Over 1 million tech questions and answers.

Teen-biz.com IE Hijack/ Win Min Problem

Q: Teen-biz.com IE Hijack/ Win Min Problem

Hi, when I start my computer and run my IE, the startpage changes to teen-biz.com and a bunch of porn sites are added to my Favorites folder. IE will also open on its own periodically to some porn-site. Lastly, when I shut my computer down, I receive a Winn Min error ("can't end program . . . ").

I've run Ad-Aware, Spybot, SpyHunter and CWShredder but still the above garbage occurs. Can anyone please help? I appreciate any comments. Below is my Hijackthis output. Thank you in advance.

Running processes:
C:\WINNT\Explorer.EXE
C:\program files\timbuktu pro\tb2logon.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Jeremy\HijackThis.exe
C:\WINNT\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = ,
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA5} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA6} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA9} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAB} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAC} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAD} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAE} - (no file)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D319662B-D5BF-4538-ADF3-8D3E36362608} - C:\Documents and Settings\All Users\Application Data\X0ff\X0ff0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tb2initPath] "c:\program files\timbuktu pro\tb2init.exe"
O4 - HKLM\..\Run: [TLogonPath] "c:\program files\timbuktu pro\tb2logon.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [msmrqprop.exe] C:\WINNT\system32\msmrqprop.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [msmrqprop.exe] C:\WINNT\system32\msmrqprop.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Access XP\Office10\OSA.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: winlogon.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-1234-012398761234} (ClearStream Accelerator) - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {03177121-226B-11D4-B0BE-005004AD3039} (UploaderCtrl Class) - http://members19.clubphoto.com/_img/uploader/atl_uploader.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37813.4177083333
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} (accel Class) - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gel.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gel.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gel.com

RELEVANCY SCORE 200
Preferred Solution: Teen-biz.com IE Hijack/ Win Min Problem

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Teen-biz.com IE Hijack/ Win Min Problem

Read other 7 answers
RELEVANCY SCORE 62

Hello,
I hope you can help me.
My daughter is experiencing problems with her Windows ME machine. I've cleaned off what I could with Spybot and Adaware. I've also run Norton 2002 and the Micro trend on-line virus scan (although I'm not confident that the on-line scan made it to completion).

I'm seeing alot of modem activity, even when nothing else is running on her PC. She's getting icons on her desktop, pop-ups and spyware. Her machine is running very slowly and locks up on a regular basis.

I've run hijackthis and Hijackthis analyzer. The analyzer log is posted below:
Thanks in advance.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 7:41:39 PM, on 3/8/2005
Platform: Window... Read more

A:Parent of Teen needs help! HiJack log

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

Read other 11 answers
RELEVANCY SCORE 56.4

I have run Hjt and saved the log. I have also red the other posts I could find regarding this issue. It seems my problem is a bit different than the others.

I do have winlogon.exe in my startup folder, but I can not delete it. It says the file is in use. There are multiple user accounts on this PC, 3 to be exact. The log file from Hjt is below...

TIA
Vince

Logfile of HijackThis v1.97.7
Scan saved at 3:23:20 PM, on 12/16/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\WIN... Read more

A:New Win Min problem with teen-biz.com

Read other 11 answers
RELEVANCY SCORE 45.2

I'm having the same problem as many others are. Teen biz defaults when i open IE and win min comes up when shutting down. I've included the hijack info that I scanned off of my machine.

Thanks in advance for your help

Logfile of HijackThis v1.97.7
Scan saved at 7:12:14 PM, on 1/6/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\McAfee\QuickCl... Read more

A:teen biz and win min

Get the CoolWebShredder from this site, update and run it with the browser closed. Then reboot and check and "fix" any of these entries which remain in HijackThis:

http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://teen-biz.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-1.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search-1.net/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://teen-biz.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://teen-biz.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
O4 - HKLM\..\Run: [WinAuth] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\winlogon.exe

O4 - Global Startup: winlogon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

I have had trouble recently with my homepage and serch engines. They have all changed to some teen-biz page, and I am continually getting new sites in my favourites list, and all my sites are deleted. I have run Hijack this and CWShredder. I was wanting to know if there is anything else I need to do.
Thanks

Here is the log:
 

A:teen-biz bug

log posted so we can see it
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\NVIDIA\VI_GRM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\SYSTEM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wynnumvikings.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://teen-biz.com
F1 - win.ini: load=C:\NVIDIA\vi_grm.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

hey guys, everytime i start my computer my home page has been changed to teen-biz. also websites have been added to my favourites list. when i shutdown iget a window come up that says Win Min not responding. and sometimes it says NVIDEA twinwindow not responding. I have tried Spy-bot, adaware 6, cwshredder they get things sometimes but when i reboot its all backthere again. i tried Hijack this and this is what i got.
Logfile of HijackThis v1.97.7
Scan saved at 2:02:16 PM, on 28/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSv... Read more

RELEVANCY SCORE 45.2

teen-biz has taken over the search engine; the home page, etc on Internet Explorer.

