Over 1 million tech questions and answers.

First Time Poster Needing Analysis on HJT Log

Q: First Time Poster Needing Analysis on HJT Log

Hi -

My 4 year old Dell Inspiron E1505 with Windows Vista OS has been running slow when I boot up (5 to 6 minutes before start up is complete). Once the start up is complete, connecting to the Wi-Fi in the house, takes a while to connect (another 5-6 minutes).

After the computer is booted up, I can close the laptop, and when I open it back up, it gets going without any hesitation. I have run the spyware (Ad-ware) and anti-virus (AVG) and receive a clean bill of health. When I ran HJT, I noticed some items that were considered suspect when researched. I cannot be for sure though, and it would be great if someone can identify what needs/can be moved to possibly help clean up the laptop.

Any help would be great. Thanks.
Logfile of HijackThis v1.99.1
Scan saved at 9:27:21 PM, on 5/9/2011
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\sttray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Users\user\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Users\user\Desktop\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Read other answers
RELEVANCY SCORE 200
Preferred Solution: First Time Poster Needing Analysis on HJT Log

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 64.8

Hi, this is my first post here and I could really use some help.

at some point in time while trying to de-spyware my laptop, it stopped running and reboot itself. When it got to the logon window it gave me no option to login, just a blue screen with the windows xp logo:


any ideas how to get around this? thanks!
-Jason

A:long time viewer, first time poster. XP startup problem...

Hello Jason and Welcome to TSF

Sorry to hear about your situation. What program were you using to clean out the spyware?

Can you boot into Safe Mode ? (By repeatedly tapping the F8 key until the menu appears)

Read other 4 answers
RELEVANCY SCORE 63.6

Well, after much much fighting with my computer - lately it has gotten slow, and very sluggish - it stops, freezes..etc. I have adware SE and spybot S &d...I've ran both - than ran the hijackthis...and this is my log! What's not suppose to be there????* Another note, I keep having this "ad" pop ups come up, for the life of me, I cannot figure out how to get rid of them - iv'e tried all i can think of, various popup stoppers, nothing keeps them from getting thru - i've scaned, it's not picking it up as a spyware or anything...it just driving me insane!!Logfile of HijackThis v1.98.2Scan saved at 1:29:02 PM, on 11/9/04Platform: Windows 98 Gold (Win9x 4.10.1998)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXEC:\WINDOWS\RUNDLL32.EXEC:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\ESSOLO.EXEC:\IBMTOOLS\APTEZBTN\APTEZBP.EXEC:\CSAFE\AUTOCHK.EXEC:\WINDOWS\LOADQM.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXEC:\WINDOWS ... Read more

A:Needing analysis!

I do not see anything wrong with this log at all. Some times legitimate sites give popups. Are you receiving them from legit sites?

Read other 2 answers
RELEVANCY SCORE 63.2

Think I may have been hijacked.....Please review and give me your opinion.

Logfile of HijackThis v1.97.7
Scan saved at 2:09:28 PM, on 1/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\TWAIN_32\D66U\D066UUTY.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Visioneer\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\WinXPLoad.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Steganos Internet Anonym Pro 6\sia.exe
C:\Program Files\Steganos Internet Anonym Pro 6\sseagent.exe
C:\Documents and Settings\xx\My Documents\Download Programs\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Pa... Read more

A:1st time poster, long time lurker!

Hi ronobie

Welcome to TSG!

The log is pretty clean actually.

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} - http://delivery.inet-traffic.com/intdel.exe

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

Restart.
 

Read other 3 answers
RELEVANCY SCORE 63.2

I just joined because I wanted to ask a question or so. I completed A+ training early last year. Before that, I had experience with PC's going back to Windows 3.1, so installing OS or even building PC's is not an issue but as always you don't know all the answers.

I previously searched this site for information about swapping the motherboard, cpu (in this case APU) and memory, yet retaining the OS as installed on older hardware.

Initially this went off without a hitch (or so it seemed). On the old hardware, I swapped out the HDD for a SSD, did a BMR or Bare Metal Install (no previous OS) onto it using Windows Home Server 2011.

Worked great, no problems at all.

Undaunted, I picked out a time and place to replace the motherboard, apu and memory I had sitting here. Since its my HTPC, you can understand picking a spot to do hardware or even software upgrades since all the recording happens locally (on the client machine in question).

Then the problems started -

IPv6 was preventing the NIC (Realtek) from working, so I disabled it. Not a big deal if you're not using WHS 2011, but I am so to the HTPC, the server is not online nor is HomeGroups working...

Sort of minor, I know how to fix that.

The next problem and the more problematic was PlayReady. I read here that if you install anything but a new motherboard PlayReady works, but replace the motherboard and it knocks it out, something to do with the MAC address being different on the NIC or Motherbo... Read more

A:First Time Poster, Long Time Reader...

So no reply????

Read other 9 answers
RELEVANCY SCORE 63.2

I'm having a wee bit of trouble with some share (ad, mal, evil) ware, I'd like you to take a look at my HijackThis log and point out some un-necessary evil bounding and causing my popups on my computer. Another main problem to be pointed out is that..MBKWbar. If I go to Control Panel, add/remove programs, it's registered under there. When I click "Change/remove program" It just blinks, and then it's the same thing there still, doesn't go away.

