Over 1 million tech questions and answers.

To Flrman1: gibby 26 HJT file

Q: To Flrman1: gibby 26 HJT file

Logfile of HijackThis v1.98.2
Scan saved at 1:07:51 PM, on 8/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\netmd.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\hpoipm07.exe
C:\WINDOWS\addaa32.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\mmc.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wnhno.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wnhno.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\wnhno.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\wnhno.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\wnhno.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\wnhno.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\wnhno.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\wnhno.dll/sp.html#96676
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10093460-6F53-E394-D35F-77E61A43FF4C} - C:\WINDOWS\system32\appea.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [addaa32.exe] C:\WINDOWS\addaa32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpywareBlocker.exe" /0
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

Read other answers
RELEVANCY SCORE 200
Preferred Solution: To Flrman1: gibby 26 HJT file

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 56.8

Appreciate some assistance.

Was looking at the excellent guidance flrman1 provided on this thread:
http://forums.techguy.org/t266349&highlight=GetService.html
to get rid of this CWS variant: res://C:\WINDOWS\eszwm.dll/sp.html#27859

Would appreciate knowing what cwsserviceremove.zip does.

Is it used to remove Service entries like the following:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\__NS_Service_3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY___NS_Service_3

Or, does it remove entries like the following:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]
Thank you very much for your help.
 

A:flrman1's cwsserviceremove.zip file

Read other 11 answers
RELEVANCY SCORE 56.4

Hi Flrman1, you helped me back in dec. 2004 to speed up my PC. Now I have the same problem again. Can you have a look at it?
I have run CW shredder and S&D. This is the outcome:

Logfile of HijackThis v1.99.1
Scan saved at 10:13:47, on 15-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE... Read more

A:Flrman1, Y helped me in dec 04, van y have another look at my hijack file please.

Read other 12 answers
RELEVANCY SCORE 42

Chicon was helping me to rid my computer of its infections, but said that I would need your help, due to a nasty infection. Can you please help me?!
Let me know if you want my Hijack this log, etc...

Thanks,
Alexa
 

A:Looking for flrman1!!

Read other 6 answers
RELEVANCY SCORE 42
Q: Flrman1

Just a quick 'thank you' for the help in the thread - http://forums.techguy.org/malware-removal-hijackthis-logs/455874-solved-virus-3.html - for the virus that I was hit with a couple of days ago. This was very helpful and very very useful. I couldn't figure out why this site/system wouldn't let me send him a PM so I am posting this and hope that he gets it.

Cheers,

Dominic
 

A:Flrman1

Flrman1 has not been on line in quite some time but I'm sure he would thank you for letting him know.
 

Read other 1 answers
RELEVANCY SCORE 42

hello my friend
i have a recent problem with the p.c
it is slowing down and i get measseges wiyh title of windows security center
in the meassege box it is written that "warning-windows firewall detected suspicious activity on the p.c--malicious software codes try to steal your priviacy"...etc..etc.. then it is asking if i want to protect my p.c and if i press the yes button i go to a site that i dont have premission to get to the server. the server is www.protectmywindows.com port 80.
i tried ewido adaware 6 end cceaner with no reasults so far
i did it on the safemode and run a file smitrem you gave me--no use.

here is alog of hijack
waiting for your reply
thanks a lot

Logfile of HijackThis v1.99.1
Scan saved at 00:59:42, on 11/09/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Skype\Phone\Skype.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\INCRE... Read more

A:flrman1--need help

Read other 16 answers
RELEVANCY SCORE 42

New HJT log.... thanks... please help!

Logfile of HijackThis v1.98.1
Scan saved at 3:17:17 PM, on 8/2/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PAUL MONTINI\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.realguide.com/"); (C:\Program Files\Netscape\Users\paulmontini\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Too... Read more

A:For flrman1... Thanks

Closing duplicate.

Please stick with one thread.
 

Read other 1 answers
RELEVANCY SCORE 42

hope i did this right, this is what i got

Logfile of HijackThis v1.99.1
Scan saved at 8:17:26 PM, on 6/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msole32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\hp\drivers\keyboard\PS2.EXE
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Updater.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Secur... Read more

A:to flrman1

Make sure you stick to your original thread only: http://forums.techguy.org/t372377.html

Duplicates will only confuse things.
Flrman will reply.
 

