Over 1 million tech questions and answers.

Hijack This Log, Ewido Scan Report, need to rid spysheriff

Q: Hijack This Log, Ewido Scan Report, need to rid spysheriff

I've been infected with spysheriff as well. here are my HJT and Ewido scan logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:32 AM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: DigiChat Applet - http://host2.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon/asp/cx_tgctlcm.jsp
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:25:33 PM, 6/18/2005
+ Report-Checksum: 410D67A3

+ Date of database: 6/18/2005
+ Version of scan engine: v3.0

+ Duration: 82 min
+ Scanned Files: 121906
+ Speed: 24.54 Files/Second
+ Infected files: 25
+ Removed files: 25
+ Files put in quarantine: 25
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Christer Allen.CHRISTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\3AOVF189\loaderadv74[1].jar/Counter.class -> Trojan.ClassLoader.h -> Cleaned with backup
C:\Documents and Settings\Christer Allen.CHRISTER\Local Settings\Temp\Temporary Internet Files\Content.IE5\3AOVF189\loaderadv74[1].jar/Parser.class -> Trojan.Java.ClassLoader.Dummy.a -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\DivX\DivX Pro Codec\Gain_Trickler.exe -> Spyware.Gator.3102 -> Cleaned with backup
C:\Program Files\Kazaa Lite K++\supertrick.txt -> Trojan.Qhost.av -> Cleaned with backup
C:\Program Files\Oanmizp\Xbaf.exe -> Trojan.Small.cy -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP442\A0071813.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP442\A0071813.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy.n -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP442\A0071813.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP442\A0071813.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP442\A0071813.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP442\A0071813.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP442\A0071813.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP479\A0075506.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP479\A0075546.exe -> TrojanDownloader.Small.adv -> Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP479\A0075554.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\unzipped\CRACK[1].CD-Ahead_Nero_Burning_ROM_Ultra_Edition_v6.6.0.0\tmo.exe -> TrojanDownloader.NoName.b -> Cleaned with backup
C:\unzipped\hijackthis\backup-20031226-221500-882.dll -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\SYSTEM\smss32.exe -> Worm.Momma -> Cleaned with backup
C:\WINDOWS\SYSTEM32\atiupdate5.exe -> Spyware.Adtomi.e -> Cleaned with backup
C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Spyware.VirtualBouncer.d -> Cleaned with backup
C:\WINDOWS\SYSTEM32\calsdr.dll -> TrojanDownloader.Rameh.b -> Cleaned with backup
C:\WINDOWS\SYSTEM32\calsdr.exe -> TrojanDropper.Small.ff -> Cleaned with backup
C:\WINDOWS\SYSTEM32\unimt.exe -> Spyware.Purityscan.B -> Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Renos.a -> Cleaned with backup
::Report End

RELEVANCY SCORE 200
Preferred Solution: Hijack This Log, Ewido Scan Report, need to rid spysheriff

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Hijack This Log, Ewido Scan Report, need to rid spysheriff

Read other 7 answers
RELEVANCY SCORE 86

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:45 PM 8/4/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\rainbowgirlwp.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
[464] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning.
C:\Program Files\filesubmit\rainbowgirlwp.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Brenda\Cookies\[email protected][2].txt ... Read more

A:report from ewido scan

Hi and welcome

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

Read other 2 answers
RELEVANCY SCORE 84

I ran an EWIDO scan with two ‘infected’ items found. There seems to be a ? as to whether or not these are a true problem. Therefore, I ask your advice as to what to do. I can not remove them with EWIDO, since I am using a lapsed trial version. The info from the “report” follows:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:54:49 AM, 11/10/2005
+ Report-Checksum: 5CD01CE8

+ Scan result:

C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Ignored
C:\System Volume Information\_restore{8A76E78A-6A78-49A6-A7E2-9B95E126EFAD}\RP384\A0059194.exe -> Heuristic.Win32.AVKiller : Ignored
::Report End

Thanks, {redoak}
p.s. Note the 'word' "AVKiller" at the end of each entry. Significance?
 

A:Solved: EWIDO scan report - problems?

