crashes.When its done run hijackthis again post a new log

Read other 1 answers
RELEVANCY SCORE 36.8

Pls help meLogfile of HijackThis v1.99.1Scan saved at 15:05:26, on 2006/10/04Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\system32\cisvc.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\rundll32.exeC:\Program Files\Trend Micro\Anti-Spam For OE\TMAS_OEMon.exeC:\Program Files\DAEMON Tools\daemon.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\update1.exe2560.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Yahoo!\Messenger\... Read more

A:Log For Diagnosis

Hello Arunz and welcome to the BC HijackThis forum. Let's start out with a scan by Ewido.First download ewido anti-spyware from HERE and save that file to your desktop.Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.Once the setup is complete you will need run ewido and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.Once in the Settings screen click on "Recommended actions" and then select "Quarantine".Under "Reports"Select "Automatically generate report after every scan"Un-Select "Only if threats were found"Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:Launch ewido-anti-spyware by double-clicking the icon on your desktop.Select the "Scanner" icon at the top and then the ... Read more

Read other 1 answers
RELEVANCY SCORE 36.8

Logfile of HijackThis v1.99.1Scan saved at 18:59:05, on 16/05/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOW... Read more

A:Diagnosis Help

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR3 - Default URLSearchHook is missingO2 - BHO: Local Spool support DLL - {00C9D850-244D-10E1-B3C9-10805E499D95} - C:\WINDOWS\system32\lclsplnt.dllO4 - HKLM\..\Run: [Gzcltzp] C:\Program Files\Dson\Examvfo.exeO4 - HKLM\..\Run: [windows] iexplore.exeO4 - HKLM\..\Run: [WinCast] F:\SETUP.EXE -lengO4 - HKLM\..\Run: [Xh7So] C:\WINDOWS\fonqyjq.exeO4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exeO4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"O4 - HKLM\..\Run: [Xh$v???/?????f?Nb?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\fonqyjq.exeO4 - HKLM\..\RunServices: [windows] iexplore.exeO4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -hO4 - HKCU\..\Run: [c0q5RRbnV] cewhu.exeO... Read more

Read other 1 answers
RELEVANCY SCORE 36.8

I'm trying to help out my friend and clean off his computer a bit. If there is anything that could be dangerous or removed for any other good reason, I would appreciate your advice on the matter.

Thanks for your time,
I Am Zero One
DDS (Ver_09-07-30.01) - NTFSx86
Run by Michael Graham at 13:21:19.50 on Sat 08/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.467 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna... Read more

A:Log Diagnosis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 4 answers