The log is shown
Logfile of HijackThis v1.97.7
Scan saved at 8:53:08 PM, on 12/8/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpyKiller\spykiller.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\home\Local Settings\Temp\Temporary Directory 1 for hijac... Read more

A:teen-biz

I would appreciate your help
 

Read other 2 answers
RELEVANCY SCORE 44.8

I have an almost 13 year old granddaughter that is very good with logic puzzles and loves the computer and stated an interest in learning how to program games.
While I know my way around the PC, I've never done much in the line of programming. I am considering on buying her for Christmas a beginners guide to C++. My thinking is if she's going to learn she might as well gain some real life experience she can use as opposed to getting her a book on basic or something like that.
My question is two fold to you programmers. Is C++ going to be too difficult for a kid her age? And secondly any other recommendations for a simple C++ book or other suggestions if I'm not on the right path thinking about C++. I did find the MS visual C++ compiler that I downloaded for her and a beginners video from the MS website to supplement the book.
Any help will really be a appreciated.
Floyd
 

A:Help for my teen granddaughter

Read other 9 answers
RELEVANCY SCORE 44.8

i am posting on behalf of a friend who, unfortunately, due to being to occupied with family concerns, is unable to log on and post for herself. therefore, i am trying to find out whatever i can for her. her problem (or at least the most bothersome thereof) is being constantly & frequently bombarded by pop-ups & redirects apparently associated with http://teen-biz.com

she has already downloaded, installed and regularly updated and run spybot, adaware as well as hijack this. unfortunately she is still being tormented by having her children be subjected to the extremely profane visual & text attacks that teen-biz seems to feel compelled to launch at every opportunity. as you can see from the following hijack log, teen-biz was found:

Logfile of HijackThis v1.97.7
Scan saved at 11:43:52 AM, on 1/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.ex... Read more

A:teen-biz pop-ups & redirects

Read other 7 answers
RELEVANCY SCORE 44.8

My daughter is wanting a new laptop that will run the game Star Wars The Old Republic.
The system requirements are :
Processor: AMD Athlon 64 X2 Dual Core 4000+ / Intel Core 2 Duo 2.0 GHz or better
Operating System: Windows XP or later
RAM: 2gb
Video Card: min256 MB on-board RAM and support for Shader 3.0

I am looking at HP 17.3" HD+ Notebook 17-x047cl, Intel Core i3-6006U DC Processor, 8GB Memory, 1TB Hard Drive, Backlit Keyboard, Optical and need to know if it fits the requirements
 

Read other answers
RELEVANCY SCORE 44.8

From my teenage girl's computer, though I don't know what I'm looking at, I can see a huge difference in these logs between my computer and hers. It's acting really funny, as well!

Logfile of HijackThis v1.99.1
Scan saved at 2:29:53 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\MyWay\bar\7.bin\mwsoemon.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hdqqtkfydmaqwdnasek.net//...SOLoI9VCx.html
R0 - HKCU\Softwar... Read more

A:Hijackthis-what has my teen done?!

Hi and Welcome
It may help you if you print out or copy this page for easy reference.. Make sure to work through the fixes in the exact order its listed..These instructions only apply to HJT v1.99.1

Please Keep your browser and all open programs closed (except firewalls and antivirus) when you are carrying out the fixes..

Download any of the required programs before attempting to start any of the fixes.


Turn off System Restore instructions (WinXP)
Rightclick My Computer | Properties | System Restore | check ?Turn off System Restore?, <Apply>, <OK>. Reboot. When we have confirmed that your log file is clean, you may renable System Restore and create a new restore point.

SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

If you hav'nt already done so,download and run AboutBuster & CWShredder (check for updates) for a preliminary cleanup first.Some files below may not be present after running the above programs.Full instructions below.




