Over 1 million tech questions and answers.

Popup Problems - HJT Log Attached

Q: Popup Problems - HJT Log Attached

Hi Guys,

Any help would be appreciated. I am having trouble with random pop up in internet explorer, I've ran Adaware but it does not detect anything even with the latest defns. I believe the farmmext.exe process is the culprit but can't get rid of it. Below is my Hijack This Log.

Once again thanks in advance.

Bogdenyvitch.

Logfile of HijackThis v1.97.7
Scan saved at 08:55:05, on 31/01/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Siemens\Common\Ace\bin\CCAgent.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~4\MSSQL$~1\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\sim9sync.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\scorecfg.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\SServCFG.exe
c:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\simnetpnpman.exe
C:\Siemens\Common\s7wnrmsx\s7wnrmsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thkeys.exe
C:\Program Files\Toshiba\Toshiba Applet\tme3srv.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Siemens\Common\ACE\bin\CCEServer.exe
C:\WINDOWS\System32\ALMXPMGR.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe
C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\uhnjoh.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss.exe
C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Siemens\Common\Sqlany\dbsrv7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijack_This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.snakenet.com
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,ALMXPMGR.EXE
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPWRSAVE] C:\Program Files\Toshiba\Toshiba Applet\tpwrsave.exe -S
O4 - HKLM\..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BFIL] C:\WINDOWS\BFIL.exe
O4 - HKLM\..\Run: [frsk] C:\WINDOWS\frsk.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vvhuuutxzqgsl] C:\WINDOWS\System32\uhnjoh.exe
O4 - HKLM\..\Run: [cbwx] C:\WINDOWS\cbwx.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [Kill_Old_SimaticNet_Setup] C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\_koss
O4 - HKLM\..\Run: [simpcmon] C:\Program Files\SIEMENS\SIMATIC.NET\opc2\bincfg\_simpcmon.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKCU\..\Run: [DivX Updater] C:\WINNT\System32\DivX.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MsgPlus.exe.lnk = C:\Program Files\Messenger Plus! 3\MsgPlus.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Station Configurator.lnk = C:\Siemens\Common\s7wnsmsx\s7wnsmgx.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MusicUnlimited/ie/Bridge-c106.cab
O16 - DPF: {2AEEAC34-FD74-4142-B891-4B05C0C03C87} - http://akamai.downloadv3.com/binaries/DialHTML/EGCOMSERVICE_1044_pack_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1001958.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE8400F2-C848-4379-989F-DF2ED39040BE} (Eyeball Instant Messaging Control) - http://www.rsvp.com.au/chat/RSVPChat.cab

RELEVANCY SCORE 200
Preferred Solution: Popup Problems - HJT Log Attached

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Popup Problems - HJT Log Attached

Read other 12 answers
RELEVANCY SCORE 50.8

Can I just say ARGH!!!!
I have been plauged with pop ups from every directions. Most I have gotten rid of like evil web rebates, search first and searchasst, but I still am having trouble with some. I believe tv media to be one that I just can not delete. I have run adaware and search and destroy plus deleted known problems from many hijackthis logs.
Here is my latest log, I can see the tv media, but I am at a loss as to how to get rid of it.

Logfile of HijackThis v1.98.2
Scan saved at 5:59:41 PM, on 9/3/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ActiveBuddy\BuddyScript SDK\bin\bmd.exe
D:\WINDOWS\System32\GE****C.EXE
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINDOWS\gfpicwd.exe
D:\WINDOWS\jxwwijx..exe
D:\Program Files\AutoUpdate\AutoUpdate.exe
D:\WINDOWS\system32\acllog.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\WINDOWS\system32\vgamp32.ex... Read more

A:With a popup here and a popup there..log attached

Howdy,

We are going to use some tools, first.

Please go here and download, then run CoolWebShredder, by clicking on the Next button. You can also just update CWS by using the button provided, but you must use the latest version.