Read other 7 answers
RELEVANCY SCORE 84

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:17:08 PM 9/9/2006

+ Scan result:

C:\WINDOWS\system32\vtutrop.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Cleaned with backup (quarantined).
[1988] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[284] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[596] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[620] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[776] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[836] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
C:\WINDOWS\system32\ldapi32.exe -> Backdoor.Dosia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntcvx32.dll -> Backdoor.Dosia : Cleaned with backup (quarantined).
[2060] C:\WINDOWS\system32\ntcvx32.dll -> Backdoor.Dosia : Error during cleaning.
[2292] C:\WINDOWS\system32\ntcvx32.dll -> Backdoor.Dosia : Error during cleaning.
C:\Documents and Settings\Danilo Ambrosio\Local... Read more

A:Ewido Anti-spyware - Scan Report

Hello pnoiboi03_ and welcome to BleepingComputer. My name is Charles and I will be helping you to clean your computer today. Click here to download HJTSetup.exeSave HJTsetup.exe to your desktop. Double click on the HJTsetup.exe icon on your desktop, and follow the installation guide to install HijackThis.Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. Post back with the log it creates.Thanks,CharlesEDIT: I see you are already being helped by somebody. Please do [b]not[/b[ start new topics, as we get confused and do not realise that somone is already helping you.

Read other 1 answers
RELEVANCY SCORE 80.4

Logfile of HijackThis v1.99.1Scan saved at 21:25:00, on 09/04/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by TiscaliR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.171.184.1:8080O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exeO4 - HKL... Read more

A:Hijack This Log And Ewido Report

Hello karo,Please download, update and run the free A2 (A squared) anti-trojan If malware is found, click the button "Remove Selected Malware".Save the log file by clicking on "Save HTML-Report". Let it delete whatever it finds. *************************************************** I know you may have anti-virus software, but sometimes its definitions are corrupted due to malware. Online scans are the best resort in this case. Run this pc through theTrend Micro Housecall Online virus scanneror Panda Scan Online virus scanner orBitDefender Free Online Virus Scan Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually.*************************************************** You ran Ewido, but did you run it in the Safe Mode? If not, then please reboot your computer in Safe Mode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Open Ewido by clicking on the Ewido iconClick on scannerClick on Complete System Scan and the scan will begin.NOTE: During some scans with ewido it is finding cases of false positives.**You will need to step through the process of cleaning files one-by-one.If ewido detects a file you KNOW to be legitimate, select none as the action.DO NOT select "Perform action on all infections"... Read more

Read other 2 answers
RELEVANCY SCORE 77.2

Help, I recently asked you for assistance on my own personal PC. My mothers PC, seems to be acting in the same manner mine was.
I have ran a PC scan in safe mode with Ewido trial version, and a new hijack log on her Dell Dimension Desktop and here are those two logs.
I appreciate this help very much.

Patiently waiting.

Scott

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:53:00 PM, 2/21/2006
+ Report-Checksum: EC30AA0D

+ Scan result:

C:\Documents and Settings\Nana\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nana\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nana\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned with backup
D:\System Volume Information\_restore{F875A298-9EAF-44F0-A099-60BA3E813C38}\RP27\A0009088.exe -> Adware.180Solutions : Cleaned with backup
D:\System Volume Information\_restore{F875A298-9EAF-44F0-A099-60BA3E813C38}\RP27\A0009089.dll -> Adware.Agent : Cleaned with backup
D:\Documents and Settings\Nana\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : Cleaned with backup
D:\Documents and Settings\Nana\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
D:\Documents and Settings\Nana\Cookies\[email protected][1].t... Read more

A:Ewido Ran, then Hijack scan now what?

Read other 6 answers
RELEVANCY SCORE 76.4

Is this Ok now?

Logfile of HijackThis v1.99.1
Scan saved at 6:56:47 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Pro... Read more

A:Hijack log and Ewido scan result

Hi and welcome.

You need to reply back to this thread instead of creating a new one. I'd merge, but the site appears to be having problems right now.

http://forums.techguy.org/security/430387-hijackthis-log-help.html
 

Read other 1 answers
RELEVANCY SCORE 75.6

Here are all the logs that were needed
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:18:47 PM, 10/11/2005
+ Report-Checksum: FF012805

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\ CLSID -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject\ CurVer -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolbarBestToolbarsToolbar.BestToolbarsToolbarObject. 1 -> Spyware.FizzleBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-79386089-878341568-3753858856-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HK... Read more

A:My Hijack this, active scan, and ewido logs

Read other 7 answers
RELEVANCY SCORE 67.6

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:11:11, on 20/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\hpq\... Read more

A:Hijack This Scan Report pls

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------StartupLite sounds like the one for you.Please download StartupLite. to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.See how you go with that.

