Over 1 million tech questions and answers.

Hijackthis-what has my teen done?!

Q: Hijackthis-what has my teen done?!

From my teenage girl's computer, though I don't know what I'm looking at, I can see a huge difference in these logs between my computer and hers. It's acting really funny, as well!

Logfile of HijackThis v1.99.1
Scan saved at 2:29:53 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hdqqtkfydmaqwdnasek.net//...SOLoI9VCx.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pphbfkosizbdoqrna.info///...st6Zzi_cL0.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-s...k=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://registernet.passport.net/reg...33&langid=1033
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3D11565A-84A8-868D-439B-D754EBFE4308} - C:\DOCUME~1\Myself\APPLIC~1\Liesmess\wipeplatform.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66D2A3FC-1976-82D5-15A2-CCB22F2BDBC4} - C:\DOCUME~1\MiaMoran\APPLIC~1\Liesmess\batflap.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\undvd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HOLDSUPPORTDASHVGA] C:\Documents and Settings\All Users\Application Data\Jugs lies hold support\Find clock.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Fastfirstsigndart] C:\Documents and Settings\All Users\Application Data\ante mpeg fast first\RectMode.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [bike axis] C:\DOCUME~1\MiaMoran\APPLIC~1\PLAYFO~1\Road Mail.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O20 - Winlogon Notify: undvd - C:\WINDOWS\repair\undvd.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

RELEVANCY SCORE 200
Preferred Solution: Hijackthis-what has my teen done?!

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Hijackthis-what has my teen done?!

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

If you hav'nt already done so,download and run AboutBuster & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.




How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder/
Close all browsers
Unzip into same directory
Doubleclick CWSInstall.exe
Click <Check for updates> and let it install all updates
Click <Fix>
Click <Next>
Close CWShredder//

----------------------------------------------------------------------

How to setup AboutBuster version 5

Download AboutBuster

Then unzip all files from the zip folder to a folder or your desktop. Start it and press the OK button. Then hit the update button and a new screen will appear. On that screen press the Check for Updates button..

To scan your machine, press the Start button and then press OK. The program should start scanning. When it is done, press the exit button and reboot. Once rebooted run About:Buster one more time.

This program is updated often so you should always use the built in update feature before you scan with it.
-------------------------------------------------------------------
Please download Ewido Security Suite

Install Ewido Security Suite.
When installing, under 'Additional Options' uncheck: "Install background guard" and "Install scan via context menu"

To open the main screen double click the icon on the desktop.

You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.

Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.

Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'

If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report

Save the report .txt file to your desktop or somewhere you can find it.Post it back with your next HJT log.
----------------------------------------------------------------------

Go to Start/Run/ and type: regedit and OK. Then Backup your Registry.

Navigate to this key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify and find "undvd.dll"

When you find it right click on "DllName" in the right of the panel and select "Modify" and delete "undvd.dll" from the window.


-----------------------------------------------------------------------

Files highlighted in BLACK will need to be removed from your hard drive.

Folders that have been highlighted RED will need to be uninstalled.

------------------------------------------------------------------

Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
------------------------------------------------------------------

Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

Messenger Plus! 3
winupdates
MyWay
-----------------------------------------------------------------



Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hdqqtkfydmaqwdnasek.net/...OLoI9VCx.ht ml
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pphbfkosizbdoqrna.info//..._st6Zzi_cL0.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.media-search.net/nph-...ok=stmpl1&find=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hhttp://search.media-search.net/nph-search.cgi?track=mssrc&look=stmpl1&find=
O2 - BHO: (no name) - {3D11565A-84A8-868D-439B-D754EBFE4308} - C:\DOCUME~1\Myself\APPLIC~1\Liesmess\wipeplatform. exe
O2 - BHO: (no name) - {66D2A3FC-1976-82D5-15A2-CCB22F2BDBC4} - C:\DOCUME~1\MiaMoran\APPLIC~1\Liesmess\batflap.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\undvd.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HOLDSUPPORTDASHVGA] C:\Documents and Settings\All Users\Application Data\Jugs lies hold support\Find clock.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Fastfirstsigndart] C:\Documents and Settings\All Users\Application Data\ante mpeg fast first\RectMode.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [bike axis] C:\DOCUME~1\MiaMoran\APPLIC~1\PLAYFO~1\Road Mail.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O20 - Winlogon Notify: undvd - C:\WINDOWS\repair\undvd.dll


------------------------------------------------------------------

Open Windows Explorer and delete the following highlighted file/s (or delete the whole (Red) folder if listed).