Read other 1 answers
RELEVANCY SCORE 42

Dear flrman1 the CW shredder has not worked and i was wondering if u could still help me i did find a question like mine on the forum but wasnt sure if it was the same so plz help me
Log is here

Logfile of HijackThis v1.98.0
Scan saved at 11:23:40 PM, on 7/28/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shar... Read more

A:Plz help flrman1

Open hijack this..scan, check these off

(unless you like weatherbug, do not check off those)

C:\Program Files\AWS\WeatherBug\Weather.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: winlgn.exe

and press fix checked.

then paste a new hijack log
 

Read other 1 answers
RELEVANCY SCORE 42

I am working on a friends computer and need the sites to download hi jack this and adware6.0 spyguard and spyblaster you helped me with my computer before please help thanks
 

A:To Flrman1

Try these

http://www.merijn.org/files/hijackthis.zip

http://www.lavasoftusa.com/support/download/

http://www.javacoolsoftware.com/spywareblaster.html

http://www.wilderssecurity.net/spywareguard.html
 

Read other 2 answers
RELEVANCY SCORE 42
Q: flrman1

I know you are busy(damn good too). I'm caught between girlfriend(miles away) and Moms computer that I have access to. You helped me with GF and was hoping you might help here.
http://forums.techguy.org/t310526.html
 

Read other answers
RELEVANCY SCORE 42

I posted a log file last night and got a response from mjack547 today. I did as he instructed. I also ran ccleaner after deleting the hjt files he suggested. Here is the latest HJT log. Please advise if there are still problems. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 9:12:31 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program File... Read more

A:Flrman1 Need your help!!

Stay in your orig thread - http://forums.techguy.org/showthread.php?t=365322
 

Read other 2 answers
RELEVANCY SCORE 42

Hello Mark,

Sorry I was not at a place where I could get on line with this pc. Have ran online scans....Had spybot,,sdbot and coreflood.a and was taken care of.

Adaware Aim, and buddylist all will startup but locks up and can not end the program. Only way is to restart the computer to end the programs.. Have ran Sophos antivirus checker and it is clean.

The machine is a little behind on it update. As soon as I can get to the internet I will patch this machine up.

Norton is a 2002 and will not uninstall. Have done some of the regedit to get rid of the program per their site. THis I will take care of later.
Thanks

Logfile of HijackThis v1.97.7
Scan saved at 3:45:51 PM, on 5/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\SYSTEM32\... Read more

A:Hello Flrman1

OK let's do the whole thing in safe mode so before you boot to safe mode, copy these instructions to notepad and save them on the desktop or print them.

How to start your computer in safe mode

Run Hijack This again in safe mode and put a check by these. Close all windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [Configuration Loader] msconfig32.exe

O4 - HKLM\..\Run: [juandtf] "C:\WINDOWS\System32\juandtf.exe"

O4 - HKLM\..\RunServices: [Configuration Loader] msconfig32.exe

O4 - HKCU\..\Run: [regsrv32.exe] regsrv32.exe

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"
Now find and delete these files:

The C:\WINDOWS\System32\juandtf.exe file

and:

msconfig32.exe
regsrv32.exe

These should be in the C:\Windows\System32 folder also.

If you choose to or have to find them using the Search go to Start > Search and under "More advanced search options".
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders". In the "Look in" box choo... Read more

Read other 1 answers
RELEVANCY SCORE 42

ive been having probs and have parasites. ive downloaded hijack and here is the log it gave me. please can you help. livvi.
Logfile of HijackThis v1.97.7
Scan saved at 23:08:46, on 13/01/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\TEXTBRIDGE CLASSIC 2.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\HAMPANEL.EXE
C:\WINDOWS\TEMP\HBINST.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\CKA.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.allcybersearch.com/ie/
R1 - HKCU\Software\Microsoft\I... Read more

A:hi flrman1

Read other 12 answers
RELEVANCY SCORE 42

I need help removing popnav, about:blank... I already ran ad-aware6, spybot s-n-d, downloaded the updates and here is my new hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 8:52:58 PM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mayda\My Documents\Downloads and Drivers\HiJackThis Log\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://64.4.22.250/cgi-bin/getmsg/B....65_d818&login=maydaleibas&domain=hotmail.com (obfuscated)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progr... Read more

A:flrman1 please help

Closing quadruplicate, at least. Reply to your original thread.

http://forums.techguy.org/showthread.php?t=253365
 

Read other 1 answers
RELEVANCY SCORE 42

Hello.....

You helped me out a long while ago to get pop-ups off of my computer....Now once again, I mistakenly downloaded something I shouldn't have and now there is a toolbar added to my Internet Explorer as well as pop-ups....

