Tech Problem Aggregator

# Solved: trojan - downloader- ruin and secdro.. iie explorer still acting funny

Q: Solved: trojan - downloader- ruin and secdro.. iie explorer still acting funny

I got 2 trojans past few days and though used spysweeper to remove them my internet explorer is still redircting me to pages i dont want instead of where the links should take me. i have a log from hijack this. please help me get internet explorer working properly again.

Logfile of HijackThis v1.99.1
Scan saved at 3:00:45 PM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Jaroby\LOCALS~1\Temp\Rar$EX00.156\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131175569097 O17 - HKLM\System\CCS\Services\Tcpip\..\{4D12E072-2F3A-4909-98DE-737E985E2DE7}: NameServer = 85.255.116.28,85.255.112.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{62E3CE8E-6466-4F0D-A429-A79328E931FE}: NameServer = 85.255.116.28,85.255.112.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{69F0AB3F-1050-4F2D-A691-B691DC7FBAD6}: NameServer = 85.255.116.28,85.255.112.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{AE2F251D-FAEF-47D4-B246-CEEE3822F15C}: NameServer = 85.255.116.28,85.255.112.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{D25D99B3-898C-4CE3-BB1F-6A78D8F67CAF}: NameServer = 85.255.116.28,85.255.112.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{D657F834-B0AC-4AAD-8312-97985B8FB80A}: NameServer = 85.255.116.28,85.255.112.124 O17 - HKLM\System\CCS\Services\Tcpip\..\{FDC1A67C-5DDC-4FD4-A6A7-C8A72B85F8D6}: NameServer = 85.255.116.28,85.255.112.124 O17 - HKLM\System\CS1\Services\Tcpip\..\{4D12E072-2F3A-4909-98DE-737E985E2DE7}: NameServer = 85.255.116.28,85.255.112.124 O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe A: Solved: trojan - downloader- ruin and secdro.. iie explorer still acting funny 9 more replies Answer Match 96.18% im having a lot of trouble with this trojan. here is my HJT log. Logfile of HijackThis v1.99.1 Scan saved at 9:05:45 PM, on 12/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe C:\Program Files\AIM\aim.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.e... Read more A:Solved: trojan-downloader-ruin 10 more replies Answer Match 96.18% Having some trouble with a trojan, I run Spysweeper and it just comes back, and it seems like My firewall settings have been changed so that I have limited Internet Access. I have Norton Internet Security 2005. Here's the HijackThis report Logfile of HijackThis v1.99.1 Scan saved at 7:59:35 PM, on 8/21/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\zHotkey.exe C:\... Read more A:Solved: Trojan Downloader-Ruin 10 more replies Answer Match 93.24% Hi, can anyone help.My computer was infected with a trojan-downloader-ruin virus which was picked up by Webroot Spy Sweeper and repaired.Ever since the computer has been running slowly.Starting the computer up takes ages ,internet explorer takes ages to open and so do web pages.Can anyone help ,have run the computer in safe mode and run the clean up 4.0 program but this didnt help. Can anyone help many thanx. Marmid............ Logfile of HijackThis v1.99.1 Scan saved at 23:06:31, on 25/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\... Read more A:Solved: computer slow after trojan-downloader-ruin virus YOu are already being helped here - do not post twice for the same prob http://forums.techguy.org/security/437248-computer-slow-after-trojan-downloader-ruin-virus.html 2 more replies Answer Match 93.24% I am having problems removing Trojan-Downloader-Ruin and Trojan-Relayer-Nextpart. These are both being alternatively identified by my SpySweeper runs, and I delete them when found, but they re-instantiate themselves and I can't find the source. Please note that I had an AIM virus a few weeks ago, and thought I had removed it via AimFix and ComboFix runs (maybe not?). Any help would be greatly appreciated! Here is my latest Hijack This! log file: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 9:24:52 AM, on 7/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\SYSTEM32\bgsvcgen.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\WINDOWS\AppPatch\mdm.exe C:\Program Files\Common Files\McAfee\Ha... Read more A:Solved: Trojan Downloader Ruin removal problem - HJT log posted 10 more replies Answer Match 88.2% The problem I'm having seems to be isolated to explorer.exe, that is that when I start the computer, not everything that is supposed to start does. For instance, the small, two monitor icon that denotes connectivity in the bottom right of the screen does not come up, and until this happens (and nothing in particular seems to cause it to happen, but rather it's suddenly "wakes up" at random) there are a number of things I cannot do: I can't use the start menu, for instance. I can't right click on anything or else Explorer locks up. Again, no specific sequence seems to be the cause of the computer snapping out of it, sometimes it doesn't do it at all. In safe mode, this problem typically does not occur, but in order to troubleshoot the possible cause I have had to go into regular mode in order to uninstall some recently installed programs. However, I have uninstalled everything I can think of that I have installed lately, and still every time I start the computer, I have this problem at least for several minutes while I perform this task or other trying to get Explorer to activate properly. I have conducted CHKDSK, ScanDisk, a full virus, spyware, ad aware sweep, to include using Windows washer to get rid of all temporary files. I have used tuneup to clean up as well as defrag the registry. I have no unnecessary or on the identified programs starting at startup (which I checked using MS config). Short of reinstalling Windows (which I would li... Read more A:Solved: Explorer acting funny at startup theseus I don't have a specific solution for you, but I can point you in the right direction. About a year and a half ago I had the same problem. I ran spyware and virus checks, defragged, and ran scandisk....but still had the problems. I remember having to download a program called HiJackThis which ran a scan of my pc and what processes were running as my pc booted up. I then posted the scan results on a forum and some techs told me what to do. The problem was some background activex controls running through IE. I hope this at least gets you started. 3 more replies Answer Match 87.36% I got two different names for a trojan yesterday and today, and after completely running your ?5 steps before posting a log? I am finding no trojan at all! I know this sounds like a good thing, but I'd like some explanation if possible. I am running WIndows XP Home. Yesterday WebRoot SpySweeper found trojan-backdoor-progdav, which I eliminated on 2-17-07 by using TetonBob?s excellent instructions. Today I re-used those instructions, but the target files were not found, so I ran SpySweeper again ? and this time it found a different problem: trojan-downloader-ruin. So I used POADB?s instructions (provided to jack5000 on 4-25-06) for removing trojan-downloader-ruin: downloaed CleanUp!, Ewido with updated database, and FixWareout; ran FixWareout online; then ran HiJackThis offline in safe mode. HJT didn?t list any of the items that jack5000 was told to delete. The file to manually delete (C:\WINDOWS\\System32\dmeue.exe) also was NOT present. Then I ran my first Panda scan. Finding none of the target files, I went to TechSupportForum?s ?5 steps before posting a log? (now realize I should?ve done first.) Took ages, but the only things found were 1 malware program (Viewpoint Media Player, which I removed in Step 1), & 7 tracking cookies (which I quarantined using Ad-Aware SE in Step 2). In Step 4 no service packs were missing ? only upgraded IE (which I never use ? I?m a Firefox user) to IE 7. After all of this, I decided to run SpySweeper again, and thi... Read more A:Trojan change from trojan-backdoor-progdav to trojan-downloader-ruin, no target files Welcome organicbarb Are there any current spyware symtoms ? Your logs look fine You can delete C:\install.dat C:\dnsbak.reg C:\fixwareout fixwareout.exe and combofix,exe You should update java, afterwards this old version should be uninstalled. J2SE Runtime Environment 5.0 Update 2 1 more replies Answer Match 86.52% I have tried countless spy ware removal programs and tools, but after rebooting, SpySweeper and/or Ewido continue to find a trojan horse that is call "trojan-downloader-ruin". I read a previous thread in which cheeseball81 assisted someone else with this problem. The solution involved running HighJack This and fixing several O17 entries. I had similar entries on the HJT log and fixed the similar O17 entries. The following is the latest HJT log. I greatly appreciate any help that may be given. Logfile of HijackThis v1.99.1 Scan saved at 10:56:12 PM, on 10/4/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\windows\System32\smss.exe C:\windows\system32\csrss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\windows\System32\svchost.exe C:\Program Files... Read more A:Need Help with Trojan-Downloader-Ruin 16 more replies Answer Match 86.52% Hi, i seem to have picked up the Trojan-downloader-ruin virus. I have numerous scanners that find it, but not remove it. (ewido, avg, webroot) If i search for something on google or click on links, i'm redirected to other sites. Id be grateful for some help. i'm running win xp pro...heres my hijack this log, thanx... Logfile of HijackThis v1.99.1 Scan saved at 1948, on 25/04/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\E-mu Systems\E-mu APS Control Panel\Sscene.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Navigator Mouse\moffice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Navigator Mouse\MOUSE32A.DAT C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs... Read more A:Trojan-downloader-ruin Welcome to TSF Please subscribe to this thread to be notified of fixes as soon as they are posted by our Team. To do this, please click the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread". Before you begin, take a read through these instructions and download the programs that I've advised. Save the below instructions in notepad or wordpad, because you also have to work in safe mode without networking support, so this page wouldn't be available then. You should not have any browsers open during the cleaning process unless otherwise prompted. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are carrying out the procedures below. Please allow yourself a few spare hours. Below are instructions for a virus scan(s) that can take longer then 2 hours. It is also important you don't miss a step and perform everything in the right order!! . ********************************DOWNLOADS******************************** Please download these additional files/programs. Do not run them unless instructed to do so. Unless otherwise stated, they should be stored in the same directory as the HiJackThis program. Please download CleanUp! and install it. Do not run it yet! Download Ewido Security Suite - Install & Update it's database but do not run it yet. Please download FixWareout from one of these sites:http... Read more 12 more replies Answer Match 86.52% Got a trojan that won't go away. Here's my HJT log. Please help. Logfile of HijackThis v1.99.0 Scan saved at 9:05:10 AM, on 4/14/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Multimedia Card Reader\shwicon2k.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WinAce\WinAce.