Here's the log:


Logfile of HijackThis v1.99.1
Scan saved at 12:30:14 PM, on 3/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmP... Read more

A:First time poster, long time reader.

Welcome to TSF.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted. I see you are also running CWShredder in the temp folder. Take it out or install it somewhere else.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system rest... Read more

Read other 6 answers
RELEVANCY SCORE 62.8

Here is it is for your viewing pleasure (and exper analysis)... I've already taken a couple out to deal with the req.dat and it's .dll file... is there anything else that needs fixin?Logfile of HijackThis v1.99.1Scan saved at 5:55:54 PM, on 5/8/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\eMachines Bay Reader\shwiconem.exeC:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\BigFix\BigFix.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Nort... Read more

A:My HJT file needing analysis...

bump

Read other 3 answers
RELEVANCY SCORE 62.4

Recently ran HijackThis due to my innocently installing Kazoom.........

Abnormal amount of popups and strange folders on my hard drive.....
Heres the log:
Logfile of HijackThis v1.94.0
Scan saved at 8:42:37 PM, on 5/26/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.shopnav.com/search/9886/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {176A4117-A557-4703-8597-75349058C739} - C:\WINDOWS\System32\locajlui.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B0848... Read more

A:HijackThis! Results needing analysis PLease

Close Internet Explorer, scan with HijackThis, put a checkmark at and "Fix" all the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.shopnav.com/search/9886/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant=http://www.shopnav.com/search/9886/search.html
O2 - BHO: (no name) - {136A9D1D-1F4B-43D4-8359-6F2382449255} - C:\Program Files\SuperBar\SuperBar.Dll
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O2 - BHO: (no name) - {176A4117-A557-4703-8597-75349058C739} - C:\WINDOWS\System32\locajlui.dll
O3 - Toolbar: SuperBar - {D33AAF20-50C1-4A4C-9B83-B3B1946AA821} - C:\Program Files\SuperBar\SuperBar.Dll
O4 - HKLM\..\Run: [SysEnum] C:\DOCUME~1\SPENCE~1\LOCALS~1\Temp\~ZY6F.tmp
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra button: Ebates (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/230e24069e26c2...ip/Rdx... Read more

Read other 1 answers
RELEVANCY SCORE 61.2

Logfile of HijackThis v1.99.1Scan saved at 7:01:30 AM, on 5/23/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\carpserv.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\HPQ\One-Touch\OneTouch.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\NORTON~1\navapw32.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exeC:\Program Files\HP�... Read more

A:First time poster.

Hello clad66 and welcome to the BC forums. After reviewing your log I see no signs of viruses of malware at this time. The log is clean.

What you can do is just delete the files found in the scan(s) and you'll be fine.

Cheers.

OT

Read other 3 answers
RELEVANCY SCORE 61.2

Hi:This is my first post here but I wass told if there is an answer, the fine people here would know of it. I was running a standard weekly security scheck on my tosiba laptop with XP. I had experienced some software installation issues earlier and wanted to make sure it was right.The sofeware is a trusted program but this week I got three new possible infections on my results page from IObit 360. They are:IObit Security 360OS:Windows XPVersion:1.4.0.11Define Version:1314Time Elapsed:00:18:44Objects Scanned:59730Threats Found:3|Name|Type|Description|ID|Adware.IeDefender.NEE, File, C:\Program Files\Print Workshop 2007\Despeckle.dll, 11-5384Win32.ChinDoor.11, File, C:\Program Files\Print Workshop 2007\Image2PDFOCX.dll, 11-3108Spy.Matles.A, File, C:\Program Files\ArcSoft\Software Suite\Funhouse\wdmcapture.dll, 11-3163I do use the print workshop many times with no issues but dont remember using an arcdoft program, though it is possible.Here is my hijack this report:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:30:08 AM, on 1/25/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svch... Read more

A:First time poster

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

Lately I have been having some trouble with viruses and I believe rootkits. I haven't ever had any problems before but, lately I've been getting redirected when I click on a google search result to different site than I wanted. It was only slightly annoying since it didn't happen all the time, but I tried to remove it. I had been using AVG free, and malwarebytes. AVG didn't find anything, and neither did malwarebytes. From there I went with something I felt was heavier. I invested in Kaspersky. I can't even get through a full scan to remove the rootkits and trojans it says it finds. At the end part of the scan, about 99%, it starts to error out with C:\\Windows\system32\ole32.dll is either not designed to run on Windows of it contains and error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." Then when I try and click off of it I get "Windows - Bad Image Exception Processing Message 0xc000007b Parameters 0x000007FEFD69715C 0x000007FEFD69715C 0x000007FEFD69715C 0x000007FEFD69715C". The screen eventually just goes black. Is there anything I can do?

A:First time poster! Need some help please

Hello, to get to the bottom of this can you repost that info with a DDS log from here in a new topic?We should get a deeper look. Please follow this Preparation Guide and post in a new topic. Let me know if all went well.