How to install and run CWShredder

Download CWShredder
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a T... Read more

Read other 1 answers
RELEVANCY SCORE 44

http://www.amazon.com/Lenovo-15-6-Inch-Touchscreen-Laptop-59426255/dp/B00K6ZIFFG/ref=sr_1_1?ie=UTF8&qid=undefined&sr=8-1&keywords=lenovo++i7-4700hq+y50

It's actually over his budget... until his next paycheck, at which point it'll wipe out his savings account.
So before he blows everything he's earned this summer taking orders at a fast-food joint, thought I'd ask if this will be a great choice. It's a Lenovo Y50 laptop sold on Amazon. He looked at it in a Best Buy store where it costs nearly a hundred dollars more. He's a junior in high school this year, so use will be for any school related study/research rolleyes, facebook, Minecraft and he wants to get Skyrim/Elder Scrolls downloaded once he makes his purchase. I think the salesman said that this could be linked to his PS4 - I'm not a techie at all so I don't know that this is hugely important but my son seemed impressed.

I've read reviews dissing the screen. But we saw it in store and didn't think it looked as... unpleasant as some reviewers thought. The other negative thing I've read is something about having to press two keys on the keyboard to control the sound. Again, I don't think that that sounds like a big deal either.

I guess I'm wondering if there's something better for his money or is this actually dang good for $1250 plus tax from Best Buy? (I know Amazon's price is cheaper but hesitate to have to handle any troubles we ... Read more

A:My teen wants to buy this gaming laptop...

Read other 7 answers
RELEVANCY SCORE 44

Toshiba 1.8Ghz laptop
4 GB RAM (recent upgrade to memory 2x1GB, machine only sees 3GB, I can't find the cause, any advice most welcome)
160 GB HDD
Windows XP Media Center sp3

I recently 'cleaned' this computer and upgraded the memory. I left it with Eset running and it seemed fine until a 14 yr old nephew spent one session on it. When I heard about it, the browser was hanging without connecting. System control soon degraded to the point where Windows loads but that is it. Task mgr, file explorer, start button, browser... nothing works. Disk activity is evident but 'it' will not release the machine even after sitting off the ethernet wire for a substantial time after loading the OS. Safe mode available but 'it' blocks the run of Malwarebytes (though the app will load into memory). The only scans I could run were from within safe mode. not sure how useful that may be but RSIT outputs attached. I have DDS scan from safe mode I will place under separate post.

Best advice about next step please. Thank you for taking this under advisement.

A:Toshiba trashed by teen

here is the DDS scan outputs

thank you for helping with this problem.

Read other 2 answers
RELEVANCY SCORE 44

Hello, folks.
My teen can't get enough of MySpace, YouTube and associated activities. The more she uses them, the more I have to keep cleaning out Virtumonde, Smitfraude, etc. malware that keep repeatingly placed on my PC. I'm tired of the junk! How can she keep using her favorite sites without junking up the PC with malware? I am running Win XP, antivirus is Panda Internet Security (which I love 10x better than Norton or McAfee) plus I also clean out with Spybot often (probably need to do this more often). What guidelines can I give my teen to help prevent malware? She also IM's a lot, and I'm gonna tell her about not clicking on IM links.
Frustrated Mom

A:Keep Getting Reinfected When My Teen Uses Myspace

Do you use the Firefox browser? That will definitely help. You're more likely to get infected on myspace using Internet Explorer.

Spybot is pretty ineffective these days. It was decent several years ago, but now I'd recommend Malwarebytes or SuperAntiSpyware.

Read other 4 answers
RELEVANCY SCORE 44

OK. I will attach the HJT log for my son's computer. It is running really slow and is constantly running low on disc space. He was using his computer in safe mode until I found out. I removed some of the crap that he had but have no clue what else there may be. Please help. Computer is only a few months old and should not have too many problems. Thanks....

Here is the LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:57 PM, on 2/29/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pa... Read more

A:HJT Log for my Teen Son's Computer. ARRGG!

Why hasnt anyone replied? This computer is driving me nuts.
 

Read other 1 answers
RELEVANCY SCORE 44

Hi. Im brandnew to the forrum but i have a good question. I am an avid pc gamer but im only aloud to play teen rated games. Are there any decent teen shooters out? If so, are they recent with good graphics? Thanks!
 