Download Ad-aware SE from here. Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:
? Automatically save log-file
? Automatically quarantine objects prior to removal
? Safe Mode (always request confirmation)
2. Click on the Scanning button on the left and select :
? Scan Within Archives
? Scan Active Processes
? Scan Registry
? Deep Scan Registry
? Scan my IE favorites for banned URL?s
? Scan my Hosts file
? Under Click here to select drives + folders, choose:
? All of your hard drives
Click on the Advanced button on the left and select:
? Include additional process information
? Include additional file information
? Include environment information
Click the Tweak button and select:
? Under the Scanning Engine:
o Unload recognized processes & modules during scan
o Include additional Ad-aware settings in logfile
? Under the Cleaning Engine:
o Let Windows remove files in us... Read more

Read other 5 answers
RELEVANCY SCORE 50.4

Having problems with popups all of a sudden, I'v never used hijack before and not really sure of what I'm looking at. I did attach a copy of log. Any help is appreciated. Thanks

Logfile of HijackThis v1.99.0
Scan saved at 4:45:27 PM, on 1/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\Ubxoiw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Jack\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll... Read more

A:Popup problem.......Log attached

Read other 6 answers
RELEVANCY SCORE 50.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:17:58 PM, on 6/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\WinFast\WFTVFM\WFWIZ.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Veoh Networks\Veoh\VeohClient.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Fi... Read more

A:Cid Popup Help! Hijack Log Attached

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

Read other 10 answers
RELEVANCY SCORE 50

Hi I am getting pop up ads on internet explorer and my search engine is taking me to the wrong websites.

Thanks,



C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Program Files\SAP\Mobile\bin\UFContainer.exe
C:\Program Files\CM\CM.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Progra~1\1033_Fiberlink\gui.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\s0192\Desktop\Personal\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Medline Industries, Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.medline.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = mednet;medline.com;<local>;*.local
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Af... Read more

A:Spyware popup ads (Hijack this log attached)

Hi, welcome to TSF!

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Read other 6 answers
RELEVANCY SCORE 50

Have been trying to cleanup a friend's computer. Have run fully updated AntiVir and Malwarebytes and removed any infections they found.

Am still having trouble with popup ads that comeup in Internet Explorer. Some of them are identified as Cid:ad. In addition whenever I'm shutting down or rebooting the computer I always get the message that iexplore.exe is shutting down but it never shuts down and requires me to click on "end now"

I did find file and folder references to Bearshare that I have deleted.

Thanks you in advance for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:21 AM, on 9/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.... Read more

A:Solved: Popup Ads-Hijackthis log Attached

While waiting for a response I did some checking on the internet and concluded the problem was created after my friend installed messengerplus (msgplus.exe) and got a LOP infection.

I ran Nolop.exe but it did find anything but it's log showed the presence of Grid Blue Memo Site in all users/application data. After deleting Grid Blue Memo Site in all users/application data the problem of the popup ads stopped. The issue with iexplore.exe hanging on shut down also stopped.

I'm pretty sure all the issues with this computer are now resolved. I also deleted all references in the Hijackthis log to bearshare.

Thanks
 

Read other 1 answers
RELEVANCY SCORE 50

can someone help me get rid of winantivirus popups please
Logfile of HijackThis v1.99.1
Scan saved at 17:36:58, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\SilverCrest Combo Set Driver\PS2USBKbdDrv.exe
C:\Program Files\SilverCrest Combo Set Driver\MouseDrv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outloo... Read more

A:WINANTIVIRUS POPUP HELP hijack this log attached

please anyone out there
 

Read other 1 answers
RELEVANCY SCORE 50

I started getting pop-ups a couple of weeks ago. Went into security for IE and pop-ups were disabled. Checked the box to enable, closed, restarted IE and the box did not stay checked for blocking pop-ups. Installed Firefox and disabled IE in XP. When using Firefox IE pop-up windows appear every couple of minutes. I deleted an empty folder from my desktop and it shows back up every time I reboot my PC.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:26 AM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program File... Read more

A:Popup ploblem - Hijackthis log attached

Hi, Welcome to TSG!!

Run HJT again and put a check in the following:

O2 - BHO: (no name) - {0a4b1a39-fc8f-4512-a047-f80bf27f0f55} - C:\WINDOWS\system32\oclfofa.dll (file missing)

Close all applications and browser windows before you click "fix checked".
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer. ... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

Sorry to be a nuisance but for the last hour or so I have been getting a popup advertising a new Anti Spyware prog which I 'must have.'

I googled the name of the prog and sure enough there are numerous reports that this is spam.

Have updated and run Spybot and AVG - but all they turned up were two tracking cookies which I deleted.