Read other 1 answers
RELEVANCY SCORE 61.2

EDIT Moved to proper forum,Virus,Trojan and Malware Removal Logs~~boopmeHi,First off, I am new here. I was directed by a friend who told me that it was a great place to get help with computer-related problems.So I'll just jump right into it.Up until about a week ago my computer was pretty much fine. All of a sudden I got two messages from my action center. My firewall was turned off, and my anti-virus was turned off. Also my windows explorer kept crashing on me any time I tried to right click on anything. I resolved that issue. On top of that my computer seems to be running a big sluggish at times, and most of the programs that I try and start up simply don't. I have to run as an admin to get them to start up, otherwise if they do start up at all, they immediately crash and tell me they have to close.Since then I have downloaded Comodo Firewall, Panda Anti-virus, and PC Tools Threatfire for maleware etc. I scan them daily and first time I uncovered a couple of Trojans, but there may still be some issues and I was wondering if anyone could help me with it. I'm running Windows 7 Professional.I'm also getting a couple of errors upon startup that says something like Microsoft Visual C++ runtime error for my Phillips AMBX applications/hardware and it has never done that before.Thank you to anyone who can help me with this problem. Any help/information/tips are very much appreciated.I ran HIJACKTHIS and it spit this out on a notepad, so I'll paste it he... Read more

A:First time poster in need of some help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

ok guys i just made a log from HIjackthis here it is what shoud i do now???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:11 AM, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray .exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32... Read more

Read other answers
RELEVANCY SCORE 61.2

Posting Again Im Infected Wit Trojans Please Tel Me The 1st Thing 2 Do
 

Read other answers
RELEVANCY SCORE 61.2

Hi, I'm Monkboon and I have been a browser of this site for quite a while. My problem with my computer is that it has it's own brain. It starts and shuts off by itself. I couldn't even log on in safe mode. When I ran a HJT scan, it came up wit a Isearchtech.powerscan issue amongst other things. I searched for said issue on google and your site was the first response. So, with that said, here is my log. Thank you for all assistance. Btw, I run Spybot, HJT, AVG and CCleaner on my computer for protection purposes. Again, thank you, Bernard.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:57 PM, on 1/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Pr... Read more

Read other answers
RELEVANCY SCORE 61.2

I read the 5 rules. The Panda program would not work no matter how hard I tried, but everything else went okay.

I don't have internet access at home, but while at a friend's something went screwy on my computer one night out of nowhere and it said my firewall was disabled, and then a whole bunch of crazy stuff started happening. I downloaded around 15 various anti-virus programs. Everything from AVG to Spybot to Spyguard to spy blaster and even norton antivirus. I've been having a huge problem with Vundo, I thought I got rid of it, but aparantly it's back. :( I have fixvundo and vundofix, along with virtumondobegone.

Here's my DSS log.


Deckard's System Scanner v20071014.68
Run by new owner on 2007-11-03 02:26:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2007-11-03 06:26:26 UTC - RP723 - Deckard's System Scanner Restore Point
5: 2007-11-03 06:06:21 UTC - RP722 - Removed Google Toolbar for Internet Explorer
4: 2007-11-03 05:42:53 UTC - RP721 - Removed Norton AntiVirus Corporate Edition
3: 2007-11-03 05:22:18 UTC - RP720 - Configured Thrillville(TM): '07
2: 2007-11-02 03:41:47 UTC - RP719 - System Checkpoint


-- First Restore Point --
1: 2007-10-31 06:50:17 UTC - RP718 - System Checkpoint


Backed up ... Read more

A:First time poster.

Hello and welcome to TSF.

If you're not already receiving help elsewhere please follow the instructions below:

1. Download this file

* IMPORTANT !!! Place combofix.exe on your Desktop



2. Go to > Run > paste in the following single line command in bold and click OK"%userprofile%\desktop\combofix.exe" /killall3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 1 answers
RELEVANCY SCORE 61.2

Hi all. I am having some difficulty getting rid of a Win 32 Trojan. The virus is only picked up by ad-aware. I also use Avast. Did boot time scan, and scanned in safe mode, as well as Trend micro. I have alog of Hijack this. If you guys could take a look it would be great. Thanks, nice to talk to you.

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} ... Read more

A:First Time Poster - Need some help

Hi and welcome to TSF.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please follow these instructions if you still need assistance.

Download Deckard's System Scanner (DSS) to your Desktop . Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - minimised > extra.txt and maximised > main.txt.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

Thank you for your patience.

Read other 1 answers
RELEVANCY SCORE 60.8

HI all,
 
Hope you can help, this has been going on for several weeks/months now??
 
· OS - Windows 8.1, 8, 7, Vista ?    Windows 10· x86 (32-bit) or x64 ?                   64 bit· What was original installed OS on system?      8.1· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? OEM· Age of system (hardware) About 2/3 years I think. One of the HDD is older· Age of OS installation - have you re-installed the OS?    Not certain - upgraded to W10 this year· CPU            AMD Fx™ -8320· Video Card    2 x NVidea GeForce GT730· MotherBoard - (if NOT a laptop)        M5A97 R 2.0· Power Supply - brand & wattage (skip if laptop) I have installed a new power supply in the last week in case the old one was failing (it has not changed anything :-(). The new one is Corsair RM550x. The old one was Corsair CX 750· System Manufacturer    Honestly cannot remember but it was probably custom made by PC Specialist and I have added things like SSD etc and changed/added video cards etc over the time I have had it.· Exact model number (if laptop, check label on bottom)  ... Read more