A:Teen First Person Shooter

i play counterstrike source, thats rated mature, i realize thats your problem. I hope im wrong but there may not be any teen rated fps out there. Good Luck to you.
 

Read other 2 answers
RELEVANCY SCORE 43.6

Hi:
Not even sure if this is the right place. My pre-teen cousin installed WINAMP on my mother's computer.
1. Is this a legal program? Is it any good? Does it cost anything monthly?

2. Now The sound on her computer doesn't work. I get an error message from NullSoft. "bad direct sound driver. PLEASE INSTALL Proper drivers OR SELECT another device in configuration." Error Code 887800A

Anything yu can tell me about this or how to fix will be deeply appreciated.

Thanks. wildbill
 

A:Pre-teen installed unknown program?

Read other 8 answers
RELEVANCY SCORE 43.2

Hello. I am new here but have been following these forums for a couple of weeks. I think the people [??] who create viruses should be treated like any other terrorist.

I have AVG and today when I opened my e-mail, I noticed a message labeled "Teen poll results" above a couple of other entries. So I used Shift and selected all three so I could delete them all at once. However Delete didn't work.

The AVG [Griswold] screen popped up and said it detected a virus. So I pressed "n" and even enter. Meanwhile, behind the AVG box, there was another box showing a file being downloaded. So I quickly clicked the Close X button for Outlook Express. I hope that cut it off at the pass.

So I have some questions:

1) Is there some way to select and delete something from my inbox without it starting to download?

2) Why didn't AVG stop this thing from down loading?

3) Assuming part of the virus downloaded, how do I find it and get rid of it?

That's enough for now. You guys are great.

-Peter
 

A:Teen poll results virus[?] + AVG + Outlook

Read other 7 answers
RELEVANCY SCORE 43.2

This website keeps popping up and I have run Adware and Spybot. It was also charging calls to my phone. I have put a block on my phone with the phone company and now have to send a letter an a email to dispute these charges. I have never been to that web site and it keeps popping up. I did read whre the average person can go remove this with help so Help. This is the information I get when I run spyware.

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-299502267-1078145449-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2004-12-15 Includes\Dialer.sbi
2004-12-16 Includes\Hijackers.sbi
2004-12-15 Includ... Read more

A:Solved: Hard Core Teen Sex website

Read other 9 answers
RELEVANCY SCORE 43.2

Valis sent me for help. I have Windows 7. I have an administrator account. My son uses a standard account and does not know the password for the administrator account. My son has been visiting unwanted web sites. I need to find the easiest way to block him from visiting this type of site.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X4 635 Processor, AMD64 Family 16 Model 5 Stepping 3
Processor Count: 4
RAM: 5886 Mb
Graphics Card: ATI Radeon HD 4200, 256 Mb
Hard Drives: C: Total - 939685 MB, Free - 745733 MB;
Motherboard: Dell Inc., 04GJJT
Antivirus: GFI Software VIPRE, Updated and Enabled
 

A:Solved: teen and unwanted web sites Valis sent me

Read other 7 answers
RELEVANCY SCORE 43.2

Help please. I have a tech savvy 16 year old son that has to use his computer to do his homework, but is abusing it. I need to be able to see how he is using it (sites/time/things he's doing) and ideally restrict the site "affimatively" to just the sites he needs to do his homework. I check history, but he's savvy enuf' to clear individual entries as he goes..... I've reat about Webwatcher adn SpectrePro but have no idea what's good and what he couldn't detect and remove... I'm not that technical.... help please!
 

A:Parent Control S/W for tech savvy teen

Read other 7 answers
RELEVANCY SCORE 42.8

I have a couple of older Dell laptops here of the Windows 98 vintage. They have more than ample hard disks and 64 megs of RAM. I'm thinking of turning them into NetBooks for a couple of 10- and 12-year-olds. The laptops both have good batteries USB ports and PCMCIA slots so wireless will be an easy task.

Here's the question: How practical a job is this and what OS would be best?

I know just a very little about NetBooks, mostly what I've learned by looking at them on the store shelves.
 

A:Turn an old Win98 laptop into a NetBook for pre-teen child?

Read other 6 answers
RELEVANCY SCORE 42.8

Hi

I am a dad who wants to give his rebellious pre-teen daughter some control on her laptop, like update iTunes or install games, but she cannot do such as a Standard User.