C:\WINDOWS\repair\undvd.dll
C:\Program Files\Messenger Plus! 3
C:\Program Files\winupdates
C:\PROGRAM FILES\MyWay
C:\Documents and Settings\All Users\Application Data\ante mpeg fast first\RectMode.exe
C:\Documents and Settings\All Users\Application Data\Jugs lies hold support\Find clock.exe
C:\DOCUME~1\MiaMoran\APPLIC~1\PLAYFO~1\Road Mail.exe
C:\DOCUME~1\MiaMoran\APPLIC~1\Liesmess\batflap.exe
C:\DOCUME~1\Myself\APPLIC~1\Liesmess\wipeplatform. exe
-------------------------------------------------------------------
Check that you have carried out all the above steps/fixes and then reboot into Normal Mode and download Cleanup This will clean out your tempory files.

When finished please post a new log......

Read other 1 answers
RELEVANCY SCORE 45.2

I'm having the same problem as many others are. Teen biz defaults when i open IE and win min comes up when shutting down. I've included the hijack info that I scanned off of my machine.

Thanks in advance for your help

Logfile of HijackThis v1.97.7
Scan saved at 7:12:14 PM, on 1/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\McAfee\QuickCl... Read more

A:teen biz and win min

Get the CoolWebShredder from this site, update and run it with the browser closed. Then reboot and check and "fix" any of these entries which remain in HijackThis:

http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://teen-biz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teen-biz.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\winlogon.exe

O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

teen-biz has taken over the search engine; the home page, etc on Internet Explorer.

The log is shown
Logfile of HijackThis v1.97.7
Scan saved at 8:53:08 PM, on 12/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\home\Local Settings\Temp\Temporary Directory 1 for hijac... Read more

A:teen-biz

I would appreciate your help
 

Read other 2 answers
RELEVANCY SCORE 45.2

hey guys, everytime i start my computer my home page has been changed to teen-biz. also websites have been added to my favourites list. when i shutdown iget a window come up that says Win Min not responding. and sometimes it says NVIDEA twinwindow not responding. I have tried Spy-bot, adaware 6, cwshredder they get things sometimes but when i reboot its all backthere again. i tried Hijack this and this is what i got.
Logfile of HijackThis v1.97.7
Scan saved at 2:02:16 PM, on 28/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSv... Read more

RELEVANCY SCORE 45.2

I have had trouble recently with my homepage and serch engines. They have all changed to some teen-biz page, and I am continually getting new sites in my favourites list, and all my sites are deleted. I have run Hijack this and CWShredder. I was wanting to know if there is anything else I need to do.
Thanks

Here is the log:
 

A:teen-biz bug

log posted so we can see it
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\NVIDIA\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\SYSTEM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wynnumvikings.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com
F1 - win.ini: load=C:\NVIDIA\vi_grm.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

I have run Hjt and saved the log. I have also red the other posts I could find regarding this issue. It seems my problem is a bit different than the others.

I do have winlogon.exe in my startup folder, but I can not delete it. It says the file is in use. There are multiple user accounts on this PC, 3 to be exact. The log file from Hjt is below...

TIA
Vince

Logfile of HijackThis v1.97.7
Scan saved at 3:23:20 PM, on 12/16/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WIN... Read more

A:New Win Min problem with teen-biz.com

Read other 11 answers
RELEVANCY SCORE 44.8

i am posting on behalf of a friend who, unfortunately, due to being to occupied with family concerns, is unable to log on and post for herself. therefore, i am trying to find out whatever i can for her. her problem (or at least the most bothersome thereof) is being constantly & frequently bombarded by pop-ups & redirects apparently associated with http://teen-biz.com

she has already downloaded, installed and regularly updated and run spybot, adaware as well as hijack this. unfortunately she is still being tormented by having her children be subjected to the extremely profane visual & text attacks that teen-biz seems to feel compelled to launch at every opportunity. as you can see from the following hijack log, teen-biz was found:

Logfile of HijackThis v1.97.7
Scan saved at 11:43:52 AM, on 1/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.ex... Read more

A:teen-biz pop-ups & redirects

Read other 7 answers
RELEVANCY SCORE 44.8

I have an almost 13 year old granddaughter that is very good with logic puzzles and loves the computer and stated an interest in learning how to program games.
While I know my way around the PC, I've never done much in the line of programming. I am considering on buying her for Christmas a beginners guide to C++. My thinking is if she's going to learn she might as well gain some real life experience she can use as opposed to getting her a book on basic or something like that.
My question is two fold to you programmers. Is C++ going to be too difficult for a kid her age? And secondly any other recommendations for a simple C++ book or other suggestions if I'm not on the right path thinking about C++. I did find the MS visual C++ compiler that I downloaded for her and a beginners video from the MS website to supplement the book.
Any help will really be a appreciated.
Floyd
 