A:BSOD - 1st time poster

Your UEFI/BIOS (version 2201) dates from 2013.  Please check at the manufacturer's website to see if there are any UEFI/BIOS updates available for your system.  If you are able to install the update through Windows (without booting from an external drive), then go ahead and update it.  WARNING - if the computer might shut down during this procedure, please don't do it, as this may physically damage the computer and prevent it from booting.FYI - W8 and W10 communicate more with the UEFI/BIOS than previous versions of Windows, so it's important to ensure that the UEFI/BIOS is kept up to date (and that outdated UEFI/BIOS' may be the cause of some compatibility issues).Although you appear to have a reasonable number of Windows Update hotfixes for this version of your OS, please double check for any new Windows Updates.  It only takes one update to cause a problem, so it's essential that you have all of them.  The actual number is not important.  Rather it's important that you checked manually, installed any available updates, and didn't experience any errors when checking or updating.Out of 16 memory dumps there were 6 different BSOD  (aka STOP or BugCheck) error codes.  The differing error codes are usually symptomatic of a lower level problem within the system. They are usually caused by one of these things (the list is not in any sort of order):- borked (broken) hardware (several different procedures used to isolate the problem device)- ... Read more

Read other 7 answers
RELEVANCY SCORE 60.8

Hi Everyone,

I am a first time poster and not sure how to do this. Here is my HiJackThis log file. I am having issues such as prompts to save files, open files, popups, multiple rundll32.exe files running (approx. 10 or so) and stuff like that. My PC is SO SLOW right now and need help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:33:16 PM, on 11/1/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Darren Hamway\AppData\Roaming\905B4\3A57C.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Darren Hamway\AppData\Roaming\Microsoft\7C69\66C.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\B41B6\lvvm.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64&#... Read more

A:HiJackThis Log - First Time Poster

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425921 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 60.8

I dont have any major issues as of this moment. I keep my computer pretty clean with Anti-Vir and A-squared free. I use to use Zone Alarm fire wall but have recently moved on to Comodo Firewall. I'm still learning the controls on Comodo but it seems alot more feature rich.current minor issues: Occasional PC freezes (may be due to aging ram from 2001), World of Warcraft lag spikes (may be due to server/isp traffic load), explorer browser slow down with no increase in cpu usage.I would like to knockout or minimize some of the svchost.exe, I went through and cleaned up my services to help but I dont think I caught all my un-need items/processIf anyone could point out if i missed anything that I should be concerned with I would be grateful. Even a peace of mind of a clean bill of health would be awesome as well.Thanks in advance,Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:27:15 PM, on 7/13/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program File... Read more

A:1st Time Poster/ Hjt User

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 2 answers
RELEVANCY SCORE 60.8

HI all,
 
Hope you can help, this has been going on for several weeks/months now??
 
· OS - Windows 8.1, 8, 7, Vista ?    Windows 10· x86 (32-bit) or x64 ?                   64 bit· What was original installed OS on system?      8.1· Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? OEM· Age of system (hardware) About 2/3 years I think. One of the HDD is older· Age of OS installation - have you re-installed the OS?    Not certain - upgraded to W10 this year· CPU            AMD Fx™ -8320· Video Card    2 x NVidea GeForce GT730· MotherBoard - (if NOT a laptop)        M5A97 R 2.0· Power Supply - brand & wattage (skip if laptop) I have installed a new power supply in the last week in case the old one was failing (it has not changed anything :-(). The new one is Corsair RM550x. The old one was Corsair CX 750· System Manufacturer    Honestly cannot remember but it was probably custom made by PC Specialist and I have added things like SSD etc and changed/added video cards etc over the time I have had it.· Exact model number (if laptop, check label on bottom)  ... Read more

Read other answers
RELEVANCY SCORE 60.8

Hi there, my McAfee virus scan has detected the Trojan New Malware.z in
C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys on my pc. It's been detected a couple of times and quarantined but never completely removed. Can anyone please advise how to remove it permanently and what harm it's done already.

Cheers in advance

A:New Malware.z (first time poster)

Anyone able to help with this please?

I'm in the UK so if you're posting from the US in the evening it will probably be the following day before I respond.

Cheers

Read other 12 answers
RELEVANCY SCORE 60.8

- Hello, as the title says, I'm new to this HJT stuff.
- I'm semi-knowledgeable about computers, I know more then how to turn it on and off, but I'm not a computer whiz by no means.
- I read the sticky on top, so here is my situation. I play WoW, and my account got hacked. That was the only thing that lead me to believe my computer has bad things in it. After much research, I found I probably have a Keylogger. So, after much more research, I was instructed to do a lot of cleaning, then do a HJT and post it here, then wait for further guidance because you know what it means, lol.
- I cleaned my system with "ATF Cleaner" "Malwarebyte's Anti-Malware" "Spy-bot search & destroy" and "Ad-Aware" per instruction I received to clean my computer of Keyloggers and other bad things.
- Plus, I use "Symantic End Point" as my Virus protection software, and I use "Windows Defender" a lot too.
- Please keep in mind that my knowledge of the internal workings of computers and software is limited at best, so feel free to break it down Barney style.