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe R1 - HKCU\Software\Mic... Read more A:trojan downloader ruin Hi, Welcome to TSG!! You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items (if they appear): R3 - URLSearchHook: (no name) - {48837813-02B4-377D-088F-45B4DF12A64A} - media64.dll (file missing) O2 - BHO: (no name) - {4EDA5007-2DB0-433C-A3F5-DC7B2530E49A} - C:\WINDOWS\system32\mspq.dll (file missing) O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\DLP.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{0601CB66-5DD8-4281-A59C-7E27DDB6F065}: NameServer = 85.255.113.107,85.255.112.121 O17 - HKLM\System\CCS\Services\Tcpip\..\{57832EE8-F604-4A53-8DE0-B7C949BCCFEA}: NameServer = 85.255.113.107,85.255.112.121 O17 - HKLM\System\CCS\Services\Tcpip\..\{69D3D28B-286D-4FE4-B49A-51D4A22F7A18}: NameServer = 85.255.113.107,85.255.112.121 O17 - HKLM\System\CS2\Services\Tcpip\..\{0237D679-3839-4B5B-A7B3-F012C2239864}: NameServer = 85.255.113.107... Read more 1 more replies Answer Match 86.52% Hey guys, just wanted to say thanks in advance since you've solved a couple problems for me before.Today on startup, I noticed a weird file that TheCleaner said made some changes to my startup files. The file name was just numbers, it was 49674074977093.exe. I manually deleted the file, and found no traces of it using Ewido, Spy Sweeper, or Mcafee. Spy Sweeper, did however, find two Trojans, adeog and downloader.ruin, which it quarantined and deleted.Now, using Startup Inspector, I've noticed two files that were previously not there, C://WINDOWS\System32\dmcsg.exe, and C://WINDOWS/System32/dmwiu.exe. Also, my computer is running slower than hell. Using Task Manager, many of the running files are taking up a lot of memory. I ran HiJack This, but nothing out of the ordinary came up. Any clues as to what this could be? Is it just spyware? Thanks for any help....EDIT: Now SpySweeper has found Trojan.downloader.ruin again. It keeps re-establishing itself.Here's my HiJackThis log...Logfile of HijackThis v1.99.1Scan saved at 9:24:24 PM, on 11/16/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:&... Read more A:Trojan-downloader-ruin I've also downloaded and run FixWareout.exe. Here's the report... Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM "dmcsg.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. ????? Searching by size/names... ????? Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\DMCSG.EXE 60,510 2002-08-29 Other suspects. Directory of C:\WINDOWS\system32 {4649D938-AEEA-437C-987E-DE0B8796BE87}.exe {3C083DDF-DEF2-43AB-9893-E21E258B2FF5}.exe {7168966C-97B2-4F08-A4F3-52A6BD5A74FB}.exe {EF8FD7D4-5DE6-4B24-8F3C-1ED0A73E874A}.exe {D65E5E25-3D70-466B-B4D7-D06639A3C7DF}.exe {527D4B4F-CA8E-4175-A622-796E5050A4AB}.exe ????? Misc files. ????? Checking for older varients covered by the Rem3 tool. 14 more replies Answer Match 86.52% When i search using google and then click link, i am redirected to another page. if i use the "back" button it doesn't work unless i scroll down three lines to the original target. If i go back and click the link three times it will take me to my target. every time i use webroot spysweeper it finds "Trojan-downlader-ruin" even though i have quarantined it many times. I have also used trend-micro antivirus, however it never finds a problem. help would be great thanks. Deckard's System Scanner v20071014.68 Run by NORTHRUP on 2008-04-07 15:23:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 18: 2008-04-07 19:07:27 UTC - RP188 - Windows Update 17: 2008-04-07 01:18:07 UTC - RP187 - Windows Update 16: 2008-04-06 02:24:08 UTC - RP186 - Windows Update 15: 2008-04-05 21:26:00 UTC - RP185 - Removed SnagIt 8 14: 2008-04-04 14:27:43 UTC - RP184 - Removed Adobe Reader 8.1.2 -- First Restore Point -- 1: 2008-03-07 11:28:08 UTC - RP171 - Windows Update Backed up registry hives. Performed disk cleanup. -- HijackThis (run as NORTHRUP.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:24:39 PM, on 4/7/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\t... Read more A:trojan-downloader-ruin bump bump 10 more replies Answer Match 86.52% Seems like I picked up this little nasty. My Norton does not see it but Spy Sweeper does. When I try to delete it, it just comes back. How the heck do get rid of this? Thanks for looking. \ James A:Trojan-downloader-ruin 16 more replies Answer Match 85.26% With help from you guys over the weekend I was able to get rid of Juan (Vundo ?) but now have spy sweeper reports: Trojan-downloader-ruin detected. I have checked the forums and found several that I've looked into. One from Seaz with MFDnNC helping him/her out. I did not see any of the entries in my HJT log. I downloaded and ran Fixwareout.exe. I am attaching the contents of the report and my HJT log. I've noticed all day that my T43 laptop has been sluggish going over the internet. You will see from my HJT log that I have several different Anti-Spyware software loaded (probably too much) to include AVG, XoftSpySE, and Spy Sweeper. I've checked my network properties for TCP/IP and DHCP is checked. IPCONFIG /ALL shows a valid IP address from my router and DNS entries are what I expected. I have one unsolicited pop-up that seems to occasionally show up when I open my browser- > Ultimate Fixer 2007. I am running another scan with Spy Sweeper now. Please look at the report and HJT log and see if you see anything I need to address. I will update you if SSweeper shows up with anything. Thanks HogWild A:Rid of Vundo now Trojan-downloader-ruin I'm happy to report that the latest scan results using Spy Sweeper showed up clean. I would like to ask one of the monitors to look through the two files attached earlier just to make sure nothing is missed. Thanks for you assistance and I will check back tomorrow morning for any posts. Meanwhile I will turn off System Restore and shutdown. Look like Vundo is keeping you guys busy. Hope everyone has as good as luck or better removing it as I did - with your help of course! Thanks HogWild 3 more replies Answer Match 85.26% I'm fixing a computer for a friend and she has a trojan by the looks of it. Any help would be appreciated. Here's her HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 3:57:28 PM, on 18/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\stsystra.exe C:\Prog... Read more A:Trojan-Downloader-Ruin Removal Hiya Are you still having this problem? If so, can you do the following: Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update... Read more 3 more replies Answer Match 84.42% Hi, my search results on Yahoo or Google are repeatedly redirected to alternate websites when I click on them. I have went through all 9 steps in the preparation guide topic on this forum, but the issue remains. Below is the results of recommended software scans and HJT log. I greatly appreciate any help you can provide to remove this bug. Thanks in advance to all.Scan with Ad-Aware finds no issues.Scan with Spy Sweeper finds Trojan-Downloader-Ruin. Spy Sweeper says it quarantines the threat, but the bug reappears after reboot and rescan.Scan with Spybot finds Zlob.DNSChanger. Spybot says it removes this threat, but the issue reappears after reboot and rescan.Scan with McAfee Antivirus finds no issues.Scan with McAfee Stinger finds no issues.HJT scan log follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:26:36 PM, on 12/17/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16575)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\McAfee\MPS\mpsevh.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Windows\System32\rundll32.exeC:\Program ... Read more A:Trojan-downloader-ruin / Zlob.dnschanger Welcome to the BleepingComputer HijackThis Logs and Analysis forum cmeadorMy name is Richie and i'll be helping you to fix your problems.Please disable Spybot S&D?s protection,or it will interfere.You can enable it after you're clean.Open Spybot and click on 'Mode' and check 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Click the 'Allow Change' box.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Restart the computer.If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:http://www.russelltexas.com/malware/teatimer.htmPlease disable SpySweeper,or it will interfere.You can enable it after you're clean.* Open Spy Sweeper and click on Options > Program Options and uncheck "load at windows startup".* On the left click "shields" and then uncheck everything there.* Uncheck "home page shield".* Uncheck "automatically restore default without notification".* Exit the program.* (When we are done, you can re-enable it using the same steps but this time reverse them.)Please download OTMoveIt by OldTimer,save it to your desktop:http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exePlease double-click OTMoveIt.exe to run it.Copy the file paths below to the clipboard by highlighting ALL of them ... Read more 9 more replies Answer Match 84.42% Somehow my husband has downloaded something on my laptop that I cannot get rid of. On Webroot it comes up as Trojan-Downloader-Ruin and the info underneath it says JHKU\S-1-5-21-3453069361-4141592110-2220185813-1000\software\microsoft\windows\currentversion\_r\. Any help that anyone could give in getting rid of this would be very much appreciated A:Trojan-Downloader-Ruin cannot get rid of even with Webroot Spy Sweeper HELP!!!!!!!!!! Please go HERE and carry out the instructions that are posted.Thankyou.. 1 more replies Answer Match 83.58% Hi, can anyone help.My computer was infected with a trojan-downloader-ruin virus which was picked up by Webroot Spy Sweeper and repaired.Ever since the computer has been running slowly.Starting the computer up takes ages ,internet explorer takes ages to open and so do web pages.Can anyone help ,have run the computer in safe mode and run the clean up 4.0 program but this didnt help. Can anyone help many thanx. Marmid............ Logfile of HijackThis v1.99.1 Scan saved at 23:06:31, on 25/01/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\... Read more A:computer slow after trojan-downloader-ruin virus 11 more replies Answer Match 82.74% Thank you for your help!! I have gotten the trojan-downloader-ruin virus and I need some help removing it. I searched the forum and it appears that someone that has knowledge needs to read the hijackthis log to determine how to remove the virus. So I went ahead and downloaded the hijackthis program and here is the log: Logfile of HijackThis v1.99.1 Scan saved at 9:06:38 AM, on 4/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\SetPoint\LBTWiz.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Hewlett-Pa... Read more A:Help removing trojan-downloader-ruin - hijackthis log file posted Thanks I did what you said but the trendmicro did not find the trojan. I have given up and I called someone to come out and take care of the computer. I really appreciate your advice. Thanks again 2 more replies Answer Match 79.38% Recently my Explorer has been acting up, not all pictures loading, click on a page and it won't load but then hit refresh and it works, plus my Java won't work either. The porgram NoAdware has found a keylogger called Second Sight and the program won't delete it, any tips? Could someone please take a look at my log and help me out. Thanks in advance. Wendy Logfile of HijackThis v1.99.1 Scan saved at 7:31:02 PM, on 14/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.exe C:\PROGRA~1\PARENT~1\ParentalFilter.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\FILTER~1\filtergate.exe C:\Program Files\NoAdware3\NoAdware3.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\... Read more A:Explorer acting funny... 16 more replies Answer Match 78.54% Internet Explorer has been acting funny. When I enter text, it is delayed. My HiJackThis log is attached, A:Internet Explorer Acting Funny HiThere's no malware showing in your log ...Just this entry :-O4 - HKCU\..