Tech Problem Aggregator

Error sometimes when visiting sites. HTJ file included

Q: Error sometimes when visiting sites. HTJ file included

BEFORE YOU READ: Yes, i am a newb at computers and stuff that's why i'm here for help, you may need to explain things step-by-step.
THANKS IN ADVANCE =]
Okay, sometimes when I go to websites it comes up with "internet explorer has encountered a problem and needs to close. We are sorry for the inconvenience. " that tells me to report the error. It just started doing this 2 days ago. So here is my HJT log my friend told me to post somewhere.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:39 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\SwiftSwitch\SwiftSwitch.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1195654531656
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5768 bytes

A: Error sometimes when visiting sites. HTJ file included

helloooo :(

1 more replies
Answer Match 77.7%

Hi everyone. I am getting a Configuration Error on some sites. What does this mean?

Here's the text of the error:

Server Error in '/' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Failed to decrypt using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: The RSA key container could not be opened.

Source Error:
Line 12: </configSections>
Line 13: <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
Line 14: <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
Line 15: xmlns="http://www.w3.org/2001/04/xmlenc#">
Line 16: <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
Source File: C:\www.songtouch.com\web.config Line: 14
--------------------------------------------------------------------------------
Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.42
 

A:Configuration Error While Visiting Certain Sites?

*bump*
 

1 more replies
Answer Match 65.94%

I need some help--I believe my son 12 year old son is visiting inappropriate website while we are at work. At the end of the night I clean out the temporary internet folder to free up space on the computer and last night I was just scan the folder and found all kinds of porn websites!! So I clean it out and when I logged on this evening the sites he normally visits are there but so where other porn sites.

Tell if Im wrong but is it true that every website you visit is recorded in the temp internet folder? and so popups get space there and when those cookies automatically go there is the computer is just left on which is what he is trying to tell me.

So is there another way to find out a list of websites that have been visited.

I really need to get these questions asked.

Thanks
 

A:HELP-son maybe visiting XXX sites

15 more replies
Answer Match 65.1%

The other day I was just following some links to a couple of sites, one was free6.com and the other nudeamateurhoes.com and now I have a weird icon on my taskbar. The icon itself says curse when moused over but has no way to exit the icon like the others on my task-bar.

Anyone every experience this problem and is it related to the sites or did I get it some other way.

Btw I did manage to find it and it in my programs folder and it is called curse.exe but when I try to delete it I am told I dont have access rights or something like that to delete this file.

Any help is greatly appreciated.

A:Problems after visiting sites!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 64.26%

Hi all. Ive been battling this issue for a few days now. whenever i visit sites such as myspace or espn.com, when im either searching around on the sites my computer will lock up. i can hear it processing information as if it were getting sent massive amounts of information, yet when i check the sites on another computer in my house i dont have these issues. i tried disabling javascript and it worked for part of the problem, but when i started to search the website further, i encountered the issue again. This occurs with both internet explorer and firefox, and my flashplayer and windows media player are both updated. ive searched my computer with spybot and adaware.

A:Computer locking up when visiting certain sites

Try reseting you security permissions. Goto tool > internet options > security tab. Click on default level, then set it to low hit apply, then move it right back to medium and hit apply. This will put it back to microsoft recommended settings. let us know if that works.

2 more replies
Answer Match 63.42%

Was on a website called coolwallpaper.com or something like that and as soon as I got on it spyware doctor went off blocking threats, then a window popped up which appeared to be scanning my pc for viruses which was a program I dont have on my pc. I ran malwarebyes and tried to remove some of the stuff wanted to make sure I got every thing.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:52:21 PM, on 1/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP DigitalMedia Archive\DMAScheduler.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Spyware Doctor\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM6\aim6.exeC:�... Read more

A:PC under attack after visiting a wallpaper site, Hijack report included

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Answer Match 63%

Hackers expose weakness in visiting trusted sites.

A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.

-- Tom
 

A:Hackers expose weakness in visiting trusted sites

Dear Tom,
Thank you! I always hover the cursor over a Web Address, for ex. > http://forums.techguy.org/newreply.php?do=newreply&noquote=1&p=6846375. Before the http, there always will be some info' and in this case it was"This web site does not supply identity information".
 

1 more replies
Answer Match 63%

Hi Folks,

I'm at the end of my technical capability here and need some help. Basically, the title says it all - my browser window crashes intermittantly - the commonality I've noticed between the sites it crashes on is that they have Google ads. I know some virus/spyware can latch onto specific sites, so I try all the tools I can get, with no success in either identifying the problem or correcting it. I used

-Bitdefender
-Ad-aware
-Trendmicro
-Spybot S&D
-ewido
-spysweeper
-ccleaner
-xblock
-AVG

Below is my HiJackThis logfile - can anyone tell me how to proceed?

Logfile of HijackThis v1.99.0
Scan saved at 20:59:01, on 22/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\misc utilities\Sygate\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\misc utilities\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\misc utilities\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Syst... Read more

More replies
Answer Match 63%

Hi Folks,

My computer has been taken over by a virus and I am now only able to visit certain websites that require a password to enter. (facebook, mobileme, banking, etc). Cannot browse general websites (google, msn, windows, etc.). This ocurred on Dec 31st about 2:11PM as I tried to install a program that scanned OK with Norton AV. I then downloaded Twister Anti-Trojan and scanned the file to find out that it was infected with Trojan.Agent.dsci.ynkb. I have tried the Windows Malware Removal and it didn't correct my problem. I cannot find any information about this trojan on the web. Norton AV did give me alerts after the fact stating that conhost.exe was blocked from download by hxxp://4kversions.biz/gsver/gsver.php?sft=master-keystroke-logger-10.11.01&idm=800023

I have unplugged my connection to the internet until I can resolve this.

I have scanned my computer and have attached the files as requested. Any assistance will be appreciated. PS - I am on a different CPU to enter in this request.

My computer has the preloaded restore information (windows) on the D: drive of this computer.
Thanks Gerard


DDS (Ver_10-12-12.02) - NTFSx86
Run by HP_Administrator at 2:23:59.07 on 01/02/11
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1370 [GMT -5:00]
AV: Twister AntiTrojanVirus *Enabled/Updated* {FBD70C7C-71BD-4591-96BD-863C6980BE65}
============== Running Processes ===============
C:\... Read more

A:Virus Help: Internet Browsers only visiting specific sites

Hi there Gerard and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Windows XP Users: Please ensure you install the recovery console when requested

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

8 more replies
Answer Match 62.16%

Hello,

I've recently discovered a problem with my computer. After visiting certain sites and clicking on a second link on that site, both Mozilla Firefox and Internet Explorer will crash. So far, I have found this problem corresponds to two different sites, Lords of Pain (Wrestling News Site) and [email protected] (School Site). I was going to post this in the Malware Removal forum, but then I saw this topic in the forum. I also have noticed that the problem does not occur if I use Google Chrome, but I would much rather use Mozilla Firefox. Any help or guidance would be greatly appreciated.

Thanks.

A:Mozilla Firefox / Internet Explorer Crash After Visiting Certain Sites

Hello BrianJBustos,I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/211124/computer-running-slow-browsers-crashing-ff-ie/ We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as s... Read more

1 more replies
Answer Match 62.16%

Hello,

I have Windows XP Pro SP2.
I have run a complete system scan with Avast, Registry Mechanic, Ad-Aware, and superantispyware with no luck.

