Over 1 million tech questions and answers.

New User Needs Help-CurrPorts Log- Analysis Please?

Q: New User Needs Help-CurrPorts Log- Analysis Please?

So I have Vista 32bit- Did a scan of all open ports, and I find a few funny looking things.

I've copied the report from CurrPoints below- Can anyone assist with identification- if I have some unwanted listening going on?!? Tried looking up a couple of the ports and they are not even found- wondering if my system has been compromised somehow-----


First attachment is the stuff I don't unerstand-

Second one is full report from CurrPorts program.

Thanks!


( PLEASE SEE ATTACHMENTS)

RELEVANCY SCORE 200
Preferred Solution: New User Needs Help-CurrPorts Log- Analysis Please?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: New User Needs Help-CurrPorts Log- Analysis Please?

Hi,

Try looking at the IP addresses here to see who they belong to: -

http://www.ip-adress.com/ip_tracer/68.228.22.192

Read other 1 answers
RELEVANCY SCORE 52.4

Hello, I've just ran the software 'Currports' And I've found some suspicious listings there... Here are a few (Should I be worried?)

Process Name:AppleMobileDeviceService
local port:27015
Remote address:127.0.0.1
Remote host name:www(dot)007guard(dot)com
State:Established

What has me suspicious is I'm pretty sure 007guard is known for malware, but where I'm confused is, in my Hosts file, 007guard is listed as 127.0.0.1 (I'm not really a networks guy, but doesn't that mean, any connections to that domain will go to 127.0.0.1 i.e home?)

There's a few similar ones as well, like Dropbox.exe and even Firefox.exe, iTunesHelper.exe, a few 'System'
and some 'Unknown's that go to odd sounding 'Remote Host Names'

I have Avast! installed, malwarebytes available, they've never flagged anything. I have had issues with malware in the past but it seemed my AV (AVG at the time) cleared that up. Also, the suspicious connection seem to be in the port ranges of around 20000 - 50000... Any other details you need, just ask!
Any advice is welcome!

Edit: So I accidently posted two threads on this, here was the second post, it has some extra information in it, I hope it's helpful!:

Hello, I've just ran the program Currports (Sort of like a detailed Netstat command) And I've found some suspicious connections, should I be worried about these? Is my computer likely to be infected with malware, these are some suspicious connections I've come across:

Process Name:AppleMobileDeviceService.exe
P... Read more

A:Suspicious TCP/UDP connections on Currports

Regarding 007gaurd(dot)com

The information you show (thank you) tells me that AppleMobileDeviceService is directed to 127.0.0.1 which is a loopback address to your machine. It doesn't actually go anywhere.

I don't know much about 007gaurd and I have no idea if there is anything else lurking, but let's find out.

I'd recommend running a few scanners, start with Malwarebytes and
run a full system scan (about an hour on my machine)


Download Malwarebytes' (Mbam)
When installing Malwarebytes,
do NOT elect the free trial of the full version;
you only want the free version.

Post if Mbam finds and fices anything.

Thanks.

Read other 9 answers
RELEVANCY SCORE 51.6

Hello Some 3-4 days ago I've downloaded a little program call Ip-Getter (my friend had his msn hacked and I wanted to check where the hacker is from, not really important..) it of course had some virus in it, which I don't remember and Avast log doesn't show it either, Avast deleted it. But from that point on I had a Unknown process running in Currports and Tcpview (in tcpview its called [ System Process ]) opening and closing randomly and connecting to different IPs all the time. Most of them connect to harmless IPs like google network but this is bugging me because I can't tell where it's coming from and how to stop it.Maybe I'm missing something or just worried for nothing but I want to get to the bottom of this. Some specs and what I've done:Windows 7 Ultimate Antivirus AVASTI used: online scanner - Trendmicro and F-secureHijack thisMaleware Anti BytesGMER..and nothing. Can't figure what the heck is this process.Hope you can assist. Thanks.http://postimage.org/image/3t45e35w/http://postimage.org/image/3t5sxfno/------------Ignore this post or completely delete it. I've got it figured out, somehow I didn't Google the right keywords. Sorry!

A:Unknown process in CurrPorts/TCPview

Closed at member request.