I initially setup her laptop with both of us (dad and daughter) as admin users. I wanted to be an admin user to help install updates, backup, and check for viruses, etc... Dad as "Home IT guy".

However, in her rebellious attitude over the last couple of months, she removed me as an admin; so, I had no way for login. Pissed IT dad.

IT dad took her laptop away for a week, demanded her password, created IT dad as admin and changed frustrated daughter into standard user.

All fine. No. Daughter wants to upgrade iTunes (admin login required), install games (admin login required), etc... (admin login required). Non-IT mom does not want to do IT stuff (i.e. "admin login required" stuff).

Is there a way to allow my daughter (degraded to Standard User) to have some admin privileges (to perform upgrades and downloads without "admin login required"), but without having the permissions from removing other administrators (i.e. IT dad)?

In other words, IT parents as Uber-Administrators and User children as Limited-Adminstrators (i.e., cannot remove a Uber-Adminstrator but can upgrade and download software)?

IT Dad wants to know, thx

jeff in seattle

A:Windows 7 Pro: Parent adminstration control and rebellious pre-teen

Sorry, I dont have an answer for you, but I'm in exactly the same boat. because I have three sons that install programs and updates like your daughter, that required me to intervene on a multiple-times-per-days basis I gave my kids administrative accounts on their own computers.

BIG MISTAKE!!

I use OpenDNS to prevent access to undesirable web stuff, and so I can have some semblence of knowledge of what is going on. But they hack, and they crack and they circumvent every bit of security I add.

Now I am considering setting them to standard users. And that means non-stop whining, negatively charged atmosphere, and daily interventions by me to install, update, remove and configure things on their PCs.

I feel for you. I hope someone here will be able to offer some guidance to us frustrated parents.

Tanya

Read other 4 answers
RELEVANCY SCORE 38.4

Does anyone know of a good simulation game on the order of Sims, but rated for a child of 10. She wants to be able to take care of a family, but her parents, of course, don't want all the teen rated material to be a part of it.

We would really prefer one we can buy and download rather than have to go out and get it.

Thanks for any suggestions.
Peg
 

A:Good simulation games not rated "teen"

Don't think there is any simulation games like the Sims.
 

Read other 1 answers
RELEVANCY SCORE 31.2

Logfile of HijackThis v1.97.7
Scan saved at 6:27:26 PM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\d3cx32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msey.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Melvin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.everquest2.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.everquest2.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.dellnet.com/
O2 - BHO: (no name) - {EFEB7B9D-B57D-A014-388E-9F8DEE9656A7} - C:\WINDOWS\system32\ntcb32.dll
O4 - HKLM\..\Run: [msey.exe] C:\WINDOWS\system32\msey.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwa... Read more

A:Pop-up problem & browser hijack problem log included.

First, please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use C:\Program Files\HijackThis but feel free to use any name or folder you like. Unzip HijackThis again and save the contents (Hijackthis.exe) to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if needed.
Run Hijack This again and put a check by these. Close all windows except Hijack This and click Fix checked"

O2 - BHO: (no name) - {EFEB7B9D-B57D-A014-388E-9F8DEE9656A7} - C:\WINDOWS\system32\ntcb32.dll

O4 - HKLM\..\Run: [msey.exe] C:\WINDOWS\system32\msey.exe
Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Find and delete:

The C:\WINDOWS\system32\msey.exe file
Next navigate to the C:\Documents and Settings\Melvin\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Te... Read more

Read other 2 answers
RELEVANCY SCORE 30.4

Hey Guys, have a few problems here so will list actions and then results. I hope I have got this right this time but am having trouble accessing your web site to follow the links that you have with in "What to do first" section.1. Downloaded a torrent for avi conversion and AVG picked it as a virus and then shut-down, I think?2. Started getting this message all he time and a new page opening up with IE. I use Firefox as my default browser.3. ran both spybot and ad-aware spybot found many different items so I fixed them all ad-aware had great trouble running and after a re-boot would not run.4. I posted to the wrong section at bleeping and it was diverted and now firefox shuts down with a fault every time I click the link to where it has been moved.5. I had dss installed and have done the scan and will post it at the end of this explination.6. Running xp home7. I also have just noticed that ther is a text message in my taskbar saying "virus alert!"8. have run AVG three times with different results and Trojans found each time...when it comes to repair or remove the problems AVG informs me that the files are to large and I cant do any thing to remove tham other than delete the files them self, which I have done.9. Have also run systems mech and removed any junk and obsolete itemsOk here is the dss scan infoDeckard's System Scanner v20071014.68Run by me on 2008-07-20 13:17:42Computer is in Normal Mode.-------------------------------------------------------... Read more

A:Virus Problem And Hijack Problem

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:42: VIRUS ALERT!, on 20/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Photolightning\autodetect.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\... Read more

Read other 14 answers
RELEVANCY SCORE 30.4

Hi guys really hope you can help me out..im at my wits end...i have windows xp operating system on my fujitsu siemens desktop PC

i use PC guard antivirus and antispyware which is provided by my isp provider which is virginmedia in the UK.