Read other 20 answers
RELEVANCY SCORE 63.6

could not fit all reports in one post so all the ewido report is in my reply.

i am still having my original problem where my mouse moves at a hyper speed and starts right and left clicking everything it touches. but the person who helped me originally told me to post these three things so i assume the problem shoudlnt be fixed yet.
Logfile of HijackThis v1.99.1
Scan saved at 12:51:30 AM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\BelkinMonitor.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-ex
R1 - HKCU\Softw... Read more

A:hjt log, ewido scan and active scan reports

ewido report still too long... continued into next post

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:09:43 AM, 8/19/2005
+ Report-Checksum: 384EC406

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib... Read more

Read other 2 answers
RELEVANCY SCORE 62.8

Logfile of HijackThis v1.99.0Scan saved at 2:08:18 PM, on 10/12/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/search/lobby/search.aspR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.aspR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKLM\Software\... Read more

A:New Topic: Hjt Log; Ewido Report

Hi MajorWoody and Welcome to the Bleeping Computer!Please download WebRoot SpySweeper from HERE (It's a 2 week trial):Click the Free Trial link under to "SpySweeper" to download the program.Install it.Once the program is installed, it will open.It will prompt you to update to the latest definitions, click Yes.Once the definitions are installed, click Sweep Now on the left side.Click the Start button.When it's done scanning, click the Next button.Make sure everything has a check next to it, then click the Next button.It will remove all of the items found.Click Session Log in the upper right corner, copy everything in that window.Click the Summary tab and click Finish.Paste the contents of the session log you copied into your next reply.Make sure Ewido is Updated with the latest definitions!Download WinPFind: http://www.bleepingcomputer.com/files/winpfind.phpRight Click the Zip Folder and Select "Extract All"Don't use it yet!Restart in Safe ModeWith all Windows and Browsers Closed-> Scan the entire System with Ewido-> Clean all it finds and be sure to click the tab to Save a ReportFrom the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"It will scan the entire System, so please be patient!One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Ru... Read more

Read other 1 answers
RELEVANCY SCORE 62.8

EWIDO KEEPS CATCHING THE SAME TRACKING COOKIES AND IT SAYS THAT HIJACK THIS IS A PROBLEM. MY PC IS RUNNING LIKE CRAP AND MY TASK MANAGER CHANGED. WINFIX/WIN ANTI VIRUS PRO IS BACK TOO. HERE IS A COPY OF HIJACKTHIS REPORT.
Logfile of HijackThis v1.99.1
Scan saved at 8:07:22 PM, on 9/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\spool\driv... Read more

A:Help! Its Got Me Again. Hijackthis Report And Ewido

Read other 16 answers
RELEVANCY SCORE 62.8

Hey peeps, i have tried running Ewido anit-malware a couple of times and i have come to the conclusion that it is not giving me a report as normally it should, the program just shuts down after it has scanned my system.

I dont understand what is going on, it is still giving me a "status of program" at the status menu, saying it has found 57 infected objects, but does nothing after i scan. I have read a number of other forums and they all state that it should give a report but i have never had that as it closes after the scan

Anyone know what is going on?
 

Read other answers
RELEVANCY SCORE 62

I am trying to clean out my computer from the pop-ups that is has been getting. I also get a black explorer page that opens each time I reboot with the word common on the top title bar. I have already run ad-aware and ewido. I am not sure how much of my problem has been solved by these two programs. This is the hijackthis report that I ran afterwards. Can someone please let me know what else I can do to fix any possible problems on my system

Thanks,

Norma

A:Hijackthis Report, Already Ran Adaware And Ewido, What Now?

Sorry, forgot to add the report Logfile of HijackThis v1.99.1Scan saved at 9:07:25 PM, on 8/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apache Group\Apache2\bin\Apache.exeC:\Program Files\DNSexit IP Updater\dnsexit_srv.exeC:\Program Files\Apache Group\Apache2\bin\Apache.exeC:\Program Files\DNSexit IP Updater\DNSexit.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Vongo\VongoService.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\McAfee.com\Agent\McAgent.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Windows Media Connect 2\WMCCFG.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\AOL\1151360710\ee\aolsoftware.exeC:\Program Fi... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

What am I looking at with this report? With this report can I see if anybody else has access to my computer? Thanks.
 