\Run: [?????????] ??????????????eDid you obscure it before posting it, or is that exactly how it normaly shows in hijackthis ?If it is, then I want you to remove it ... Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-O4 - HKCU\..\Run: [?????????] ??????????????eWhat you are describing sounds like a lack of resources or possibly a memory leak ...You have a lot of programs running at startup to begin with, so if you run too many more programs you will eventualy run out of resources, does this only happen when you have a lot of programs running ?Please Download CCleaner from :-http://www.filehippo.com/download_ccleaner/ (click the download tab)During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.doubleclick the ccsetup.exe file and install the program...After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours" Make sure the "windows" tab is selectedUnder "internet explorer" tick...Temporary internet filesCookies* > see Note belowHistoryRecently typed URL's (leave this unticked if you DON'T want to clear the drop do... Read more 3 more replies Answer Match 78.54% I need to open a new window three different times, and if i need to click links or anything, it freezes a lot. tried windows updates, but there's nothing there that needs to be updated. help!~Dani(Moderator edit: moved thread to more appropriate forum. jgweed) A:Internet Explorer Acting Funny Make sure you are Spyware & Malware clean.See if this will solve the problem.See this article:Taking out the trashSee this article:The Parasite FightShow all Files & Foldershttp://www.bleepingcomputer.com/forums/ind...showtutorial=62Try these free tools.Trendmicro (free virus scan only)http://housecall.trendmicro.com/These cleaning programs may produce better results if run in Safe Mode.Ewido (free Trojan Scan)http://www.ewido.net/en/download/Adware SE (update after installing)http://www.lavasoftusa.com/software/adaware/Spybot S&D (update after installing)http://www.download.com/Spybot-Search-Dest...4-10122137.htmlAfter doing this and the problems are not better feel free to post a HJT log.Be sure to read the How to submit a HJT Log and submit it to the appropriate forum. HJT Forum links provided below.How to submit a Hijackthis Loghttp://www.bleepingcomputer.com/forums/How...s_Log-t956.htmlHJT Forumhttp://www.bleepingcomputer.com/forums/Hij...alysis-f22.html 2 more replies Answer Match 78.54% Ok, I posted a question a few months how I had to click the back button 3 times instead of one time in order for my browser to go back just one page, and that is still happening. Now on every website, the advertisments, not the popups, but the advertisments that appear on the page itself, say "Page Cannot be displayed" where the ads are suppose to be, on everyone, I have a feeling these two things are connected. One thing is, if I reinstall IE will I still have my built in IE popup blocker that came with IE when I purchased this PC? The PC is only like 4 months old and i actually enjoy the popup blocker thats built right in with IE. Thanks for any help! A:Internet Explorer Acting Funny... Here is a picture to make things easier... 1 more replies Answer Match 78.54% my dad's computer's internet explorer is acting funny, I'm quite certain he has some sort of virus, it is hard for me to determine exactly what is going on as he is in another city and i can't see the computer right in front of me when he starts IE he gets a website restore error there is a pop up message that comes up every 10 secs or so that says "This tab has been recovered. A problem with this webpage has caused internet explorer to close and reopen the tab" here is the hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at PM 07:24:48, on 2011/3/8 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe C:\WINDOWS\system32\lxdncoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C... Read more More replies Answer Match 78.54% Hello, I have been advised by GeekGirl to post my hijackthis log in here .... could you advise me if you think i have some dodgy results in my hjt log. cheers. here is the log :- Logfile of HijackThis v1.99.1 Scan saved at 20:47:04, on 24/05/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\PROGRAM FILES\ICRAPLUS\ICRAPLUS\ICRAPLUS.EXE C:\PROGRAM FILES\ICRAPLUS\ICRAPLUS\INTERNETPROXY.EXE C:\WINDOWS\SYSTEM\WYNQOB.EXE C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE C:\PROGRAM FILES\SAGEM\SAGEM [email protected] 800-840\DSLMON.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\CALC.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explo... Read more A:Internet explorer acting funny Hello, and welcome to TSF! Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked. For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep). =============== The version of Internet Explorer your currently using is out of date, and should be upgraded to the newest version as soon as possible. =============== Download, unzip to your desktop CWShredder and run it, then: 1. Click "Check For Update" (If an update isn't available, skip to s... Read more 19 more replies Answer Match 77.7% IF THE HJT LOG LOOKS FINE... PLZ POST THAT.. Explorer.exe has restarted itself two times today... and the computers ive seen that happen to always have viruese and what not.. could someone look at my HJT log and see if anything is wrong with it? i dont think so myself, but eh.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:35:41 PM, on 2/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Pr... Read more A:Explorer.exe restarting... compy acting funny.. help plz? Nothing too serious showing in the log. Go to Control Panel - Add/Remove programs and remove and of these you find there: Viewpoint Viewpoint Manager Viewpoint Media Player MyWebSearch FunWebProducts Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked. O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZKxdm021YYUS Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "Configuration and Preferences", click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan&quo... Read more 1 more replies Answer Match 72.66% Hello My PC is a AMD 1.2 with 1 gig ram and a 80 gig western digital harddrive running Windows XP SP2 Pro. My old hard drive died the other day so I implemented my sneacky plan of switching to my back up hardrive. However all dod not go as planned since the move of all the programs seems to have failed, sigh, SO I fix that by dumping all the programs and starting a new. However by yesterday it appeared that I have something on the computer I am running Lava and Avg and Lava said that I had a Worm. This morning I spent the last four hours trying to run lava and avg but no dice. I then came on here and read the sticky and have downloaded a bunch of stuff, hijack and spywareblocker (i think). I will enter the HIjack log in next post> Cheers Z A:Solved: PC acting funny not ha ha Logfile of HijackThis v1.99.1 Scan saved at 11:14:30 AM, on 10/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE E:\PROGRA~1\avg\avgcc.exe E:\PROGRA~1\avg\avgamsvr.exe E:\PROGRA~1\avg\avgupsvc.exe E:\PROGRA~1\avg\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe F:\DOWNLOADS\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\avg\avgcc.exe /STARTUP O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: WgaLogon - C:\WINDOW... Read more 1 more replies Answer Match 71.82% For about a month now, since my brother has been using my computer a lot, some strange things have been happening, such as closing folders will cause explorer.exe to freeze making me have to end and reload it, and massive trojans to constantly appear, so I'm looking for some assistance. (NOTE: Lolifox is basically another version of firefox) Logfile of HijackThis v1.99.1 Scan saved at 11:22:43 AM, on 7/31/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\AIM\aim.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Compaq_Owner\Desktop\Programs\utorrent.exe C:\Prog... Read more A:Solved: Computer acting funny (HJT log) 7 more replies Answer Match 71.82% I get popups, my start page gets changed, I get weird .dll's in my System32 folder, I run CWShredder and it always removes CWS.Bootconf, then I run it again and it removes it again. I remove the bad things from the HJT log, and they come back. I haev been running PestPatrol, XoftSpy, and NoAdware, as well as having scanned my computer several times for viruses with AVG. On top of all of that, the recycle bin appears full, but when I open it there is nothing in it, and when I right click it to empty it it says "Are you sure you want to delete these 27 files" and I click yes and it makes the noise that it empties it, but the icon still says its full and when i do it again it still says there are 27 files in it. Also, for some reason but Temporary Internet Files folder has changes from Local Settings\Temporary Internet Files to Local Settings\Temp\Temporary Internet Files. Also in the Temp directory are History and Cookies, although the History and Cookies folders also appear where they are supposed to be. Below is my HJT Log, any help whatsoever would be appreciated. Logfile of HijackThis v1.98.0 Scan saved at 7:41:19 PM, on 12/1/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.e... Read more A:Solved: Computer has been acting funny.... 16 more replies Answer Match 71.82% I wrote a stored procedure that parsed ok and I was able to create it in my database, but when I go to create it in another database I get an error. Then I go back to mine and if I was to try and re-create it I get an error now... but if parses fine??? Must be something wrong with my syntax. I reduced the stored procedure down to the essentials so you can see what part errors out. I'm sure it's somthing with my set syntax: Code: declare @PathFileName varchar(100) -- Create temp table for bulk insert from list CREATE TABLE #ImportTemp (Player_ID varchar(30) , CompAdjusted varchar(30) , Comment varchar(30)) -- Path to list file cannot be more than 2000 characters DECLARE @SQL varchar(2000) SET @SQL = "BULK INSERT #ImportTemp FROM '" + @PathFileName + "' WITH (FIELDTERMINATOR = ',', ROWTERMINATOR = '\n')" As I said, it will parse with no problem, but upon running it, I get this error message: Server: Msg 207, Level 16, State 3, Line 11 Invalid column name 'BULK INSERT #ImportTemp FROM ''. Server: Msg 207, Level 16, State 1, Line 11 Invalid column name '' WITH (FIELDTERMINATOR = ',', ROWTERMINATOR = '\n')'. any help on this would be appreciated. Thanks A:Solved: T-SQL statement acting funny Problem was due to the ascii " is not the same as '' Thanks 1 more replies Answer Match 71.82% Just fixed my laptop after about a year and a half of it being broken. Now after i got all the new updates and stuff its acting wierd. When I first turn it on, I cant goto any online mail sites or search engines, also a handfull of other sites wont work. After a while, the bar at the bottom, with the start button, goes away and then the sites work, but I keep getting all kinds of popups. I tried to run adaware, but it didnt find anything. Any help would be appreciated. I attached a hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:01:46 PM, on 7/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec AntiVir... Read more A:Solved: Laptop acting funny 11 more replies Answer Match 71.82% Could someone please look at my Hijack log and let me know if there is anything in there that should not be? Or doesn't need to be Thanks Logfile of HijackThis v1.99.1 Scan saved at 8:56:43 PM, on 7/5/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NavNT\defwatch.exe C:\Program Files\NavNT\rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\NavNT\vptray.