As the title states when I startup and log in, iexplore.exe is running in the background and sucks up a fair amount of my CPU.
I watch the Avast Web Shield and it shows me ie hitting a bunch of sites I have never been to before, mostly TV sites. I can also here the clicking links sound in my speakers and occasionally some noises when it hits a site with audio.
Once I just kill iexplore.exe in the task manager everything goes back to normal.

I'm not sure how it all started, but I initially noticed it because the task manager was disabled from my account! I figured out how to re-enable it, but now I'm stuck with this thing...

Your help is greatly appreciated,

Neil.

A:Iexplore.exe Runs In Background On Startup And Starts Visiting Sites

Hello NeilH and welcome to BC I see that you ran registry mechanic. The writers of registry tools don't know what specifically you have on your system, and if you don't know what you are doing, you can create real havoc with your computer or programs. One of the most important things to do when changing things in the registry is to back it up so you can reverse it if necessary. I completely hosed my Adobe products by using a registry cleaner. Fortunately, I was able to reverse what I'd done because I'd backed it up.-------It would be helpful if you posted the log from SUPERAntiSpyware. Did you run it in Safe Mode? Please indicate whether it was safe mode or normal mode when you post the log. In order to find the log double-click the SUPERAntispyware icon on your desktop.o Click Preferences. Click the Statistics/Logs tab.o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log and choose the appropriate date.o It will open in your default text editor (such as Notepad/Wordpad).o Please highlight everything in the notepad, then right-click and choose copy.? Click close and close again to exit the program.Please post the log in your next reply.Orange Blossom

10 more replies
Answer Match 54.18%

As soon as I get into Windows I start getting Bad Image errors. It starts with hstart.exe, and goes on to include such favorites as rundll32.exe, Windows Side Bar, iexplore...really anything I try to execute. I have tried Spybot with no luck. Here is my HiJackThis file if anyone has any great ideas I would sure appreciate it!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:20:13 PM, on 3/2/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Windows\s... Read more

A:Bad Image Error on everything! (HiJackThis file included)

We cannot support malware removal here because of Forum Rules. Head over to the Security Section of this forum and post there for more help.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

2 more replies
Answer Match 53.76%

I have the .dmp file for my error, i have no idea what is going on, i have tried reformatting, everything... please help me.

A:Windows 7 BSOD error 0x0000007f - DMP file INCLUDED

Hi -

Bugcheck = 0x7f (0xd,,,) = kernel mode trap; 0xd = An exception not covered by some other exception; a protection fault that pertains to access violations for applications

Update your NVIDIA nForce drivers -

Code:
nvm62x32.sys Fri Oct 17 17:00:39 2008 (48F8FCF7)

Update your Linksys wifi drivers -

Code:
MRVW24B.sys Sun Oct 28 23:21:52 2007 (472551D0)

NVIDIA --> http://www.nvidia.com/Download/index.aspx?lang=en-us

Linksys --> http://www.linksysbycisco.com/US/en/support

Did you upgrade an existing Windows OS to Windows 7? Be sure to run the Windows 7 Upgrade advisor --> http://www.microsoft.com/Windows/win...e-advisor.aspx

`

You are also in need of Windows Updates based on the timestamp that I noticed on the DirectX Kernel -

Windows Updates --> www.update.microsoft.com

Regards. . .

jcgriff2

.



Windows 7 x86 -- Bugcheck = 0x7f (0xd,,,)

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Users\PalmDesert7\AppData\Local\Temp\Temp1_dmpfile[1].zip\New folder\011610-33431-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Invalid directory table base value 0x0
WARNING: Whitespace at end of path element
Symbol search path is: SRV*C:\symbols*http://msdl.microsoft.com/download/symbols


Executable search path is:
Windows 7 Kernel Version 7600 MP (2 pro... Read more

10 more replies
Answer Match 53.76%

I would greatly appreciate it i just received the error code 0x000000a (0x00000535, 0x00000002, 0x00000001, ox806bd896). It was saved to a dmp file but the computer proir to this has rebooted twice in a row as soon as i log in. here is my hijack file thanks Logfile of HijackThis v1.99.1 Scan saved at 12:20:26 PM, on 3/14/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Azureus\Azureus.exe C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\mmc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ched\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/ R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:�... Read more

A:error code 0x0000000a I included my hi-jack file

Hello and welcome to Bleeping The errors messages relate to a few things. Firstly, have you recently installed any new software? 0x0000000A relates to conflicts between software. Another example is this one: 0x00000002. It relates to a dll file(s) missing. With that information in hand and taking into account you have a virus on your machine and other malware (which often destroys legit files), lets see what we can do to remedy the problems.For the VITAL backup feature of HijackThis to function correctly, you MUST place the program in it's own dedicated folder. At the moment you're running it straight from your desktop.Right click on your desktopSelect New > FolderName it HijackThis and unzip/move HijackThis to this folder.Run HJT again and checkmark the boxes next to the following:-R3 - Default URLSearchHook is missing O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4d\NHelper.dllO2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file) 3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dllO4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE <--Creative Registration ReminderO4 - HKLM\..\Run: [SunJavaUpdateSched] C:&... Read more

1 more replies
Answer Match 53.76%

Hello.

I've not had this happen to me before. On visiting "RosariansCorner" I receive the attached message.

I can get to the site through the cached sites in Google but can't navigate the actual site.

Have you come across this before. Other sites are fine. I'm using Firefox and Windows XP.

Thank you.

Penny.
 

More replies
Answer Match 53.76%

I am working on this for someone. They try to log in to their online banking, and Internet Explorer 7 will shut down their browser and give the following message displayed on their desktop: Data Execution Prevention. Vista was recently installed, error came about at that time. Suggestions? What is this feature?

A:Error Message when visiting website

Does anyone know what this is? I have tried working with it, but I'm not having any luck. Any advice would be greatly appreciated.

1 more replies
Answer Match 53.34%

Logfile of HijackThis v1.99.1
Scan saved at 11:41:44, on 11.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Bluetooth\HidSwitchService\BtHidUi.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Bluetooth\HidSwitchService\HidSw.exe
C:... Read more

More replies
Answer Match 53.34%

Ok, I'm at wit's end. So I gotta ask for help.
I use IE7 browser and I'm getting the Sysfader error
whenever I visit Google Video, and of course the
browser goes down. This has only started happening,
I guess past six weeks or so. The Sysfader error does not
happen on any other video site, even youTube, just
Google Videos.

I've done all the troubleshooting and searched
everywhere for a solution. So I know the following
info.

- It's got nothing to do with nVidia card thingy.
I got all ATI stuff and a REAL-TEK sound card.

_ Under my system performance, all the scrolling and
fade effects are turned off (not checked) And I thought
that's what the Sysfader thing was, but that's not it.

-I've disabled all the IE7 add-ons except "cookies"
and the "Adobe Shockwave flash Active-x" cause the
videos won't play without it, but all other add-ons
have been disabled to see if that helped.
And restarted the browser and rebooted etc.

So, that's all I could find. And I'm stuck.

