Over 1 million tech questions and answers.

Log Analysis-plz Help New User

Q: Log Analysis-plz Help New User

Hi my name is Jerry and I'm new to this site. My computer has been running a little slow latley and i was wondering if you guys could help me. One of my co-workers had recommended you guys. Id also like to improve my start up, it takes to long to load up.I have downloaded the hijack logfile and saved the log, please help me. Your help is much appreciated.
Sincerely,
Jerry

RELEVANCY SCORE 200
Preferred Solution: Log Analysis-plz Help New User

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Log Analysis-plz Help New User

Sorry for got the log file lol. Here it is and thatnks again for any help.Logfile of HijackThis v1.99.1Scan saved at 10:20:31 AM, on 9/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\igfxsrvc.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXEC:\WINDOWS\system32\basfipm.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\SYSTEM32\Rpcnet.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exeC:\Program Files\uTorrent\utorrent.exeC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Program Files\DVDFab Decrypter 3\DVDFabDecrypter.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\JEROME~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dllO4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Logitech SetPoint.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159125170812O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cabO18 - Protocol: bw+0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {A9CB8BB2-2F78-400F-970F-97251F3EA60C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dllO20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dllO23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\SYSTEM32\Rpcnet.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeO23 - Service: WLANKEEPER - Intel? Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Read other 2 answers
RELEVANCY SCORE 50.4

So I have Vista 32bit- Did a scan of all open ports, and I find a few funny looking things.

I've copied the report from CurrPoints below- Can anyone assist with identification- if I have some unwanted listening going on?!? Tried looking up a couple of the ports and they are not even found- wondering if my system has been compromised somehow-----


First attachment is the stuff I don't unerstand-

Second one is full report from CurrPorts program.

Thanks!


( PLEASE SEE ATTACHMENTS)

A:New User Needs Help-CurrPorts Log- Analysis Please?

Hi,

Try looking at the IP addresses here to see who they belong to: -

http://www.ip-adress.com/ip_tracer/68.228.22.192

Read other 1 answers
RELEVANCY SCORE 49.6

Logfile of HijackThis v1.99.1Scan saved at 1:39:48 PM, on 2/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exeC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:&#... Read more

A:I Am A New User.. I Hope Somebody Can Analysis This Hijack Log For Me.thanks

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *Download & install CleanUp.exe (not recommended for WinXP64)Download and install Ewido Security SuiteWhen installing, under "Additional Options", uncheck - Install background guardHave Ewido update itself & then exit the program.If you are having problems with the updater, you can use this link to manually update Ewido'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer&... Read more

Read other 16 answers
RELEVANCY SCORE 48.8

I have familiarized myself with this enough to fix any problem that is fixable..Hopefully someone can help me out..I use my computer daily for different tasks and have been unable to do so because of all the popups/ads...mostly for the spymaxx..My pc is really eaten up with this stuff..I don't even surf porn yet "asian nudes" etc..came up in the scans...look foward to hearing something..Kind Regards,DrewHijack this LogLogfile of HijackThis v1.99.1Scan saved at 5:32:46 PM, on 5/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\LimeWire\LimeWire.exeC:\PROGRA~1\NORTON~1\NORTON~2... Read more

A:All Logs Required For Analysis..windows Xp..novice User..

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 48.8

Hi,
in this video Laura E. Hunter from Microsoft describes behavior analytics: https://youtu.be/hNZdboDvnuU?t=1251
She says that ATA will analyze the behavior in a domain for 21 days and declare this as normal behavior. After the 21 days ATA will report unusual user behavior based on the 21 days analysis.
I have two questions about this:
1. Can we see the progress of the analysis somewhere? I searched through the ATA-center but there is nothing. Is it possible to see it in some kind of logfile or the Mongo-DB?
2. We have started ATA with one DC. What happens if we add our other DCs later? Will the analysis recognize behavior from those, also when the 21 days are already over?
I did not find anything about this 21 days analys period in the documentation. I'm more than happy with a hint if I have overseen something there.
Thanks in advance

Read other answers
RELEVANCY SCORE 43.2

Hi everyone,

Previous article: Malware Analysis #7 - Bytes and HEX

Today, I would like to go more in-depth with HEX analysis. There should be more parts to going more in-depth with HEX analysis. For example, one tutorial we will use a trojan downloader or a trojan banker, or others... And then the other part we may use a cryptolocker sample, fake antivirus software, worms or adware. So, this will be part-based.

I didn't think I could just leave the previous thread with that simple example on HEX and HEX editors... No, no. I had planned to go more in-depth, which is why I left the previous thread as simple as it was, so it would be easier to understand and take in at a time.

Let's get started!
----

Today, I will be showing you how to identify a worm houdini (VBS Script sample). Before I continue, I would like to note the following:

- Remember to use a VM say on case
- While I cannot share the sample UNLESS the MT staff make a section for analysis like Malware Hub and allow links, you can get worm samples from te malware hub.
- Lastly, enjoy!