Still getting the popup intermittently - so could somebody read my HJT log and see if there is anything that needs to be removed :

Logfile of HijackThis v1.99.1
Scan saved at 20:15:17, on 21/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\End User\Desktop\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Acro... Read more

A:Solved: Annoying popup - HJT Logfile attached

Read other 8 answers
RELEVANCY SCORE 48.8

I get Windows Security Alerts popup screens every few seconds alerting me of different threats like Net-worm.win32.Mytob.t, Backdoor-win32.kbot.al etc.. I have Trend Micro installed on my box and its unable to detect any of these. So i think its a malware. So i searched different forums, and reached here. As per the instructions I am attaching the HijackThis Log.
Any help in resolving this is greatly appreciated.

System: XP pro, 2002, service pack 3
DDS (Ver_09-03-16.01) - NTFSx86
Run by AP230042 at 11:07:12.95 on Wed 04/29/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.366 [GMT -7:00]

AV: Coreguard Antivirus 2009 *On-access scanning enabled* (Outdated)
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled*
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ENDFORCE\AgentAPI.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files�... Read more

A:Windows Security Alerts Popup (DDS & Attach log attached)

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you wi... Read more

Read other 4 answers
RELEVANCY SCORE 48.8

Hi,While working on internet i receive a lot of popup windows in Internet Explorer windows (listed below) every minute or two and i m not been able to get rid of all these. If anyone can help me I will be very greatful to him/her.I am using Windows98 OS. I have tried Adware SE, Stopzilla, Spyware remover, noadware, popupblocker, popupfree, popupstopperfree, spybotsd14, SpySifter, vx2cleaner, spygate firewall, but to no help.Any other information you require please let me know.Following are some of the popup windows (IE)://popunder.paypopup.com/adsDirect.php?ban=&id=BundleWare&cid=1569722&sid=23782&cpm=&tid=&campaign=&type=&ref=&rurl=&clater=&defurl=//www.buyer-shabit.com/normal/yyy102.html//www.dealiotoday.com/normal/yyy65.html//www.mediapurchases.com/normal/yyy65.html//www.realcoupon-s.com/normal/yyy65.html //www.uniqueoffer-s.com/normal/yyy102.html//www.blow-outsales.com/normal/yyy102.html//www.inter-netsuggestions.com/normal/yyy102.html//www.hug-ediscounts.com/normal/yyy102.html]http://www.hug-ediscounts.com/normal/yyy102.html[/url]//www.ecommerc-e.com/normal/yyy65.html//www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={8588E5F7-4ED9-C5B7-C050-9B591022DDCD}&type=normal&mSkip=1&rnd=21922//www.ebay.in/-------------------------------------------------------------------------------------Logfile of HijackThis v1.99.1Scan saved at 6:23:48 PM, on 3/14/06Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 (6.00.2600.... Read more

A:Ie6 Ad-w-a-r-e And Lots More Popup Windows(new Hijack Log File Attached)

Hello ashishdabas and welcome to the BC HijackThis forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download Cwshredder.exe and save it to a folder of its own. Start the program and click on the Check for Update button. If an update is available then download and install it. Close the program (do not run it yet).Download AboutBuster.zip and unzip it to its own directory. Download CCleaner and install it but do not run it yet.Now physically disconnect from the internet (unplug the telephone or broadband cable from the computer).Step #2Restart in Safe ModeRestart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmR0 - HKLM�... Read more

Read other 5 answers
RELEVANCY SCORE 48.4

Hello,

I am hoping you may be able to help. I have a PC that has got a number of new icons appearing on the desktop ("Spyware&MalwareProtector", "Privacy Protector", and "Error Cleaner"). The desktop has also changed to a red background with a hazard symbol with the words 'your pc is in danger' on it.

I have read a few other posts on this topic but the ones I read stated not to delete certain files as those fixes were tailored only for that particular PC. I have therefore run Hijack This on the PC and attach a copy of the log file below. I would be very grateful if anybody could help me work out what needs to be done to remove the malware etc.

Regards,

Savo

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:29, on 27/03/2008
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINNT\LogWatNT.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\vsAOD.Exe
C:\WINNT\Syst... Read more

A:Popup error messages and new icons appearing on desktop - HTJ log attached

Hi,

I was just wondering if anyone has any ideas on what needs to be done to fix the above problem please? I'm a bit stumped and need to try to get the PC back up and running again asap.

Thanks,

Savo
 

Read other 2 answers
RELEVANCY SCORE 48.4

When using IE get lots of popus.