Okay, I just made it do it....I went
to Google Video, did a search on "Jordan Maxwell",
videos come up, I click on one, it tries to open up
in a separate window, then the error box pops up:

_____________________________________________________
SysFader: IEXPLORE.EXE - Application Error
The instruction at "0x75c54a27" referenced memory at "0x00000240".
The memory could not be "read". Click OK to terminate the program.... Read more

A:SysFader error when visiting Google Videos

Please do this:

http://blogs.msdn.com/ie/archive/2006/06/12/628499.aspx

1 more replies
Answer Match 53.34%

Ok, I'm at wit's end. So I gotta ask for help.
I use IE7 browser and I'm getting the Sysfader error
whenever I visit Google Video, and of course the
browser goes down. This has only started happening,
I guess past six weeks or so. The Sysfader error does not
happen on any other video site, even youTube, just
Google Videos.

I've done all the troubleshooting and searched
everywhere for a solution. So I know the following
info.

- It's got nothing to do with nVidia card thingy.
I got all ATI stuff and a REAL-TEK sound card.

-Under my System Performance in Control Panel,
all the scrolling and fade effects are turned off
(not checked) And I thought that's what the Sysfader
thing was, but that's not it, still happening.

-I've disabled all the IE7 Add-ons except "cookies"
and the "Adobe Shockwave flash Active-x" cause the
videos won't play without it, but all other add-ons
have been disabled to see if that helped.
And restarted the browser and rebooted etc.

So, that's all I could find. And I'm stuck.

Okay, I just made it do it....I went
to Google Video, did a search on "Jordan Maxwell",
videos come up, I click on one, it tries to open up
in a separate window, then the error box pops up:

_____________________________________________________
SysFader: IEXPLORE.EXE - Application Error
The instruction at "0x75c54a27" referenced memory at "0x00000240".
The memory could not ... Read more

More replies
Answer Match 52.5%

I just ran CCleaner
and proceeded with Disk defrag(its been a while)

I received an error that the defrag was cancelledat 74% because there was an error in file

C:\Program Files\Common Files\Adobe\TypeSpt\AdobeFnt07.lst
NOw I am totally confused--how can Adobe affect my disk defrag?

HJ log currently

Logfile of HijackThis v1.99.1
Scan saved at 11:12:05 AM, on 12/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\Program Files\Java\j2re1.4.2_09\bin\jucheck.exe
C:\Program Files\Lemontonic\Lemontonic Messenger Version 2.0 - Beta Edition\lt-imc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\user.s\Desktop\Stuff\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.... Read more

A:Solved: Disk Defrag cancelled-error in Adobe file?-HJ log included

I am running Micro Trend PC-cillin 2005-
is this something that I should be disabling before running the disk defrag?
Should I scan disk first?
or run disk defrag in SAFE MODE?

Help
Lexxie
 

3 more replies
Answer Match 52.08%

Hangs while loading control panel and start menu. It does eventually load, but it takes 30 seconds. WAY too long. All help would be GREATLY appreciated.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:49:26 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Downloads\HiJackThis_v2.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [DigitalStorm] C:\Windows\System32\Sp... Read more

A:Log file included. Specs included. Hanging while trying to access Control Panel and S

Hi boburke

I see you have Trend Micro HijackThis v2.0. This version of HijackThis is still a beta and is undergoing testing at this time. We prefer you to use Deckards System Scanner and then during the course of the fix HijackThis v.1.99.1. If you still need help please uninstall HijackThis v2.0 then follow these instructions.


Download Deckard's System Scanner to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, 2 text files will open - main.txt and extra.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back in this thread (do not attach it).
Please attach extra.txt to your post.


To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do:
create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if y... Read more

1 more replies
Answer Match 49.98%

HelloStrange occurrence on my in my browser. Thought it was in the new IE7 but I uninstalled that and reinstalled IE6. The problem is that I can't get to any Web site from UK with the .co.uk designation. The address bar will show the site I want but the status bar is linking to another search type site. I keep blocking the site listed but it returns with a different address. I have no problems with any .com sitesI run Adaware scans everyday while I am Online. Have ran Spybot and Webroot with no help for this. I never open a download until I scan with Norton and ran a system check with that also with no help. Temp files, Cookies and History are deleted after every Online session. So it is a Mystery as to how this got past me and why it just affects the .co.uk sites.The following is by HijackThis log. I don't now too much about what I see but is the three R3 SearchHook entries supposed to be there?I would appreciate your help.Logfile of HijackThis v1.99.1Scan saved at 9:37:49 PM, on 12/1/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\... Read more

A:Uk Web Sites Gone Hijack Log Included

I've not heard of those symptoms before but you are definitely infected. Part of what I am doing below will disable Spybot's protection to stop any interference - you will need to reinstate it later when everything is OK.You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked': R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)R3 - URLSearchHook: (no name) - ~B1F6E593-1AA7-19D7-F952-7A313FDD98A1} - (no file)O1 - Hosts: localhost 127.0.0.1O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO17 - HKLM\System\CCS\Services\Tcpip\..\{7459DFCD-ADF5-4486-AD31-DC117283FF73}: NameServer = 85.255.115.236,85.255.112.186Exit HijackThis when done. Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://swandog46.geekstogo.com/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, the... Read more

11 more replies
Answer Match 49.98%

Since a well meaning family member click on a pop up that said I had a virus and needed to install something (they can not remember what) the computer now crawls and there are certain web sites, this one included, that it just can not get to. I get the standard message that I must have entered the name wrong.

I have run CCleaner, AVG, Spybot S&D and Ad-Aware all to no avail. In fact, it took several tries to get an HJT log.

Here is my HJT Log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:27 PM, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Pro... Read more

A:Can not connect to certain web sites, this one included

16 more replies
Answer Match 49.98%

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:53:25 PM, on 6/5/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exec:\WINDOWS\system32\ZuneBusEnum.exeC:\Program Files\AVG\AVG9\avgemc.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.... Read more

A:I Keep Getting Redirected To Other Sites [Log included]

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please download DDS by... Read more

27 more replies
Answer Match 49.14%

Hey, I have been unable to connect to MSN messenger for a few days now and am also unable to access any of my e-mail accounts at various sites (I can't even get onto the main page at gmail). I can still log in on other computers but not on my own, and other sites still work on my computer. It seems likely that I have lost something vital to 128 bit encryption sites as I have shut down all of my firewalls and am still getting the same problem. I've tried everything I can think of but cannot get any of these sites to work. My HJT log is enclosed and I hope it helps get to the bottom of this.

Cheers.
 

A:Can't connect to 128-bit encryption sites, HJT log included

9 more replies
Answer Match 49.14%

Hey there, folks. I'm sure this is a fairly common issue to you guys (I've already browsed a few similar topics on this very site). Basically, I am unable to connect to a few websites. No, they are not down - I can access them just fine using a web proxy site like VTunnel or Anonymouse (just incase you were curious, tvtropes.org is among the sites I cannot access at the moment).

First off, I've already grabbed HijackThis and gotten a log file. It's at the bottom of this post.

Secondly, I've ran tracert in the command prompt, at least for tvtropes.org. I've also included its log at the bottom of this post. It times out ... quiet a bit.

Lastly, I've already went and checked on my hosts file. I even downloaded and ran the Microsoft Fixit for it.

I've already Googled around - I'm pretty much at my wits end here. Heard a friend suggest to me that it may be an issue with my DNS, but I can't access the websites even if I try via their IPs, so I'm not sure if that's the case.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:00 AM, on 2/3/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support C... Read more

A:Cannot access certain sites, even if they're not down. [hijackthis log included]

12 more replies
Answer Match 48.72%

Every time I search with google, i get redirected to something like "windowstopcontent.com", then i get some random search page... i think my machine isinfected with something, here is my HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:44 PM, on 6/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Ex... Read more

More replies
Answer Match 48.72%

Hey, and thank you for helping me try to fix this insidious disease!!