--

As you can see from the below sample, there is a VBS script file on my desktop:
Firsly, I would like to note that the size of the sample is small. VBS samples usually are. In fact, a good amount of malware is small, one reason could be so it can be easily downloaded onto the users computer. Samples can become smaller through packing. However, not all samples are small, some are very large. It's a mix between ... Read more

A:Malware Analysis #9 - more in-depth analysis with HEX (Houdini worm)

Hi and thanks for this great article.
We need to Know How to decode .VBS worm, The sample you have it seems to be decoded before you wrote this article.
if we didn't decode it we'll not find any useful information.
Thanks again
 

Read other 3 answers
RELEVANCY SCORE 37.2

Some users may find it interesting!!

A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.
Awesome Malware Analysis
Malware Collection
Anonymizers
Honeypots
Malware Corpora

Open Source Threat Intelligence
Tools
Other Resources

Detection and Classification
Online Scanners and Sandboxes
Domain Analysis
Browser Malware
Documents and Shellcode
File Carving
Deobfuscation
Debugging and Reverse Engineering
Network
Memory Forensics
Windows Artifacts
Storage and Workflow
Miscellaneous

Resources
Books
Twitter
Other

Related Awesome Lists
Contributing
Thanks

 

Read other answers
RELEVANCY SCORE 35.6

I run windows 7 premium 64 and all of the sudden I stated to get this popup after windows loads that says
"C:\User\Lori-Bee\AppData\Local\Temp\032150Log.iniis lost"
How can I fix this?...I tried check disk running CCleaner ....No difference

A:C:\User\User -User\AppData\Local\Temp\032150Log.iniis lost

Hi there ... Read the Link below and follow the Instructions ..
ASUSTeK Computer Inc.-Forum- Error 182418Log.iniis lost

Read other 7 answers
RELEVANCY SCORE 34.4

After adding a User as a Family Member(child), when the family member logs in with his user he gets this message: The User profile service failed. The sign in user Profile cannot be loaded.

Read other answers
RELEVANCY SCORE 32.8

As of today, in our domain environment consisting of Windows 8.1 and Windows 7 Enterprise machines, we are experiencing the "User Profile service failed the sign-in - User profile cannot be loaded" error message whenever a user tries to login.
This only affects users new to the particular machine. If they have signed on before and already have a cached account the computer logs them in with no issue. This is occurring on both Win8.1 and Win7 machines. We are an academic institution so this is becoming
a huge problem in our labs. Students generally use different computers so this is popping up very frequently. I have a solution for the issue. It appears that on the non-working machines that the "Default" user profile is corrupt. I have discovered
that if I find a machine, Win8.1 or Win7, doesn't matter, that is allowing first time users to logon I can copy the "Default" user profile and replace the corrupt one. I must first permanently delete the corrupt profile before copying over the new
one. I am doing this over the network by navigating the C:\users\ folder. Even this way is becoming cumbersome though as we have over 1000 computer in labs. I have googled and googled and I keep seeing the same answers offering various solutions, none which
are any more practical than my method. I cannot find information on a cause or a reason of why this would just crop up out of nowhere. I suspect maybe a Windows update but I cannot verify that yet. ... Read more

Read other answers
RELEVANCY SCORE 30.4

Hi just download HJT and need help understand what to check for deletion. Thanks a ton in advance....

Logfile of HijackThis v1.98.2
Scan saved at 12:42:58 PM, on 12/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.e... Read more

A:HJT analysis

Hi cfsunoles, Welcome to TSG!!

Download Spybot http://www.safer-networking.org/en/download/index.html

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

On the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

In the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Reboot and post another log.
 

Read other 1 answers
RELEVANCY SCORE 30.4

Hi,Could you tell me what Ican delete in my log.Thank you very muchLogfile of HijackThis v1.99.1Scan saved at 13:29:44, on 09/17/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Norton Internet Security\ccPxySvc.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Fichiers communs\Real\Update_OB\realsched.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Fil... Read more

A:log analysis

Are you having any specific problems? Right off the bat, fixing this will make it a bit faster:

O4 - HKLM\..\Run: [Overnet] C:\Program Files\Overnet\eDonkey2000.exe -t

Read other 1 answers
RELEVANCY SCORE 30.4

Here is a copy of the save log, can you please help me with diagnosis and removal.Logfile of HijackThis v1.99.1Scan saved at 10:37:59 AM, on 1/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\CTsvcCDA.exec:\program files\cox\applications\app\CurtainsSysSvcNt.exeC:\Program Files\Common Files\Command Software\dvpapi.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exeC:\Program Files\Sony\MD Simple Burner\NetMDSB.exeC:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEC:&#... Read more

A:Need Help Please With Analysis

Hi,You have probably been helped elsewhere, but if you still need help can you post a new log from HijackThis. The notification system will tell me that you posted.In case you are not using the latest version of HijackThis (1.99.1), please download the latest version from one of these addresses:http://www.bleepingcomputer.com/files/hijackthis.phphttp://209.133.47.12/~merijn/files/HijackThis.exehttp://www.downloads.subratam.org/hijackthis.zip