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Picaboo\Picaboo\PicabooMain.exe C:\WINDOWS\webshots.scr C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\outlook express\msimn.exe C:\Documents and Settin... Read more A:Solved: Computer acting funny... 6 more replies Answer Match 70.98% Please help me I had or have a problem with a trojan or virus. It installed extra toolbars and other nasty stuff the other day. I managed to run Ad-Aware SE in safe-mode and cleaned allot of the stuff, Norton found nothing, Spybot SD freezes up, none of my registry cleaners will run (freeze up, even in safe mode), used a few online scanners and came up clean. I found one registry key that acts funny and will freeze up regedit just by high lighting it (have to use task manager to end process): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Computer also freezes every now and then for about 30 seconds and then is fine (started with the above problem). HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 7:08:37 PM, on 4/12/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\PROGRA~1\WINABI~1\FOLDER~1\FGKEY.EXE C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.ex... Read more A:Solved: Computer acting funny, HijackThis log 12 more replies Answer Match 69.72% Hello. I just spent a while updating my computer to service pack 3 and getting other critical updates (I have to do it manually and haven't bothered for some time). Now, when I start up firefox and do a google search, I noticed that there's something called Wikisearch (which I don't really get) is on but I can turn it off with the Greasemonkey app. However, now when there's a list of things from the search result, where before I would click on the titles of the search results and it would take me to the page, now I click on something and the url says "find-www.net/?q=*whatever I'm searching*" and it just reroutes me to some random pages. I have to copy and paste the url under the title of my search results to get where I need to go. It does the same for when Wikisearch is off or on. Can anyone explain? Thanks! Steve A:Solved: Mozilla google search acting funny after updates... You've most likely got some form of malware. Post a Hijack this log and lets see what it is. 2 more replies Answer Match 69.72% We are working in network and have our contact folder logged on the server. There are 5 PC linked to the server. All the contacts are present as we can locate them using a manual search but when we try to search for a specific contact the reply is always “No Items Found”. I have tried to do a normal search as well as advanced search to no avail. This function was working fine until recently even though no new software or hardware has been installed. I have checked the configuration on the folder and permission is given at an owner level to all users, and the problem exists with all users. I have come to the conclusion that when we perform the search the views change, as i have tried to copy the whole folder and there appears to be no contacts in the new folder however on the bottom left hand corner there are the same amount of contacts listed.....(see screen shots) If before i run a search it is in a certain view is it normal for it to change views during the search and not be able to display the search results? I have checked in permissions and all the PCs have owner level to the public folders. anybody have any ideas on how to solve this? not sure if this is the right place to post..... A:Solved: public folders in outlook acting funny....any body know why? Is it set up as a searchable address list within Outlook? Open your address book and go to Tools > Options and have it listed under the list of address lists to use for Outlook. I am not sure how public folders work in this capacity. 3 more replies Answer Match 69.3% Hi, I've been having this annoying problem ever since installing the latest IE 7 update recently. When I open IE, the location of the links toolbar appears as per the initial defualt settings (whereas I always prefer to have the links toolbar just below the menu bar). However despite changing this, when I close IE and then reopen it, the links toolbar again appears at it's default location Can someone help. Thanks. More replies Answer Match 68.46% Hi there, I need a bit of help if you can. 1st post, so apologies for any breaches of protocol . I found unspyPC on my laptop yesterday, it's some sort of spyware toolbar that masquerades as anti spyware software. I followed some instructions found here to erradicate it. Not sure how I got it, had been offline for a month, so maybe my security profiles were out of date. I seem to have gotten rid of most of it, seem to, except my toolbars are unlockable in Internet explorer (View>Toolbars>Unlock Toolbars is not showing up at all.) Running Webroot Spy Sweeper bought a host of other malicious Trojans and Adware to my attention: trojan-downloader-ruin trojan-downloader-wareout trojan-secdrop quicklink search toolbar searchtoolbar my machines running a bit rough so I'd love to get these fixed. Through all this my Clamwin virus scanner hasn't blinked, but ZoneAlarm's been kicking up a stink. Trend Micro Housecall's picked up a host of other malware and adware -JAVA_BYTEVER.AC, JAVA_BYTEVER.AB, JAVA_BYTEVER.A, ADW_SBSOFT.A, ADWARE_BHOT_SBSOFT, DOWNLOADER_WAREOUT, ADWARE_ABETTERINTERNET and says it'll fix all except the Java_Bytever ones, but makes no mention of trojan-downloader-ruin, trojan-secdrop, quicklink search toolbar, searchtoolbar. Here's a Hijackthis logfile Logfile of HijackThis v1.99.1 Scan saved at 10:57:29 p.m., on 17/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Ru... Read more A:Solved: trojan help please, unspyPC, secdrop, wareout, ruin 11 more replies Answer Match 62.58% Hi everybody, this is my first post here. I've been using the search feature a great deal, and while I've found several very similar problems I've found no definitive answers. Heres the deal. Very recently(about 2-3 weeks ago at most) My CD-RW drive started acting up. It is a Mitsumi CR-48X5TE. I have the latest drivers/updates for it. The problem is that it will seemingly recognize and read audio CD's without a hitch, but when it comes to data CD's most of the time the CD will spin a bit in the drive and then either it will not be recoginzed as being even in the drive( complete with red/orange flashing light) or it will act as if recognizes the CD but a look at the My computer-> Cd drive icon/exploring the drive shows the data cd as a audio one with a single track!. I am at a loss as to what to do. I am currently running Windows ME ( I know, I know) on a 800 Mhz machine with a good 30 gig of HD space and 128 MB of Ram. Any advice you can give me would be greatly appreceiated(sp). -Sincerely A:CD-RW acting funny... Is this the only CD drive in the system or do you have reader also if you do then dose that one read correctly. I’m asking because it sounds like you associated data CD's to audio. 1 more replies Answer Match 62.58% hi, recently my pc has started running very slow ,freezing up and at times also making a high pitch sound like something is running a 100 mph in the backgraound thus stopping what ever web site im on. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:10 AM, on 9/11/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThi... Read more A:Please take a look,pc acting funny!! 7 more replies Answer Match 62.58% Hey Guys, Mine is a simple problem that i cant seem to get my head around. My DVD ROM for some reason doesnt detect certain DVDs ... it just deosnt react to it :S ... where one might thing there is some issue with the DVD it self ... it seems to work fine on my laptop-dvd Rom... For the record .. my PC dvd rom does function normally in running most other dvd's and cds... So if any one has come across such a problem and knw more about it .. Rather how to get around it please advice the same.. Would really appreciate .. Cheers !! More replies Answer Match 62.58% for some reason, whenever i open my Internet Explorer, the page is "trunkated". what i mean is, even when i maximize the window, it's not formatted so that everything on the page is shown at once, from a width view. therefore, i have to use the arrows on the bottom in order to see the whole page. if anyone can help, i'd really appreciate it. thanks! W A:IE acting funny Howdy, is it just in IE ....are the other programs size OK? Have you tried changing your screen resolution Right click an empty place on the Desktop and choose properties then Settings 2 more replies Answer Match 62.58% Ok so i have vista not sure what service pack, anyways i have comcast internet service and when i am online it works great for a few minutes then i cant connect to the internet or anything else and i have to reboot my computer everytime. This is getting annoying as i cant get any work done. I have run my avg antivirus but it comes up clean, i have cleared my history and cache and still the same thing. Not sure what to do. Thank you for any heap. Leigha A:Please help acting funny Hi - Go into Device Manager and un-install ALL Network devices. START | devmgmt.msc | expand Network tree branch | right-click on each device and select un-install. Re-boot. Vista will re-install the drivers.  5 more replies Answer Match 62.58% Hello, My PC has been going through a few different issues recently. It all started about 3 weeks ago, when it started slowing down really bad (using 100% system memory according to Task Manager). I noticed that the installation of Zone Alarm Suite that I was using was using a lot more memory than the other programs. After running a virus scan and both Spy Bot and Adaware scans with no major issues, I tried uninstalling and re-installing Zone Alarm with no success. So I completely uninstalled ZA and installed Bit Defender 9. This seemed to stop the lag issues. However, soon after I found that I kept getting "exploit.html.codebase.exe" warnings in BD. Soon after getting these my wireless logitech trackball functionality has deteriorated (ie: initial left click isn't acknowledged, cannot drag cursor across multiple characters and some other issues). The battery level seems fine, so does connection with the hub. BTW, I think that I have successfully cleaned my PC of all "exploit.html.codebase.exe" infected files.??? Here is my HJT file: Logfile of HijackThis v1.99.1 Scan saved at 2:03:55 PM, on 8/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS... Read more A:PC Just acting funny??? And to add some additional pertinent information. When trying to perform a function such as a "left mouse click" on a tab or button it also often double clicks on single clicks. I have checked the mouse settings and all appears to be fine. It seems as if a virus has done some damage somewhere before being detected by my virus scanner. 9 more replies Answer Match 62.58% Hello all I had some help before with this pc and now want some more if I can. I have a Dell XPS 600 with XP MCE SP3 2GB DDR2 RAM and a Pentium D 830 @3.0Ghz I have a gt220 card in it right now and am wanting to know why the computer just seems so sluggish on one of my games I play Warrock and it lags so bad I can barely get 20 FPS yet when I play AVA i get like 60+ and AVA has better graphics so it doesnt make sense to me why it cant play warrock. I have I believe 533MHz RAM and want to upgrade to the 667MHz maximum speed but how do I determine the ACTUAL speed of my RAM. Also would it be beneficial to upgrade the CPU to a Pentium Extreme 3.2GHz for like 40USD$? Is there a program I can use? Ive used CPUID and SIW and the bios and memtest and got all different speed ratings. (sighs) sorry for the long post I just want to understand why the computer is sluggish with these specs. Thanks for any help