I still had HijackThis on my computer (You may have to tell me to upload a current version), so I ran it and below is the report.....

Any help is appreciated.....Just let me know what to do.....

Thanks again for your help.....

Looking forward to hearing from you.....
Logfile of HijackThis v1.99.0
Scan saved at 12:57:58 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.ex... Read more

A:To Flrman1....

Read other 6 answers
RELEVANCY SCORE 42

Hello,

When I was trying to download a BitTorrent program, it looks like some SpyWare snuck in and infected my computer to have popups show up once in a while....

I downloaded HijackThis and ran the program and the results are shown below....

Any help would be appreciated......

I look forward to hearing from you.....

Logfile of HijackThis v1.99.1
Scan saved at 9:25:25 PM, on 11/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
D:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1127521021\ee\AOLHostManager.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\AOL\1127521021\ee\AOLServiceHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\syst... Read more

A:To flrman1....

Hmmmm, I answered you here: http://forums.techguy.org/t420327.html

Like flrman1 better than me, huh??
 

Read other 2 answers
RELEVANCY SCORE 42

I was just reading a thread that you helped someone with and you seem to do a very good job. If I could get your help I would GREATLY appreciate it!!!

My browser's homepage keeps changing. It keeps changing to something like... res://zxwxg.dll/index.html#26980
and there are lots of pop-ups. It's very annoying.

Well I have run updated version of Adaware, Spybot S&D, and CWShredder. It works for about 10 seconds after the first time that I open the browser then its like I'm bugged all over again. I can't get it to stop .... its very frustrating. SO, If you could PLZ help me, I would greatly appreciate it!!

I dont even know where to start!
 

A:FLRMAN1.... I need help plz!!

Read other 10 answers
RELEVANCY SCORE 42
Q: flrman1

You helped me earlier today to get rid of an unwanted program. I was curious where I picked it up, so I went back in my history and figured it out. I wanted to post the web site just in case you wanted to share this information with other people so they won't go to the same site and get the program loaded on there computer.

Here is the web site:

www.funwavs.com
 

A:flrman1

I think I was wrong about the web site giving me that program. I have it again somehow and I didn't go to funwavs.com. Weird stuff going on here.
 

Read other 2 answers
RELEVANCY SCORE 42

flrman1 - You had provided some help at the pcpitstop site for my problem with some new vx2.look2me variant. FZWG sent me your way to see if you could figure it out. I'm including a link to my other thread so you can research it some, but I can't guarantee that every recommended fix was followed through to completion. I'd appreciate any help you can give. I also will post HJT and L2MFix Option 1 log.

http://pcpitstop.invisionzone.com/index.php?showtopic=100437

Logfile of HijackThis v1.99.1
Scan saved at 11:34:33 PM, on 10/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\S3apphk.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe... Read more

A:flrman1, please help with L2M

Read other 16 answers
RELEVANCY SCORE 42

I followed your instructions and then ran hijackthis once again....here is my new log. thanks again for all your help, i appreciate it!
Logfile of HijackThis v1.97.7
Scan saved at 11:38:58 AM, on 6/13/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\WINDOWS\System32\apiperft.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\6LTEJUPS\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.espn.go.com/
R1 - HKCU\Software\Microsoft\Internet Explorer... Read more

A:2nd HJT log....thanks for the help flrman1!

Hi, and welcome.

Please post back to your SAME thread, otherwise, how will he know you replied?

Closing duplicate.

http://forums.techguy.org/showthread.php?p=1569650#post1569650
 

Read other 1 answers
RELEVANCY SCORE 42

i ran ad-aware and s&D with the settings u specified, and i got rid of that pesky toolbar! thanks a lot! but my problem now is everytime i log onto windows, it gives me an error message saying that windows cannot find a bridge.dll?

here's my new hijack log file

Logfile of HijackThis v1.97.7
Scan saved at 12:24:55 AM, on 15/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RamBooster\Rambooster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Exp... Read more

Read other answers
RELEVANCY SCORE 42

Hello Flrman1,

You helped me back in May of last year with my computer.....It looks like I will need your asistance again.....I'm trying to get this spyware and pop-ups off of my computer....I downloaded FixThis and it gave me a log of my registry...Could you look at it and tell me what I need to do?......

Thanking you in advance,

hking81967
Logfile of HijackThis v1.97.7
Scan saved at 9:44:35 PM, on 1/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Grxp4exe.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\devl... Read more

A:To Flrman1....Need Help !!!...