Read other 1 answers
RELEVANCY SCORE 30.4

Could you please do a Log analysis and let me know if there is anything to repair.Thank YouLogfile of HijackThis v1.99.1Scan saved at 1:19:28 PM, on 10/2/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hphmon05.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\LTMSG.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\Program Files\Scansoft\PaperPort\pptd40nt.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXEC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC: ... Read more

A:Please do a HJT log analysis

Welcome kathy915 to Bleeping Computer.Please remove MyWebSearch:Move to Start > Settings > Control PanelDouble click Add/Remove Programs. Within Add/Remove programs click the "Install/Uninstall" tab or click the "Change or Remove Programs" button.Within this section you will see a listing of programs that are currently installed that support this feature. If the program I?m advising you to uninstall is listed within this list, highlight it and click the Add/Remove or uninstall option or button.If the program is not listed within this list, let me know.***Go to Start->Run and type "Services.msc" (without quotes) then hit OkScroll down and find the service called:itirclWhen you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don?t find this service listed go ahead with the next steps.***Open HijackThisclick on "None of the above, just start the program". click on the "Config" button (bottom right), click on "Misc Tools"click on "Delete an NT Service" (a window will pop up) Enter the below item into that field (make sure there are NO spaces before or after the name):itirclClick OK.It should pull up information about the service, then ask if you want to reboot. Click YES.***Download the Killbox.Unzip it to the desktopDou... Read more

Read other 13 answers
RELEVANCY SCORE 30.4

I think ive been infected with Browsela.dll and other nasties. Here is my HJT. Thanks in advance.Logfile of HijackThis v1.99.1Scan saved at 5:48:33 PM, on 1/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\nvsvc32.exeC:\WINNT\SOUNDMAN.EXEC:\Program Files\QuickTime\qttask.exeC:\WINNT\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154R1 - HKCU\Software\Microsoft\Internet Explorer\Searc... Read more

A:Hjt Log Analysis Please

Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exeSave it on your desktop.Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkilClose all windows, open the win32delfkil folder and double click on fix.bat.The computer will reboot automatically ================Go to the link below and download the trial version of SpySweeper:SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg* Click the Free Trial link under "SpySweeper" to download the program.* Install it. Once the program is installed, it will open.* It will prompt you to update to the latest definitions, click Yes.* Once the definitions are installed, click Options on the left side.* Click the Sweep Options tab.* Under What to Sweep please put a check next to the following:o Sweep Memoryo Sweep Registryo Sweep Cookieso Sweep All User Accountso Enable Direct Disk Sweepingo Sweep Contents of Compressed Fileso Sweep for Rootkitso Please UNCHECK Do not Sweep System Restore Folder.* Click Sweep Now on the left side.* Click the Start button.* When it's done scanning, click the Next button.* Make sure everything has a check next to it, then click the Next button.* It will remove all of the items found.* Click Session Log in the upper right corner, copy everything in that window.* Click the Summary tab and click Finish.* Paste the contents of the session log you copied into your next reply.Also post a new Hijack This log... Read more

Read other 12 answers
RELEVANCY SCORE 30.4

I know what's wrong with my log but I can't seem to get the file to stay gone so some insight would be helpful... thanks in advance.Logfile of HijackThis v1.99.1Scan saved at 4:19:54 AM, on 4/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS2\System32\smss.exeC:\WINDOWS2\system32\csrss.exeC:\WINDOWS2\system32\winlogon.exeC:\WINDOWS2\system32\services.exeC:\WINDOWS2\system32\lsass.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\System32\svchost.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\system32\spoolsv.exeC:\WINDOWS2\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS2\system32\HPZipm12.exeC:\WINDOWS2\system32\svchost.exeC:\... Read more

A:Analysis?

Hi,I know what's wrong with my log but I can't seem to get the file to stay gone so some insight would be helpful... thanks in advance.I guess you don't really know that you are infected with several different infections. One which also collects all your passwords.It's important you follow my steps in the right order...Hello,* Please download VundoFix.exe to your C:\.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.After reboot,* Download SDFix and save it to your Desktop.* Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)* Reboot into Safe Mode`: ( without networking support !)?To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.* Start HijackThis, close all open windows leaving... Read more

Read other 8 answers
RELEVANCY SCORE 30.4

Logfile of HijackThis v1.99.1Scan saved at 7:36:28 PM, on 1/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS&... Read more

A:Hjt Log Analysis

Hello,You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, you'll see your desktop and taskbar won't load yet. This is normal, because it is still scanning. Please be patient.Afterwards, HijackThis will launch automatically. Please click Scan, and check the following items:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll <== not requiredO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [Serviceprocess] NsCplTray.exeO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{5C686A19-1FA8-4009-B300-58A7A9A5CE08... Read more

Read other 4 answers
RELEVANCY SCORE 30.4

Logfile of HijackThis v1.99.0
Scan saved at 1:08:05 PM, on 1/17/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\services.exe
C:\WINDOWS\System32\svchost.exe
C:\RECYCLER\S-1-5-21-458573308-1249257218-1260325492-1443\system32\csrss.exe
C:\WINDOWS\system32\iebk32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\P2P Ne... Read more