A:Ewido anti-malware - Connection report

What are you looking for? Whay do you think someone else has access to your computer?
 

Read other 2 answers
RELEVANCY SCORE 60

when I run ewido scan it finds several problems says it cant fix them what should I do see attached logs--------------------------------------------------------- ewido security suite - Scan report--------------------------------------------------------- + Created on: 5:57:50 AM, 11/8/2005 + Report-Checksum: 26C24270 + Scan result: HKLM\SOFTWARE\PSGuard.com -> Spyware.PSGuard : Error during cleaning HKLM\SOFTWARE\PSGuard.com\PSGuard -> Spyware.PSGuard : Error during cleaning HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Spyware.PSGuard : Error during cleaning HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Spyware.PSGuard : Cleaned with backup::Report EndLogfile of HijackThis v1.99.1Scan saved at 6:00:09 AM, on 11/8/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Kerio\Personal Firewall 4\kpf4ss.ex... Read more

A:Ewido Scan

Welcome topcat43 to Bleeping Computer!Please disable SpybotSD’s protection, as it may hinder the removal of the infection. You can enable it after you're clean.Open Spybot and click on Mode and check Advanced ModeCheck yes to next window.Click on Tools in bottom left hand corner.Click on Resident icon.Uncheck Teatimer box and/or Uncheck Resident.Close Spybot.***Please disable SpywareGuard, as it will stand in the way of us cleaning up:Right click the running icon of Spywareguard, it will open the program.Then go to Menu, file, exit.Then confirm the program is closed.Reverse the process when you’ve carried out the advise.***Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later. Be sure to follow ALL instructions!Please download noahdfear's smitRem.exe?. Save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.***Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateClick on StartThe update will start and a progress bar will show the updates being installed.Once the updates are installed, close Ewido for now.*** If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.Check Here on how setup and us... Read more

Read other 5 answers
RELEVANCY SCORE 59.2

I originally posted the problem with the browser going to a different web page than the address typed. I installed Ewido & followed the instructions from the other post. The problem is that when Ewido gets to 80% complete, the computer restarts with no scan log. Any ideas?

Thanks
 

A:ewido scan shuts down

speedy333 said:

I originally posted the problem with the browser going to a different web page than the address typed. I installed Ewido & followed the instructions from the other post. The problem is that when Ewido gets to 80% complete, the computer restarts with no scan log. Any ideas?

ThanksClick to expand...
A good idea would be to post back to the same thread with the original problem.

Closing this one. I would merge it into the other one, but our merge feature is not currently working.
 

Read other 1 answers
RELEVANCY SCORE 59.2

Hi! This forum has helped me before and I'm sorry to say that I need assistance again. Computer freezes up for 10-30 seconds randomly, and McAfee VirusScan keeps getting disabled.

I already did the canned fix at the top of the forum for Smitfraud, etc. but still haven't gotten rid of it. Prior to the canned fix I ran Ewido, Microsoft AntiSpyware, Spybot, Adaware, and McAfee Virus Scan - all with the latest update.

HJT and Ewido logs:

Logfile of HijackThis v1.99.1
Scan saved at 9:02:50 PM, on 9/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Adaptec\Easy CD ... Read more

A:Help! HJT and Ewido scan included

Read other 14 answers
RELEVANCY SCORE 59.2

I have posted my HJT scan before and it was clean, but when I do an Ewido scan, even after deleting the cookies, it comes right back. Currently, system restore is turned off. Might this be the cause? Should I reboot after disinfecting an then turn it on?
Thanks for the help!

 

A:Ewido Scan: 815 cookies????