- Thank you VERY MUCH in advance for all your help in this matter.
- here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:18 PM, on 9/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\P... Read more

A:HJT Log (first time HJT user and poster)

Just curious if anybody has had a chance to look at this.

Once again, thank you in advance for your help.
 

Read other 1 answers
RELEVANCY SCORE 60.8

Hello everyone,

I have the misfortune of Microsoft Security Essentials alert infecting my desktop. I am on my laptop now as the desktop cannot access IE. I have downloaded RKill to a thumb drive to try and run it on the desktop computer with the problem, but when I go to my computer the thumb drive doesn't appear. How do I get RKill onto the infected desktop?

Hoping the Wizards here can help. I have already spent $$ with Norton to clean prior viruses recently but they keep slipping through my firewall and AT&T's firewall. I have the malware tool already on the infected computer so I am hoping RKill will allow me to run it after RKill does it's magic.

llhunte
Linda

Read other answers
RELEVANCY SCORE 60.8

Don't have a clue what happened, but me thinks I've gotten a Trojan on my machine...IE6.0 runs like a dog or I receive an error message saying it must close. Cannot get into various web sites, Google, Yahoo yet some are fine. When attempting to enter Yahoo, there is an adopt.euroclick entry at beginning of web address...don't know what that is....my google task bar is messed up and many pages have a different font....aaghhh!!

Can anybody help? Thanks....

Below is my latest HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 22:48:45, on 22/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS... Read more

A:(Security) Help for a first time poster!

Read other 16 answers
RELEVANCY SCORE 60.8

This is my first time posting on this site. My laptop recently started running drastically slower than usual. I have used spybot and adaware and AVG and removed all selected threats. I am trying to make sure everything is gone and I also wanted to see how to use this site properly so i can learn to use it without the assistance of a paid technician. I suspect that the slowdown is a hardware problem, but contrary to the advice on the join page, I would like to try eliminate any possible software issues before opening my computer. Any assistance that you can provide would be greatly appreciated.

Here is the log file. Thank you very much for this service.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Victor at 13:32:04.73 on Thu 09/17/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files�... Read more

A:First time poster: HJT log file

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 60.4

Hello. I have recently "somewhat" recovered from a severe Malware/virus attack on my pc the a week from this last friday ago. I have followed all the essential steps posted in the hijackthis "before posting" forum. Included below are the HijackThis and ActiveScan Logs.

The virus started out as "MS AV" and then last night it tried to come back as "VirusScan 2008" or something similar. Everything seems to be working fine except for the fact that it seems like I have an necessarily large amount of processes running; the names of some don't seem to be legitimate Microsoft programs. In all honesty I can't really say much about what's going on here other than the fact that I know I have an infection and I think I got it from downloading what I thought was a free anti-virus program similar to "Ad-Aware." I wish I wrote down what I did but I couldn't as my start up menu had dissipated, my desktop icons as well, and I quickly shut off the system to prevent further damage. (It wouldn't even let me into task manager or control panel at one point) Luckily I was able to get back most control in administrator safe-mode through running programs such as Malwarebytes' Anti-Malware, Spybot - Search & Destroy, Ad-Aware, and AVG Anti-Virus Free 8.0 - needless to say I still have icky things going on. That's about the most I can say about this colony of **** that has nestled into my system... Another thing I want to add is I am only home on... Read more

A:ActiveScan and HijackThis logs needing analysis, please. Have severe infection. Help!

bump, please. (it has been 72 hours)

Read other 1 answers
RELEVANCY SCORE 60

I've been infected with the trojan "TR/dldr.small.agq.4" and can't seem to get rid of it using AVG, AdAware or SpyBot.

I'm also having severe IE issues at the moment with nearly every page I try to open saying "Page cannot be displayed", and after restarting, shutting down and several other things nothing helps.

This is my HijackThis! log, but it's all I have because the links provided in the 5 steps are all part of the "page cannot be displayed" problem.

Logfile of HijackThis v1.99.1
Scan saved at 8:28:21 PM, on 3/7/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\kernels32.exe
C:\WINNT\System32\adirka.exe
C:\WINNT\System32\dlh9jkd1q2.exe
C:\WINNT\System32\vexg4am1et2.exe
C:\WINNT\System32\vexga4m1et4.exe
C:\WINNT\System32\ma.exe.exe
C:\WINNT\System32\pp.exe.exe
C:\Program Files\Common Files\{A815E3F9-0353-1033-0708-030205220001}\Update.exe
C:\DOCUME~1\CODYRI~1\LOCALS~1\Temp\16.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cody Richardson\My Documents\HijackThis!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize... Read more

A:Trojan Issue (First Time Poster)

P.S., I forgot to mention that my infection is not allowing me to update my operating system. In another odd event, when I start up, at the login screen is a gray box that says "homebanking.pacu.com", with an OK button and an X in the corner. Clicking X does nothing, clicking OK removes the box. This virus is really messing up my computer

Read other 7 answers
RELEVANCY SCORE 60

Hi guys,  I just joined, mainly because, well, I downloaded something and now have CloudScout. I tried to uninstall it, it appears to be gone, but I still have it.  I've noticed others have had this problem, do I'm hoping someone can help me.  It would be much appreciated.  Thank You.