A:Help for my teen granddaughter

Read other 9 answers
RELEVANCY SCORE 44.8

My daughter is wanting a new laptop that will run the game Star Wars The Old Republic.
The system requirements are :
Processor: AMD Athlon 64 X2 Dual Core 4000+ / Intel Core 2 Duo 2.0 GHz or better
Operating System: Windows XP or later
RAM: 2gb
Video Card: min256 MB on-board RAM and support for Shader 3.0

I am looking at HP 17.3" HD+ Notebook 17-x047cl, Intel Core i3-6006U DC Processor, 8GB Memory, 1TB Hard Drive, Backlit Keyboard, Optical and need to know if it fits the requirements
 

Read other answers
RELEVANCY SCORE 44

http://www.amazon.com/Lenovo-15-6-Inch-Touchscreen-Laptop-59426255/dp/B00K6ZIFFG/ref=sr_1_1?ie=UTF8&qid=undefined&sr=8-1&keywords=lenovo++i7-4700hq+y50

It's actually over his budget... until his next paycheck, at which point it'll wipe out his savings account.
So before he blows everything he's earned this summer taking orders at a fast-food joint, thought I'd ask if this will be a great choice. It's a Lenovo Y50 laptop sold on Amazon. He looked at it in a Best Buy store where it costs nearly a hundred dollars more. He's a junior in high school this year, so use will be for any school related study/research rolleyes, facebook, Minecraft and he wants to get Skyrim/Elder Scrolls downloaded once he makes his purchase. I think the salesman said that this could be linked to his PS4 - I'm not a techie at all so I don't know that this is hugely important but my son seemed impressed.

I've read reviews dissing the screen. But we saw it in store and didn't think it looked as... unpleasant as some reviewers thought. The other negative thing I've read is something about having to press two keys on the keyboard to control the sound. Again, I don't think that that sounds like a big deal either.

I guess I'm wondering if there's something better for his money or is this actually dang good for $1250 plus tax from Best Buy? (I know Amazon's price is cheaper but hesitate to have to handle any troubles we ... Read more

A:My teen wants to buy this gaming laptop...

Read other 7 answers
RELEVANCY SCORE 44

Toshiba 1.8Ghz laptop
4 GB RAM (recent upgrade to memory 2x1GB, machine only sees 3GB, I can't find the cause, any advice most welcome)
160 GB HDD
Windows XP Media Center sp3

I recently 'cleaned' this computer and upgraded the memory. I left it with Eset running and it seemed fine until a 14 yr old nephew spent one session on it. When I heard about it, the browser was hanging without connecting. System control soon degraded to the point where Windows loads but that is it. Task mgr, file explorer, start button, browser... nothing works. Disk activity is evident but 'it' will not release the machine even after sitting off the ethernet wire for a substantial time after loading the OS. Safe mode available but 'it' blocks the run of Malwarebytes (though the app will load into memory). The only scans I could run were from within safe mode. not sure how useful that may be but RSIT outputs attached. I have DDS scan from safe mode I will place under separate post.

Best advice about next step please. Thank you for taking this under advisement.

A:Toshiba trashed by teen

here is the DDS scan outputs

thank you for helping with this problem.

Read other 2 answers
RELEVANCY SCORE 44

Hi, when I start my computer and run my IE, the startpage changes to teen-biz.com and a bunch of porn sites are added to my Favorites folder. IE will also open on its own periodically to some porn-site. Lastly, when I shut my computer down, I receive a Winn Min error ("can't end program . . . ").

I've run Ad-Aware, Spybot, SpyHunter and CWShredder but still the above garbage occurs. Can anyone please help? I appreciate any comments. Below is my Hijackthis output. Thank you in advance.

Running processes:
C:\WINNT\Explorer.EXE
C:\program files\timbuktu pro\tb2logon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Jeremy\HijackThis.exe
C:\WINNT\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-495... Read more

A:Teen-biz.com IE Hijack/ Win Min Problem

Read other 7 answers
RELEVANCY SCORE 44

Hi. Im brandnew to the forrum but i have a good question. I am an avid pc gamer but im only aloud to play teen rated games. Are there any decent teen shooters out? If so, are they recent with good graphics? Thanks!
 