Read other 1 answers
RELEVANCY SCORE 50.8

Hi my name is Jerry and I'm new to this site. My computer has been running a little slow latley and i was wondering if you guys could help me. One of my co-workers had recommended you guys. Id also like to improve my start up, it takes to long to load up.I have downloaded the hijack logfile and saved the log, please help me. Your help is much appreciated.
Sincerely,
Jerry

A:Log Analysis-plz Help New User

Sorry for got the log file lol. Here it is and thatnks again for any help.Logfile of HijackThis v1.99.1Scan saved at 10:20:31 AM, on 9/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\sys... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

Logfile of HijackThis v1.99.1Scan saved at 1:39:48 PM, on 2/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Google\Google Updater\1.0.384.22153\GoogleUpdater.exeC:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXEC:&#... Read more

A:I Am A New User.. I Hope Somebody Can Analysis This Hijack Log For Me.thanks

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *Download & install CleanUp.exe (not recommended for WinXP64)Download and install Ewido Security SuiteWhen installing, under "Additional Options", uncheck - Install background guardHave Ewido update itself & then exit the program.If you are having problems with the updater, you can use this link to manually update Ewido'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer&... Read more

Read other 16 answers
RELEVANCY SCORE 48.8

Hi,
in this video Laura E. Hunter from Microsoft describes behavior analytics: https://youtu.be/hNZdboDvnuU?t=1251
She says that ATA will analyze the behavior in a domain for 21 days and declare this as normal behavior. After the 21 days ATA will report unusual user behavior based on the 21 days analysis.
I have two questions about this:
1. Can we see the progress of the analysis somewhere? I searched through the ATA-center but there is nothing. Is it possible to see it in some kind of logfile or the Mongo-DB?
2. We have started ATA with one DC. What happens if we add our other DCs later? Will the analysis recognize behavior from those, also when the 21 days are already over?
I did not find anything about this 21 days analys period in the documentation. I'm more than happy with a hint if I have overseen something there.
Thanks in advance

Read other answers
RELEVANCY SCORE 48.8

I have familiarized myself with this enough to fix any problem that is fixable..Hopefully someone can help me out..I use my computer daily for different tasks and have been unable to do so because of all the popups/ads...mostly for the spymaxx..My pc is really eaten up with this stuff..I don't even surf porn yet "asian nudes" etc..came up in the scans...look foward to hearing something..Kind Regards,DrewHijack this LogLogfile of HijackThis v1.99.1Scan saved at 5:32:46 PM, on 5/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\sbwltbxa.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\LimeWire\LimeWire.exeC:\PROGRA~1\NORTON~1\NORTON~2... Read more

A:All Logs Required For Analysis..windows Xp..novice User..

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 43.2

Hi everyone,

Previous article: Malware Analysis #7 - Bytes and HEX

Today, I would like to go more in-depth with HEX analysis. There should be more parts to going more in-depth with HEX analysis. For example, one tutorial we will use a trojan downloader or a trojan banker, or others... And then the other part we may use a cryptolocker sample, fake antivirus software, worms or adware. So, this will be part-based.

I didn't think I could just leave the previous thread with that simple example on HEX and HEX editors... No, no. I had planned to go more in-depth, which is why I left the previous thread as simple as it was, so it would be easier to understand and take in at a time.

Let's get started!
----

Today, I will be showing you how to identify a worm houdini (VBS Script sample). Before I continue, I would like to note the following:

- Remember to use a VM say on case
- While I cannot share the sample UNLESS the MT staff make a section for analysis like Malware Hub and allow links, you can get worm samples from te malware hub.
- Lastly, enjoy!

--

As you can see from the below sample, there is a VBS script file on my desktop:
Firsly, I would like to note that the size of the sample is small. VBS samples usually are. In fact, a good amount of malware is small, one reason could be so it can be easily downloaded onto the users computer. Samples can become smaller through packing. However, not all samples are small, some are very large. It's a mix between ... Read more

A:Malware Analysis #9 - more in-depth analysis with HEX (Houdini worm)

Hi and thanks for this great article.
We need to Know How to decode .VBS worm, The sample you have it seems to be decoded before you wrote this article.
if we didn't decode it we'll not find any useful information.
Thanks again
 

Read other 3 answers
RELEVANCY SCORE 37.2

Some users may find it interesting!!

A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.
Awesome Malware Analysis
Malware Collection
Anonymizers
Honeypots
Malware Corpora

Open Source Threat Intelligence
Tools
Other Resources

Detection and Classification
Online Scanners and Sandboxes
Domain Analysis
Browser Malware
Documents and Shellcode
File Carving
Deobfuscation
Debugging and Reverse Engineering
Network
Memory Forensics
Windows Artifacts
Storage and Workflow
Miscellaneous

Resources
Books
Twitter
Other

Related Awesome Lists
Contributing
Thanks

 

Read other answers
RELEVANCY SCORE 35.6

I run windows 7 premium 64 and all of the sudden I stated to get this popup after windows loads that says
"C:\User\Lori-Bee\AppData\Local\Temp\032150Log.iniis lost"
How can I fix this?...I tried check disk running CCleaner ....No difference

A:C:\User\User -User\AppData\Local\Temp\032150Log.iniis lost

Hi there ... Read the Link below and follow the Instructions ..
ASUSTeK Computer Inc.-Forum- Error 182418Log.iniis lost

Read other 7 answers
RELEVANCY SCORE 34.4

After adding a User as a Family Member(child), when the family member logs in with his user he gets this message: The User profile service failed. The sign in user Profile cannot be loaded.