Read other answers
RELEVANCY SCORE 30.4

Hi, im having spyware problems in my computer, so i run the Hijackthis tool, that gives me thos log results, but i can?t understand what can i delete or not. can anyone help me, plesase:andLogfile of HijackThis v1.99.1Scan saved at 15:54:43, on 23-02-2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\explorer.exeC:\Programas\Alwil Software\Avast4\aswUpdSv.exeC:\Programas\Alwil Software\Avast4\ashServ.exeC:\Programas\Apoint2K\Apoint.exeC:\Programas\TOSHIBA\E-KEY\CeEKey.exeC:\Programas\TOSHIBA\Power Management\CePMTray.exeC:\Programas\TOSHIBA\TouchPad\TPTray.exeC:\WINDOWS\system32\ezSP_Px.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Programas\TOSHIBA\ConfigFree\NDSTray.exeC:\Programas\Ficheiros comuns\PCSuite\DataLayer\DataLayer.exeC:\Programas\Apoint2K\Apntex.exeC:\Programas\Ficheiros comuns\Nokia\Tools\NclTray.exeC:\Programas\TOSHIBA\P... Read more

A:Help Me With This Log Analysis ...!

Add remove programs - remove logitech desktop messengerDownload the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)? Install ewido.? During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".? Launch ewido? It will prompt you to update click the OK button and it will go to the main screen? On the left side of the main screen click update? Click on Start and let it update.? DO NOT run a scan yet. You will do that later in safe mode.Restart your computer into safe mode now. Perform the following steps in safe mode:(Start tapping F8 at the first black screen after power up)Run Ewido:? Click on scanner? Click Complete System Scan and the scan will begin.? During the scan it will prompt you to clean files, click OK? When the scan is finished, look at the bottom of the screen and click the Save report button.? Save the report to your C: DriveThis will take some time to run!Boot to normal modePost that log and a new HiJack log

Read other 1 answers
RELEVANCY SCORE 30.4

Having some issues with about:blank. Found some posts on how to get rid of it, tried them, and failed. Could someone take a look at this to tell me what to get rid of and how. Thanks so much!Logfile of HijackThis v1.99.0Scan saved at 6:36:19 PM, on 2/21/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\mfcpv.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\PRISMSVR.EXEC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WIND... Read more

A:HJT log analysis

Download the attached zip file and unzip it to your desktop.http://www.mvps.org/winhelp2002/DelDomains.infRight-click on the deldomains.inf file and select 'Install'Download cwshredder 2.12 from here:http://cwshredder.net/bin/CWShredder.exeRun the file after it is downloaded and click on the fix button. Let it do its thing and when its done, even if it crashes.When its done run hijackthis again post a new log

Read other 7 answers
RELEVANCY SCORE 30.4

I was hoping that someone could analyze this log for me. Also in my start toolbar I keep getting a message that possible harmful infection is taking over my computer. As I click on the windows update icon it takes me immediately to a "Spyfalcon" site. It tells me to download this to protect my computer yet there seems to be no affliation with the United States on this site. Is this something I should download or not??? Also here is my hijack log. I appreciate it. Logfile of HijackThis v1.99.1Scan saved at 11:21:32 AM, on 3/20/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exeC:\WINDOWS\System32\iigppca.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\hkcm... Read more

A:Log Analysis

Hello timhallam8 and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.ImportantYour copy of HijackThis needs to be in a folder of it's own. If it is run from Temporary folders the backups and HijackThis itself could be accidentally deleted if the Temporary folders are cleaned. If it is run from the desktop then the backup files and folders can clutter up the desktop and be accidentally deleted. If it is run from inside a compressed file then the backups are not created at all.Please open My ComputerDouble-click on Local Disk (C:)Click on the File menu, point to New and then click on Folder. Name the folder 'HijackThis' or 'HJT'.Unzip to or copy and paste HijackThis.exe to the new folder (do not run HijackThis directly out of the sfx or compressed file).Step #1Download and install the trial version of the ewido security suite. Update the program and then close it. Do not run it yet.Step #2Download and install AdAware SE Personal v1.06Download and install the VX2 Cleaner AddOnStart AdAware SE PersoanlClick AddOnsDouble-click VX2 CleanerClick Ok to run the toolIf any malware is found click Clean SystemClick Scan NowClick Perform smart system scanClick NextClean anything that is foundStep #3Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arro... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

I am trying to debug my brothers PC. This is the hijack this log. I think he has easysearch adaware, but I am not sure how to remove the problem. Any help is appreciated.Logfile of HijackThis v1.99.0Scan saved at 12:46:56 AM, on 1/5/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\System32\atievxx.exeC:\WINDOWS\iau.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WIN... Read more

A:Need Analysis

Please download and install CWShredder.http://cwshredder.net/bin/CWSInstall.exePlease make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.bizR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://easy-search.bizR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localO2 - BHO: (no name) - {6DA3E3A0-E185-4AC8-A1DF-CB773676F7FB} - C:\WINDOWS\System32\ciof.dll (file missing)O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exeO4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exeO4 - HKLM\..\Run: [Games Acceleration] svshost.exeO4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exeO4 - HKLM\..\Run: [Microsoft Management Console] lssas.exeO4 - HKLM\..\Run: [Multimedia extensions] mservice.exeO4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exeO4 - HKCU\..\Run: [Internet Conne... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