A:Teen First Person Shooter

i play counterstrike source, thats rated mature, i realize thats your problem. I hope im wrong but there may not be any teen rated fps out there. Good Luck to you.
 

Read other 2 answers
RELEVANCY SCORE 44

OK. I will attach the HJT log for my son's computer. It is running really slow and is constantly running low on disc space. He was using his computer in safe mode until I found out. I removed some of the crap that he had but have no clue what else there may be. Please help. Computer is only a few months old and should not have too many problems. Thanks....

Here is the LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:57 PM, on 2/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pa... Read more

A:HJT Log for my Teen Son's Computer. ARRGG!

Why hasnt anyone replied? This computer is driving me nuts.
 

Read other 1 answers
RELEVANCY SCORE 44

Hello,
I hope you can help me.
My daughter is experiencing problems with her Windows ME machine. I've cleaned off what I could with Spybot and Adaware. I've also run Norton 2002 and the Micro trend on-line virus scan (although I'm not confident that the on-line scan made it to completion).

I'm seeing alot of modem activity, even when nothing else is running on her PC. She's getting icons on her desktop, pop-ups and spyware. Her machine is running very slowly and locks up on a regular basis.

I've run hijackthis and Hijackthis analyzer. The analyzer log is posted below:
Thanks in advance.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:41:39 PM, on 3/8/2005
Platform: Window... Read more

A:Parent of Teen needs help! HiJack log

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

Read other 11 answers
RELEVANCY SCORE 44

Hello, folks.
My teen can't get enough of MySpace, YouTube and associated activities. The more she uses them, the more I have to keep cleaning out Virtumonde, Smitfraude, etc. malware that keep repeatingly placed on my PC. I'm tired of the junk! How can she keep using her favorite sites without junking up the PC with malware? I am running Win XP, antivirus is Panda Internet Security (which I love 10x better than Norton or McAfee) plus I also clean out with Spybot often (probably need to do this more often). What guidelines can I give my teen to help prevent malware? She also IM's a lot, and I'm gonna tell her about not clicking on IM links.
Frustrated Mom

A:Keep Getting Reinfected When My Teen Uses Myspace

Do you use the Firefox browser? That will definitely help. You're more likely to get infected on myspace using Internet Explorer.

Spybot is pretty ineffective these days. It was decent several years ago, but now I'd recommend Malwarebytes or SuperAntiSpyware.

Read other 4 answers
RELEVANCY SCORE 43.6

Hi:
Not even sure if this is the right place. My pre-teen cousin installed WINAMP on my mother's computer.
1. Is this a legal program? Is it any good? Does it cost anything monthly?

2. Now The sound on her computer doesn't work. I get an error message from NullSoft. "bad direct sound driver. PLEASE INSTALL Proper drivers OR SELECT another device in configuration." Error Code 887800A

Anything yu can tell me about this or how to fix will be deeply appreciated.

Thanks. wildbill
 

A:Pre-teen installed unknown program?

Read other 8 answers
RELEVANCY SCORE 43.2

Help please. I have a tech savvy 16 year old son that has to use his computer to do his homework, but is abusing it. I need to be able to see how he is using it (sites/time/things he's doing) and ideally restrict the site "affimatively" to just the sites he needs to do his homework. I check history, but he's savvy enuf' to clear individual entries as he goes..... I've reat about Webwatcher adn SpectrePro but have no idea what's good and what he couldn't detect and remove... I'm not that technical.... help please!
 

A:Parent Control S/W for tech savvy teen

Read other 7 answers
RELEVANCY SCORE 43.2

Valis sent me for help. I have Windows 7. I have an administrator account. My son uses a standard account and does not know the password for the administrator account. My son has been visiting unwanted web sites. I need to find the easiest way to block him from visiting this type of site.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 635 Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 4
RAM: 5886 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 939685 MB, Free - 745733 MB;
Motherboard: Dell Inc., 04GJJT
Antivirus: GFI Software VIPRE, Updated and Enabled
 

A:Solved: teen and unwanted web sites Valis sent me

Read other 7 answers
RELEVANCY SCORE 43.2

Hello. I am new here but have been following these forums for a couple of weeks. I think the people [??] who create viruses should be treated like any other terrorist.

I have AVG and today when I opened my e-mail, I noticed a message labeled "Teen poll results" above a couple of other entries. So I used Shift and selected all three so I could delete them all at once. However Delete didn't work.