Read other answers
RELEVANCY SCORE 32.8

As of today, in our domain environment consisting of Windows 8.1 and Windows 7 Enterprise machines, we are experiencing the "User Profile service failed the sign-in - User profile cannot be loaded" error message whenever a user tries to login.
This only affects users new to the particular machine. If they have signed on before and already have a cached account the computer logs them in with no issue. This is occurring on both Win8.1 and Win7 machines. We are an academic institution so this is becoming
a huge problem in our labs. Students generally use different computers so this is popping up very frequently. I have a solution for the issue. It appears that on the non-working machines that the "Default" user profile is corrupt. I have discovered
that if I find a machine, Win8.1 or Win7, doesn't matter, that is allowing first time users to logon I can copy the "Default" user profile and replace the corrupt one. I must first permanently delete the corrupt profile before copying over the new
one. I am doing this over the network by navigating the C:\users\ folder. Even this way is becoming cumbersome though as we have over 1000 computer in labs. I have googled and googled and I keep seeing the same answers offering various solutions, none which
are any more practical than my method. I cannot find information on a cause or a reason of why this would just crop up out of nowhere. I suspect maybe a Windows update but I cannot verify that yet. ... Read more

Read other answers
RELEVANCY SCORE 30.4

This Pc had some major Trojans and Virus and i have removed what i think was wrong ran MWB / SBD that took care of some of the stuff but now i cant get the nic card drivers to work at all i Uninstalled them and reinstalled them and still nothing, here is a log can any one advice me what to remove.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:57 PM, on 9/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Documents and Settings\All Users\Application Data\ZwangiSearch\zwangi127.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZwangiSearch\zwangi.... Read more

A:HJT Log Analysis

Any help please this pc is driving me nuts the last resort is to blast it and reinstall Xp

ComboFix 09-09-22.02 - milagros 09/23/2009 18:02.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.494 [GMT -4:00]
Running from: G:\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\milagros.MILLIEPC\Application Data\esute.vbs
c:\documents and settings\milagros.MILLIEPC\Application Data\ududo.vbs
c:\documents and settings\milagros.MILLIEPC\Local Settings\Application Data\icez.reg
c:\documents and settings\milagros.MILLIEPC\Local Settings\Application Data\kasemupi.bat
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FastBrowserSearchProtection.exe
c:\program files\Fast Browser Search\IE\FBS... Read more

Read other 3 answers
RELEVANCY SCORE 30.4

AVG found ADware generic3.PDC but cant get rid of it

the virus changes my desktop background every 30sec to a "spyware warning"
also get popup warnings from the system tray. Also my task manager has been disabled.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:24 PM, on 9/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Kill Popup\KillPopup.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\WINDOWS\system32\CTsvcCD... Read more

A:Help Please Log analysis

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 30.4

here's my log, what do i have to do next:Logfile of HijackThis v1.99.1Scan saved at 2:54:56 AM, on 7/24/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exeC:\HJT\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchco.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingF2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll... Read more

A:HJT log -- need analysis

You have a Peper infectionDownload the removal tool :Peper Removal Tool!!! Please run this twice with a reboot in between.Then,Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:CashbackNavisearchExact Search180 Search AssistantFinally,Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchco.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - Default URLSearchHook is missingF2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: SetupHtml Class - {51641EF3-8A7A-4D84-8659-B0911E947CC8} - C:\WINDOWS\DOWNLO~1\DOWNLO~1.DLLO2 - BHO: LinkTracker Class - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} -... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

I have been noticing my internet connection has been terribly laggy and it appears to just be on my computer. I ran a few malware applications such as bit defender, super antispyware, spybot, and adaware. I removed all malicious software however i still have this terrible lag. I know this lag is exclusive to my computer as there are 2 other computers on my network whom when playing the same games i do, do not experience any lag. This just started happening in the past two days. Just wanted to post a log to see if anyone sees anything that may cause this. Thanks :D



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:51 PM, on 9/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WI... Read more

Read other answers
RELEVANCY SCORE 30.4

Here is my log. Looks like I need some clean-up, but not sure how. Thanks.

Logfile of HijackThis v1.98.2
Scan saved at 11:34:02 PM, on 09/29/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLDIAL.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\A2\A2GUARD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLTRAY.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ya... Read more

A:Need help with HJT Log analysis

Hi valerie
Run hjt in safe mode and fix these items.Any files/folders that I have highlighted will also need to be removed from your hard drive as well as from the log. Make sure to have your system set to show hidden files and folders.. www.xtra.co.nz/help/0,,4155-1916458,00.html .Post a new log when finished....