My computer, for a while, has been getting redirected to sites such as: Edmunds, Low Price Shopper, Shopica, some car shopping website that tries to appear to be searching for whatever your search query was, and various other obviously crap sites. This is extremely annoying, as I like to keep my computer in tip top shape. Otherwise, my system runs great, except for the occasional crash that has been happening recently. I just reinstalled Mozilla Firefox 3, and imported my bookmarks from an HTML i saved. Please help me, I have been combatting this for a while and absolutely NO anti spyware or anti malware have detected a thing. I run Windows LiveCare, which also doesn't find anything. THANKYOU!
here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:58 PM, on 3/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program F... Read more

A:Google redirects me to other sites! hijackthis log included

i hate to do this, but it's been a good while.
 

1 more replies
Answer Match 48.72%

Hello,

I just upgraded to Vista SP 2, and IE 8 and was just trying to add a new site to the Internet Explorer Trusted Sites in Security, and found that everything is greyed out.

I did a bunch of Googling, and did not resolve my issue (checked registry, cleared cookies, etc).

I have now come to find out that it is also greyed out for other employees at my company. I am guessing this might be something in a group policy, but I don't know how to resolve it. The systems administrator was fired, so we all are kind of at a loss at what to do

Any ideas? Screenshot below.

Version of IE: IE 8.0.6001.18865
Operating System: Vista Ultimate SP 2 (others are on XP)

Thanks
Jay

More replies
Answer Match 48.72%

My internet keeps redirecting me to random sites and i cant figure out why!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:08:37 AM, on 3/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Avast4\aswUpdSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Avast4\ashMaiSv.exeC:\Program Files\Avast4\ashWebSv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:&... Read more

A:Internet redirecting to random sites, HJT log included

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may tak... Read more

2 more replies
Answer Match 48.72%

Any time I click on a link on a Google search, I get redirected to different sites, the one I remember offhand is toseeka.

Here is my log. I appreciate any help I get.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:27 PM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\... Read more

A:Google links redirect to various sites - HJT log included

9 more replies
Answer Match 48.3%

Internet browser (IE 7) very slow on some sites, many others totally inaccessible (IE hangs up and never fully loads). Also receive Windows security alert that Auto Update is not enabled and I am unable to start it.
Have run McAfee virus scan, Adaware, Microsoft Live Security Scanner - the MS Scanner was able to fix most it found EXCEPT Vundo.gen and Tonick.gen - so I guess these two still exist.
My HTL is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:38 PM, on 7/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Progra... Read more

A:Solved: Slow browser/ inaccessible sites- HTL included

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Answer Match 48.3%

It seems that something is affecting my Internet Explorer. I haven't had any problems with this before. When I manually type in a URL it takes a minute or two to go to the page. IF I use a link from the same site saved as a bookmark the site loads instantly. I was able at one point to configure my firewall (Zone Alarm Pro) by forcing all programs to ask permission to access the Internet. One by one each program made the request. I then launched IE and my homepage came up. When I typed in an URL a program asked permission to access the Internet and I blocked it and the browser reacted normally by going to the requested URL. That doesn't work anymore.

Logfile of HijackThis v1.99.0
Scan saved at 7:32:26 AM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Zone Labs... Read more

A:Problems with Internet Explorer accessing sites...HJT log included Tks

That log looks perdy good, lets try looking deeper.

Please perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:

Save the file to your desktop.
Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

2 more replies
Answer Match 48.3%

Hi all

I'm having problems with the above error which pops up everytime I restart and periodically. I have ran AVG anti virus successfully and also SpyBot SD which removed all found problems (had to run it in safe mode to remove one issue). My HijackThis log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:51, on 14/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Progra... Read more

A:Need Help with "Windows - No Disk" error, log file included

Run HijackThis and click on "Config" and then on the "Misc Tools" button.
If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
Click on the "Open Uninstall Manager" button.
Click the "Save List" button.
Copy and paste that list here.
 

1 more replies
Answer Match 47.88%

Your help is VERY much appreciated!!TDSSKiller Log: 2011/04/05 11:34:22.0467 6092 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:282011/04/05 11:34:24.0293 6092 ================================================================================2011/04/05 11:34:24.0293 6092 SystemInfo:2011/04/05 11:34:24.0293 6092 2011/04/05 11:34:24.0293 6092 OS Version: 6.1.7601 ServicePack: 1.02011/04/05 11:34:24.0293 6092 Product type: Workstation2011/04/05 11:34:24.0293 6092 ComputerName: STATION-132011/04/05 11:34:24.0293 6092 UserName: fiona2011/04/05 11:34:24.0293 6092 Windows directory: C:\Windows2011/04/05 11:34:24.0293 6092 System windows directory: C:\Windows2011/04/05 11:34:24.0293 6092 Processor architecture: Intel x862011/04/05 11:34:24.0293 6092 Number of processors: 42011/04/05 11:34:24.0293 6092 Page size: 0x10002011/04/05 11:34:24.0293 6092 Boot type: Normal boot2011/04/05 11:34:24.0293 6092 ================================================================================2011/04/05 11:34:24.0667 6092 Initialize success2011/04/05 11:34:29.0877 4556 ================================================================================2011/04/05 11:34:29.0877 4556 Scan started2011/04/05 11:34:29.0877 4556 Mode: Manual; 2011/04/05 11:34:29.0877 4556 ================================================================================2011/04/05 11:34:30.0891 4556 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.... Read more

A:Redirected to sites via google links; OTL & TDSS logs included

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic and do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

3 more replies
Answer Match 47.88%

This site looks like a real gem! Can't wait to get an answer to this issue...

My history shows 538 visits to hornymatches.com/geolist18_35.php and I have never been there once...

Even more disturbing is the 397 visits to mostbeautifulman.com/picoftheday

Random myspace pages too...

Please help...

I already ran through the 5 steps from the faq...

Million Thanks In Advance!

Activescan:

Incident Status Location

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\anx2t083.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\anx2t083.default\cookies.txt[.go.com/] ... Read more

A:Adult and dating sites I've never been to are in history 500+ times... logs included

bump...

6 more replies
Answer Match 47.04%

This started about a week ago. I get popups like this: http://i.imgur.com/woPGCeq.png (screenshot) and webpages all stick double-underlined links into their text like this: http://i.imgur.com/w0zDkVW.png (screenshot).
 
I ran Malwarebytes, it removed a bunch of stuff, but apparently not what is causing these symptoms. Here's my log:
 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.14.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476MacFall :: MACFALL-PC [administrator]12/14/2013 12:58:10 PMmbam-log-2013-12-14 (12-58-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222271Time elapsed: 9 minute(s), 46 second(s)Memory Processes Detected: 1C:\ProgramData\QuickSet\SK.Enabler\SK.Enabler.exe (PUP.Optional.MultiPlug.A) -&gt; 696 -&gt; No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1495795506 (PUP.Optional.MultiPlug.A) -&gt; Quarantined and deleted successfully.HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -&gt; Quarantined and deleted successfully.HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -&gt; Quarantined and deleted successfully.HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -&gt; Quarantined and dele... Read more

A:Firefox opens tabs to sites like "findsection.net". Also, popups. Logs included

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.
1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.Important: Do not reboot your computer until you complete the next step.
2. Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of... Read more

5 more replies
Answer Match 46.62%

Hi, I have been having an issue with the search engine google, whenever I search for something, I would need to reclick the site several times because the first few times would not lead me to the site I want to go to, but instead to a site that is selling something related to what I have searched for, this is really starting to get annoying, so any help is appreciated.