The AVG [Griswold] screen popped up and said it detected a virus. So I pressed "n" and even enter. Meanwhile, behind the AVG box, there was another box showing a file being downloaded. So I quickly clicked the Close X button for Outlook Express. I hope that cut it off at the pass.

So I have some questions:

1) Is there some way to select and delete something from my inbox without it starting to download?

2) Why didn't AVG stop this thing from down loading?

3) Assuming part of the virus downloaded, how do I find it and get rid of it?

That's enough for now. You guys are great.

-Peter
 

A:Teen poll results virus[?] + AVG + Outlook

Read other 7 answers
RELEVANCY SCORE 43.2

This website keeps popping up and I have run Adware and Spybot. It was also charging calls to my phone. I have put a block on my phone with the phone company and now have to send a letter an a email to dispute these charges. I have never been to that web site and it keeps popping up. I did read whre the average person can go remove this with help so Help. This is the information I get when I run spyware.

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-1078145449-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2004-12-15 Includes\Dialer.sbi
2004-12-16 Includes\Hijackers.sbi
2004-12-15 Includ... Read more

A:Solved: Hard Core Teen Sex website

Read other 9 answers
RELEVANCY SCORE 42.8

Hi

I am a dad who wants to give his rebellious pre-teen daughter some control on her laptop, like update iTunes or install games, but she cannot do such as a Standard User.

I initially setup her laptop with both of us (dad and daughter) as admin users. I wanted to be an admin user to help install updates, backup, and check for viruses, etc... Dad as "Home IT guy".

However, in her rebellious attitude over the last couple of months, she removed me as an admin; so, I had no way for login. Pissed IT dad.

IT dad took her laptop away for a week, demanded her password, created IT dad as admin and changed frustrated daughter into standard user.

All fine. No. Daughter wants to upgrade iTunes (admin login required), install games (admin login required), etc... (admin login required). Non-IT mom does not want to do IT stuff (i.e. "admin login required" stuff).

Is there a way to allow my daughter (degraded to Standard User) to have some admin privileges (to perform upgrades and downloads without "admin login required"), but without having the permissions from removing other administrators (i.e. IT dad)?

In other words, IT parents as Uber-Administrators and User children as Limited-Adminstrators (i.e., cannot remove a Uber-Adminstrator but can upgrade and download software)?

IT Dad wants to know, thx

jeff in seattle

A:Windows 7 Pro: Parent adminstration control and rebellious pre-teen

Sorry, I dont have an answer for you, but I'm in exactly the same boat. because I have three sons that install programs and updates like your daughter, that required me to intervene on a multiple-times-per-days basis I gave my kids administrative accounts on their own computers.

BIG MISTAKE!!

I use OpenDNS to prevent access to undesirable web stuff, and so I can have some semblence of knowledge of what is going on. But they hack, and they crack and they circumvent every bit of security I add.

Now I am considering setting them to standard users. And that means non-stop whining, negatively charged atmosphere, and daily interventions by me to install, update, remove and configure things on their PCs.

I feel for you. I hope someone here will be able to offer some guidance to us frustrated parents.

Tanya

Read other 4 answers
RELEVANCY SCORE 42.8

I have a couple of older Dell laptops here of the Windows 98 vintage. They have more than ample hard disks and 64 megs of RAM. I'm thinking of turning them into NetBooks for a couple of 10- and 12-year-olds. The laptops both have good batteries USB ports and PCMCIA slots so wireless will be an easy task.

Here's the question: How practical a job is this and what OS would be best?

I know just a very little about NetBooks, mostly what I've learned by looking at them on the store shelves.
 

A:Turn an old Win98 laptop into a NetBook for pre-teen child?

Read other 6 answers
RELEVANCY SCORE 38.4

Does anyone know of a good simulation game on the order of Sims, but rated for a child of 10. She wants to be able to take care of a family, but her parents, of course, don't want all the teen rated material to be a part of it.

We would really prefer one we can buy and download rather than have to go out and get it.

Thanks for any suggestions.
Peg
 

A:Good simulation games not rated "teen"

Don't think there is any simulation games like the Sims.
 

Read other 1 answers
RELEVANCY SCORE 26.8

My PC is acting a little funny... I tried to run HiJackThis and almost immediately it shuts down. Tried it in safe mode and even tried renaming HiJackThis to a.exe and it still won't stay open. In addition to that, anytime that I do a search on Firefox or IE that includes the word "Hijackthis" the browser shuts down.