A:First time poster - I've got the CloudScout real bad.

I'll be AFK for a few minutes, but will keep checking this thread throughout the day(s).

Read other 2 answers
RELEVANCY SCORE 60

Hello all,
Glad to find this form!!
I am running a Toshiba latop with XP pro and after running prefetch, selecting all files, deleting, shutting down ( done this a 100 times). the next session when booting up windows starts to load prompts me to log on then shows an error message that is in a box saying " Explorer. exe, un able to locate component OULEAUT32.dll"

The computer can still be shut down and if i restart pressing F8 and chose any of the options, including safe mode, it shows the same error message. I have downloaded the OULEAUT file onto a floppy and if i chose the floppy as my boot drive, it shows an error message saying " Non system disk error".

I know i am close to fxing this but dont know much about this stuff. Any help would be apprectiated.

Thanks in advance, Darrin

A:OLEAUT32.dll problems 1st time poster

Hi Darrin, welcome to TSF...

does ctrl-alt-del work when you are logged on? Does it bring up the Task Manager?

Read other 9 answers
RELEVANCY SCORE 60

"a problem with your hard drive has been detected"
"press {enter} to continue
when i do that it says: "press {F4}
when i do that nothing happens.

rebooting no help. any suggestions?
 

A:first time poster with dead computer

Read other 10 answers
RELEVANCY SCORE 60

Ive been through all the steps and still no luck, can you please help me? Here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 4:10:05 PM, on 11/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\i386\WINNT\ADMT\PWDMIG\COMPDATA\DRW\1033\LANG\SYSTEM32\system32.exe
C:\i386\WINNT\ADMT\PWDMIG\COMPDATA\DRW\1033\LANG\SYSTEM32\system32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary... Read more

A:First time poster! I can't seem to access some sites!

Nevermind about accessing sites, i reset my modem and router and all is good. Could you please tell me if anything is wrong in my log though.

Read other 2 answers
RELEVANCY SCORE 59.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:22, on 2008-09-21Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Pete\Desktop\SECURITY\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default... Read more

A:Hijack This Log Needing Analysis, Please. (after A Big Fight With The Ms Antivirus / Ms_av / Micro Av / Etc. Virus)

bumping message.

Read other 2 answers
RELEVANCY SCORE 59.2

I'm a first time poster so please bear with me.

My computer is running very slow and freezing at random times, most consistently after startup. I have run Avast Antivirus scan and Spybot S&D and nothing was detected.

HJT logfile pasted below. Thanks in advance for any help you can give.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:46 PM, on 7/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\P... Read more

A:Computer freezing after restart - first time poster

Hi and welcome to TSF

If you asking for us to check your log for malware, we can't do that in this
forum.

Please follow our pre-posting process outlined here:
http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


BG

Read other 4 answers
RELEVANCY SCORE 59.2

Hello --I just recently ran across this forum, registered and would like to post several problems in hopes of a solution. Recently, after using some P2P programs, I begin experiencing issues with pop-up's when using both IE and Firefox. Upon additional discovery, I learned that the name of the pop-up's was referred to as DCADS. I've since ran MalWare and Ad-Ware; and while a majority of the pop-up's have ceased, I'm still receiving them, only now I'm not seeing any mention of DCADS. I also noticed tonight that my bottom task bar, as well as my desktop icons suddenly disappeared. I ran a HJ report tonight and would like any and all help possible to gain resolution to the issues that I'm experiencing with the speed of my PC and pop-ups. My PC is fairly new, Dell XPS, Desktop.Thanks so very much for all the help and support you can provide. JasonLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:32:21 AM, on 2/17/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32... Read more

A:1st Time Poster - PC Running Slow, Pop-Up Ads, DCAD

Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked ... Read more

Read other 10 answers
RELEVANCY SCORE 58.8

Gentlemen and Ladies,

I apologize in advance for any complete n00bness, this is my first time posting on a tech forum. And thank you in advance for anyone helping.

I have a pc that I have rebuilt myself a piece at a time of the last 2 years, was bought as a custom system 4 years ago. I recently (last month or so) have been receiving a BSOD only when attempting to play Archeage. The game was in beta but will be released in the next day or so. I get the BSOD in different places/stages of the games, sometimes in loading, sometime in the title sequence, and a few time I make it into gameplay but the screen locks and the system reboots.

I have tried to gather as much information as possible. Briefly, I ran Prime95 (blend test) for 6 hours, no errors, memtest64, no errors (only ran once though). My system is pretty cool (temperature-wise) and clean.

Any help would be greatly appreciated.

thanks

~Reckligence

A:BSOD playing Archeage, BCCode:124 (First time poster)

Reckligence, it is going to be a little difficult as there are no Dump files. Dump files are what we work from. Do you suppose it could be the game crashing and not your hardware? I have had problems with Beta games a couple of times. Also, please check and make sure your system is set to create Small memory Dumps. Dump Files - Configure Windows to Create on BSOD

Read other 7 answers
RELEVANCY SCORE 58.8

My g/f's outlook express is suddenly showing (+) next to many of her e-mails. When I select the (+), the e-mail expands to show even more e-mails. These pluses are on the right side (new and not wanted) and left sides (have been there inserted by her and wanted) of her mail. Any suggestions how to get rid of these expanded views of her e-mail?