F1 - win.ini: run=C:\WINDOWS\INETDATA\SERVICES.EXE
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP4,0,2,4.DLL (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
O4 - HKLM\..\Run: [Remndr] "C:\PROGRAM FILES\CASINOONLINE\CSREMND.EXE"
O4 - HKLM\..\Run: [mmsowqawatlh] C:\WINDOWS\SYSTEM\jcnamo.exe
O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\INETDATA\SERVICES.EXE
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\INETDATA\SERVICES.EXE
O4 - HKCU\..\Run: [Moun] C:\WINDOWS\Application Data\earu.exe
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/content...er/imloader.cab

Read other 1 answers
RELEVANCY SCORE 30.4

Hi, I've just disabled my Intel PROSet/Wireless services from running (since I used Windows to manage my wireless) and Alcohol 52%'s StarWINDserviceae.exe in an effort to minimize the processes that are loaded on startup. Judging from my log, is my system stable and is there any other processes that I don't need?
 

Read other answers
RELEVANCY SCORE 30.4

Logfile of HijackThis v1.99.1Scan saved at 11:17:12 PM, on 2/28/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\System32\Services\{BD000A2C-FC55-465F-BD5A-2848E37A47AA}\SVCHOST.EXEC:\WINDOWS\System32\rundll32.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Opera\opera.exeD:\softwares\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daosearch.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iimcal.ac.i... Read more

A:log analysis

Print out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daosearch.comR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankO2 - BHO: (no name) - {AFCF8D46-78B9-44B0-B579-3A28A39B9907} - C:\WINDOWS\System32\ppka.dll (file missing)O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exeO4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exeO15 - Trusted IP range: http://172.16.100.182Reboot your computer into Safe ModeThen delete these files or directories (Do not be concerned if they do not exist)C:\WINDOWS\System32\spoolsrv32.exeReboot your computer to go back to normal mode and Please follow these steps:Step 1:1. Click on Start, then Run and type msinfo32 and press the OK button.2. Expand the Software Environment section.3. Expand the System Hooks Section.4. Look for the whic... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

I've tried deleting a lot of things, but nothing seems to work. Please help. Here is my log file:Logfile of HijackThis v1.99.1Scan saved at 11:14:11 AM, on 3/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:G:\WINDOWS\System32\smss.exeG:\WINDOWS\system32\winlogon.exeG:\WINDOWS\system32\services.exeG:\WINDOWS\system32\lsass.exeG:\WINDOWS\system32\svchost.exeG:\WINDOWS\System32\svchost.exeG:\WINDOWS\system32\spoolsv.exeG:\WINDOWS\system32\rundll32.exeG:\WINDOWS\Explorer.EXEG:\WINDOWS\system32\yviykr.exeG:\Program Files\NavNT\vptray.exeG:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeG:\WINDOWS\System32\hphmon03.exeG:\Program Files\DIGStream\digstream.exeG:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeG:\Program Files\Winamp\winampa.exeG:\Program Files\Java\jre1.5.0\bin\jusched.exeG:\WINDOWS\system32\wsxsvc\wsxsvc.exeG:\WINDOWS\system32\vmss\vmss.exeG:\WINDOWS\system32\ctfmon.exeG:\Program Files\MSN Messenger\MsnMsgr.ExeG:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeG:\Program Files\Microsoft SQL Server�... Read more

A:ANOTHER LOG ANALYSIS. PLEASE HELP!

Hi kylemats,You have the latest version of VX2. Download L2mfix from one of these two locations:http://www.atribune.org/downloads/l2mfix.exehttp://www.downloads.subratam.org/l2mfix.exeSave the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Read other 5 answers
RELEVANCY SCORE 30.4

Hello. Nothing seems to be wrong with computer but I want be sure and check to see if everything looks alright. Here's my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:14:20 AM, on 8/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program F... Read more

A:Analysis Please?

There was an entry on O20 called Winlogon Notify - Fly, and it was empty. I removed it but, I hope everything is okay.

Read other 3 answers
RELEVANCY SCORE 30.4

Hi guys...a friend asked me to try help clean a laptop for her.....was very badly infected...had teh blaster worm amonst hundreds of other infections...Ran trend micro online....spybot...addaware...avg... all caught and removed hundreds of items between them....I installed hijackthis to C:\hijackthis and have postsed the latest hijackthis log file to see if i need to do any more..... thanks in advanceLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:41:47 AM, on 12/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\essspk.exeC:\WINDOWS\system32\S3tray2.exeC:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\Windows\system32\HpSrvUI.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program... Read more

A:Log Analysis...