I have attached my HJT scan....need advice on which items are valid and which need to go....JoeLogfile of HijackThis v1.99.0Scan saved at 11:43:25 AM, on 12/31/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\SSDPSRV.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXEC:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXEC:\WINDOWS\SYSTEM\ATI2EVAE.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\REGPROT\REGPROT.EXEC:\WINDOWS\RUNDLL32.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXEC:\WINDOWS\SYSTEM\ATIPTAXX.EXEC:\WINDOWS\SYSTEM\ATI2CWXX.EXEC:\WINDOWS\SYSTEM\QTTASK.EXEC:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXEC:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\POPFILE\POPFILEIB.EXEC:\WINDOWS\SYSTEM\RNAAP... Read more

A:HJT log analysis please

Hi Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop.Install the program. Don't use it yet.Please print or copy these instructions because you are not able to access the Internet in SafeMode.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun HijackThis!, press Scan, and put a check mark next to all these:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)O16 - DPF: {5F03EAB4-1AD5-11D4-AE99-0050DAC24E8F} - http://www.iwon.com/ct/in_wn/iwonslot1,0,1,0.cabClose all other windows and browsers, and press the Fix Checked button.With all windows and browsers closed.Clean out temporary and Temporary Internet Files.A. Open System Security Suite.B. In the Items to Clear tab thick:- Internet Explorer (left... Read more

Read other 8 answers
RELEVANCY SCORE 30.4

Hello to all,

Well, my home computer has a problem. I believe it's infected with various trojans and or other malware. After running AdAware SE Professional, the first scan picked up 199 malware items, including such items as: Win32: Trojano-803[Trj] in File name:c:\temp\NcasePackage.exe, SahAgent LSP Dataminer, SAHagent ms.w95.spi. u.. (also t,r,etc). I even saw Coolwebs malware in the list. Anyway, when I tried to delete items, the program hung up and would'nt delete them.
We also have some other programs installed that were able to delete some of the files, but not all. We have avast! Antivirus, Spybot Search & Destroy, a squared, CW Shredder and AdAware SE Professional installed. Please check my HJT log and let me know what to do.
Thank you!

A:HJT Log Analysis

Hey folks,Well I'm replying to my own post. It seems the file I attached is not the HJT log, so I'm going to attach it from notepad here (I hope). If anyone can help me let me know. Thanks.tuckertLogfile of HijackThis v1.99.0Scan saved at 11:30:01 AM, on 12/30/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXEC:\WINDOWS\SYSTEM\LMSTATUS.EXEC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXEC:\COREL\SUITE8\PROGRAMS\DAD8.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\ZSPOOL32.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER3 - Default URLSearchHook is missingO2 - BHO: CCHelper - {0CF... Read more

Read other 2 answers
RELEVANCY SCORE 30.4

Hello Guys,

I need some help in checking that ComboFix has cleaned an infected Pc. I ran ComboFix today and received a log file on completion. The Pc seems to be clean now. But you can never be sure. Can someone look at the log for me please. I will attache the log when we have made contact.

Thanks

A:Log Analysis

Welcome to BCPlease note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. If you have any questions, please PM me or another Moderator.The BC Staff

Read other 1 answers
RELEVANCY SCORE 30.4

Hi. I'm having problems with IE (6.0) arbitrarily redirecting my browser to other websites. Two, in particular, are WinFixer and WinAntivirusPro. Others come up as well, but the aforementioned sites happen most often.I am going through the tutorial to try and teach myself how to analyze and correct from the log report myself, but your assistance along the way would sure be appreciated.MarketBrowser and SmileyCentral are applications I have chose to install because I use them.Thank you very much....Logfile of HijackThis v1.99.1Scan saved at 7:26:33 AM, on 10/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.ex... Read more

A:Hjt Log Analysis

Hi, eliminator.Please print these instructions out for use in Safe Mode.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the filesThis will create a VundoFix folder on your desktop.After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.Once in safe mode open the VundoFix folder and doubleclick on KillVundo.batYou will first be presented with a warning.
It should look like this
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.
Next you will see:
Please Type in the filepath as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\jkkjg.dllPress Enter to continue with the fix.
Next you will see:
Please type in the second filepath as instructed by the forum
staff then press enter: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\gjkkj.*Press Enter to continue with the fix.The fix will run then HijackThis will open. If it does not open automatically, open it after manually rebooting your computer.In HiJackThis, please place a check next to the following item... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

Hello all.Fist of all, I not only had the Flush Trojan, but 465 combinations of viruses and Trojans.I used the tools recomended on this site and the last one, which was Ewido seem to get the remaining viruses I had.I do a full scan with Avast and online with Trend and Kapersky and all is clean and the HP/Compaq p4 with 2.7 celeron is working fine once again.Spybot and adaware are coming up clean as well.One strange problem still remains.I can't access the regestry key"HKEY_LOCAL_MACHINE\SOFTWARE"I click on the + next to software and nothing happens.Here is my HJT log after cleaning everything up.Thanks.MitchLogfile of HijackThis v1.99.1Scan saved at 10:49:35 PM, on 10/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\... Read more

A:My Hjl Log Analysis Please

Hi,

Sorry for the late reply. If you still need some help, please post a new log in this thread. Don't start a new thread.
I'll take a look at it then.