Now I was able to save a log file real briefly running HiJackThis, I don't know if it had enough time to do a complete scan before it shutdown. Please remember that HiJackThis shutsdown so I can't ask it to fix any files. I was lucky enough to get a log file from it, which incidentally I wasn't able to open at first, until I renamed it a.txt. Thanks for all your help!
------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:10 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Ser... Read more

A:HiJackThis shutsdown, internet browser also shuts down when any search for HiJackThis

I forgot to mention that I've run spybot, XoftSpySe, Trend MicrosOnline Scan, atfcleaner, in both normal mode and safe mode... they found some items and cleaned them up but apparently not whats causing this problem...

Read other 2 answers
RELEVANCY SCORE 26.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:08, on 14/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\mmm.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\D-Tools\daemon.exe
... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le diagnostic)

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 26.4

Bonjous Voila depuis peu je constate que mon antivirus :Avast edition free constate un virus quand je vais sur ce site : <hxxp://www.ewallpapers.eu/>Quand je choisis une image et que je click sur download, il met met :Multi:BinaryIframe
Virus/Ver
081010-0,10/10/2008Alors je ne sais pas d'ou cela viens car si j'affiche l'image et que je fais enregistrer-sous,ca fonctionne donc je ne comprend pas est-ce un bug, ou bien suis-je infecté ?Par la même ocasion, je vous montre le scan obtenu par Hijack ;)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:44:33, on 11/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\LCD Mana... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le diagnostic)

Bonjour,Une premi?re remarque:Bleeping Computer est un forum en langue anglaise/am?ricaine. Il faut faire l'effort d'?crire dans cette langue ... ou choisir un forum en langue fran?aise.Apparemment, avast! a d?tect? une anomalie dans une des images affich?es sur le site.Je viens de faire analyser toutes les images (celles qui sont affich?es aujourd'hui sur la page d'accueil) sur virscan.org, et rien n'est signal? comme infect?.Apr?s mise ? jour des d?finitions de virus d'avast!, vois-tu encore cet avertissement ?Salut,First of all, BC is an english/american forum.You should make the effort to write in english ... or choose a french-speaking forum.avast! found something in one of the pictures displayed on the site.I've just sent all the images (displayed today on the homepage) to virscan.org, and nothing bad was found.After a virus database update, do you still receive this warning?

Read other 1 answers
RELEVANCY SCORE 26.4

Logfile of HijackThis v1.99.1Scan saved at 06:01:36, on 31/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEc:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exeC:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exeC:\Program Files\NETGEAR\WG311v3\wlancfg5.exeC:\Program Files\Orbitdownloader\orbitdm.exeC:\Program Files\Orbitdownloader\orbitnet.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\s... Read more

A:Hijackthis Log: Please Help Diagnose (log Hijackthis: Svp, De L'aide Pour Le Diagnostic)

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 2 answers
RELEVANCY SCORE 26.4

Read the answer to the question and followed the list of things to do. I have a copy here..what now?Logfile of HijackThis v1.99.1
Scan saved at 3:34:50 PM, on 9/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\pmsngr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:... Read more

A:Continue with [email protected] of HijackThis Logfile of HijackThis

Read other 16 answers
RELEVANCY SCORE 26.4

bonjour, je ne connais strictement rien en informatique mais mon anti virus A D?tecter un cheval de Troyes Risque: Trojen Horse Noms du ficheir: A0350150.dll sachant que j'ai eu aussi msxml71.dll J'ai lu des poste et sur ma dit de vous envoyer ce qui suis. si vous pouviez m'aider. merci par avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:01, le 20/09/2009 Plate-forme: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ Program Files \ Hewlett-Packard \ Drive Encryption \ HpFkCrypt.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Alwil Software \ bin \ btwdins.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Symantec AntiVirus \ Smc.exe C: \ Program Files \ Fichiers communs \ Symantec Shared \ ccSvcHst.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ AskBarDis \ bar \ bin \ AskService.exe C: \ Program Files \ AskBarDis \ bar \ bin \ ASKUpgrade.e... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le diagnostic)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 26.4

Hi, sorry for my english, i read better than write firefox doing redirection to other sites when i search from google. i search for the problem and found the tutoriel HijackThis, and see that i can post here for your help.download hjt, perform a scan and paste the result on a new post.Help will be appreciate.thank in advance!------------------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:41 , on 2010-01-23Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\syst... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le diagnostic)

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. Do you still require help?If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Read other 3 answers
RELEVANCY SCORE 26.4

Hello

Could you please help me to diagnose what is wrong. My main concern is about a malware which redirect google towards ad web pages.