A:XPS 600 acting very funny

9 more replies

Hello everyone. I just reinstalled windows because my computer was acting slow and sluggish, thinking it would fix the problem, but the problem persists.

It takes forever for it to load up windows, and it actually sits on the "Loading Windows Xp Pro" Screen for 51 seconds before finally flickering to a black screen for a few seconds, then finally shows my accounts to log on to.

Once windows is loaded my mouse is very jerky and the sound you hear when windows first loads up begins to sound very choppy as well.

I also have an "Unknown" Device in device manager but I don't know what device it's talking about! I have all of my drivers installed and they are all up to date and all my hardware appears to be working fine.

-Eric

More replies

Not sure where to really ask this question. Everytime I put in a cd (blank or already with data) before I can even exlplore the cd a window pops up announcing that my printer is being configured. Meassage say to please wait while configuring.

Eventually a pop up box labeleld HP All-In-One series with 4 steps appears (checking system, prepare to install, install, configure) . Once it finishes I can do what I want with the cd. One time I hit ctl alt del and stopped the process. got a message that ice 2.5 was stopped from exectuing.

What is this and how can I fix it!

A:CD R/ Acting Funny

That could date back to a failed or interupted or installer probelm if an HP all in one driver and software disc was ever placed into that dirve and run. Or it could be something else. I'd want to know if its possible an HP all in one was ever installed first.

You could check the autorun properties of the drive and either restore the defaults or check each CD type to see if the action is set to what you intended.

1 more replies

excuse me, I need your guide...ance.