Read other 2 answers
RELEVANCY SCORE 30.4

Logfile of HijackThis v1.99.1
Scan saved at 2:40:30 PM, on 11/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-89... Read more

A:Please help me analysis.

Welcome to TSF.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware® SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Perform an online scan in Internet Explorer with Panda ActiveScan (Found in the top right corner in RED)
Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Read other 14 answers
RELEVANCY SCORE 30.4

A few days ago (just before installing SP2 for XP), my PC opens IE-Windows automatically, i had some Icons (Casino, Partner-Finder, Search etc.) on my desktop and an additional IE-Searchbar as well as start page. I tried with CWShredder - with no success. Can anybody help me, please..?Here's my Logfile generated by Hijackthis:Logfile of HijackThis v1.98.2Scan saved at 15:41:28, on 15.08.2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programme\AVPersonal\AVGUARD.EXEC:\Programme\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\SYSTEM32\GEARSEC.EXEC:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\PROGRA~1\TOBITC~1\Server\ClipInc-Server.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\sstray.exeC:\Program Files\ASUS\Probe\AsusProb.exeC:... Read more

A:Please help with analysis...

You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on.For a tutorial on how to use HijackThis please see the following link:Using HijackThis to Remove Spyware, Browser Hijackers, and DialersI want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search200.com/passthrough/index.htm...p://about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.xbihqenexard.net/2VK8w0r16BaE60...NbKavMAuOLj.jpgO4 - HKLM\..\Run: [HOPE COPY] C:\PROGRA~1\LONGLO~1\start army.exeO4 - HKLM\..\Run: [knob gram mix two] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Audio meow knob gram\onlinehelp.exeO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/2182f9a6ea2a23ccb818/...ip/RdxIE601.cabReboot your computer into Safe Mode and delete the following files:Then delete these files or directories (Do not be conce... Read more

Read other 3 answers
RELEVANCY SCORE 30.4

I recently fixed my PC which was infected by a lot of things..I left my brother with the PC for 2 hours and its full of itI've used VundoFix to remove some malware also my current anti-virus (f-secure)just need some one to check my LOGPLEASE CHECK,THANKS,Logfile of HijackThis v1.99.1Scan saved at 23:44:36, on 07/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\TALKTA~1\backweb\81720\Program\SERVIC~1.EXEC:\Program Files\Media Center Diagnostic Kit\Tests\Bin\ehMonitor.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\TalkTalk Online Security\Anti-Virus\fsgk32st.exeC:\Program Files\TalkTalk Online Security\Anti-Virus\FSGK32.EXEC:\Program Files\TalkTalk Online Security\backweb\81720\program\fsbwsys.exeC:\Program Files\TalkTalk Online Security\backweb\81720\Program\fspex.exeC:\Program Files\TalkTalk Online Security\Common\FSMA32.EXEC... Read more

A:Need An Analysis Please

Hi,

I already replied in your other thread. It was not needed to start a new thread for that, so I am going to close this one.

Read other 1 answers
RELEVANCY SCORE 30.4

To anyone that may know this kind of thing, I would appreciate you giving my log a look. I've followed the directions on the site using Ad-aware, Spybot, Cleanup, etc. to get rid of pop ups and spy ware. If anyone can tell me if I've got work left to do or not by looking at the following HJT log I would appreciate it. I've used the HJT analyzer as well and the results are below. Thanks in advance.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 4:00:47 PM, on 1/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\System32\xl.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINNT\system32\OhuTT.exe
C:\WINNT\system32\OhuTT.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com... Read more

A:HJT Log Analysis - Lil help, please

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

You have the Peper infection. Download PeperUninstall. Ma... Read more

Read other 8 answers
RELEVANCY SCORE 30.4

Hello, I have a new problem with my computer. I run weekly spyware removal prgrams such as AdAware and ewido, but recently none of these have been helping my comuter; it lags terribly. My internet explorer runs TOOO slow. Also, whenever i turn my computer on, it waits about 5 minutes and then actaully turns on (wtf?). Please read over my hjt Log and tell me if there is anything worth removing. Also please provide me with a porgram that can help clean spyware out of my computer. ThanksLogfile of HijackThis v1.99.1Scan saved at 11:44:22 AM, on 11/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\SM1BG.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AIM\aim.exeC:\Program Fi... Read more

A:Hjt Log Analysis Help

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan wil... Read more

Read other 7 answers
RELEVANCY SCORE 30.4

Hi,
I have had a Malware problem since the beginning of July. I originally had the Malprotector 2008 problem where it was telling me I had Malware and should purchase Malprotector 2008 (which I did not). I was able to get rid of that pop-up, but we have since been having problems with the blue screen saying that we have malware on our computer. It has happened to all three log-ins on our computer. Our PC-Cillin is always showing joke bluescreen, but no way to repair/remove it. Currently, PC-cillin is showing the infected file as C:/WINDOWS/System32/b.tmp

Following is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:32 PM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Serve... Read more

A:Need HJT log analysis, please

Read other 9 answers
RELEVANCY SCORE 30.4

Is there anything I need to do before I send a HJT log for analysis?
 