Hi sammielea sorry for the delay in answering your log, things are very busy here.If you still need help, please post a new log so I can see if anything has changed.Please let me know one way or another if you still need help.ThanksStarbuck

Read other 4 answers
RELEVANCY SCORE 30.4

Hello, I have a new problem with my computer. I run weekly spyware removal prgrams such as AdAware and ewido, but recently none of these have been helping my comuter; it lags terribly. My internet explorer runs TOOO slow. Also, whenever i turn my computer on, it waits about 5 minutes and then actaully turns on (wtf?). Please read over my hjt Log and tell me if there is anything worth removing. Also please provide me with a porgram that can help clean spyware out of my computer. ThanksLogfile of HijackThis v1.99.1Scan saved at 11:44:22 AM, on 11/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\SM1BG.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AIM\aim.exeC:\Program Fi... Read more

A:Hjt Log Analysis Help

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan wil... Read more

Read other 7 answers
RELEVANCY SCORE 30.4

Hi, my Microsoft Updates recently stopped working, so I was wondering if anyone could check my HJT log and see if there's anything wrong with my laptop? Thanks.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:08:00 AM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Slick Run\sr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisof... Read more

Read other answers
RELEVANCY SCORE 30.4

Hi, I need your help guys in analyzing my LOG..Because there are times that my computer restarts by its own.. and I have checked the hardware but I somehow its doing fine...heres my LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:53:33 PM, on 9/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exeC:\WINDOWS\system32\nvsvc32.exeC:\... Read more

A:Need Analysis With My Log Thanks...

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 1 answers
RELEVANCY SCORE 30.4

Logfile of HijackThis v1.99.1Scan saved at 2:05:32 PM, on 8/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\MsPMSPSv.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\Program Files\QuickTime\qttask.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\WINDOWS\system32\CTHELPER.EXEC:�... Read more

A:HJT Log for Analysis

Hello HMMurdock311 and welcome to the BC malware forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.Step #2Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dllO2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dllO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exeO4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"O4 - HKLM\..\Run: [Nfqnualq] C:\Program Files\Bbzfj\Qzsi.exeO4 - Startup: Joint Operations Typhoon Rising Registration.lnk = C:\Documents and Settings\David\Local Settings\Temp\{5D6990A0-D0CC-44EC-801F-9E6CA7E4B90C}\{03... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

HelloI haven't been having any specific problems as of late - but I was just wondering if someone could check my log and see if everything is as it should be or if something is out of the ordinary - not really good with computer logs and such and most of it is Greek to meThanx in advanceDrewLogfile of HijackThis v1.99.1Scan saved at 9:46:45 PM, on 8/1/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\crypserv.exeC:\WINDOWS\system32\inetsrv\inetinfo.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\Program Files\Softex\OmniPass\OPXPApp.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS�... Read more

A:Need Analysis of my Log

Hello Griffin_27_02 and welcome to the BC malware forum. Fix these and you are good to go.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R3 - Default URLSearchHook is missingO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXENow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Reboot and you are all set.Cheers.OT

Read other 1 answers
RELEVANCY SCORE 30.4

Have a problem with Common Highjacker and IGetNet which keep cropping up inspite of running Ad-Aware SE and Spybot. Logs follow as requested elsewhere:Logfile of HijackThis v1.98.2Scan saved at 16:13:40, on 12/02/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\CTsvcCDA.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\System32\devldr32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\ShareDLL\CtNotify.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exeC:\WINDOWS\System32\GSICON.EXEC:\WINDOWS\S... Read more

A:HJT log analysis please

HiDownload Ad-aware SE 1.05: hereInstall it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.Download and install VX2 Cleaner.Open Ad-Aware, go to Add-ons, click the Tools tab and select VX2 Cleaner. Press the Run Tool button.REBOOT your machine.Run HijackThis! again and post a new log please.

Read other 55 answers
RELEVANCY SCORE 30.4

I was hoping that someone could analyze this log for me. Also in my start toolbar I keep getting a message that possible harmful infection is taking over my computer. As I click on the windows update icon it takes me immediately to a "Spyfalcon" site. It tells me to download this to protect my computer yet there seems to be no affliation with the United States on this site. Is this something I should download or not??? Also here is my hijack log. I appreciate it. Logfile of HijackThis v1.99.1Scan saved at 11:21:32 AM, on 3/20/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exeC:\WINDOWS\System32\iigppca.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\hkcm... Read more

A:Log Analysis

Hello timhallam8 and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.ImportantYour copy of HijackThis needs to be in a folder of it's own. If it is run from Temporary folders the backups and HijackThis itself could be accidentally deleted if the Temporary folders are cleaned. If it is run from the desktop then the backup files and folders can clutter up the desktop and be accidentally deleted. If it is run from inside a compressed file then the backups are not created at all.Please open My ComputerDouble-click on Local Disk (C:)Click on the File menu, point to New and then click on Folder. Name the folder 'HijackThis' or 'HJT'.Unzip to or copy and paste HijackThis.exe to the new folder (do not run HijackThis directly out of the sfx or compressed file).Step #1Download and install the trial version of the ewido security suite. Update the program and then close it. Do not run it yet.Step #2Download and install AdAware SE Personal v1.06Download and install the VX2 Cleaner AddOnStart AdAware SE PersoanlClick AddOnsDouble-click VX2 CleanerClick Ok to run the toolIf any malware is found click Clean SystemClick Scan NowClick Perform smart system scanClick NextClean anything that is foundStep #3Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arro... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

when i download hijack this, it is opening with "WORKS SPREADSHEET or DATABASE" why is this? i cant get the program to open as it usually would???????