Trying to install a plugin for MS Word from a company GoFileRoom. When trying to run Winword.exe shows starting and ending in task manager processes. Also get a file named something like TempXX.msi that runs. The XX stand for numbers and they very from run to run. I have to cancel the .msi process to get the installation to fail.

Any help would be greatly appreciated!

vundo fix log:

VundoFix V7.0.5

Scan started at 11:29:14 AM 5/29/2008

Listing files found while scanning....

No infected files were found.

combo fix log
ComboFix 08-05-28.4 - Administrator 2008-05-29 12:39:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1880 [GMT -4:00]
Running from: C:\Documents and Settings\ADMINISTRATOR.MKBCOLA\Desktop\james\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\g2mdlhlpx.exe
C:\Documents and Settings\WILL\Application Data\WNSXS~1
C:\Documents and Settings\WILL\g2mdlhlpx.exe
C:\Documents and Settings\WILL\My Documents\MBOLS~1
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\system32\hvzead7v.exe
C:\WINDOWS\system32\v199.dll
.
---- Previous Run -------
.
C:\Program Files\Common Files\elitemediagroupoinuninstaller.exe
C:\Program F... Read more

A:Solved: IE popup/MS word plug fail - logs attached

Read other 16 answers
RELEVANCY SCORE 40.4

Hi guys, new to this, my pc just started to have major problems, seems to be real slow at times, and closing programs, eg iexplorer or firefox leaves them in the task manager window and leaves me to end process manually, ive ran ad-aware, cccleaner and ran the system file checker, please help, im lost without my pc, hopefully this is the correct format for youJayDSS.TXT------------------------------------------------------------------------------------------------------------------------------Run by jason at 11:16:01.32 on 24/03/2009Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.873 [GMT 0:00]AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)FW: Kaspersky Internet Security *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:\Program Fi... Read more

A:various problems (dds and hjt log attached)

Hello Jay,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 40.4

My friend has asked me to help him out with his pc which has been getting worse and worse for a few weeks. I gave him HJT on a file and got him to run it give me a log and leave his PC on until I can see what you guys have to say. To me it looks pretty bad but I'm no pro .. help appreciated guys. Thanks
 

A:Many problems - HJT attached.

Read other 7 answers
RELEVANCY SCORE 40.4

Hi there,

I'm having a few problems with a friends computer. It's just generally running slow and for some reason Internet Explorer doesn't close when you click the 'x' or go File -> Exit, the only way to close the application is to go to System Processes and end the rocess.

Here is the HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 20:09:02, on 10/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\IM Names\IM-svr.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\MYWEBS~1... Read more

A:Problems - HJT Log Attached

Hi Amnesia_180.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 4 answers
RELEVANCY SCORE 40.4

Computer is running slow, when I try to run Panda it runs for a bit and then stops? Its weird it also did state I had 1 infection but once again it freezes? Any ideas?
Logfile of HijackThis v1.99.1
Scan saved at 4:09:00 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C... Read more

A:Problems: HJ log attached

Read other 7 answers
RELEVANCY SCORE 40

Windows XP SP2
Home Edition ver. 2002

Please help me with some pop-up problems with this laptop. Thank you very much : )

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 6:37:22 AM, on 3/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\DOBE~1\iexplore.exe
C:\WINDOWS\System32\??rvices.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Se... Read more

A:Solved: HJT Log attached---Pop up problems

Read other 11 answers
RELEVANCY SCORE 40

Thanks for taking the time to help me out with this. My wife's laptop is running Windows Vista, 32 bit. She recently clicked on a hyperlink which immediately put up a popup for AV8, and since then, every time she opens Firefox v3.5.16, we get the popup for AV8Scan, and can't get it off the computer. I've checked, and don't see AV8 installed on the computer, but I'm worried the computer has been compromised. DDS log text is below, and other logs are attached. Thanks again for helping us out.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Stacey at 20:15:54.43 on Mon 12/27/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1525.769 [GMT -5:00]

AV: McAfee VirusScan *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Wind... Read more

A:AV8 problems, all logs attached, please help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I see no sign of infection in your logs. Can you post a screenshot of the popup?

http://www.techsupportforum.com/f215...ot-184291.html

------------------------------------------------------

Try uninstalling Firefox, rebooting, then re-installing Firefox.

http://www.mozilla.com/en-US/firefox/

Any difference?