A:HJT Analysis

Read other 6 answers
RELEVANCY SCORE 30.4

Have a problem with Common Highjacker and IGetNet which keep cropping up inspite of running Ad-Aware SE and Spybot. Logs follow as requested elsewhere:Logfile of HijackThis v1.98.2Scan saved at 16:13:40, on 12/02/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\CTsvcCDA.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\System32\devldr32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\WINDOWS\System32\GSICON.EXEC:\WINDOWS\S... Read more

A:HJT log analysis please

HiDownload Ad-aware SE 1.05: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.Download and install VX2 Cleaner.Open Ad-Aware, go to Add-ons, click the Tools tab and select VX2 Cleaner. Press the Run Tool button.REBOOT your machine.Run HijackThis! again and post a new log please.

Read other 55 answers
RELEVANCY SCORE 30.4

I've run many progs to help delete this pesky bug I have. Computer is quite sluggish and there is definately something wrong. AVG virus and spyware have deleted some files, along with spybot, adaware as well. Fixwareout, haxfix, and combofix haven't seemed to help. In fact combofix just freezes on each reboot. Logfile of HijackThis v1.99.1Scan saved at 21:54, on 07-06-11Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\drivers\KodakCCS.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\Explorer.EXEC:\Program Files\Spybot - Search & Destroy\TeaTim... Read more

A:Could Use An Analysis

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. I have noticed that you do not appear to have a firewall installed. This is an essential piece of software that acts as an extra layer of security, which restricts access to your computer from the outside world. Therefore, please download one of these free firewalls:Zone AlarmKerioIf you would like some more information about firewalls and how to use them effectively, take a look here. Please download VundoFix to your Desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt and a new HijackThis log in your next reply.Thanks,Charles

Read other 4 answers
RELEVANCY SCORE 30.4

I've run all the required software (Ad Aware SE, Spybot, etc.). I can run them twenty times in a row, and the files keep coming back.Problems: Constant pop ups, and I'm unable to view or empty my recycle bin (have no idea if this is related). I'm also getting an antivirus program that shows up despite repeated attempts to remove it, and a new search bar keeps showing up on my computer.Logfile of HijackThis v1.98.2Scan saved at 4:38:53 PM, on 12/6/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Common Files\Dell\EUSW\Support.exeC:\Program Files\iT... Read more

A:HJT log - analysis please

I know everyone is just vollunteering their time on this board - but any help on the following would be GREATLY appreciated.

When I restart my computer, Spobot S&D tells me that a registry entry has been deleted. Here's the info:

System Startup global entry
Value Deleted
Narrator
wkroqa.exe

I have no idea if I should allow this change or not. If I don't allow it - RUNDLL message comes up, saying "An execute occured while running IISNAP.DLL"UMonitor".

Am I beyond help? Thanks in advance!

Read other 2 answers
RELEVANCY SCORE 30.4

Thank you for taking the time to provide this help to those of us less savvy. I have run both Spybot and AdAware as per the instructions in the tutorials.Logfile of HijackThis v1.99.1Scan saved at 4:38:55 PM, on 10/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\WINDOWS\System32\hpb2ksrv.exeC:\WINDOWS\System32\hpbhksrv.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:&#... Read more

A:Hjt Log Analysis Please

Welcome to the BLEEPING COMPUTER forum.Please download LQfix.exe from one of the following locations:http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe

Save it to your desktop.Double-Click LQfix.exe and click Next > Next > Install.Leave the default settings, if you change them, the fix will Fail!You need an active Internet Connection, so make sure your you're not blocking any connection now.Now make sure the "Launch LQfix" box is checked.Click the Finish button, after clicking the Finish button the fix will start.Follow the on-screen prompts.Your system will reboot afterwards.Please be patient after the reboot, there is a script running in the background that needs to complete.Download, CWSInstall.exeClick Fix, don't just scan. Let it fix everything it asks about.Then do a scan with HiJackThis and post a new log by using Add Reply

Read other 13 answers
RELEVANCY SCORE 30.4

Hello,
Im having loads of problems with my laptop.. i can only log in safe mode, not even safe mode with network works... If i start windows without safe mode.. just prompt me a winlogon.exe error and the the famous blue screen

Can u please tell me if its anything wrong with this log

Logfile of HijackThis v1.99.1
Scan saved at 9:46:36, on 19-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no nam... Read more

Read other answers
RELEVANCY SCORE 30.4

Hi, my computer's been acting sluggish lately, i was wondering if someone can analyze my HJT log and see if there are any problems. Thanks!Logfile of HijackThis v1.99.1Scan saved at 5:21:21 PM, on 5/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\ssisvr32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC: ... Read more

A:Analysis

Hello Tupaclypse and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.The HijackThis forum deals exclusively with virus and malware issues. HijackThis cannot analyze performance, hardware or application issues. For non-malware related performance issues I would suggest posting to the Windows XP Home and Professional forumThe techs in that forum specialize in matters pertaining to operating system issues. When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.When posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.Cheers.OT

Read other 1 answers
RELEVANCY SCORE 30.4

Logfile of HijackThis v1.99.1
Scan saved at 9:20:22 AM, on 4/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svc... Read more

A:Any Analysis On This?