Read more: http://www.justanswer.com/tags/computer/Microsoft?r=ppc|ga|1|Computer|Microsoft&JPKW=microsoft%20support&JPDC=C&JPST=www.5starsupport.com&JPAD=3468639783&JPAF=txt&JPCD=20100322&JPRC=1&JPOP=Omar_DL-CallToAction_NoCallToAction&gclid=CMe9n9nb16ACFYuV7QodKQ4fDQ#ixzz0jKmXdTzx
 

A:Solved: Hi First time poster! Having a problem with MS Outlook Express

Read other 6 answers
RELEVANCY SCORE 54

Having many install problems with bluetooth. I dont know what to ask I can post my log. Maybe someone can help. My log may indicate a mess. I have had a virus or 3000 in week. Help help.Here is my logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 20:15:03, on 19-Jun-09Platform: Windows Vista SP1, v.275 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.16659)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\mobsync.exeC:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exeC:\Windows\system32\3361\services.exeC:\Users\MyUserName\Documents\Downloads\IVT_BlueSoleil_6.4.245.0\IVT_BlueSoleil_6.4.245.0\IVT_BlueSoleil_6.4.245.0\x86\setup.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\MSIEXEC.EXEC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\msfeedssync.exeF3 - REG:win.ini: load=C:\Windows\system32\msizoma.exeF3 - REG:win.ini: run=C:\Windows\system32\mslqj.exe... Read more

A:Hi this is my first time needing help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

Is there a way to play computer games without the need to put the cd in the drive each time?Seems strange that i have to install the game on hardrive and still use the disc.
Mike
 

A:Playing games without needing to put the cd in each time?

Sorry, the answer would involve a crack which cannot be allowed in these forums.

closing thread
 

Read other 1 answers
RELEVANCY SCORE 52

Newbie here so I apologize if I am not doing something correctly or have posted this under the wrong category; fortunately though, my question is rather simple. I am only hoping that the answer is just as simplistic.
I am going through a court battle right now and over the past year I have saved numerous files to my hard drive which I am now going back through in trying to put the proper dates that they were made (most of them are audio files; but there are definitely files from every category) and for the most part, I am able to get all of the information that I needed just by right clicking on the file, scrolling down to "Properties" and then selecting the "Details" tab. Nevertheless, for some reason, a good 25-40% of them show a completely inaccurate date. So my question is: does anyone know of a failsafe/foolproof way of finding the correct date in question and on top of that, knowing whether or not that date is actually legitimate; whether that be with the use of some outside program, a command prompt, or some other shortcut? I'm all ears!
Thank you for your time,
Mike

A:Needing help locating the exact time & date of a file

First off you should not be touching anything with those files. If the lawyers and court asked for a copy of them. Burn them as is to a DVD and hand them over as the evidence they requested. Otherwise the judge can issue a Subpoena to have Leo's come to your house and take anything related to saving data to, including the computer.

Read other 2 answers
RELEVANCY SCORE 48.4

Please take a look at my Hijack This log file and let me know if you see anything that needs to be fixed.Thank you.Logfile of HijackThis v1.99.1Scan saved at 11:16:48 AM, on 8/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exeE:\WINDOWS\LogWatNT.exeE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exeE:\WINDOWS\Explorer.EXEE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exeE:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exeE:\WINDOWS\SYSTEM32\USRmlnkA.exeE:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeE:\Program Files\Java\jre1.5.0_06\bin\jusched.exeE:\Program Files\SpywareGuard\sgmain.exeE:\WINDOWS\SYSTEM32\USRshutA.exeE:\WINDOWS\SYSTEM32\USRmlnkA.exeE:\Program Files\SpywareGuard\sgbhp.exeC:\Program Files\Mozilla Firefox\firefox.exeE:\Docu... Read more

A:Abnormal Response Time - Hijackthis Log Analysis Request

Why no response in 5 hours?

Read other 2 answers
RELEVANCY SCORE 48.4

Hi,
in this video Laura E. Hunter from Microsoft describes behavior analytics: https://youtu.be/hNZdboDvnuU?t=1251
She says that ATA will analyze the behavior in a domain for 21 days and declare this as normal behavior. After the 21 days ATA will report unusual user behavior based on the 21 days analysis.
I have two questions about this:
1. Can we see the progress of the analysis somewhere? I searched through the ATA-center but there is nothing. Is it possible to see it in some kind of logfile or the Mongo-DB?
2. We have started ATA with one DC. What happens if we add our other DCs later? Will the analysis recognize behavior from those, also when the 21 days are already over?
I did not find anything about this 21 days analys period in the documentation. I'm more than happy with a hint if I have overseen something there.
Thanks in advance

Read other answers
RELEVANCY SCORE 48

I previously had a topic opened on this. That post I bumped twice and didn't receive any answer to my questions, so trying once again.

I have an application infected issue that is preventing me from running any EXE files as well as the GMER and DDS applications outlined in the Sticky Thread. I received a response to run the Rkill application but that thread was closed out before I could ask any additional questions.

I'm not well versed when it comes this stuff so I wasn't sure if I was executing the Rkill application correctly because I'm still unable to execute the analysis tools.