A:log analysis

When you download it are you telling it to save the file or open it? Save the file on your computer and extract it to a a directory on your c:\ drive . Then run it from there

Read other 1 answers
RELEVANCY SCORE 30.4

Been searching through the topics and find variants of different things that I am finding on my computer. Here are some of the things I find and the programs used:SBC YAHOO Anti-Spy:TrojanDownloader.Win32.Agent.alTrojanDownloader.Win32.Agent.bqSmartFinderAdAware SE:CoolWebSearchSpybot S&D:Trek Blue Error NukerI delete and they all come back. I picked this stuff up about a week ago. I manged to get rid of the AVGOLD malware following directions from this site, but want to bespecific and sure based on any advice you all can provide to get rid of the above.Cheers and thanks.Logfile of HijackThis v1.99.1Scan saved at 5:55:11 PM, on 7/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\GS30s.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\Program Files\Softex\OmniPass\Omniserv.exeC:�... Read more

A:HJT Analysis

Here is the latest HJT log after doing a couple of steps found in another topic.Again, thanks for any assistance.Cheers,KLogfile of HijackThis v1.99.1Scan saved at 4:45:24 PM, on 7/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\GS30s.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\Program Files\Softex\OmniPass\Omniserv.exeC:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\System32\HPZipm12.exeC:\WINDOWS\Explorer.EXEC:\HP\KBD\KBD.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS\system32\hkcmd.ex... Read more

Read other 21 answers
RELEVANCY SCORE 30.4

hi people,
could somebody take some time and analyze my hjt log? i am having problems with system restore not restoring to any restore point. always "incomplete" after it runs.
also having problems with software not responding when clicking on their icon/s.
currently using XP PRO/SP3, AntiVir free, Spybot SD/Resident, no software firewall(router/modem), and am currently using an ATI graphic card.
let me say thank you and will be waiting and hoping to clean this log out.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27, on 20.May.11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop... Read more

A:hjt log analysis please

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 30.4

Logfile of HijackThis v1.99.1Scan saved at 7:36:28 PM, on 1/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\WINDOWS&... Read more

A:Hjt Log Analysis

Hello,You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.When your system reboots, you'll see your desktop and taskbar won't load yet. This is normal, because it is still scanning. Please be patient.Afterwards, HijackThis will launch automatically. Please click Scan, and check the following items:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll <== not requiredO4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXEO4 - HKLM\..\Run: [Serviceprocess] NsCplTray.exeO4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{5C686A19-1FA8-4009-B300-58A7A9A5CE08... Read more

Read other 4 answers
RELEVANCY SCORE 30.4

OK, here it is. I was attacked through a downloaded file, i'm guessing. But my processor was been hogged after I got the virus. I couldn't access any virus scan sites, and I couldn't access the task manager. I was freaking out, and scrambling trying everything I could. I finally got McAfee on my computer and cleared some stuff up and got back in control. And I just got rid of Look2Me Adware, I think. I know I still have some stuff left. And I'm tired of searching and scanning, so I'm here to ask for some advice from people who know this stuff. Well here's my hijackthis log, please check it out and tell me what I can except. ThanksLogfile of HijackThis v1.99.1Scan saved at 4:55:31 PM, on 10/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\PSCastor\PSCastor.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee ... Read more

A:Need Big Help---analysis

1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exehttp://www.techsupportforum.com/sectools/combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall====================Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop.When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.3. On the main screen select the icon "Update" then select the "Update now" link.o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".6. Under "Reports"o Select "Automatically generate report after every scan"o Un-Select "Only if threats were found"Close AVG Anti-Spyware. Do Not run a s... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

Hello,
Im having loads of problems with my laptop.. i can only log in safe mode, not even safe mode with network works... If i start windows without safe mode.. just prompt me a winlogon.exe error and the the famous blue screen

Can u please tell me if its anything wrong with this log

Logfile of HijackThis v1.99.1
Scan saved at 9:46:36, on 19-08-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com/en/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: (no nam... Read more

Read other answers
RELEVANCY SCORE 30.4

Hello to all,

Well, my home computer has a problem. I believe it's infected with various trojans and or other malware. After running AdAware SE Professional, the first scan picked up 199 malware items, including such items as: Win32: Trojano-803[Trj] in File name:c:\temp\NcasePackage.exe, SahAgent LSP Dataminer, SAHagent ms.w95.spi. u.. (also t,r,etc). I even saw Coolwebs malware in the list. Anyway, when I tried to delete items, the program hung up and would'nt delete them.
We also have some other programs installed that were able to delete some of the files, but not all. We have avast! Antivirus, Spybot Search & Destroy, a squared, CW Shredder and AdAware SE Professional installed. Please check my HJT log and let me know what to do.
Thank you!