Here is my hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 4:52:25 PM, on 07/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\PCI AUDIO APPLICATIONS\MIXER.EXE
C:\WINDOWS.000\SYSTEM\MPS.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CANON\MULTIPASS4\MPDBMGR.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\SYSTEM FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\goo... Read more

A:Solved: Google search links lead to adware sites-hijackthis included

16 more replies
Answer Match 46.2%

Hi, I am having a problem with my computer. Im Running on Windows XP. Everytime I do a search, when I click on a result it sends me to weird sites. I tried using MALWAREBYTES and SUPER ANTI-SPY ASSASSIN, but it didnt find anything. I then install AVG ANITVIRUS, when I did a scan it found TROJAN HORSE WIN32/PEPATCH.AO. I was unable to remove it because it infected files that I needed. I hope someone can help me fix this. I have included the HIJACKTHIS Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:49 PM, on 1/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\s... Read more

More replies
Answer Match 44.94%

While surfing the web, Norton came up and said that C:\Windows\dlm.exe was infected with a Trojan virus. It could neither repair nor quarantine the file, and I was not sure if I should hastily delete it or not. I stumbled upon this site and saw others with similar cases. So, I downloaded Hijack This and ran a scan. Here's the log below. Thanks to anyone willing to help!
Logfile of HijackThis v1.97.7
Scan saved at 6:14:04 PM, on 12/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\dl.exe
C:\WINDOWS\dlm.exe
C:\PROGRA~1\Proc Ford Software\Wave road regs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Progr... Read more

A:Infected File, Can't Quarantine - Log File Included

Have a look at this thread http://forums.techguy.org/showthread.php?threadid=215474&90068ef66b0d48b4d35365630275933b
 

1 more replies
Answer Match 42.42%

Logfile of HijackThis v1.99.1
Scan saved at 18:41:25, on 19.4.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\HJC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mcicdb.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explore... Read more

A:Help HJ Log file included

What is your problem?
 

1 more replies
Answer Match 42.42%

Log is attached, its on a friends computer, earlier today she went to a website and it gave her a popup, one of those fake ones that says you have viruses, she clicked off of it, and now she is getting all of these annoying pop ups and then it just plays things without pops ups like congrats you've won whatever. any help appreciated. thanks guys
 

More replies
Answer Match 42.42%

ogfile of HijackThis v1.99.1
Scan saved at 12:48:03 AM, on 27/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\System32\nvctrl.exe
C:\HP\KBD\KBD.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PhotoDeluxe BE 1.1\ezphoto\Ezphoto.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www... Read more

A:Need help, Log File Included

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download smitRem at http://noahdfear.geekstogo.com/click...click.php?id=1 and save the file to your desktop.

Please download Ewido Security Suite at http://www.ewido.net/en/download/ and read the Ewido setup instructions at http://rstones12.geekstogo.com/ewidosetup.htm. Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow the download and setup instructions at http://rstones12.geekstogo.com/adawareSE_setup.htm. Otherwise, check for updates. Don't run it yet!

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run Cl... Read more

1 more replies
Answer Match 42.42%

something is terribly wronglog file:Logfile of HijackThis v1.99.1Scan saved at 8:47:30 PM, on 11/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Wireless-G USB Network Adapter\WLService.exeC:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.5.0_08\bin\jusched.exeC:\GmailNotifier\gnotify.exeC:\aim\aim.exeC:\Steam\Steam.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\PictureProject\NkbMonitor.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\iTunes\iTunes.exeC:\Last.fm\LastFM.exeC:\Documents and Settings\treyrex\Desktop\hijackthis\HijackThis.exeO2 - BHO:... Read more

A:Help Please (log File Included)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Bit Defender 8 Free EditionInstall the program and then follow the prompts to download all available updates.Select Antivirus and then click the Settings button. Click Default. Click Ok.Select Local Drives and click Scan.When the scan is complete save the log and post it back here in your next reply.

2 more replies
Answer Match 42.42%

alright guys the HJT program told me to ask somebody more qualified than I, so i came here. here's the HJT file, pls tell me what to fix.

Logfile of HijackThis v1.97.7
Scan saved at 1:27:22 AM, on 12/30/2000
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wins\DLLHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\2Wire\HomePortal\2PortalMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\WINDOWS\System32\wins\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mike Robinson\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0... Read more

A:hjt file included, PLS HELP

9 more replies
Answer Match 42.42%

My friends computer run very slowly. Windows 98.

Logfile of HijackThis v1.99.1
Scan saved at 7:00:00 PM, on 4/10/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\KASPERSKY LAB\ANTIVIRAL TOOLKIT PRO\AVPCC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\KASPERSKY LAB\ANTIVIRAL TOOLKIT PRO\AVPM.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAM FILES\KASPERSKY LAB\ANTIVIRAL TOOLKIT PRO\AVPCC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINCMD\WINCMD32.EXE
C:\PROGRAM FILES\HJC\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOW... Read more

A:Please help (Log file included)

Add remove programs – remove if present – webHancer

Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe –osboot

O4 - HKLM\..\Run: [LaunchAttuneSetup] C:\WINDOWS\SYSTEM\msiexec.exe /i "D:\Corel\Graphics10\Aveo\09\01\attune.msi" /q

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"
Delete these folders

C:\Program Files\webHancer

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log

Please give feedback on what worked/didn’t work and the current status of your system
 

2 more replies
Answer Match 42%

Wow I have a killer problem here I had a malware that was popping up IE windows and kept trying to connect to the net anytime I went to windows explorer or control panels plus the ultimant defender, I tried to use search and destroy, avg antivirus, microtrend 12, windows malware remover, and no luck\
plus IE is popping up a new set of about 25 to 30 windows every 5 min or so

Any help is very grateful

ok was fast enough to get a log from in a normal boot if I hit the enter fast enough it made the scan then had to ctrl a and ctrl c within like 2 sec to get it but got it

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:58 PM, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\lqdhoadn.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program File... Read more

A:trojan HIJ file included

16 more replies
Answer Match 42%

Please help, I have IstBar problem and I can't get rid of it with Kaspersky AVP and Ad aware. This is my log file:

Logfile of HijackThis v1.98.2
Scan saved at 6:30:47 PM, on 2/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\kocinpg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\wincmd\WinCmd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\HJC\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
O4 ... Read more

A:HELP!!! HJ Log file included in post

I have virus Trojan Downloader.win32.istbar.gen and I can't delete C:\Program Files\ISTsvc\istsvc.exe

since I notice that I don't have new version of HijackThis this is new log file:

Logfile of HijackThis v1.99.0
Scan saved at 7:56:12 PM, on 2/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
C:\Program Files\Kaspersky Lab\AntiViral Toolkit Pro\avpcc.exe
C:\WINDOWS\kocinpg.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\HJC\HijackThis.exe

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Tech\Wheel Mouse\5.0\MOUSE32A.EXE
... Read more

1 more replies
Answer Match 42%

My firewall stopped SVC Host from connecting outbound. The report read that something had commanded it to connect and was closing that application.

When I cleaned out my offline files and history, all of my cookies except four were also gone. I have my machine set to where it only allows the cookies I accept, and never erase them.