PC guard has identified a spyware problem in my registry .I keep getting messages saying spyware has been detected and it has been deleted...but it does not appear to be solved..the problem is located at hkey_local_machine\system\controlset001\enum\root\legacy_tdssserv

i dont know if this other problem i have is related or not....my google search has been hijacked....i get redirected to ad sites every time a google search is done on the pc..also im prevented from accessing troubleshooting forums such as bleepingcomputer.com...i have had to use a laptop to join the forum to try to solve the problem...

can anyone out there please assist...
thanks

espuna

A:Spyware Problem And Or Hijack Problem

tdssserv.sys is a sign of a very nasty rootkit. IMPORTANT NOTE: One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojan are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to... Read more

Read other 3 answers
RELEVANCY SCORE 29.6

hi all, my problem is almost the same as this one..."Remove Jetseeker, Browser Hijacker (07-26-2003 05:04 AM)"...but i don't have any icone on my desktop, just the screen hijack, and i can no longer load yahoo gamerooms. here is my log. could you tell me what to do? thanx eddie

Logfile of HijackThis v1.97.7
Scan saved at 16:43:59, on 26/12/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\AUDIO\PROGRAM\CTMIX32.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\MEDIAKEY\MEDIAKEY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\HPZTSB05.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\ACD SYSTEMS\ACDSEE\CAMDETECT.EXE
C:\PROGRAM FILES\MEDIAKEY\HOKHIDKC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NETDDE.EXE
C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE
C:\PROGRAM FILES\WANADOO\COMCOMP... Read more

A:hijack problem

Welcome to TSG, Edwoodt; I've moved your post to Security for best support.

First, run the CoolWebShredder application available from this link:

http://www.spywareinfo.com/~merijn/cwschronicles.html

http://www.spywareinfo.com/~merijn/files/cwshredder.zip

After doing so, check the following entries in the HijackThis Scanlog that may remain, close all browser windows and click "fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchxl.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchxl.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchxl.com/ie/

O4 - HKLM\..\Run: [SystemSearch] REGEDIT.EXE -S c:\system.reg

O16 - DPF: {11111111-1111-1111-1111-111300000000} - mhtml:C:\\NO_SUCH_MHT.MHT!http://63.215.149.59/go.exe

Be sure to read the Preveention tips on the CWS page,... Read more

Read other 3 answers
RELEVANCY SCORE 29.6

I have been having a problem with redirects ( I think that is the word ) on my Windows Xp operating system. When I go to press download button it brings up a blank internet screen with no address showing. My wife is a student online at University of Phoenix and she has the same problem opening her school e-mails and any internet attachments for her class. This is not happening on all sites that I go to. I have run about 5 apps of spyware/adware with no resoltion. I have run hijackthis and am sending notepad. Can someone help me figure out what is wron. If it is not hijack problem, what could it be? About a week ago I delete a lot of stuff on my computer to make memory space, Could I have deleted something I shouldn't have? Help, I have not slept well in three days working on this....

Logfile of HijackThis v1.99.1
Scan saved at 5:39:29 PM, on 6/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\gearsec.exe
c:\progra~1\mcaf... Read more

A:Need Help, might be hijack problem

http://home9.inet.tele.dk/le01/Sikkerhed.htm - get ABIremover.zip, extract it and run ABIremover.exe

Get ALL of these and/or verify the versions if you have them

SpywareBlaster 3.4 http://majorgeeks.com/download2859.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html - * NEW *
SpyBot V1.4 http://www.majorgeeks.com/download2471.html * NEW *
MS AntiSpy - http://download.microsoft.com/downl...-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe (XP and W2K only)

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Boot and a new log
 

Read other 1 answers
RELEVANCY SCORE 29.6

For some reason i have a dll missing and not sure what to do

O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
Logfile of HijackThis v1.99.1
Scan saved at 10:29:59 AM, on 3/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Setting... Read more

A:Hijack log problem

bump
 

Read other 2 answers
RELEVANCY SCORE 29.6

I have a laptop that runs extremely slow. I believe I have some type of hijack problem because everytime I try to log into a site (like Hotmail), I get the 404 error, but in the address line, it's changed to some "golive.com" address.