A:HJT Log Analysis

Hey folks,Well I'm replying to my own post. It seems the file I attached is not the HJT log, so I'm going to attach it from notepad here (I hope). If anyone can help me let me know. Thanks.tuckertLogfile of HijackThis v1.99.0Scan saved at 11:30:01 AM, on 12/30/04Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\TASKMON.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXEC:\WINDOWS\SYSTEM\LMSTATUS.EXEC:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXEC:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXEC:\COREL\SUITE8\PROGRAMS\DAD8.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXEC:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXEC:\WINDOWS\SYSTEM\ZSPOOL32.EXEC:\HIJACKTHIS\HIJACKTHIS.EXER3 - Default URLSearchHook is missingO2 - BHO: CCHelper - {0CF... Read more

Read other 2 answers
RELEVANCY SCORE 30.4

I appreciate your help...I'm almost in tears.Logfile of HijackThis v1.99.1Scan saved at 12:29:54 PM, on 6/8/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\msdtc.exeC:\Program Files\NavNT\defwatch.exeC:\WINNT\System32\svchost.exeC:\Program Files\NavNT\rtvscan.exeC:\WINNT\System32\nvsvc32.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\tcpsvcs.exeC:\WINNT\System32\snmp.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\inetsrv\inetinfo.exeC:\WINNT\system32\mqsvc.exeC:\WINNT\Explorer.EXEC:\WINNT\SOUNDMAN.EXEC:\Program Files\ahead\InCD\InCD.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\QuickTime\qttask.exeC:\WINNT\system32\unumkr.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\WINNT\system32\RUNDLL32.EXEC:\Program Files\Microsoft AntiSpyw... Read more

A:HJT Log Needs Your Analysis

Welcome addiecakes to Bleeping Computer.Download LQfiz by Miekemoes.Unzip it to your desktop.Don't use it yet.***Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.3) Instead of Windows loading as normal, a menu should appear4) Select the first option, to run Windows in Safe Mode.For additional help in booting into Safe Mode, see the following site:http://www.pchell.com/support/safemode.shtml***Run LQfix and reboot the computer back to normal mode.***Please download FindQoologic from here:hereSave it to the desktop and run Find-Qoologic2.bat. This will generate a log file; please post the entire contents of the log file here for me to see.

Read other 1 answers
RELEVANCY SCORE 30.4

Having some issues with about:blank. Found some posts on how to get rid of it, tried them, and failed. Could someone take a look at this to tell me what to get rid of and how. Thanks so much!Logfile of HijackThis v1.99.0Scan saved at 6:36:19 PM, on 2/21/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\mfcpv.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\PRISMSVR.EXEC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WIND... Read more

A:HJT log analysis

Download the attached zip file and unzip it to your desktop.http://www.mvps.org/winhelp2002/DelDomains.infRight-click on the deldomains.inf file and select 'Install'Download cwshredder 2.12 from here:http://cwshredder.net/bin/CWShredder.exeRun the file after it is downloaded and click on the fix button. Let it do its thing and when its done, even if it crashes.When its done run hijackthis again post a new log

Read other 7 answers
RELEVANCY SCORE 30.4

To anyone that may know this kind of thing, I would appreciate you giving my log a look. I've followed the directions on the site using Ad-aware, Spybot, Cleanup, etc. to get rid of pop ups and spy ware. If anyone can tell me if I've got work left to do or not by looking at the following HJT log I would appreciate it. I've used the HJT analyzer as well and the results are below. Thanks in advance.

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 1/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 4:00:47 PM, on 1/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\System32\xl.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINNT\system32\OhuTT.exe
C:\WINNT\system32\OhuTT.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com... Read more

A:HJT Log Analysis - Lil help, please

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

You have the Peper infection. Download PeperUninstall. Ma... Read more

Read other 8 answers
RELEVANCY SCORE 30.4

Hi. I'm having problems with IE (6.0) arbitrarily redirecting my browser to other websites. Two, in particular, are WinFixer and WinAntivirusPro. Others come up as well, but the aforementioned sites happen most often.I am going through the tutorial to try and teach myself how to analyze and correct from the log report myself, but your assistance along the way would sure be appreciated.MarketBrowser and SmileyCentral are applications I have chose to install because I use them.Thank you very much....Logfile of HijackThis v1.99.1Scan saved at 7:26:33 AM, on 10/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.ex... Read more