I ran Spybot and get this as a threat: Win32.Agent.pz path:C:\windows\system32\wnspoem\.

Shortly after this threat appears on the screen, but before the scan is complete, the computer will shut off and will not restart until I unplug it.

The same happens when I run AVG, except I don't get an error before the system shuts down. NOD32 comes up clean.

I restored to a known good point, and at least I can boot up, where as before it would boot, shut down and reboot continiously.

All of my saved login names and passwords are also missing and have to be re-entered.

The system runs great until I try to scan.

Here is my log. All help is greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 2:54:15 AM, on 5/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG An... Read more

A:I have been infected!! HJT file included.

I finally got SpyBot to run an entire session and removed the only thing it found. Could someone please look at my HJT and tell me if everything is OK before I start entering usernames and passwords again.

I need to pay some bills, but don't won't my information hijacked.

Thanks all. When I am sure this thing is safe I definitely will donate.
 

2 more replies
Answer Match 42%

I have this problem where i am getting Random Pop Ups and advertisments, I have scanned using Norton for viruses and Microsoft Antispyware, without finding anything.

As a result i am including a HiJack this report as followed: -
Logfile of HijackThis v1.99.1
Scan saved at 15:38:59, on 09/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\SRVANY.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\FEELitDM.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WIN... Read more

A:Random Pop Ups - HJT Log file included

Hi pc_doctor

Uninstall MessengerPlus! 3 from Add/Remove Programs.
_________________________________________________________________

Download and run the LOP Uninstaller here: http://www.thespykiller.co.uk/downloads.htm

Close all browser windows, run the remover, reboot.
Post a new log.
 

1 more replies
Answer Match 42%

Hi guys,

i am in big trouble. It all started last week when i installed a game called - Urban Terror and i played it through a server. The game was legal by the way. As days went by, i noticed my computer was acting very strange ever since i played that game on a server. It will take ages to load for something very small and it often comes to a halt. Just 4 days ago, something terrible happened. You know the Norton Antivirus and Firewall program which comes standard on ure windows computer right? Well...it stopped loading. That is, the icon tray didnt appear next to the clock. I cant even get it to run and all it said was that i didnt have any "priveleages". Some of my other programs which involves .exe didnt work. I used system restore and everything returned back to "normal"

The next day, the bad news returned again. I was double clicking my icon tray and all of a sudden norton firewall and antivirus stopped working. I tried to use system restore but it didnt work. As well the system tray icons are gone. Some of my programs cant even access the internet anymore. I was then given no choice but to remove norton firewall and anti-virus. However the uninstallation didnt go as planned. It kept on saying there was an error but i kept on telling the popup to proceed and then it uninstalled. I then downloaded Avast! but it said that norton anti-virus is still in use and it might clash with the computer!

The bad news doesnt stop there as my myspace account has... Read more

A:Please help me!! Im desperate!! (log file included)

Hi and welcome to TSG,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

3 more replies
Answer Match 42%

heyy
uh, well i keep crashing, til a point where i cant even load into my desktop..
today weirdllly, i was able to get into my windows, but everything was gone, but it was okay....it didnt crash.
until a few hours later it started to :\

UPDATE: [4/1/06]
its now restarting on its own each time i happen to leave my computer :|
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:11:45 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
... Read more

A:i have a virus HJT log file included.

12 more replies
Answer Match 42%

heyy
uh, well i keep crashing, til a point where i cant even load into my desktop..
today weirdllly, i was able to get into my windows, but everything was gone, but it was okay....it didnt crash.
until a few hours later it started to :\

UPDATE: [4/1/06]
its now restarting on its own each time i happen to leave my computer :|


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:11:45 PM, on 3/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.... Read more

A:i have a virus HJT log file included.

I don't see anything suspicious in the log. Restarts can also be caused by overheating or bad RAM.
 

2 more replies
Answer Match 42%

DDS (Ver_09-01-07.01) - NTFSx86
Run by Alan Muther at 21:55:00.50 on Mon 01/26/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.279 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\... Read more

A:Too many virus pop-ups...DDS and zip file included

Hello -

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------
Download ComboFix

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recov... Read more

19 more replies
Answer Match 42%

Hi, please help me...my home page keeps changing now instead of having google. My kids use this computer as well and i' worried they have put something nasty on it I have run Hijackthis, i dont have a clue how to proceed to get rid of it so could you be gentle Thanks for help in advance....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:52:19, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\P... Read more

A:Please help, have included HiJackthis file

Can't believe how quickly this jumped off the first page...any help would be great thanks
 

1 more replies
Answer Match 42%

Logfile of HijackThis v1.99.1
Scan saved at 12:14:39 AM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\srxTitan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\USBStorage\USBDetector.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\South Ri... Read more

A:HELP I've Been HiJacked Log File Included

Hi Steve and welcome to TSF.

Don't post your email address in a public forum like this one. There are spammers lurking here. Please watch the language also. It's edited out.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After... Read more

1 more replies
Answer Match 42%

Hi, I'm Gary, I know some about computers but not enough :)

My home computer (that my son also uses) has stopped recognizing domain names. The only thing it shows in IE is "Can't show this page" also, my Outlook no longer connects to Cablelynx (my provider) to get my email - no error - just doesn't connect. If I do ipconfig in the dos window, I can get it to ping a numeric adress; but not a name.

I ran Spybot and it found EDS Exploit on my ID and about 32 things on my son's ID. I got rid of all those things, EDS or EOS came back each time until I found steps on the internet to remove it and went through them. The computer shows up clean now; but still doesn't recognize anything.

I'm using Norton Antivirus 2004 Ver 10.0.1.13 - Virus Definition 11/23/04
and Norton Internet Security Ver 7.0.6.17

These no longer find updates because of the problem. My friend here at work told me about HijackThis and this Web site.

I would appreciate any help you can give. I'm also reading the Security page on how to not let this happen again. :)

My HijackThis log file is listed below: Once again, Thank You for any help any of you can give. Also, I had a USB drive plugged in at the time to put the file on; but everything else but the Norton stuff should have been off as far as I can tell.


Logfile of HijackThis v1.98.2
Scan saved at 8:50:26 PM, on 12/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

R... Read more

A:I'm new and I have a problem :) log file included

Actually, you log is clean.

Download WinsockFix and unzip it. Then double-click on it to run it to help with your connectivity problem.

You can get a patch for the SpyBot/DSO Exploit issue here (known bug): http://www.majorgeeks.com/download4392.html

Let us know if you continue to have issues.

2 more replies
Answer Match 42%

My dads computer is very sick. I know he has the dyfuca virus and other spyware. I have ran ad aware and removed all it could but some were left. Please review the HJT file and advise me on the fixes. Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 10:27:57 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Toolbar\TBPS.exe
c:\PROGRA~1\Toolbar\radio.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ken\Local Settings\Temporary Internet Files\Content.IE5\6NIJANO5\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explor... Read more

A:Solved: Please Help!! HJT File Included

12 more replies
Answer Match 42%

Help! Hijack This Log is below, desperately need my computer back!!! I suddenly have 100% CPU usage and AdAware will get rid of it for a few minutes and it just comes back - have current version of Norton Security Suite that keeps finding 1 tracking cookie that AdAware Misses - also have SpywareBlaster and SpyCatcher installed.