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
===============
In firefox - TOOLS - OPTIONS - PRIVACY - COOKIES - Check originating site only
 

Read other 2 answers
RELEVANCY SCORE 58.8

The Computer is getting slow suddenly, can u guys please help me to check the log if there are any problems to be fixed. thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:40:14 PM, on 7/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\system32\TpShocks... Read more

A:Hijackthis log and log from Ewido and Panda Scan

Read other 6 answers
RELEVANCY SCORE 58

anybody know why this would happen ?

first i did an ewido scan in safe mode, and then in normal mode:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:31:41 PM 9/23/2006

+ Scan result:

Nothing found.
::Report end

there was actually 3 infections though in the above scan, don't know why it said 0,

and now normal mode:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:00:45 PM 9/23/2006

+ Scan result:

:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oq7cdmrj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles... Read more

Read other answers
RELEVANCY SCORE 57.6

Hi there,

Two weeks of trying to clean this up and still going...

I first started off with RazeWare red-screen dubery-whatsit, but got rid of that using SmitFix/SmitRem. I now have Trojan Horse Downloader.Generic.HGT, Trojan Horse Clicker.FR, Downloader.Agent.Uj & Trojan.DNSChanger.ef. I have also followed basic instrcutions for cleaning PC: Ad Aware, CWShredder, Ewido, Spybot, AVG, Disk Clean-up & removed dodgy programs. ALL the tools now hang during or just after a scan. AVG details 6 infections, but I can't get a report (have to shut app down in Task Manager) and ditto for Ewido (hangs when it gets to system.ini), which found 44 infected objects and the Trojans listed above, but can't get a report or fix/heal the damn things.

Here is my HJT log(any help greatly appreciated):

Logfile of HijackThis v1.99.1
Scan saved at 22:09:16, on 18/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\sy... Read more

A:Solved: Nasty Trojans & Ewido / AVG Keep Hanging on scan

Read other 16 answers
RELEVANCY SCORE 57.6

Problem is big and it came suddenly after working very well. My machine froze after boot and didn't reboot at all. I did chkdsk which helped me to get to windows again (repaired some system32 files) but it tilts still. Everytime I run ewido it stops at that memory process. Here is my hijackthislog: I think there are more problems too

Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:58:12, on 31.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\program files\powerstrip\pstrip.exe
F:\program files\steam\steam.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Filut\Softat\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO:... Read more

A:XP help: Ewido scan tilts at Memory Process: VM_00FE0000

The only one who didn't get a reply :/
 

Read other 1 answers
RELEVANCY SCORE 56.8

hi evry time i scan for antivirus i get little to nothing but when i scan my antispyware i allways get at least 30 problems in the medium threat reange dont know what to do to help reduce the spyware on my pc

thanks in advace

sputhpark
 

A:Ewido antispyware keeps picking up more than 30 problems evry time i scan

Read other 16 answers
RELEVANCY SCORE 56.8

Problem is big and it came suddenly after working very well. My machine froze after boot and didn't reboot at all. I did chkdsk which helped me to get to windows again (repaired some system32 files) but it tilts still. Everytime I run ewido it stops at that memory process. Here is my hijackthislog: I think there are more problems too

Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:58:12, on 31.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\program files\powerstrip\pstrip.exe
F:\program files\steam\steam.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Filut\Softat\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: ... Read more

A:HJT log included. Please :( . Ewido scan tilts at Memory Process: VM_00FE0000

The only one who didn't get replied
 

Read other 1 answers
RELEVANCY SCORE 56

Hey, Cheeseball81, if you can answer this question since you helped me with the Avenger thing, should I delete the back-up files the Avenger made when I do an Ewido Anti-Spyware scan? It keeps picking it up, and I always click "No to all". Is that the correct thing to do in thsi situation? Just look at the "Malware Picked up by Ewido Anti-Spyware" thread if you don't remember helping me.
Thanks alot.
 

A:Solved: Should I delete back-up files from what the Avenger deleted during Ewido Scan

either let ewido delete them or just delete anything inside the C:\avenger folder yourself they should all be inside the backup.zip
 

Read other 1 answers
RELEVANCY SCORE 55.6

Incident Status Location

Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp.cab[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar ... Read more

A:Active Scan Report + DSS Report

hi EddyMeuh

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================


Download this file to your desktop.- Here

IMPORTANT - You must place combofix on your desktop!!