Also, typing things in blocks are delayed by like 5 seconds. Meaning, I'll type it now, and 5 seconds later, it'll populate.

Can anyone help? What do I need to start off doing? Anything to download?

Appreciate anyone's help.
 

A:Very possible hijack problem...HELP

Read other 16 answers
RELEVANCY SCORE 29.6

I have been having problems with my computer. The internet connectivity has slowed down considerably and when I use the google search engine and click on a link I am redirected to a different page. The problem seems to be getting progressively worse. Now when I click on an Internet Link or even on the Icon for Explorer it takes a few seconds before anything happens. This is not normal performance for my computer.When I delete these two registry ( that two O-17)O17 - HKLM\System\CCS\Services\Tcpip\..\{0DA69D35-2183-4556-AB9B-F829CB9DAAC1}: NameServer = 85.255.115.34 85.255.112.63O17 - HKLM\System\CS3\Services\Tcpip\..\{0DA69D35-2183-4556-AB9B-F829CB9DAAC1}: NameServer = 85.255.115.34 85.255.112.63, my problem totally solved. However, the problem and registry appear again after I reconnect to the Internet . I have installed Microsoft Windows Defender, Norton Anti-Virus, TrendMicro Internet Security, but it still doesn't help, so what can I do?Logfile of HijackThis v1.99.1Scan saved at 下午 10:11:14, on 2007/3/24Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\s... Read more

A:Hijack Problem

Hello,I notice from your log that you are running more than one different Anti-Virus programs with Auto-protect enabled. Norton and Trendmicro.Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously! The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time. Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown. I would strongly advise you to only have one Anti-Virus with the Auto-Protect feature running at any one time!If you decide to only keep one Anti-Virus installed, you should uninstall the other(s) through the Add or Remove Programs option in Control Panel.Check and fix those O17 entries in HijackThis again..Then,Please download FixwareOut from one of the following sites:http://www.bleepingcomputer.com/files/lonny/Fixwareout.exehttp://downloads.subratam.org/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.Then you will be asked... Read more

Read other 6 answers
RELEVANCY SCORE 29.6

Hi I have used Hijack This many times and it works fine. However I do have one problem. When I use it for a scan it only scans the C drive. I also have a G drive. How can I get Hijack This to scan the G drive as well as the C drive.

Any help would be greatly appreciated

Many thanks
 

Read other answers
RELEVANCY SCORE 29.6

I Have This Notepad By Hijack This Now What I do Please
Help My With My Thanx 4 All
Sorry About My English It's Bad


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:45:14 &#1605;, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorerhack.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition 3.0\3.... Read more

Read other answers
RELEVANCY SCORE 29.6

My HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:32:25 PM, on 8/19/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP3 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\manny ramirez\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.find-more.net/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Lo... Read more

A:AIM Problem Hijack This Log

Hi and Welcome to TSF


Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it?s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Download and install CleanUp! but do not run it yet.

*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.



Download CWShredder http://www.greyknight17.com/spy/CWShredder.exe

Right click a blank part of your desktop & select New->Folder. Call it SPFix. Go to http://www.derbilk.de/404.html and download SpSeHjfix. Get the one that's specified for your Operating System. So if you have Windows 98, get the one that's listed for W... Read more

Read other 14 answers
RELEVANCY SCORE 29.6

I am posting a log of hijackthis file so someone can hopefully help. Browser is going haywire and have now been able to get it somewhat stable by using program called adsgone. But now I can hear my processor still starting and stopping. I open task manager and it will go from idle or 0 percent to 80 or 100 percent continuously off and on. The computer is operating very slow and the computer even seems to have problems keeping the pointer moving smoothly.

Thanks for any help.

Paul
Logfile of HijackThis v1.98.2
Scan saved at 7:57:34 PM, on 12/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\WINDOWS\System32\svdll32.exe
C:\Program Files\Windows TaskAd\WinSched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Paul\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Micros... Read more

A:HiJack Problem???