Read other 8 answers
RELEVANCY SCORE 42

hey. you stopped replying to my posts, flrman1 i need serious help! this cxtpls problem i hear is quite threatening! please continue helping me. ur earlier replys have seemed helpful but most off all FAST! heres the thread: http://forums.techguy.org/t388569.html
 

A:FLRMAN1, where are you?

Please stick to your original thread only: http://forums.techguy.org/t388569.html

And have some patience, Flrman will be on later.
 

Read other 2 answers
RELEVANCY SCORE 41.6

Hi,
I just wanted you to know that I've been "lurking" on
the security forum for the last month. I was infected
with the CWS about:blank trojan. The combined efforts
of Adaware, CWShredder, Norton Anti-Virus, Spybot, etc.
could not (permanently) rid me of this infection. I was
infected about May 8.

So I read with interest your directions to various
people who had the same problem -- characterized by
the (obfuscated) designations in the HijackThis logs.
It looked pretty complicated so I decided to wait until
perhaps Adaware or Merijn or somebody came up with a
"1-click solution".

Finally (June 8) I decided that a 1-click solution
was going to be unlikely, given all the permissions that
were needed in order to erase the hidden files, so I
sat down and carefully read all your posts and figured
out more or less what was going on. I was all set to
manually delete the files.

By the way, I believe the use of the Recovery Console
can be avoided in Windows XP Home in the following manner:
first make all files viewable. Then boot up in
safe mode and log into any account with Administrator
privileges. Then right-click on the bad file. You get a
window with a "security" tab. From this tab + a bit of
work you can modify the permissions: first make them
accessible to the current user; then change them
so that the current user has full permissions; then delete
the file. I believe this could have been done for the hidden
and protected files tha... Read more

A:For Flrman1: CWS about:blank

 

Read other 1 answers
RELEVANCY SCORE 41.6

Sorry,It needed to be said!
 

A:FLRMan1 Rocks!!

Read other 16 answers
RELEVANCY SCORE 41.6

Hi Frman1, I just wanted to say you've been very helpful in the past and I have another annoying trojan. We can't seem to get rid of People on Page. I found the Thread started by QC603 Titled "People on Page Trojan- PLEASE HELP! and followed the instructions from MOBO, distinguished member. However, MOBO doesn't seem to be online right now. Could you check out my HJT and any help you could give would be great. Linda

Here's what I've done so far.
I ran Adaware SE web update
Changed the Configuration settings per the instructions in his post. Ran "Scan Now" and processed results
Went to spyware911.net and ran online scan (it didn't find anything)
Downloaded and ran Hijack this from spyware911.net. Here's my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 1:13:07 PM, on 4/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\WINDOWS\SYSTEM\ATITASK.EXE
C:\WINDOWS\S... Read more

A:flrman1 you've helped me before...

Read other 9 answers
RELEVANCY SCORE 41.6
A:Thanks to DIE HARD and flrman1 (NT)

Glad we were able to help!
 

Read other 1 answers
RELEVANCY SCORE 41.6

Dear flrman1 the CW shredder has not worked and i was wondering if u could still help me i did find a question like mine on the forum but wasnt sure if it was the same so plz help me
Log is here

Logfile of HijackThis v1.98.0
Scan saved at 11:23:40 PM, on 7/28/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shar... Read more

A:Plz help flrman1 or cookiegal

Please dont make multiple posts..someone will get to you sooner or later.

http://forums.techguy.org/t255627.html
 

Read other 1 answers
RELEVANCY SCORE 41.6

hi!

i have the websearch2 bar and i deleted but still appears could you check it?
please. i also think that i have duplicate programs but you are the expert you tell me please!!1

Logfile of HijackThis v1.98.0
Scan saved at 12:03:55 p.m., on 20/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Norton AntiVirus\navapsvc.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\ARCHIV~1\PLAYMA~1\ThisTime.exe
C:\WINDOWS\System32\LMSXXD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Spyware Doctor\spydoctor.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Documents and Settings\Propietario\Configuración local\Temp\Directorio temporal 4 para hi... Read more

Read other answers
RELEVANCY SCORE 41.6

Hi. Hope I'm not violating any rules by requesting your help specifically, but I noticed that you are helping "redcow" with exactly the same problem I'm having. I was hoping you could look at my Hijack This file. While my symptoms are identical, the .exe files are different and I'm not sure I know all the right ones to delete. If you idnetify the files, I should be able to follow your directions to redcow. I would appreciate your help. (I tried to send you a private message, but I may have my security settings too high as a result of my current predicament.)

Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 6:35:58 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\cvpnd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Com... Read more

A:[Solved] Flrman1 --- Help, Please

Read other 11 answers
RELEVANCY SCORE 41.6

flrman1 I have been following a post from back on 11/21 and your help has been exceptional...I was hoping you would take a peak at my hijack log and peper file...I have run the script and cleaned with adware and have just restarted...Can you help?
Logfile of HijackThis v1.97.7
Scan saved at 10:52:34 AM, on 11/30/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabS... Read more

A:flrman1 & peper

Logfile of HijackThis v1.97.7
Scan saved at 11:38:23 AM, on 11/30/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\WCESC... Read more

Read other 3 answers
RELEVANCY SCORE 41.6

UGH - I am beaten and bruised...I cannot shake this searchv bug that is now digging away at my registry and brain. I have used spybot, HJt, and Adaware - with all updates. They do find most of the carniage, but at every re-boot, I keep getting searchv as my IE home page.

I have looked at this forum for guideance and advice in the past as well as through the archives. I know that flrman1 has some great input - so I am looking for any suggestions. Hulp!

Using Win XP Pro.

All the 'searchv' lines below have been checked within every sweep, but still showing up on re-boot.

HJt log file is as follows:
Logfile of HijackThis v1.97.3
Scan saved at 9:20:23 PM, on 10/17/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TrayIcon.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Com... Read more

A:Need searchv help - especially from flrman1

Read other 16 answers
RELEVANCY SCORE 41.6

Hello after started in safe mode could not find the 3 files you wanted me to remove how do I get into them?
I went under run and typed them in said it could not find or do I do it somewhere else?
new hijack
Logfile of HijackThis v1.97.7
Scan saved at 10:34:22 AM, on 4/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Config\ConfigHighSpeed\3.52.1010.10\IACLiM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Sierra Imaging\Image Expert\IXApplet.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 4 for h... Read more

A:flrman1 help hijack

hey i am trying to post a hijack but when i save the hijack i cant attach i thow did you do it
 

Read other 3 answers
RELEVANCY SCORE 41.6

Flrman1! My homepage has been switched again! The trojan still isn't gone! What do i do now???
 

A:Flrman1! The Trojan still isn't gone!!

Read other 6 answers
RELEVANCY SCORE 41.6

your really good at this... sorry for double post but i need to get something done fast...
Its all of a sudden running slow on ...
is this normal?
http://www.iownjoo.com/freeimghost/axewind/wtf2.JPG

Logfile of HijackThis v1.97.7
Scan saved at 6:19:36 PM, on 12/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Lynden's Stuff\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6... Read more

A:major help plz flrman1

Read other 10 answers
RELEVANCY SCORE 41.2

here's latest HJT. running spybot, spyware(?), adware, and checker(?) weekly

Logfile of HijackThis v1.97.7
Scan saved at 9:22:51 PM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMA... Read more

Read other answers
RELEVANCY SCORE 41.2

I am unable to get rid of a res virus in my computer. My IE homepage continually resets itself to something like this: res://dmzbk.dll/index.html#26512. I noticed that FLRMAN was able to help X-FLAT with a similar problem a view days ago. I've downloaded the Hijack This software. Would someone please help me! I'm a teacher and need to have the Internet running smoothly within a week or so.
Thank you in advance for your help and time.
 

Read other answers
RELEVANCY SCORE 41.2

Back on June 1 Flrman got rid of a problem for me and it has been gone since. Thank you. And I did send in $50 to the board.

Here is something new, if you feel like giving any advice I'd be happy to send another check.

A Norton Anti virus system scan shows - adapi.exe - a trojan is on my computer. Neither a Norton quarantine or delete worked. Item info is 'The compressed file adapi.exe within C:\w32_API.cab is infected with the Download.Trojan virus.'

A adaware run came up clean

Hijack This is as follows if you care to give any advice...
and I suspect the following is the garbage that can be deleted..IF it is OK to just go ahead and check the 'to be fixed' box in hijack this...

O4 - HKLM\..\Run: [W32_ADAPI] C:\WINNT\adapi.exe

Thank you for any help.