Thanks a lot for your help.

Here is my log from Highjackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:48, on 08/10/2011
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Harrap's Multim?dia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Orange\Internet everywhere\Icon515\IEWLauncher.exe
C:\Program Files (x86)\Orange\Internet everywhere\Icon515\SMSNotifier.exe
C:\Program Files (x86)\Orange\Internet everywhere\Icon515\HSSModule.exe
C:\Program Files (x86)\CardDetector\ICON505\CardDetector.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)&#... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le diagnostic)

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===The HijackThis tool is not ready for the 64 bit operating system. In your case I need to see a DDS Log.I would remove HijackThis using the Add/Remove Programs list.Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop.Please just paste the contents of the DDS.txt log in your next post.

Read other 2 answers
RELEVANCY SCORE 26.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:15:49, on 22/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\nvraidservice.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Adobe\Photoshop Album Edition D?couverte\3.2\Apps\apdproxy.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\PowerArchiver\PASTARTER.EXEC:\program files\valve\steam\steam.exe... Read more

A:Hijackthis Log: Please Help Diagnose (log Hijackthis: Svp, De L'aide Pour Le Diagnostic)

Hi Nasty Dwarf,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 1 answers
RELEVANCY SCORE 26

Bonjour, 
 
Pouvez vous m'aider et me dire quel fichier je dois supprimer car je ne peux plus utiliser internet explorer
 
Merci d'avance
 

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le dia

shopping helper smartbar engine : I cant delete this !
 
can you help me?

Read other 3 answers
RELEVANCY SCORE 26

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:53, on 18/01/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\benjam\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\benjam\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Ch... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le dia

Hi jamsingh My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;If you... Read more

Read other 9 answers
RELEVANCY SCORE 26

Logfile of HijackThis v1.99.1
Scan saved at 6:41:18 PM, on 3/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\pingppac.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Mary\Start Menu\HJT\HijackThis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [rant] rant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNMSGRS.exe
O4 - HKLM\..\Run: [MicroSoft Remote Secure Service] MSRSS.exe
O4... Read more

A:HijackThis Log file/HijackThis Analyzer results

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

If you have a fast internet connection (broadband), run an ... Read more

Read other 7 answers
RELEVANCY SCORE 26

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:34:27, on 12/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
 
FIREFOX: 26.0 (fr)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
C:\Program Files (x86)\WinTV\Ir.exe
C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
C:\Program Files (x86)\Download.am\download.am.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x8... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le dia

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520589 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 23 answers
RELEVANCY SCORE 26

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:53:37, on 03/04/2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explor... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le dia

StartupList report, 03/04/2013, 21:20:15
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
 
Running processes:
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe
 
--------------------------------------------------
 
Listing of startup folders:
 
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
HP Digital Imaging Monitor.lnk... Read more

Read other 4 answers
RELEVANCY SCORE 26

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:39:46, on 2016-04-28
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18283)
 
 
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\Steam\bin\steamwebhelper.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\ch... Read more

A:HijackThis Log: Please help Diagnose (Log HijackThis: SVP, de l'aide pour le dia

Hello joelar81, and     to the Virus/Trojan/Spyware/Malware Removal forum.I am oneof4, and I am here to help you!
I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received and do not proceed if you need clarification.
Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
At the top right-center of the topic you will see a button called Follow this topic. If you click on this, another page will open. Please choose Instantly for notification and then clicking on Follow this topic you will be advised when we respond to your topic and facilitate the cleaning of your machine.
If after 5 days you have not replied to this topic, I will assume it ... Read more

Read other 19 answers
RELEVANCY SCORE 25.2

Quote:




DETAIL!

My Problem:
My computer keep freezing and i feel that my computer is running very slow.
So please take a look.

What anti-virus and anti-malware i use:
Kaspersky Internet Security 6.0
A-squared anti-malware 3.0

My Computer brand:
Acer
WinXP Home SP2

My destop picture preview:
http://i19.tinypic.com/52uw87l.jpg

My Internet Provider and Speed:
Singnet
Speed: 512k but recently upgraded to 1MB
My Country:
Singapore

If you need anymore information just tell me. I will refresh this thread every 5 min to see your reply!