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 40

Hi there, if somebody would please take a look at this HJT log, I'd appreciate it, we've spent 2 days trying to clean this up!

Thanks in advance,
JM

Logfile of HijackThis v1.99.1
Scan saved at 1:26:14 PM, on 5/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\LightSurf\Co... Read more

A:Trojan problems, HJT log attached

I guess I could give a little detail, sorry. It's not my PC, so I don't have as much info as I'd like, but AVG found a couple of trojans and java.verify viruses and winlogon.exe keeps coming up with errors and shutting down. Spybot finds the SMitfraud-c.888 toolbar, I used the Smitfraud fix on it, but it still comes up. It's running Windows XP Home. Any other details needed, let me know and I'll try to find out.
 

Read other 2 answers
RELEVANCY SCORE 40

A few days ago I couldn't connect to the internet, so I ran Ewido Anti-Malware and it found 43 infected files. Last night I was still having problems so I ran a scan again and it found 15 more infected files. I ran Spybot and it found 123 infected files but couldn't remove 24 of them.

My computer is still running slower than normal and I'm having connection problems with the internet. Below is my HJT log. Any help is appreciated.

---
Logfile of HijackThis v1.99.1
Scan saved at 7:17:15 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\MYWEBS~1\bar\... Read more

A:Solved: Been having problems, HJT log attached

Read other 10 answers
RELEVANCY SCORE 40

Hello ... I had Ad-Aware on my puter n deleted it with REVO. When I boot up I still get "1 deleted program can't be found - autocheck will be skipped" I reinstalled Ad-Aware then deleted the email scan with my add/remove. Then deleted the program again with REVO. Still have the same problem. Can you please check my log for this problem or any others?

Thanx ... Kathie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:58 AM, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Privacyware\Privatefirewall 7.0\PF6.exe
C:... Read more

A:Problems - Hijack Log attached

Read other 14 answers
RELEVANCY SCORE 40

I'm currently running IE6 SP2 (Win XP - Home) and all of a sudden I cannot open my "Favorites" from the top tool bar, yet I can open it from the Icon on the toolbar. When I click on the "Favorites" text, my IE closes. Now here's the strange thing.....I was told to reinstall it, however, I can't even find it in my "Add/Remove Programs". I went to reinstall IE over my existing browser and got an error message that I'm running a newer version and it will not download.
Attached is my latest HiJack This Log. Please let me know what other problems you see in here, as I'm also having other problems that I can get into later (has to do with USB printer and can't install HP print drives. HP tech support says to reinsatll Win XP.)

Logfile of HijackThis v1.99.1
Scan saved at 10:36:17 PM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\3B Software\3B Ad Blocker Pro\AdBlocker.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32... Read more

A:IE6 Concerns and Problems HJT attached

Read other 9 answers
RELEVANCY SCORE 40

Loads of problems - slow internet access, pop-ups galore, trojans etc etc:

Logfile of HijackThis v1.99.1
Scan saved at 14:30:19, on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Documents and Settings\Jon\My Documents\Fanzine\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodSer... Read more

A:Solved: Big problems - (HJT log attached)

Read other 15 answers
RELEVANCY SCORE 40

I am new to this type of program. I had XP in the past. The computer runs slow, I am redirected to different sites, having major problems when downloading info such as HJT. Said possible fatal error. Help plz and thank you,.Logfile of HijackThis v1.99.1
Scan saved at 4:15:54 PM, on 11/6/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\c guariguata\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QWZVPZIX\hijackthis_sfx[1].exe
C:\Us... Read more

Read other answers
RELEVANCY SCORE 40

I am having several problems with my computer. First, I had a virus a few weeks ago (sorry I don't remember the name of it). It appeared as a yellow triangle with a ? in it. It said something on the lines of your computer is not fully protected, blah, blah. I clicked on it thinking it had to do with my Bellsouth Internet Security. Well it downloaded whatever it was and since my computer has been slow, my desktop background is blue, and you can not change it. When I go into Display everything in the list for wallpaper and desktop themes are gray and you can't change it.

I went that weekend and purchased McAfee, since the other virus protection wasn't doing it's job. Secondly, I am receiving a Generic PUP.g, location is: C:\hp\bin\KillWind.exe. It is stating it is unremovable. Up until today for the past month I was having PrcViewer show up that was unremovable.