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=================

Please Run a scan with HiJackThis and save the log

=================

In your next post, please include fresh logs from: ComboFix.txt
HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Read other 19 answers
RELEVANCY SCORE 54.4

i posted a thread earlier about how my homepage got set to about:blank and someone told me to try hijack this and ewido and here are the logs. hopefully someone can help me crack this thanks

hijack log

Logfile of HijackThis v1.99.1
Scan saved at 9:50:08 PM, on 31/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yugju.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yugju.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\yugju.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\yugju.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\yugju.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet ... Read more

A:need help with hijack this log and ewido log

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{011710E1-B483-710E-97E0-2570CF3083B8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0374CA48-A799-5108-7C38-BAC7CF481D17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{03986A99-8487-BF06-A53A-7D6D4ED76483} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0F9A97E5-963E-75DB-23F4-3897CEC6B584} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12869A5D-0FF9-B9AA-8BD8-9337FB04C5C6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15213F20-4568-A265-3C5A-1F0B1F772EF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19909ED9-FBD8-EB91-C381-7E3707902938} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1A15F225-55D1-2004-F817-B224A68490B9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D533677-6478-9DBE-8A8D-E743E69BF5FD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{283AC120-8D27-BA38-11A3-539427563B6C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29F1D625-8BC0-9364-C57C-DB62035ABD50} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C874D56-A88C-3E88-B23F-99BEE8C67943} -> Spyware... Read more

Read other 3 answers
RELEVANCY SCORE 54.4

I'm sorry to have to repost but I still need help. I was told to download ewido and repost both logs. Can someone please help? I'm desperate. I still have many issues.

Thanks
Linda

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:34:30 PM, 7/13/2005
+ Report-Checksum: 403BF431

+ Scan result:

HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\5wq61aSkXbLO -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\AutoLoader\5wqG1aSkXbLO -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\dealhelper -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\dealhelper\KeyWord -> Spyware... Read more

A:hijack log and ewido log

Read other 6 answers
RELEVANCY SCORE 54

Cleaning up another machine. I did alot of previous steps to rid myself of Nail.exe and the like. Regardless I am not anywhere near fixing this machine in its entirety So below is the ewido and hijack log files. Please read over so I can clean up this machine RIGHT!!!
Ewido Log File:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:42:48 AM, 7/6/2005
+ Report-Checksum: D78F40FB

+ Scan result:

:mozilla.14:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Donna Maisto\Application Data\Mozilla\Firefox\Profiles\uux27s3a.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Donna Maisto\Local Settings\Temp\asfjkk32.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Donna Maisto\Local Settings\Temp\Cookies\donna [email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Docume... Read more

A:Hijack and Ewido Log files

Read other 9 answers
RELEVANCY SCORE 54

IVE COPIED AND PASTED THIS INFO FROM MY PREVIOUS POST. IVE RUN EWIDO SCAN IN SAFE MODE AS INSTRUCTED. PLEASE SEE NEW HIJACK/EWIDO LOG, SCROLL TO BOTTOM OF PAGE.
THANKS.X

#1 18-May-2006 08:55 AM - Hijack This Log- Pls Have A Look!
cherrybelle

Member Posts: 35
Join Date: Aug 2005

Please save me from losing my mind. I've had so many problems with my pc- check this log and tell me what to do.
MANY many thanks.x

Logfile of HijackThis v1.99.1
Scan saved at 14:53:57, on 18/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C... Read more

A:See Hijack/Ewido Log At Bottom!!!

Please stick to your original thread:

http://forums.techguy.org/security/468255-solved-hijack-log-pls-have.html

This thread is closed.
 

Read other 1 answers
RELEVANCY SCORE 54

hi to all the great techies,

i'm having a few problems with my pc so i created this hijackthis report...............

Logfile of HijackThis v1.99.1
Scan saved at 9:26:07 PM, on 7/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.highstream.net/members/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.highstream.net/members/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,... Read more

A:hijack this and ewido log files

the computer is a compaq from 2004, about a 2.0 GHz processor,
 

Read other 1 answers
RELEVANCY SCORE 54

I asked for help awhile back for my daughters' computer, and some told me instructions to help me to fix it. I did as I was told and now I'm putting the resualts of Ewido and Hijacked it again.

Could someone read it and tell me the what it means.
thx
 

A:Ewido and Hijack This resaults

You need to post the logs on your original thread and not start a new thread.

There's no logs here anyway to view.