Read other 16 answers
RELEVANCY SCORE 29.6

Hi can anyone tell me if I have something loaded on my comp? I keep getting a blank pop up screen.

Here is my Hijack this log


Logfile of HijackThis v1.99.1
Scan saved at 8:10:03 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program ... Read more

A:Hijack log, pop up problem

Read other 7 answers
RELEVANCY SCORE 29.6

I was wondering if somebody might be able to assist me with the problem log.

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:44:33 PM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\LDCLIENT\SOFTMON.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\elitemediapop.exe
C:\WINDOWS\SYSTEM32\sms_msn.exe
C:\Program Files\MSN Toolbar Suite\DS\02.00.0001.1203\en-us\bin\msnlAdmin.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\LDCLIENT\LOCALSCH.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\LDCLIENT\QIPCLNT... Read more

A:Hijack This (problem log)

Have you restarted or turned off your compuer since you posted that log?
If yes, please post a new log and leave the computer on until further instructions are posted.
 

Read other 3 answers
RELEVANCY SCORE 29.6

SPAM / Advertisement deleted.

Issued warning points!

A:HiJack Problem, HELP!

SPAM / Advertisement deleted.

Issued more warning points!

Read other 2 answers
RELEVANCY SCORE 29.6

dvk01 said:

OK let's try a slightly different approach

run haxdoorfix & press option 1 make log
post that log back here pleaseClick to expand...

I have the same problem, I hope you can help me as well

here is my log

HAXFIX logfile - by Marckie
______________
version 3.05
vr 07-07-2006 12:29:54,39

checking for haxdoor
--------------------
checking for a3d files....
a3d files not found

checking for matching notify keys....
no matching notify keys found

checking for matching services....
matching services found
CmBatt

checking for matching safeboot services....
no matching safeboot services found
Checking for goldun
-------------------
checking for notify keys....
no notify keys found

checking for services....
no services found

what can I do?
 

A:hijack problem

Read other 13 answers
RELEVANCY SCORE 29.6

Have another hijack problem. Hope you guys can help.

Posting log.

Logfile of HijackThis v1.98.0
Scan saved at 7:31:30 AM, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files... Read more

A:Hijack problem

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Download Winsock2Fix and unzip it. Then double-click on it... Read more

Read other 6 answers
RELEVANCY SCORE 29.6

quick querie, trying to scan my system with the hijackthis.exe file but it keeps getting shut down a few seconds after the scan starts or the program itself begins (i'm assuming the vista security 2012 virus is responsible for this)

any ideas for a fix?
 

A:Hijack This Problem

See if this will run:

Download RogueKiller to your desktop
Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate by tapping Enter
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
 

Read other 1 answers
RELEVANCY SCORE 29.6

I am facing host hijacking problem. I am posting the hijack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:50 AM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\S24EvMon.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\ZCfgSvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\1XConfig.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\Program Files\McAfee\VirusScan\McShield.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\SiteAdvisor\6261\SiteAdv.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\McAfee.com\Agent\mcagent.exe
D:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Dell\QuickSet\quickset.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\WINDOWS\system32\drivers\svchost.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\McAfee\MSK\Ms... Read more

Read other answers
RELEVANCY SCORE 29.6

I think I've been hijacked and tried Hijack This and got a log but don't know what I should do next .....................................help........drewcrayon

A:hijack problem

Post the log as a reply to this message

Read other 3 answers
RELEVANCY SCORE 29.6

Here ya go!
L6:18 AM 2/23/2005ogfile of HijackThis v1.98.2
Scan saved at 6:18:14 AM, on 2/23/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WSYS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.frontiernet.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\35s1jjp5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src "); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\35s1jjp5.slt\prefs.js)
O4 - HKLM\..\RunServices: [windll] C:\WINDOWS\SYSTEM\wsys.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Translate - {06... Read more

A:Did the fix now new problem Pt 2. Hijack This log.

Help please!
 

Read other 2 answers
RELEVANCY SCORE 29.6

Can someone help? My daughters computer windows keep popping open.I read the other post and I think I have gotten this far, other than that I have no idea what to do.I think this is correct my daughter helped me.Here are the logs.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:36 PM, on 12/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\Documents and Settings\Pete\Local Settings\Application Data\Google\Update\GoogleU... Read more

A:Hijack Problem please help

Hello PeteD and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:&#... Read more

Read other 1 answers