Logfile of HijackThis v1.97.7
Scan saved at 7:41:04 PM, on 3/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINNT\System32\svchost.exe
C:\Program... Read more

A:Solved: ? for flrman1 about adapi.exe

Read other 12 answers
RELEVANCY SCORE 41.2

Here it is, posted on other thread, but here it is again:

0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoomtown.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [CreateCD50] "c:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\B.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EX... Read more

A:Flrman1, heres the hjt log for the AIM problem

Read other 13 answers
RELEVANCY SCORE 41.2

Hey, heard some great things about this site. How does my HJT log look?
Thanks,
Jeff
Logfile of HijackThis v1.97.7
Scan saved at 4:11:04 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\WINDOWS\kdx\KHost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svcmon.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\System32\winlogon.exe
C:\Do... Read more

A:flrman1, please check out my hijack this log

Hi
Unfortunatley im not flrman1 but i can tell you:

You need to update your hijack this to the newest version

HijackThis
*Download HijackThis from http://www.merijn.org/files/hijackthis.zip
*Unzip the file and install it to C:/ProgramFiles
*Click on scan and save a log
*When the txt file comes up, copy all and paste here.
 

Read other 2 answers
RELEVANCY SCORE 41.2

flrman1 ... my man! Where are you?

Since I'm sure that you are the only one who knows exactly what needs to be done ... what's might be going wrong on someone's system, ... I need your help over here ... and from you specifically!

First, ... if you look around and I'm sure you do ... you will find that ALMOST ALL the fixes our "HJT log helpers" will start with is asking the "HJTlog ... I need help!"'s member to do the "canned fix" you developed over HERE ... regardless of (form what I can see) what the HJT Log content is listing.

My question is ... and still ... what is/are the entry(ies) in the HJT logs that tells those helpers ... "Here it is!" ... for them to ask the member to go ahead and perform those fixes first?

If there is no such entry in the HJT log that tells I'm infected with the Smit, Sheriff or Aaurora spy/ad wares ... then, why do I have to do these fixes? ...

Is it only so to "kill" the doubts??! ... What doubts, we are running systems over here!

When I asked one of those "remarkables", ... You know what the reply I got??!... "Because they are everywhere! ... look around the board!"

Can you believe this?!

This means ,... that it only requires from the member to post a new thread saying "I have a problem! What to do?" and will have someone for sure telling him/her to do ALL those installations, scanning, cleaning and removing activities first... Read more

A:flrman1, my dear! Take us to another dimension, please!

Read other 9 answers
RELEVANCY SCORE 41.2

stevobevo hjt logfile

Logfile of HijackThis v1.97.7
Scan saved at 10:28:23 PM, on 5/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - ... Read more

A:flrman1 here is my hjt logfile check it out

Read other 7 answers
RELEVANCY SCORE 41.2

Sorry to request a certain mod, but I have printed his instructions from here:
http://forums.techguy.org/showthread.php?p=2944640

and I did not have the geebc file or the ceebg file, so mine must have different names? Or (yikes) there is a variant out there....

I have the vundofix, and the cleanup programs already, but have not gotten past the above...

And I am computer literate, (thanks in part to you guys!) and have Spybot, Ad-aware, etc. I try to keep a clean machine....I just recently switched (no thanks to Comcast) from Norton AV to Mcafee, which was running when I got this popup thing...bout useless I guess that's why Comcast is offering it for free.....but that's another story....

Here is my hjt log:
Logfile of HijackThis v1.99.1
Scan saved at 6:06:57 PM, on 9/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - ... Read more

A:Solved: winfixer - help flrman1!

Read other 11 answers
RELEVANCY SCORE 40.8

About this time last year flrman1 helped me remove the "About:Blank" spyware scourge from my computer. My computer has been clean since then but it is only a matter of time. When that time comes I want this site up and ready to help. I just made another donation and urge everyone else who benefits from this site to do the same.
 

Read other answers
RELEVANCY SCORE 40.8

I did what flrman1 suggested below, but cannot get anyone to take a look at the hijack log and advise me.
----------------------------
Originally Posted by ronglass
I have recently bought a new pc with winXP and either from the beginning or soon thereafter, I began to get the system32 folder on startup. I just found an item on Tech Guy where you tried to tell a guy what to do about this. Did you ever hear back from him ?

Assuming I did something to cause this, what might I have done. I did nothing intentionally.

-----------------------
flrman1 -

Go here:

http://forums.techguy.org/f54-s.html

Start a "New Thread" and post your Hijack This log:

Click here to download Hijack This. Click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in your New Thread.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
----------------------------
Logfile of HijackThis v1.97.7
Scan saved at 12:29:30 AM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe... Read more

Read other answers