SpyCatcher started to flash warnings that it has stopped spyware from running whenever I open a program right about the time this all started - is this a malware program by any chance? Also the same time this started about 5 of the last regular Windows updates from Microsoft failed - this has never happened to me before and with little time spent so far haven't found a way to delete the failed installations so they will update successfully.

Also I just upgraded to AdAware 2007 (free version) from the previous edition - there were about 29 new infections found by the upgraded program that the previous one didn't find, but the previous (free) version listed the number of infections found when it ran but when it notified how many it was removing there were always 11 more than the program stated - the new version doesn't tell me how many it's deleting so I wonder if they're still there or not. That used to do it until I rebooted and then they would be back, which tells me at least those are in the registry.

I got the latest version of Hijack This and installed this morning, below is the log file:

__________________________________________
... Read more

A:Help! I'm Hijacked?? Log File Included

Me again - I just wanted to update, since so many posts newer than mine have gotten lots of attention while mine has gotten none, I'm about to be HOMELESS because I can't use my computer......

Regarding the 5 steps, I have been trying to complete as much as possible. Obviously the failed Windows Updates are the main concern and quite possibly my problem, and since I have my machine set to update automatically and daily I would imagine anyone else that does the same would know the exact updates I need....

Besides immunizing with IE-SPYAD because it's unclear whether the program will work, or is needed, with IE7 which I believe is past the beta stage now, the only thing I can think of that I haven't done yet regarding the 5 steps is install DSS - this is because it took over 6 hours for a SpyBot scan that I believe normally takes 5 minutes.....which did find 5 things not previously found, 3 of which seemed to have to do with disabling of Windows security such as antivirus and firewall??? And now the Panda scan has been running for over 4 hours and isn't even a third done.... As soon as I can I will download dss and submit a new scan and log file, but with the way things are going that could take days and I really need HELP!!!!!

Any suggestions anyone may have regarding the failed Win XP (SP2) updates would be really appreciated (I made sure all updates were made before installing the sp2).

Thanks a lot folks.

4 more replies
Answer Match 42%

Logfile of HijackThis v1.99.1
Scan saved at 5:00:49 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\... Read more

A:Help! (hijack this file included)

9 more replies
Answer Match 42%

I definitely have a virus. The homepage on IE was changed to coolpics.com and I can not change it (you no longer can highlight the buttons in properties), I also can not open task manger or edit the registry because I get an error message stating that it has been disabled by the administrater (which I am). When I shut down I get svhost.exe is shutting down message which takes forever to end and I also get some small random IE box in the top left corner of my screen showing "page not found". When I do a virus scan I get an infected trojan in svchost32.exe and svhost.exe but quarantining them does nothing. Thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 5:47:14 PM, on 12/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA... Read more

A:Virus HJ Log File Included

8 more replies
Answer Match 42%

Please advise on invalid files to remove. Thanks

Logfile of HijackThis v1.99.0
Scan saved at 4:03:32 PM, on 6/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadru... Read more

A:Please Advise, HJT file included

12 more replies
Answer Match 42%

Win XP
Can't get user logged in
windows installer won't run
totally buggy since visiting chinese P2P site
 

More replies
Answer Match 42%

Hello all,This is my first time to this forum, and I'm hoping someone can check out my logfile from HiJackThis. My girlfriend was using my computer and claimed she started seeing pop-ups and getting porn ads embedded into sites like the local news channel and other normally porn-free sites. I did a scan with Malwarebytes and found a ton of items which I deleted, and also found that WinBlueSoft was in my Add/Remove Programs. I removed it from there, but I am still getting pop-ups. The infected items are being found over and over again each time I do a scan with Malwarebytes and with AdAware, even in Safe Mode. I just discovered I cannot do a defrag (I can get to the defrag screen, but I get an error message when I try to defrag C: that says "Disk Defragmenter could not start". I've got a total drive size of 144 GB and 12.2 GB remaining, but I'm not sure that would affect the defrag process. Lastly, I cannot get the DVD burner to burn using any of the most popular burning software anymore--the programs always say something to the effect that there is no DVD burning device installed. The drive itself works and plays both music CDs, game discs and movie DVDs. My recovery disc for my computer is not recognized when I reboot, although I am able to explore that disc and see the contents of it. I can't think of any other info that would be useful to you all, so I'll just attach the logfile and check back soon. Thank you for any help you can offer!Logfile of... Read more

A:WinBlueSoft?? Please help--HJT log file included

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Answer Match 42%

I have run Hyjack This and I am including my log file for help on items that should be removed and the best way to remove them. I have had various Trojan viruses removed and continue to have Hyjack problems. I am also unable to delete some Wild Tangent components as well as downlaod the Windows Service Pack 2. I have Windows XP operating system. Thanks for your help!

Logfile of HijackThis v1.99.0
Scan saved at 10:56:01 PM, on 1/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program F... Read more

A:PLEASE HELP!!! Hyjack This log file included

16 more replies
Answer Match 42%

I've run Spybot and rebooted twice and run Ad-Aware SE Personal and rebooted twice and am still getting several pop-ups. There is also a CashBack program that is reinstalling and placing a dog icon in my systray. I've removed it twice but it keeps reinstalling. A similar issue happened once before and this forum was a big help. Any assistance this time is appreciated.

HijackThis log file is:

Logfile of HijackThis v1.97.7
Scan saved at 10:56:20 PM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\elwvica\famif.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\eico\tuuv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files... Read more

A:Pop-ups - HijackThis log file included

Are you sure you're running updated versions of those programs? If not, try updating them manually, run them and then reboot, then run another HJT and post the log. I will be able to provide assistance with any logs between 5 and 6pm GMT+1
 

3 more replies
Answer Match 42%

Logfile of HijackThis v1.99.1
Scan saved at 3:12:25 PM, on 7/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\cndw\command.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\iftuyszv.exe
C... Read more

A:Please Help.... (hijack This File Included)

Hi Welcome to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool ... Read more

1 more replies
Answer Match 42%

I'm about to lose my mind with all the spyware on my computer and the problems created by them. I've used Ad-Aware SE, Spybot Search&Destroy and even tried Registry Mechanic, but nothing is working. I get non-stop pop-ups where the pop-up tries to download something and a windows notification pops up and asks whether I want or install or not install, 95% of the pop-ups addresses say www.loadingwebsite.com(followed by someother random BS). PLEASE HELP ME FIX THIS BEFORE I LOSE WHATEVER SANITY I HAVE LEFT!!!!

Here is my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 3:32:33 AM, on 02/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Softw... Read more

A:Please help me get rid of spyware (log file included)

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore... Read more

5 more replies
Answer Match 41.58%

Hi, i'm like all of you a guy who likes the internet surfing, i ever prevent malicius software usin antivirus and anti-adware or malware and spyware, i just remember when i defeated my first soyware thaks to this page, now the day of wrath come to my computer and a new amenace is here: THE EVIL SPYWARE QUAKE.
I downloaded a .exe file and ejecuted it, panda tell me about hack tools, trojans etc, i eliminated the files, and now i have a free antivirus: the spyware quake, it continuelslly attack me, i surf and get some answers to this evil trojan, i ran antivirus, some stuff what i donnot remember, all from post of memebrs in the same problem. Now i dont have pop ups or the spy quake installed, but, whne i run the spyhunter V2.0 it finds DCOM.trojan and 2 Zlob.trojan. I use win Xp proffessional
Logfile of HijackThis v1.99.1
Scan saved at 13:40:39, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Panda Software\Panda Plati... Read more

A:Spyquake, Trojans And More, Hjt Log File Included

16 more replies
Answer Match 41.58%

Hi all, im new here
I'm currently using Firefox because Internet explorer doesn't work.
Everything work fine except IE. When I type any address into the address bar I get the message
The address is not valid
or
Internet Explorer cannot display the webpage

If I type msn.com, it will appear as http:///? msn.com.
I scanned with SUPER Anti-Spyware, nothing found. Upgraded to IE 8 beta, still the same.