I have attached a copy of my HJT log that I ran just a few minutes ago. Can someone please help me? I appreciate your time and help in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:03:11 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system3... Read more

A:Solved: Need Help with Several Problems - HJT Log Attached

Read other 16 answers
RELEVANCY SCORE 40

Hi, I'm not sure where this came from, but this morning when I woke up and started working on my computer Spyware Guard started giving me warnings about BHOs that were being added and so I clicked removed. SpywareGuard gave me about 9-10 of these warnings and then stopped. But every few minutes them came back, and then I started getting "errors" that looked pretty fake to me and those direted me to a site for SpywareSherriff or something similar no matter what I clicked on the error message. I ran adaware and spybot, but I'm still having the problems. I finally told SpywareGuard to keep the BHOs because I couldn't do anything with the warnings poping up every few minutes. I attached the HJT file, there's probably a dozen BHOs that don't belong...Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:00:55 PM, on 5/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Purdue University\Air Link\cvpnd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.ex... Read more

A:Solved: BHO problems; HJT attached

Read other 16 answers
RELEVANCY SCORE 40

Hi,
I've been battling with spyware and pop-ups for some time now, and have recently been infected with an MSN virus. I run Ad-aware occasionally, and am looking around for a free anti-virus program. I also downloaded Hijackthis, and preformed a scan just a minute ago. Below is the log file, I hope you can help.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 7:06:45 PM, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\Yinstall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\{F4F46553-0766-4105-0528-020326200002}\Update.exe
C:\WINDOWS\system3... Read more

A:Spyware problems *HJT Log attached*

Hi and welcome

Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.

Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run Ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.

Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
Launch Ewido Anti-spyware by double-clicking the ... Read more

Read other 1 answers
RELEVANCY SCORE 40

I also have spyware/malware problems and hoping for some help. I have the desktop problem saying "Warning: Spyware threat has been detected on your PC"; the Triangle popup warning by the clock every now and then; desktop popups warning of spyware/virus problems; and IE that now and then goes to a page that tries to sell you on Spyware software.

I've tried a few spyware cleaners like Ad-aware, SpyBot but doesn't help. I followed the 5 steps in the sticky in this forum as best as I could and now to the point of posting my HijackThis log to try and get some help to get rid of all these problems. Thnx in advance!

Logfile of HijackThis v1.99.1
Scan saved at 2:26:42 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterp... Read more

A:Bad Spyware problems - HJT Log attached

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 15 answers
RELEVANCY SCORE 40

Mod Edit:  Split from http://www.bleepingcomputer.com/forums/t/615538/no-access-to-my-computer-right-clicking-causes-crashes-and-other-issues/ - Hamluis.
 
DC3  hi,
 
I have the same issue. Windows 7 home premium.
In Windows Explorer, only when I right click on any item below the heading "My computer", I always get the message "Windows explorer has stopped working",
then "shutting down" then "looking for a fix" ... then Win Explorer and everything else on the screen disappears with the exception of the wallpaper image. All of the desktop
icons then re-appear.
 
I followed the advice you gave re getting the log file, and attach it here.. I have removed a few dozen repeats of the same stuff..
 
Any help gratefully received.
 
Thanks
daftec

Read other answers
RELEVANCY SCORE 40

My computer anti-virus is sometimes getting disabled, and I am unable to turn it back on unless I shutdown my computer. Also, I can't shutdown my computer except to hold the power button until it does so. Any attempt to shutdown normally winds up with my computer freezing. When I start up again, I don't get the usual prompt of "windows had detected a serious error" asking me how I want to fix it. And my computer is really slow lately and has a ridiculous ammount of internet packets being sent even though I've run spyware.

Any help would be appreciated! Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 14:51, on 07-02-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1106286350\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1106286350\ee\AOLSoftware.exe
C:\Program Files... Read more

A:Computer Problems: attached HJT log

Read other 7 answers
RELEVANCY SCORE 40

Please help, I am in tears and so exhausted. My computer recently crapped out, but I was able to do enough cleanup in safe mode to get online (for now).

I am constantly receiving a "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." popup; cli.exe, dsca.exe, and logonhook.exe application errors at startup; My user logon page at startup is gone and I have lost the ability to "switch users" without logging off.