Besides running slower, I've noticed on my cable modem, the activity light stays on, solid, constantly. It used to randomly blink. Also, I've noticed a network connection icon pops up in my task bar, sometimes stating connection inactive. No network here. ?? Freezes up a lot suddenly too...needs restart. I've run CWShredder, Spy-bot S&D, Norton AV and here is the HJT log. Any help, greatly appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 9:46:29 PM, on 11/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-BFA1-D7EE6696B865} - (no file)
O2 - BHO: (no name) - {00000000-0000-47c5-A90F-2CDE8F7638D... Read more

A:Acting funny and I don't know why...

GO HERE http://forums.techguy.org/t110854.html

Download and update SpyBot Search and Destroy and Ad-Aware SE Setup according to the tutorials and do a scan with both getting rid of all they find

Do a scan with Housecall and Panda Active scan

paste a new log here please

3 more replies

My mother in laws HP based Windows Vista PC is acting funny. About a week ago it would not let her on the internet. She would the IE icon. Her google homepage would come up but not let her do anything. I had a little bit of time on Sunday. I brought my flash drive that I loaded a .exe file of google chrome on just to make sure it was not a issue with Internet Explorer. Her computer would not install the flash drive so I could not install chrome. For giggles I tried to run windows defender and I got an error message, I tried to access windows firewall and got an error message. I tried to restore her computer back to 1 month ago and got an error message. I opened up her Norton antivirus and It did not detect anything with either the quick or full scan. I had to leave at that point. I told her to save any photos or other files she does not want to lose to a DVD. This morning she is going to bring me her computer. On the phone this morning she told me she got a call from World PC Solutions telling her that her computer was infected and they could help. She declined. This sounded fishy to me. I may try burning a disc of "Windows Defender Offline" and doing a reboot using that media? Let me know your thoughts.

Victor

A:MIL PC acting funny

Windows defender offline found a EUniverse file. A level 5 threat.

1 more replies

I have a new (less than 6mos) Mac Notebook.

I checked the activity monitor to see if the CPU usage was spinning out of control but it was inconclusive. I'm still encountering the problem. Having survived an infection on my PC desktop, it worries me to allow whatever it's doing to complete it's task so I close Ymail immediately. Other than that, I am not encountering anything unusual about my Notebook's performance.

Anyone encounter this or have any insight into what might be going on?

A:MAC OS Notebook acting funny

Can we get a little bit more information such as the Operating System Version, System RAM, CPU, and browser that you are using? Sometimes I get this problem and it turns out to be one of those revolving advertisement scripts taking a while to load or to connect. I notice this more especially when there are a lot of connections being made or data to be downloaded.

5 more replies

Bro's Computer is doing some weird things can you help figure out why i noticed that his computer is runing rpen.exe Hope you can find whats wrong

Logfile of HijackThis v1.99.1
Scan saved at 6:14:19 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

A:Bro's Computer is acting funny can you help

Hello Lord Shamar and welcome to TSF,

Please print these instructions out for use in Safe Mode.

Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
To do this:
Click My Computer, then C:\
Right click in the right-hand panel.
In the menu that opens, click New>Folder.
That will create a folder named New Folder.
Rename it"HJT".

Double-click VundoFix.exe to extract the files

*This will create a VundoFix folder on your desktop.
*After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Etea

Delete the following folder:

C:\Program Files\etea

*Still in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
*You will first be presented with a warning and a list of forums to seek help at.
it should look like this
[quote]VundoFix V2.1 by Atri
By pressing enter you agre... Read more

19 more replies

Computers acting real funny. I logged in to facebook to see it in Thai and my browser seemed a lot slower so I did a drive restore/reset. Still feels kind of slow... DDS (Ver_10-03-17.01) - NTFSx86 Run by Junker at 1:32:54.35 on 04/14/2010 WedInternet Explorer: 7.0.6000.16982AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServicec:\Program Files\Common Files\Symante... Read more

A:Computer acting funny

4 more replies

I am new to this site and I can't wait to thank the person who referred me here!!

My computer has been running strange as well. I have read over several posts and see mention of Hi Jack This Log, can you please direct me on how to do this so that I may post my information as well.

My computer keeps giving me a message when I try to shut it down that says ieexplorer.exe is still in process, the end task or cancel button do not do anything. My computer is also "breathing heavy" as we like to call it. Running very loudly and not normal. I do have Spyware and have recently ran it and fixed problems. I have Windows ME.

A:Computer acting funny

16 more replies

So the other day my sister was using my computer and when i got it back it was just running really slow. and at the time it would not let me access the task manager because it said that i was not the administrator... so i ran avg and it found a few things here and there, but its still acting really slow, so i was hoping that you guys could help.... here is my hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:53 PM, on 3/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\stacsv.exe

More replies

I caught a virus somewhere along the way. I was able to run housecall and mitigate the damage, but my internet is still acting funny by not letting get to any websites. Below is my hijackthis file - thanks in advance for your help!!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:20:22 PM, on 5/24/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK&... Read more

A:Internet acting funny

13 more replies

my puter is acting weird,it keeps freezing up,here is a hjt log,if it helps,thanks in advance.Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:16:52 AM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

A:computor acting funny

how long have you been having this problem?

have you performed any kind of "undesired activities"on your PC before the freezing occured?

what kind of firewall do you have[if any personal,non XP firewall]

i recommend ZONE ALARM free firewall.

as for the ANTIVIRUS tool i recomend NOD32.

try google for NOD32[currently the best] antimalware tool and try scanning your HARD DRIVE for viruses[and other malware]

deactivate any currently active antivirus tool before installing and running NOD32 trial verson.

1 more replies

My problem started last week with not being able to browse msn. Then I couldn't get to my bank's website. Only certain sites I could browse. Then I couldn't browse anything. Next my network adapters disappeared. So I did a full system recovery but I still have the problem. Every other time I get on the net I can use every site then I get off and later, can't browse anything. I did all the 5 steps except the last one because it says that dss.exe has encountered a problem and has to close so all I have are the Hijackthis and the Panda scan.

This is from the ActiveScan:

Incident Status Location

More replies

My Daughter's computer had been acting funny, and being really slow. Any advice?
Logfile of HijackThis v1.97.7
Scan saved at 8:36:55 PM, on 2/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\ctfmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe

A:Computer acting funny

Hi, She is or has used Kazaa and we highly recommend that it be uninstalled- perhaps the reason why you did not get any replies.
If you keep Kazaa installed she will always have problems, some will be a lot worse than now. The latest info is about half the files you download from Kazaa networks will be viruses or other junk....
You can uninstall Kazaa from now till next week, but remnants of bad built-in components will stay on the system. It actually looks like it may have already been uninstalled, but there is an entry for it in her logfile....There is a tool that makes the uninstall easier called kazaabegone> location posted below.

K-begone is at the very bottom of the above page.
Get it to make sure the junk is all gone, OK?

After you run the K-uninstaller use AdAware and SpyBot to clean up. If you already have these two, just check online with each program for the latest reffile updates, which come out very often:

There are some settings that must be checked after you download and install AAW- go through these steps to make sure you have it set that way:
((From directions posted by winchester73))
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

[NOTE: Ad-Aware 6 has two scanning options: SmartScan and Custom. As explained more fu... Read more

1 more replies

I had just finished some windows updates when I tried to go to my computer. when I do, it will sit there with that little moving flashlight, searching for files for several minutes, and then everything works, it doesn't hang up unless I go to my computer. Also, I can't manually put in an internet address at the internet explorer address bar because it doesn't seem to react when I hit the go button. What should I do?

A:my computer acting funny

You could uninstall the update, but that would defeat the purpuse of an update. Could you post which update it was, that might help a bit. Thanks.

3 more replies

Ran Norton and Ad-Aware in safe mode, got rid of spyware and three infected files. Still, want to make sure everything's okay. (I know at least one thing is not okay--IE start page says "about:blank" but it's actually a search engine.)

Logfile of HijackThis v1.99.1
Scan saved at 3:52:26 PM, on 4/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\d3ds.exe
C:\WINNT\System32\tp4serv.exe
C:\WINNT\System32\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\appui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\CFGSAFE\AUTOCHK.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE

A:Computer Acting Funny

13 more replies

Using a cordless optical Logitech mouse. Pointer is "jumping" from point to point. (also runs slow)

Any help would be appreciated..........