Any help on this would be greatly appreciated, If I need to execute the Rkill on the infected machine please let me know and walk me through that process with a little detail if at all possible. Also, I'm not able to connect to the internet or boot up in Safe mode on the infected machine, just an FYI.

Again, any help is greatly appreciated.

A:Trying this one More time - Application infected issue unable to run analysis tools

Hi -

You've apparently been living with this for quite a long time. It might have been easier and certainly faster to do a restore from recovery disks or recovery partition by now.

It's very difficult for us to assist in this medium without any logs to work from. We just have no way of knowing what's on the machine otherwise. What operating system is this? Your profile indicates XP, but sometimes folks don't always post for the same OS as in their profile.

You said you tried to use rkill. Did you try all 4 versions? If so, what happened when you did so?

amateur's instructions here are really all there is to it

http://www.techsupportforum.com/f100...ml#post2522746

Did you see a black command window open when you ran the rkill tool? Did explorer.exe cycle (all desktop icons disappear and return)? Did you receive a message from the infection that rkill was infected? Did you leave that message open and ignore it, then run rkill again and again?

Does a browser open, such as Firefox ? It doesn't necessarily matter right now if the internet connects, I just want to know if it opens.

Please take your time, and try to answer all the questions as best you can.

Read other 19 answers
RELEVANCY SCORE 43.2

Hi everyone,

Previous article: Malware Analysis #7 - Bytes and HEX

Today, I would like to go more in-depth with HEX analysis. There should be more parts to going more in-depth with HEX analysis. For example, one tutorial we will use a trojan downloader or a trojan banker, or others... And then the other part we may use a cryptolocker sample, fake antivirus software, worms or adware. So, this will be part-based.

I didn't think I could just leave the previous thread with that simple example on HEX and HEX editors... No, no. I had planned to go more in-depth, which is why I left the previous thread as simple as it was, so it would be easier to understand and take in at a time.

Let's get started!
----

Today, I will be showing you how to identify a worm houdini (VBS Script sample). Before I continue, I would like to note the following:

- Remember to use a VM say on case
- While I cannot share the sample UNLESS the MT staff make a section for analysis like Malware Hub and allow links, you can get worm samples from te malware hub.
- Lastly, enjoy!

--

As you can see from the below sample, there is a VBS script file on my desktop:
Firsly, I would like to note that the size of the sample is small. VBS samples usually are. In fact, a good amount of malware is small, one reason could be so it can be easily downloaded onto the users computer. Samples can become smaller through packing. However, not all samples are small, some are very large. It's a mix between ... Read more

A:Malware Analysis #9 - more in-depth analysis with HEX (Houdini worm)

Hi and thanks for this great article.
We need to Know How to decode .VBS worm, The sample you have it seems to be decoded before you wrote this article.
if we didn't decode it we'll not find any useful information.
Thanks again
 

Read other 3 answers
RELEVANCY SCORE 41.2

Thank you in advance for looking. For the past couple of weeks, I've been having problems viewing web pages on occasion, approx half the times that I connect to the internet, I get a DNS Server error. Again, most of today I have gotten the same error, have run Ad-aware, Spy-Bot, re-booted, done a system restore. Finally was able to view pages, but I know there is something underlying in my system, even though the above programs aren't for some reason picking up. Why do I know this? Because I have to go through this process for what has seemed like a trillion times in the past few days. I talked to a tech with my ISP the other day who said it was more than likely a problem with spyware. Also, to make matters worse, I'm thinking my system is vulnerable because just the other day there were unauthorized charges made on my debit card to a website that I had never visited. I don't know if these are related incidents but I would be interested in knowing what you thought about it. Here is my Hijack This log, thanks so much for you help. Let me know if there is any other info you need. Logfile of HijackThis v1.98.2Scan saved at 6:48:43 PM, on 11/21/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.... Read more

A:HJT Log please help new poster

HiThis is what I found about FunWebProductshttp://www.nwfusion.com/newsletters/web/2003/1208web2.htmlYou are running HijackThis from a temp folder. You will need to move hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups when you fix items. These backups could easily get deleted in a temporary folder.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Please uninstall from Add\Remove Programs if present:PeoplePC Toolbar, PeoplePal Toolbar.I'm not sure if this is considered malware, it is open to debate.It is a good ideea to print or copy these instructions because you are not able to access the Internet in SafeMode.Make sure you are set to show hidden files and folders: A. On the Tools menu in Windows Explorer, click Folder Options.B. Click the View tab.C. Under Hidden files and folders, click Show hidden files and folders.D. Uncheck Hide extensions for known filetypes and Hide protected operating system files.How to see hidden files in WindowsREBOOT into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe modeRun HijackThis!, press Scan, and put a check mark next to all these:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.as... Read more

Read other 8 answers
RELEVANCY SCORE 40.8

I have got to make a poster for a project. i have got to put 14 photos of people in to a circle on a poster. With there names and titles under each picture, and various graphics over the poster. This poster is gunna be size A1 .
Any help would be greatly received as this is my first poster project.
many thanks
 

A:Making a poster

Closing Duplicate to: http://forums.techguy.org/all-other-software/564085-making-poster.html
 

Read other 1 answers