--------------------------------------------------------------------------------------
 

Read other 3 answers
RELEVANCY SCORE 54

help i think ive got a virus, ive got a super slow computer, and my internet spams me with new page popups telling me i need to get a reigstry scan. here is my hijack this log, ive tried ewido micro scanner, i have nod 32 as a home virus protection, and i have also ran spybot search and destroy. any help would be greatly apreciated Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:38:26 PM, on 12/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Eset\nod32kui.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files ... Read more

A:help, slow computer, new browser page popups spam me while im in IE. Ive trie ewido micro scan, i have nod 32, and spybot searc...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

Hi,I need help.I tried everything and still have things popin up on my task bar like my microsoft icon reproducing itself and a scrolling advertising banner comming down from the top of the screen. As well as other unsual activity on my computer. I hope we can get to the root of this problem.Thank youThis is my log file. Logfile of HijackThis v1.99.1Scan saved at 9:13:02 PM, on 1/7/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\system32\PV92Tray.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exeC:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exeC:\Program Fi... Read more

A:Spysheriff Hijack

Follow the instructions in this topic: How To Remove The Smitfraud / Psguard / VirtualmaidThen reboot and post a new log. If you have previously used SmitRem, please delete the folder from your computer and download it again using the instruction above as the program was updated yesterday.Follow the instructions in this topic: How To Remove The Smitfraud / Psguard / VirtualmaidThen reboot and post a new log. If you have previously used SmitRem, please delete the folder from your computer and download it again using the instruction above as the program was updated yesterday.

Read other 3 answers
RELEVANCY SCORE 52.8

Logfile of HijackThis v1.99.1Scan saved at 9:32:33 PM, on 1/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\R2FiYnk\command.exeC:\Program Files\Compaq\Compaq Management Agents\cpqalert.exeC:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exeC:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exeC:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exeC:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Support.com\bin\tgcmd.exeC:\WINDOWS\system32\paytime.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\windows\banmanpro.exeC:\WINDOWS\system32\paytime.exeC:\WINDOWS\system32\sywsvcs.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Hijack this\HijackThis.exeC:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXER1 - HK... Read more

A:Help With Hijack Log (spysheriff)

Please go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Read other 3 answers
RELEVANCY SCORE 52.8

Can someone please help me get rid of this thing? I allready ran adaware and before i do anything foolish here's my hijackthis-log:

ogfile of HijackThis v1.99.1
Scan saved at 23:30:08, on 3-8-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\msmsgrxp.exe
C:\WINDOWS\tool2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\EP\Application Data\maeo.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\System32\newdial.exe
C:\WINDOWS\System32\newdial.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\newdial.exe
C:\WINDOWS\System32\newdial.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Pr... Read more

A:My Hijack-log (Spysheriff)

Read other 8 answers
RELEVANCY SCORE 52.8

Hey guys. I ran a few fixes but still having issues on my pc with popups and a blue error message that seems to be apart of my wallpaer ... I canot get rid of either one. so here is my log files Hoping that someone will be able to help

the error reads as followed: system error.. a fatal IE error has occured in vxd vmm .. The error has been caused by trojan-Spy. HTML.smithfraud.cc

LOG FILES:
Logfile of HijackThis v1.99.1
Scan saved at 2:04:21 PM, on 6/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ewi... Read more

A:Solved: Hijack Log and ewido Log Need Pair of EYES

Read other 9 answers
RELEVANCY SCORE 52.8

ok, I'm working on a friends computer that got the stupid AIM virus that keeps popping up a browser pointing to http://210.112.166.7/f1re.html.

I've updated and run ad-aware, spybot S&D, Microsoft Spyware, rebooted in safe mode and updated/run Ewido. I told Ewido to clean the infected files it found.

While in safe mode, I also did the following:
- Deleted the contents of the c:\windows\temp folder.
- Start, Run, %temp% and deleted everything
- Emptied recycle bin
- Deleted Temporary Internet files and offline contenet
- Reset web settings in internet options/programs

I'm still in safe mode and am posting the logs from Hijack and Ewido below. Please help. Thanks!

-----------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:51:17 AM, on 9/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Caroline\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qualitycomputersys.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.quali... Read more

A:Solved: AIM Virus-Hijack This & Ewido Log included

Read other 16 answers
RELEVANCY SCORE 52.8

I've been reading the forums and following along.. Here are the log files. Any help would be very much appreciated as I am at the end of my rope on this one.. Thanks in advance!!
Logfile of HijackThis v1.99.1
Scan saved at 3:05:50 AM, on 4/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program ... Read more

A:Sysprotect PopUps - Here are the Hijack This and Ewido Files

Read other 16 answers
RELEVANCY SCORE 52.4

SpySheriff hikacked my desktop. I uninstalled it.