Logfile of HijackThis v1.99.1
Scan saved at 12:18:07 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hmonitor2\hmonitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\MICROI~1\INTERN~1\KPDrv4XP.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

A:Mouse acting funny

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

8 more replies

Last night, I was online with AIM (someitmes i would switch to AOL to check my E-mail or go to a website) when that message comes up saying the AIM service is trying to reconnect because I have been disconnected. It says the reconnection time is 3 minutes and so I wait a while, but nothing happenes. The message just sits there, as if it was frozen (only it wasn't. I was able to click "CANCEL"). I try to reconnect and I continue chatting and browsing the internet. But when i say "sorry, my AIM kicked me off" to my friend, my friend says "What? You didn't get kicked offline. You've been online this whole time. It even said you were in the middle of typing a message". So I IM AOLSystemMSG to see if it says I am signed on twice, and sure enough I am. Right before I sign off, I get a message from AIM saying "Unknown Error.". Thats all, just the words "Unkown Error.". What is going on here? And why did it say i was signed on twice? This has never happened to me before. I mean occasionaly I get the "Unknown error has accured", but never the "unkown error." message. Please someone help me. Thank you.

7 more replies

When I power my computer back up my monitor struggles to come back on. It will flash on for a second while making sort of a buzzing noise then go black. I have to hit the power button anywhere from 10-30 times to get it to stay on. Every time I hit it there the buzzing noise until finally no buzzing and the monitor turns on.

Acer AL1916W

I assumed I just needed a new monitor but before dropping $300 I figured I'd see if anyone has seen this before. Thanks in advance. P.s. any suggestions for monitors to by? A:monitor acting funny. Please help. I've seen it lots of times, never tried to fix it myself as thats beyond what the average tech will be able to do. Acer has a 3 year warranty on their products, have you checked into that? For$300 you should be able to get a really nice 24" monitor.

2 more replies

I wasn't sure where to put this thread, but here goes...

All of a sudden my computer one day decided to log in EXTREMELY low, mean it takes 30 minutes to get the icons to show up on my desktop, where it used to take 30 seconds...umm thats about it im just wondering why my computer is so slow that i cannot do ANYTHING on it...here's the specs

1.5 ghz
512 mb ram
20 gig HDD
factory sound card

um thats all i can think of, but i installed norton anti-virues and internet guard the day before this happened...

A:Computer is acting funny...

10 more replies

I have a DVD-R/RW drive that opens when I press the button on the front but makes a grunt and it has a green light on. But when I press the button again it goes in a smidge stops makes that beepish grunt noise and the green light goes off. When I push it in it does not rev the Disc or does it see a disc on My Computer for the drive.

Thanks for the Help in Advance

A:DVD Drive Acting Funny

Sounds like the gears are stripped inside. Time for a new drive.

1 more replies

Well since this afternoon, Windows Media Player crapped out on me. Also, my system seemed a but more luggish than usual. So I decided to try a system restore, only to find out it doesn't want to work either.

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:11:57 PM, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe

A:Help with HJT log (computer acting funny)

Hmm I seemed to have fixed I think everything, however could someone still go over my HJT Log and see if everything is alright?
PS- I fixed it by re-registering Jscript.dll and Vbscript.dll. So far it looks like everything is how it used to be.

1 more replies

My windows is XP. For a few times, when I switched on my computer, after that it went the log-in-type-password motion, it suddenly appeared the blue screen with full of words for just a flash of second and my computer restarted again. This then repeated the second time and so on. I managed to noticed few words that is something like: "...remove hardware safely... If this problem continue...(maybe)"
What is happening to my computer? Did I overused it and something spoiled inside or virus or...?
Do I need to take to the computer service center for this?
After a few times of restarting, system seems to be running normal again...
By the way, I do have a failing dvd drive. Will that possibly be the cause of the matter?

A:Computer acting funny

http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt

1 more replies

I recently formated my pc and installed XP. It was working fine for a couple days, after rebooting I noticed it took longer to load than usual. It finally makes it to the choose user screen where I only have the option to choose Administrator. Before it would just boot straight to the desktop. Sometimes it gets stuck on the choose administer screen when I click on Administer user. When it doesnt freeze on that screen it will load desktop, but act as though its the first time booting windows. Example: It asks if I want to take a tour of Windows each time and also when I click on Firefox it asks if I want to import settings from Explorer, I already went through that upon originally installing Firefox.

The pc still recognizes files Ive added since I formatted the hd.

It has XP sp1 I believe, possibly sp2 I'll have to check when I get home, and I had not installed any updates since installing XP.

A:Rebooted PC, now acting funny

have you run the m/board setup disk to install the chipset drivers

9 more replies

I have a pirated version of windows 7 so it might have something to do with taht or my pirated games/songs/videos. The problem is that after a short time of use it just freezes and leaves all open windows up, but I cant open programs or windows anymore.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:18:47 PM, on 2/14/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Windows\system32\taskeng.exeC:\Program Files\RALINK\Common\RaUI.exeC:\Program Files\Xfire\Xfire.exeC:\Windows\system32\taskhost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\wuauclt.exeC:\Users\Riley\Downloads\HijackThis(2).exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.micro... Read more

A:My Comp Is Acting Funny

2 more replies

Logfile of HijackThis v1.99.1
Scan saved at 10:02:38 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

A:Please look at HJT log comp acting funny again

7 more replies

I'm running WindowsXP w/NOD32 antivirus. I was on a site, and it said trojan stopped. I don't remember which one: then the computer started to act funny on start-up. it loads to the desktop, then goes back to the welcome screen with a blip of the screen instead of just going to the welcome screen, it is strange. The firewall (sygate) pops up with different things trying to connect on various ports. please help! I have tried a plethora of different programs and am not good at manually deleting/editing stuff. here is the hijack this log. and I do have Ewido installed already. thanks in advance for any advice.
Logfile of HijackThis v1.99.1
Scan saved at 12:52:05 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

More replies

My computer is acting strange. Its slow, when I try and play a video it plays a second then stops, plays a second then stops.... somethings up
System restore dosent work.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:54 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

More replies

HI! I have a Dell Optiplex GX 280 running Windows XP Professional SP3. For some reason, I cant run defrag at all, and Windows Security Center is acting strange as well. My windows security shield keeps popping up for a split millisecond, then disappears. It keeps making a popping noise when it does this, kinda like a popup blocker. It never used to do this. I had downloaded some anti-virus software from a torrent site, and ever since, my computer is not running like it should. I got rid of the suspicious software, but I think the computer is infected with a keylogger, or other malicious software. I have downloaded Combofix, and will wait to run it until I have someone to help me. Thanks in advance for any help! - Chuck

A:My Computer Is Acting Funny...

14 more replies

A:Computer Acting Funny...help

Hello osue831 and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Please also post the problems you are having.Thanks,Johannes

1 more replies

My Hp Pavilion touchscreen will be acting fine for a while and then will just act up. I will be doing something on my computer and all the sudden, it will act like I'm touching it all over the place. It'll pull open Internet browsers, apps, etc. And it will also exit out of the things I am in all on its own. I don't know what is wrong with it and would either like to try and fix it or send it back. Today it did it for a half an hour and that is the first time its been that long. If someone could help me, please help!

More replies

I have installed Opera recently and I keep getting this communication error. I tried to disable proxy servers like it asks. Nothing is different. I close the application and bring it back on. If I play a video, there will be no sound. I have no idea what is going on.

A:Opera Acting Funny

click on the opera setup file and it will offer to repair

1 more replies

Here is my hijack this log my computer had started acting funny mouse to more double clicking and slow response. If you can see anything to clean up please let me know

Logfile of HijackThis v1.99.1
Scan saved at 8:38:13 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

A:Computer acting funny

Go to Add/Remove programs and remove Logitech Desktop Messenger

Restart the machine and post your log again.

1 more replies

Help! When ever I click on certain letters on the keyboard my computer locks and makes me try to sign in again. When I try it says my pass is wrong the first time and then narrator turns on, then my password works and I have to turn off narrator please help

More replies

hi i posted this in another thread but cant find it, but recently my keyboard has been acting real funny it acts like my ctrl and shift key is stuck but ive tried multiple keyboards and its something in windows causeing it. I believe spyware or a virus has something to do with it i ran hijack this.

Logfile of HijackThis v1.97.7
Scan saved at 10:26:16 PM, on 12/30/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\KEMailKb\KEMailKb.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\WINDOWS\System32\Nvr0A.exe
C:\WINDOWS\System32\Cjo9gr89.exe

A:keyboard acting funny

The presence of "VchsYQop" indicates you have the Peper trojan.

Spybot should be able to get rid of it (at least it says it can).

Download Spybot, immediately update it and run it. Then post a new Hijack This! log back here.