A:Hjt Log Analysis

Hi, eliminator.Please print these instructions out for use in Safe Mode.Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to extract the filesThis will create a VundoFix folder on your desktop.After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.Once in safe mode open the VundoFix folder and doubleclick on KillVundo.batYou will first be presented with a warning.
It should look like this
VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press enter one time.
Next you will see:
Please Type in the filepath as instructed by the forum staff
and then press enter:
At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\jkkjg.dllPress Enter to continue with the fix.
Next you will see:
Please type in the second filepath as instructed by the forum
staff then press enter: At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\gjkkj.*Press Enter to continue with the fix.The fix will run then HijackThis will open. If it does not open automatically, open it after manually rebooting your computer.In HiJackThis, please place a check next to the following item... Read more

Read other 1 answers
RELEVANCY SCORE 30.4

Hi, Ever since I installed Ad-watch I've noticed that it constantly pops up with registry changes. The part I don't understand is that I can't seem to click Block to block the change. When I click it it just does nothing. So I have to click allow and it will go away. The main registry change I see is the one below. But there's been a few other ones too. I don't really know why my start page would change but it should be set to Google. Now I have run a few spyware programs (Spysweeper, Spyware Doctor, Pest Patrol, Ewido, Spybot S&D, a-squared, F-secure online, Microsoft safety live online) and none of them found anything. So I just want to know if my computer is really virus and spyware free. Thanks for the help in advanceLogfile of HijackThis v1.99.1Scan saved at 8:38:09 PM, on 12/8/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC: ... Read more

A:I Need Help With Log Analysis

Hello jfirestorm44,Welcome to BC. Hmm....Adwatch, Spysweeper, Spyware Doctor, Pest Patrol, Ewido (which is now AVG Anti Spyware).......... This looks like a case of "too many cooks........" They are all good programs but not advisable to have them running all at the same time. I would suggest you decide on one real time scanner, and remove the others.

Read other 9 answers
RELEVANCY SCORE 30.4

Hi just download HJT and need help understand what to check for deletion. Thanks a ton in advance....

Logfile of HijackThis v1.98.2
Scan saved at 12:42:58 PM, on 12/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\WScript.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.e... Read more

A:HJT analysis

Hi cfsunoles, Welcome to TSG!!

Download Spybot http://www.safer-networking.org/en/download/index.html

Click on "Search For updates" when prompted.

Scan, click on fix problems.

Reboot.

Download AdAware SE Personal: http://www.lavasoftusa.com/support/download/

Install the program and launch it.

On the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

In the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Deselect Search for negligible risk entries.

To start the scan, click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose select all from the drop down menu and then click Next)

Reboot and post another log.
 

Read other 1 answers
RELEVANCY SCORE 30.4

Here it isLogfile of HijackThis v1.98.2Scan saved at 8:43:46 AM, on 12/15/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\... Read more

A:HJT Analysis Please

Hi You have Messenger Plus installed. This program is known to install malware. I would advise that you remove this program from your computer.You can uninstall Messenger Plus from Add/Remove Programs.Run HijackThis!, press Scan, and put a check mark next to all these:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Close all other windows and browsers, and press the Fix Checked button.REBOOT and post a new log please.

Read other 5 answers
RELEVANCY SCORE 30.4

hi guys, would really appreciate it if you could help me out.. HSA is the first problem but i know there are prolly others that i dont know... got it prolly when someone here looked for the Paris Hilton video... *sighs* thanks for anythingPlatform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\msdtc.exeC:\WINNT\System32\drivers\CDAC11BA.EXEC:\PROGRA~1\SAV\DefWatch.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\cba\pds.exeC:\WINNT\System32\llssrv.exeC:\PROGRA~1\SAV\Rtvscan.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\nttm.exeC:\WINNT\system32\Dfssvc.exeC:\WINNT\System32\inetsrv\inetinfo.exeC:\WINNT\system32\ams_ii\hndlrsvc.exeC:\WINNT\system32\MsgSys.EXEC:\WINNT\system32\ams_ii\iao.exeC:\WINNT\system32\cba\xfr.exeC:\WINNT\System32\svchos... Read more

A:HJT Log Analysis please..

Please post the complete log. It looks like a few lines in the beginning was chopped off

Read other 3 answers
RELEVANCY SCORE 30.4

I would appreciate someone looking over my logfile. Unsure of System Mechanic entries number10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:59 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\windows\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\windows\StartupMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe
C:\Program Files\Common Files\Real\Update_OB\rea... Read more

Read other answers
RELEVANCY SCORE 30.4

Hello Guys,

I need some help in checking that ComboFix has cleaned an infected Pc. I ran ComboFix today and received a log file on completion. The Pc seems to be clean now. But you can never be sure. Can someone look at the log for me please. I will attache the log when we have made contact.

Thanks

A:Log Analysis

Welcome to BCPlease note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. If you have any questions, please PM me or another Moderator.The BC Staff

Read other 1 answers