Logfile of HijackThis v1.99.1
Scan saved at 4:51:41 PM, on 06/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.exe
C:\Program Files\Archive\archive.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program F... Read more

A:SpySheriff Desktop Hijack

Bump for HJT log expert.
 

Read other 1 answers
RELEVANCY SCORE 52.4

Hi!

First time on TSF. I'm one of those affected by the spysheriff browser hijacking that locks the desktop with a "SYSTEM STOPPED" notification.

I've tried using tips from other support forums yet I'm still unable to purge my system from this unwanted menace.

Please Help!!

So far I've tried using Ad-aware 1.06SE, Spybot and NoAdware both in regular and safe modes.

Here's my HJT Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:46:06 PM, on 13/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BELLSY~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Daily Weather Fo... Read more

A:Browser Hijack - spysheriff

Hi Montag and welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Uninstall the following via the Add/Remove Panel (Start->(Settings)-&g... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

Here is my hijack log I have run cw shredder and spybot. Can anyone help with this I have the spysherriff warning on my desktop and cannot remove it.

Logfile of HijackThis v1.99.1
Scan saved at 4:59:58 PM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\ADELPH~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\PROGRA~1\HPINST~1\Pavilion... Read more

A:spysheriff removal, here is my hijack log Please HELP??

blackford4x4, you seem to have lost your way....please try to stay in one thread....I have put up a fix for you here:

http://www.techsupportforum.com/showthread.php?t=58101

Please abandon this thread, and only reply in the thread with the above link. Reply here to let us know you have seen and understood. Also please bookmark or subscribe to the above thread, using the Thread Tools drop down menu on that page.

Thank you.

Read other 1 answers
RELEVANCY SCORE 51.6

Hey guys,
Again I am having some problems with this computer. Spybot S&D will not update. And it keeps finding the file "windows.activedesktop." I tell spybot to remove the file but it comes back the next time I do a scan. Toady add-a-ware found SpySheriff. I checked the box for add-a-ware to remove it as well. And the I had trend micro scan find more spyware. So I am not sure if all of this is related.....this computer is in my office at my work and is only used for quickbooks and some internet browsing. Let me know if there is any thing in the log that needs repair and how to do so. Thank you guys very much...

Logfile of HijackThis v1.99.1
Scan saved at 2:21:45 PM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSA... Read more

A:Solved: Spysheriff and other problems....Hijack This Log

Read other 11 answers
RELEVANCY SCORE 51.2

Hi,

I downloaded a bunch of spy/malware finding software: AVG Free Edition, Ewido anti-spyware, and Trojan Hunter to help me get rid of a virus i mistaken downloaded and found i had a few other things wrong. I dont think its helping though, everything is getting slower.

I have Hi-Jack this, spy-hunter, and Ad-Aware SE. And keep them all updated. So it would be great if someone could give a clue as to what to do now.

As a side note my programs, espically internet explorer, have started closing down when it wants to.

AVG has detected the follow on my system, but it says its archived and it can't get rid of them.

C:\Documents and Settings\Me\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\classloads.jar-2fa9f21f-5c7d50f3.zip:\GetAccess.class

- Torjan Horse Java\ClassLoader

C:\Documents and Settings\Me\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\classloads.jar-2fa9f21f-5c7d50f3.zip:\InsecureClassLoader.class

- Java Indetified/ByteVerify

C:\Documents and Settings\Me\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\classloads.jar-2fa9f21f-5c7d50f3.zip:\Installer.class

- Java Indetified/ByteVerify

C:\Documents and Settings\Me\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\classloads.jar-2fa9f21f-5c7d50f3.zip

- Torjan Horse Java\ClassLoader
This is the Ediwo Scan Report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: ... Read more

A:2 Virus's, 2 torjans and a messed up system. Hijack, Ewido, and AVG logs included

Read other 16 answers
RELEVANCY SCORE 50.4

Hi i'm new to computers can someone please tell me what these scan results mean

Thank you

A:Scan report Help

Welcome to PCHF
Can you tell us what program you used to make this report? Also are you having any issues with your computer?

Read other 5 answers