Logfile of HijackThis v1.99.1
Scan saved at 5:25:37 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldfserv.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\... Read more

Read other answers
RELEVANCY SCORE 40

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:32 AM, on 6/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.h...s=PTB&M=MX6448
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...s=PTB&M=MX6448
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.h...s=PTB&M=MX6448
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNex... Read more

A:Spyware problems HJT log attached - PLEASE HELP!

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 39.6

Hi all,

First time poster, reading the rules as I post so hopefully will not commit any offences on my first time.

My problem is with a new PC I built using some old parts and some new parts I bought from ebuyer.com
I am getting recurring blue screens, mainly when playing games.

These errors include MEMORY_MANAGEMENT , DRIVER_IRQL_NOT_LESS_OR_EQUAL and KMODE_EXCEPTION_NOT_HANDLED

Please note I have updated all my drivers, as well as done two fresh installs of windows and have also removed drivers, installed old driver and even relied on windows drivers to varying effects however none have sold the problem.

I have also run MEMTEST86+ 4 hours wall time 9 passes 0 errors.

I have also run HDD diagnostics, with no errors.

I have all Windows updates and SP1 installed.

Please find .dmp files below.

Help would be GREATLY appreciated.

Thank you in advance.

George

PC Specs

AMD Athlon x4 640 3.0 ghz
ASUS M4A78LT-M LE motherboard
2GB generic 1066mhz ram (labelled extra value on ebuyer, timings 9-9-9-24 I believe.)
ATI Sapphire 4870 1GB toxic edition
WD 80GB 7200rpm HDD
Seagate 160GB 5400rpm HDD
Casecom 500w power supply
generic DVD_RW drive
 

A:BSODs, could be driver problems? dmp attached.

Read other 14 answers
RELEVANCY SCORE 39.6

I have been having poblems with the Vundo virus and worms turning off my virus protection. No matter what I do whatever it is keeps coming back.

Logfile of HijackThis v1.99.1
Scan saved at 9:21:43 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcCtlCom.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\tmproxy.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Sony\giga pocket\RM_SV.exe
C:\PROGRA~1\TRENDM~1\INTERN~3\PcScnSrv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TR... Read more

A:Please Help! HJT file attached - Vundo problems

Read other 16 answers
RELEVANCY SCORE 39.6

Hey guys. I know I have another thread active for a buddy - but i seem to have problems myself again. My computer is acting strange - some programs respond like they are wading through mud. If you could work you magic i would be ever grateful. I have attached the doctors report (hjt).

Thanks as always
 

A:Solved: Urgh problems again..HJT attached

Read other 10 answers
RELEVANCY SCORE 39.6

I was working on my computer, and Blue Screen of Death happened.

Tried restarting and all that stuff, I finally decided to give up and just boot up Ubuntu, grab the dump file, and post it on here.

When the BSOD happened, no info was given... no drivers were named and such.

Dump File:
http://www.filedropper.com/050211-25849-01

A:(BSOD) Windows Problems [.dmp attached]

You should have the hard drive & memory tested. If both pass, then have the hard drive scanned for viruses, spyware, & malware.

Read other 2 answers
RELEVANCY SCORE 39.6

Not sure what is wrong with the computer, but something definately is...
Like before... I can't run a System Restore and I have that random toolbar in Internet Explorer which won't go away...

Here's my Logfile... Check it out...

Logfile of HijackThis v1.99.1
Scan saved at 2:11:30 PM, on 1/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\Security Center... Read more

A:Computer Making Problems (HJT Log Attached)

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout

http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed. )

Fix these with HJT mark them, close IE, click fix checked

O17 - HKLM\System\CCS\Services\Tcpip\..\{68A410CE-0107-4EAC-8B8A-7FE9707126F3}: NameServer = 85.255.114.78,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84F0D37-EAEA-4190-81C6-68E8EFBD6285}: NameServer = 85.255.114.78,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB97802A-AA95-4F6B-964F-F43E890963AA}: NameServer = 85.255.114.78,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{F629F09D-F8A8-4A6F-90F2-AED971DD1EBC}: NameServer = 85.255.114.78,85.255.112.24
If you have connection problems after this

* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
Double-click the Network Connections icon
Right-click the Local Area Connection icon and select Properties.... Read more

Read other 3 answers
RELEVANCY SCORE 39.6

Hi guys and gals

My friend dropped his laptop around for me to take a look at, after fixing most of the problems i am now left with 2.