3 more replies

i seem to have some kind of adware on my three month old dell e1405. each time the system boots, the symantec autoprotect says adware.spysheriff but each time the executable file name is different. i am also not able to restore the system to a previous state as none ofthe previous states are available even though the system restore options are configured to set them up. here is the hijack this log. yesterday i ran the free version of adware se personal edition and deleted all the critical objects and even the negligible risk files. but today there are more critical objects when i ran the adware se scan again. can some one please take a look at this hijack this log and tell me if it makes any sense. Please ?I am beginning to panick because the system is behaving somewhat strangely - browser windows dont open. and when they do, the urls that appear are weird ugly addresses.here is the hjt log from this morningLogfile of HijackThis v1.99.1Scan saved at 9:41:39 AM, on 9/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccS... Read more

A:Sos My System Is Acting Funny

Hello rich_bru and welcome to the BC HijackThis forum. Let's run a scan with a different scanner and see what it shows us.Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.In the Other Options group click the checkbox to Show All Processes and then in the AddOn-Options box click the checkboxes forHKCU_IEDesktop.defJobs.defPolicies.defSID_Run_Policies.def
to select them.Now click the Run All Scans button on the toolbar.When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.Use the Add Reply button to post the information back here and I will review it when it comes in. If it does not all fit into 1 post then break it into 2 posts. Cheers.OT

1 more replies

Comp is as follows:
AMD Athlon XP 2600+ CPU
Abit Kv7 Mobo
Geforce 6200 Video Card
1 GB Kingston Value Ram PC3200
Sound Blaster Audigy 2 ZS Platinum Pro
160GB SATA HDD
Windows XP Pro

Thanks again everyone and it's great to be back! *^^*

A:Comp is acting funny ><

9 more replies

My nero software seem to act funny on me by switching off by itself...

-I try to execute Nero it just doesn't excute.
-I try to uninstalled from Add and Remove, it also doesn't execute.
-When i try to go into it system-FOLDER (C:\Program\Ahead) it close by itself. (WTF)
-And when i try to going into its source folder (Stand alone file download from website) also close by itself. (WTF)

Did i get hack or something? I have never experience this problem before or something similar to this... Could anyone guide me on this case?

Thank you

A:Nero acting funny...

If you have an official Nero, uninstall and re-install should solve that problem.
If a trial-version, maybe the trial-period has expired?

5 more replies

Lately my computer is acting funny...going really slow and some web pages are not loading. I can not for the life of me figure out what is wrong. I came here hoping that someone could possibly get my computer figured out and cleaned up a little bit possibly. Thanks in advance.

A:Laptop is acting funny

the first thing to do is run "disc cleanup" ... start > all programs > accessories > system tools > disc cleanup... then defrag (same place)

2 more replies

I could use some help. I know enough to get me in trouble but I am afraid to delete files without some help. My computer has been slowing up from time to time and just recently, was opening the tools pull down in the web browser menu bar every time I typed something Weird. I have been using Malware Bytes and have recently removed some Trojans with lots of luck and fixed the registry keys with a new program but it is just acting really strange all of a sudden and Malware Bytes isn't picking anything up. Please see the log below and let me know if anything looks strange to you and what should I remove/delete??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:25 PM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

More replies

As I am working in any program, my optical mouse from dell on my dell precision workstation 670 all of the sudden moves to another position on the screen. I can be on a tab on the lower part of the screen, say in excel, and all of a sudden it will show up near the file menu. Or i'll go to hit the save button in another program and the pointer shifts to the taskbar and opens a different program in the background. This doesn't happen to regularly, but enough to get annoying. Anybody know what may be causing this?

Thanks

A:mouse acting funny

8 more replies

First off, here are my system specs to get them out of the way.
=================
HP Pavillion DV6609wm
Windows XP Professional (v.2002) SP3
AMD Anthlon 64x2
Dual-Core Processor TK-55
1.80 GHZ, 960 MB of Ram
=================

Here lately, the computer has been acting all weird-like. One of the things that I started noticing is that the DVD-RW drive might stop functioning every now and then if I did a lot of DVD making. Restarting the computer would fix it though.

Then, my wireless connection thingy will stop working every now and then as well. It'll say that I am connected to the router, but the Wireless Network Connection window will display an error message saying it cannot connect to anything. If I disable my wireless connection with a switch on the outside of the computer, it won't even react (as if I did nothing). Uninstalling it then reinstalling it in the Device Manager (a tactic that I have used that usually works) did nothing, as it did the exact thing. Like before, restarting the computer also fixes it until it does it again.

Some programs of mine would also freeze or act incredibly slow on me whenever i try to play them, though that hasn't happened lately.

It may be the fact that I"m not even suppose to have XP on this laptop in the first place. I wanted to downgrade from Vista and go with XP, but HP didn't provide the drivers for XP for this brand of Laptop. People on the web though assured me that if I used drivers from specific model... Read more

More replies

For the last week or so my computer has been acting extremelt funny. One day my comp just shutdown and displayed the "no operating system" on a black screen. So I did a factory restore with my official HP disc that were sent to me. Well everything went through just fine, but a day or so later it displayed the same message. So I did a diagnostics test on my comp and got the error message BIOSHD-2, and another time I got a error message of BIOSHD-8. So needless to say I've done quite a bit of restoring my comp, and it doesn't seem to be working. Also I noticed that when I try and let the computer install the updates from windows recommended updates it will get to about 32% and freeze. When I turn the comp off and back on because of that it says in both safe mode, and regular mode "updates failed reverting updates". Well it seems as if though the computer freezes when it does that too. So I figured that there was something wrong with my hard drive, so I bought another one. I hope the new hard drive takes care of this, but I'm wondering if there's anything else that might be wrong. Now I did get mad at my comp a couple of times, and turn it off when I freezes and the screen greys out. So yea!

Also I am using windows 7

HP all in one desktop PC (Model Number) MS227

A:HP computer acting funny!

Sounds like hard drive failure - including boot sector. Either that or the drive's circuitry is failing. Try swapping out the HDD as a first step to test. (remember to use an EXACT model drive! Most OEM makers are picky that way.) If a restoration and normal operation is successful at that point, problem solved - defective drive.

If you still get issues with a replacement drive, then it's time to call HP for repairs.

On a side note, most idiocies with laptops can be solved with a hard reset. To do that, unplug AC power, remove the battery, and let it sit for 24 hours. If it works fine, remember that trick. It's a really common problem with laptops.
If it doesn't resolve it, proceed with the above steps anyway, to begin diagnostics.

1 more replies

A:Win7 been acting funny lately

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. start

GroupPolicyUsers\S-1-5-21-4202764842-948285082-223560448-1002\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4202764842-948285082-223560448-1000\User: Group Policy restriction detected <======= ATTENTION

End

6 more replies

I've left this computer in the basement for my sister and mother to use and haven't been on it in a while. I logged on yesterday and for some reason the control panel would start up along with windows. I've run AVG, Ad aware and spybot but I wanted to make sure I got everything....

On a side note, I went into MSConfig and disabled a few things and restarted before getting my HJT log, should I recheck everything and run HJT again?

Logfile of HijackThis v1.99.1
Scan saved at 1:04:26 AM, on 4/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe

A:Windows acting funny

lets see a log with everything enabled as well to compaere before we start

also
Right Click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Dont do anything with it yet!

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
Click " Configure Scan Options"
Select " Run Add ONs" and then select ALL the options in the box below it, Press Apply
Now Click "Start Scan"
It will scan the entire System, so please be patient!
Once the Scan is Complete
Reboot back to Normal Mode!
Go to the WinPFind folder
Locate WinPFind.txt
Place those results in the next post!. It will be too big to post so you will need to attach it to your reply

1 more replies

So as of the last few days my google search links are getting redirected, my cursor turning to white over any text space, general slowness,and worst of all, starcraft 2 is playing slowly...can anyone help??
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:41 AM, on 3/28/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Steam\Steam.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page... Read more

A:Pc acting funny - hijack this log

2 more replies

Recently, my computer has been acting funny: freezing at times when I'm online, or working with my Windows Movie Maker, and the screen flashes once, and it's a slow manner with the toolbar and windows becoming blue. It doesn't happen all the time, or most, but it does happen at times. What could be going on?

Just in case: it is a Deskjet F4480, and I got New Years Day 2010.

Thank you.

A:Computer Acting Funny

When the window turns blue is there writing on it and what does it say. How do you get out of the blue windows? The deskjet F4480 is a printer not a computer isn't it?

9 more replies