This Thread included:
Hijackthis Log
Hijackthis Startuplist log
A-squared HijackthisFree Log
HijackThis Log:


Quote:




Logfile of HijackThis v1.99.1
Scan saved at 2:42:20 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\Diamondback\razerhid.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CL... Read more

A:My HijackThis Log+Startuplist log+A-squared hijackthis log

Bump T_t

Read other 19 answers
RELEVANCY SCORE 25.2

I am using Windows 2000 and Norton Antivirus 2006 with Virus Definition updates as on 22/10/2007. Norton status is telling all the installed applications are working correetly. But, I have noticed that in my machine Task Manager is disabled and it is displaying as "Task Manager has been disabled by administrator" and also "Registry Editing has been disabled by administrator".

I have searched in this forum and same problem occred for many user and I have decided to follow the instructions in this forum.As a first step, I have downloaded all the below softwares from a browsing center and write it in a CD.

I have downloaded all the below software:
1. HJTSetup.exe
2. ComboFix.exe
3. SCFix.exe
4. KillBox.zip
5. avenger.zip
6. avgas-setup-7.5.1.43 (AVG Antispyware)
7. EClea2_0 (Cleaner)
8. nentenst (Nod32 for Windows)

first, I have installed HJTSetup.exe. But, I couldn't open the Hijackthis.exe. I am using Windows 2000 OS in my machine and I have installed the Hijackthis in default location c:\program files\Hijackthis and a shortcut in the desktop. But when I clicked the shortcut, for the first time nothing came. I have restartedthe machine and once again I tried and this time one pop up came with some warning message states that don't delete any files and have technical experts to go thru' this log file, then nothing came.

If I format all the drives in my machine will solve the problem. I have some data in D: and E: drive which has to be ba... Read more

Read other answers
RELEVANCY SCORE 23.6

My real problem has been identifird by Webroot Spysweeper, it removes ot, the files disapear, but show back up when I re-boot. Stubborn litte thing. Any help would be appreciated. The file is C/PROGRAM FILES/SURADOBE/WINGENERICS.DLL - Please see analyzer log below. Following that, is the actual HijackThis log file.
Thank you.
Scott

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:35:59 AM, on 11/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\VPTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O4... Read more

A:HijackThis Log Read-used the HijackThis Analyzer program to get the "new" log.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix.exe - but do NOT run it yet.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please disable Webroot SpySweeper, as it hinders the removal of some entries. You can re-enable it after you're clean.
To disable Webroot SpySweeper:Go to the Options>Program Options
Uncheck Load at Windows Startup
Click Shields & uncheck all items there
Uncheck Home page shield.
Automaticly restore default without notification

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Before proceeding any further, please create a new directory - C:\PROGRAM FILES\HIJACKTHIS\
Re-locate your HijackThis files to the new directory


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


With HiJackThis & place a check next to these items and select "Fix checked":

R3 - Default URLSearchHook is missing


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu... Read more

Read other 5 answers
RELEVANCY SCORE 23.2

I see that HijackThis 2.0.0 beta is from Trend Micro and not from Merijn like HijackThis 1.99.1 is.

Did Trend Micro buy out HijackThis from Merijn?

What is our security section gurus' opinion on this new beta version?

-------------------------------------------------------------------------------------
 

A:HijackThis 2.0.0 Beta Vs. HijackThis 1.99.1

Frank look here

http://forums.techguy.org/security/551479-free-hijackthis-tool-acquired-trend.html

Do not use it yet.
 

Read other 3 answers
RELEVANCY SCORE 23.2

When shutting down my computer, I was getting a message that TBPS.exe could not be stopped. When looking for the source of this file, I learned that I really needed to get rid of spyware all over my computer. I have followed the instructions in the KRC anti-spyware tutorial and came up with the following logfile as a result. I am looking for answers as to what I should get rid of and what can stay. Thanks in advance!

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 1/23/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norto... Read more

A:HijackThis log from KRC HijackTHis Analyzer

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Download CWShredder and run it. Click on 'I Agree' button ... Read more

Read other 3 answers
RELEVANCY SCORE 18.8

Can someone please have a quick look at my log and tell me whats wrong.
My computer has been running fairly slow and a lot of pop ups have been coming up.
Thank You.
Logfile of HijackThis v1.99.1
Scan saved at 2:53:10 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Mess... Read more

A:HiJackThis Log Please

Read other 14 answers
RELEVANCY SCORE 18.8

Can anyone please tell me what is wrong with this hijackthis log?? Thank you so much for your help...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:01:58 AM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\DOCUME~1\JEFFGU~1\LOCALS~1\Temp\realscannerm.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\JEFFGU~1\LOCALS~1\Temp\... Read more

Read other answers