The first i get on boot up of the laptop, i get an error message entitled

'important - potential errors found in the system'

error message is as follows

'during a scan of files at system startup, potential errors in the system registry were found.

p-07-0100 irql: 1f sysver 0xff00024
nt_kernel error 1256
kmode_exception_not_handled'

the second is a balloon being generated by an icon in the system tray which calls itself System Alert! which reads as follows

System detected virus activities. These may impact the performance of your computer. Please, use antimalware software to clean and protect you system from parasite programs.

click this baloon to get all available software.'

here is the log file

*****

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46:22, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.ex... Read more

Read other answers
RELEVANCY SCORE 39.6

It seams like this BELT.exe program is causing a lot of problems. Here is my HT report. Any help would be greatly appriciated. I have NAV and I have already ran Adaware and spybot. Thanks in advance.

Scott

Logfile of HijackThis v1.97.6
Scan saved at 10:23:05 PM, on 11/17/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStar... Read more

A:Belt.exe Problems as well... HT report attached

Read other 14 answers
RELEVANCY SCORE 39.6

Hi,

My computer is running very slow. I know it is is spyware. Also I can't open any websites and get random advertisments.
Logfile of HijackThis v1.99.0
Scan saved at 7:39:49 AM, on 1/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\netkp.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\addsb32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\RIOCOL~1\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzgdv.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\pzgdv.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\pzgdv.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\pzgdv.dll/sp.html#28129
R... Read more

A:Solved: Spyware Problems Log Attached

Read other 16 answers
RELEVANCY SCORE 39.6

My computer has been acting funky for a little while.

The font on web pages will suddenly change (get larger)

There are things on my start menu that I didn't put there.

Yesterday, I couldn't access a bunch of different websites (Comcast, Yahoo, others) but I was able to access this one, Google, my kids' soccer league, etc

My McAfee settings will suddenly be disabled (the firewall, for example) when it's something that I never do.

Things will disappear from my favorites then they show up later.

Here's the log - Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:50 AM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee... Read more

A:Solved: Computer Problems - HJT attached

Read other 8 answers
RELEVANCY SCORE 39.6

Hi guys,
Appreciate the help. Having problems with PNY GeForce 6600gt AGP 8X. Running slo.......w on Generals ZH. At times, hangs up 1-2 minutes. Ran good with old board, GE 5200. Anyhow, heres the log, if you could give any suggestions.
Thanks
PapaTom

Logfile of HijackThis v1.99.1
Scan saved at 5:17:43 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\P... Read more

A:Problems with GeForce 6600GT-HJT log attached

Read other 16 answers
RELEVANCY SCORE 39.6

Can someone recommend what my hjt log has in it that causing weird pc problems.

Running f-Secure and I think things are getting through.

Logfile of HijackThis v1.99.1
Scan saved at 2:16:47 AM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1.0\MMDiag.exe
C:\jetsuite\JETSTAT.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox10.0\mim.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\WINDOWS\System32\svchost.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DE... Read more

Read other answers
RELEVANCY SCORE 39.6

This computer will not start in regular mode, can anyone tell me from the HJT what might be wrong.

Update - Error message; widows - Delayed Write Fail
Windows was unable to save all the data for the file C:\WINDOWS\ntbtlog.txt. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
 

Read other answers
RELEVANCY SCORE 39.6

Hi guys

I've been helping out a freind who is suffering with restarting problems which normally take place within 2 minutes of windows XP sp2 loading.

could someone try and diagnose the attached minidumps

many thanks
 

A:Restarting problems-minidumps attached

Hi CMCF,

The culprit of your friend's PC is ZoneAlarm. Probably ZoneAlarm is conflict with some of software at your friend's PC such as eMule and etc. De-install or upgrade ZoneAlarm may resolve the problem.

The stack trace of the minidumps.
ChildEBP RetAddr Args to Child
f3873ce4 8054b0b9 00000070 00000000 f3873d44 nt!ExFreePoolWithTag+0x237 (FPO: [Non-Fpo])
f3873cf4 f6a4d410 00000070 02ecf0bc f6a22899 nt!ExFreePool+0xf (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
f3873d44 804de7ec 02ecf100 00010080 02ecf0bc vsdatant+0x43410 <-- ZA
f3873d44 7c90eb94 02ecf100 00010080 02ecf0bc nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ f3873d64)
02ecf08c 00000000 00000000 00000000 00000000 0x7c90eb94
 

Read other 1 answers