Hello hxm and welcome to the BC HijackThis forum. Yes, something is going on in there. Let's start out with the following.Download SDFix and save it to your desktop.Now reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.In Safe Mode, right click the SDFix.zip folder and choose Extract All.Open the extracted folder and double click RunThis.bat to start the script.Type Y to begin the script.It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.Press any Key and it will restart the PC.Your system will take longer that normal to restart as the fixtool will be running and removing files.When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum in your next post.Let's also see what else might be present.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Download WinPFind3u.exe to your Desktop and double-click on it to extrac... Read more

Read other 22 answers
RELEVANCY SCORE 30.4

Ok, my problem is with "TROJ ROOTKIT.E" which affects (or comes through) rdriv.sys.I don't know much about this stuff, but I can't delete rdriv.sys, and TrendMicro & many many freeware programs have all been unsuccessful in terminating this problem. I'm losing my patience, and after looking around I found out about Hijackthis, and thought I'd look for some help here.Here's my log.Logfile of HijackThis v1.99.1Scan saved at 12:50:49 AM, on 26/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\C... Read more

A:Need An Analysis :/

Hello and welcome aboard! Please print these instructions out, or save them to a notepad file, as you can't read them during the fix.Please download SDFix and save it to your desktop.Double-click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.5) Choose your usual account.Open the extracted SDFix folder and double-click RunThis.bat to start the script.Type Y to begin the cleanup process.It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.Press any key and it will restart the PC.When the PC reboots the tool will run again and complete the removal process -- when it displays Finished, press any key to end the script and load your desktop icons.Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).Please post back with the results along with a fresh HijackThis log.

Read other 2 answers
RELEVANCY SCORE 30.4

hi guys, would really appreciate it if you could help me out.. HSA is the first problem but i know there are prolly others that i dont know... got it prolly when someone here looked for the Paris Hilton video... *sighs* thanks for anythingPlatform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\msdtc.exeC:\WINNT\System32\drivers\CDAC11BA.EXEC:\PROGRA~1\SAV\DefWatch.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\cba\pds.exeC:\WINNT\System32\llssrv.exeC:\PROGRA~1\SAV\Rtvscan.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\nttm.exeC:\WINNT\system32\Dfssvc.exeC:\WINNT\System32\inetsrv\inetinfo.exeC:\WINNT\system32\ams_ii\hndlrsvc.exeC:\WINNT\system32\MsgSys.EXEC:\WINNT\system32\ams_ii\iao.exeC:\WINNT\system32\cba\xfr.exeC:\WINNT\System32\svchos... Read more

A:HJT Log Analysis please..

Please post the complete log. It looks like a few lines in the beginning was chopped off

Read other 3 answers
RELEVANCY SCORE 30.4

Here it isLogfile of HijackThis v1.98.2Scan saved at 8:43:46 AM, on 12/15/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\... Read more

A:HJT Analysis Please

Hi You have Messenger Plus installed. This program is known to install malware. I would advise that you remove this program from your computer.You can uninstall Messenger Plus from Add/Remove Programs.Run HijackThis!, press Scan, and put a check mark next to all these:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Close all other windows and browsers, and press the Fix Checked button.REBOOT and post a new log please.

Read other 5 answers
RELEVANCY SCORE 30.4

Hi, Ever since I installed Ad-watch I've noticed that it constantly pops up with registry changes. The part I don't understand is that I can't seem to click Block to block the change. When I click it it just does nothing. So I have to click allow and it will go away. The main registry change I see is the one below. But there's been a few other ones too. I don't really know why my start page would change but it should be set to Google. Now I have run a few spyware programs (Spysweeper, Spyware Doctor, Pest Patrol, Ewido, Spybot S&D, a-squared, F-secure online, Microsoft safety live online) and none of them found anything. So I just want to know if my computer is really virus and spyware free. Thanks for the help in advanceLogfile of HijackThis v1.99.1Scan saved at 8:38:09 PM, on 12/8/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC: ... Read more

A:I Need Help With Log Analysis

Hello jfirestorm44,Welcome to BC. Hmm....Adwatch, Spysweeper, Spyware Doctor, Pest Patrol, Ewido (which is now AVG Anti Spyware).......... This looks like a case of "too many cooks........" They are all good programs but not advisable to have them running all at the same time. I would suggest you decide on one real time scanner, and remove the others.

Read other 9 answers
RELEVANCY SCORE 30.4

Hi, my Microsoft Updates recently stopped working, so I was wondering if anyone could check my HJT log and see if there's anything wrong with my laptop? Thanks.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:08:00 AM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Slick Run\sr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisof... Read more

Read other answers