Here's my Hijack log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:57 PM, on 15/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\system32\taskeng.exe
C:\Users\MYCOMP~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Wind... Read more

A:IE7 The Address is not valid (Log file Included)

6 more replies
Answer Match 41.58%

My computer started up for no longer than 5 minutes, and the bluescreen came on. The computer restarted and now it seems like everything is okay for now... can anyone help with this?

On second thought, I can't seem to upload the .xml file that the bluescreen said would provide more information on the bluescreen.

A:Random BSOD DMP and XML file included.

Hi darknight; sorry you are having problems. Please read this thread and post back. We will be glad to help you. We need the system information the tool provides in order to better help you.

http://www.sevenforums.com/crashes-d...tructions.html

3 more replies
Answer Match 41.58%

Soon as I open internet explorer my home page becomes awesomehomepage.com/a long line follows. This is my log file please help. ThanksLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:01 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc... Read more

A:hijacked homepage file log included

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Answer Match 41.58%

Quick back story. This computer was suffering from a stop code of 0x0116 about twice a month. The graphics drivers were uninstalled and updated with the newest ones. There were no issues for about two weeks until it started happening again.

I wiped the computer, installed latest drivers and all updates. Everything was working fine until I received the stop code 0x09f. I done some research, but do not know why it is occurring now. Anyone know? See attached file.
 

A:0x09f BSOD - .dmp File Included

10 more replies
Answer Match 41.58%

I am so sick of trying to fix this, Ive had this for about 3 weeks and paid for a lot of these training videos for a package.

Softwarevideo.com won't respond to my videos.
So please, if anyone knows why I cant see video, please help me because Ive tried different codecs and nothing works.

1 - I have QT7, regular .mov files work fine.
2 - I use VLC for most other videos, still wont play video in there.
3 - I have a Video Converter, the .mov files will not convert to any other format they just show the "Software Video Logo".

I dont know what is wrong, have i done something wrong?

Download to Test/Help: http://www.jream.com/upload/img/1.mov
I would right click > download, in my web browser it just shows the logo :\
 

A:I cant get this MOV to play the video [File Included]

12 more replies
Answer Match 41.58%

Hello all!

Hoping you guys can help, I'm getting a repeated bluescreen when trying to load Cubase.

No new software has been installed/updated [to my knowledge] so I'm guessing it may be a hardware issue.

I backed everything up using Windows Backup, and attempted a System Restore to 3 weeks prior. This didn't work unfortunately, and after another bluescreen/reset Windows started and proceeded to desktop with this message:

Windows has recovered from an unexpected shutdown:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 2057

Additional information about the problem:
BCCode: 124
BCP1: 0000000000000000
BCP2: FFFFFA800811D748
BCP3: 0000000000000000
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\100213-15007-01.dmp
C:\Users\Bouch\AppData\Local\Temp\WER-26020-0.sysdata.xml

I have included the dmp file as an attachment to this post.

Many thanks for any help in advance!

A:BSOD problem , dmp file included

Hi MissGrimsby.

The BSOD that you supplied is a stop 0x124, usually it is assumed to be a hardware related error. To debug that issue, we need some more information.

First, Post it following the Blue Screen of Death (BSOD) Posting Instructions.

Second, fill up your system specs.
See your system specs and fill it up here.

Also, take some hardware tests.

Test your RAM modules for possible errors.
How to Test and Diagnose RAM Issues with Memtest86+
Run memtest for at least 8 passes, preferably overnight.

Stress test the Graphics Card using Furmark.
Video Card - Stress Test with Furmark

Stress test the CPU.
Hardware - Stress Test With Prime95

Check if the Power Supply Unit (PSU) supplying adequate power to the computer or not.
eXtreme Power Supply Calculator
Also let us know the wattage of the PSU.

Is the computer hot? Report us the heat of the computer after a couple of hours of your normal usage. Upload a screenshot of the summery tab of Speccy.

Let us know the results.

BTW, we have noticed BSODs with Cubase earlier ... make it sure that the software is properly updated and the hardware is working fine.
________________________________________________________________________

Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* ... Read more

7 more replies
Answer Match 41.58%

AVG cleaned out malware and quarantined some stuff, but it's not over. Thank you so much for any help you can give me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:33 PM, on 2/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\T... Read more

A:Malware still hanging on- log file included

7 more replies
Answer Match 41.58%

Please someone analyze this dump file caused BSOD:

A:Bsod =( [dump file included]

BUMP!
Please someone analyze it

8 more replies
Answer Match 41.58%

Hi, I would really appreciate if someone could tell me if theres anything wrong with my pc. Its been acting up lately. Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:08, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Muiltmedia keyboard utility\2.2D\KbdAp32A.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:... Read more

A:Solved: PC acting different Can someone please take a look? HJT file included

7 more replies
Answer Match 41.58%

Hey all, can someone please take a look at my file. Been getting some strange popups and the performance on my computer has been slow. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 10:36:11 AM, on 5/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\HP DLA\dlatray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe... Read more

A:Solved: Need help, HJThis file included...

11 more replies
Answer Match 41.58%
A:BSOD (DUMP file included)

BSOD caused by a Kaspersky product(kl1.sys), This is a know problem in the older versions. Uninstall the product using the Removal tool then download the latest version 11.0.2.556
Product Updates

Code:
Unable to load image \SystemRoot\system32\DRIVERS\kl1.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kl1.sys
*** ERROR: Module load completed but symbols could not be loaded for kl1.sys
Probably caused by : kl1.sys ( kl1+422df )

2 more replies
Answer Match 41.58%

Ok, so i make backups of all my games on to my pc so i don't need to carry the disks with me (i lan it up often). When i bought two new Samsung F1 750gb harddrives i was copying data over to one of them and my PC crashed (other story) and then THIS happened!

Its kinda annoying and i think it's a Vista thing because Ubuntu sees the drive as how i named it.

I've tried renaming the disk, and no avail.

Please help!

Thanks in advance
~V
 

A:Vista sees HDD like a file -- pic included

8 more replies
Answer Match 41.58%

First here is the original detection: FYI with the so cold McAfee removal of the said Trojan, this message shows up everyday and seems to multiply, Run Spybot, McAfee, and CounterSpy V3 current definitions.

McAfee has blocked a potentially unwanted program (PUP) on your computer. If you do not recognize it, we recommend that you remove the program.

About this Potentially Unwanted Program
Name: Tool-NirCmd
Location: C:\WINDOWS\TEMP\SBS_VE_AMBR_20090124025925.796_ 369626
Then I got this one when I told McAfee to close alert since it cannot remove the program

McAfee has blocked a potentially unwanted program (PUP) on your computer. If you do not recognize it, we recommend that you remove the program.

About this Potentially Unwanted Program
Name: Tool-NirCmd
Location: C:\WINDOWS\TEMP\SBS_VE_AMBR_20090124025934.187_ 369639

So Again I say close this alert since it cannot remove it and I get this:

McAfee has blocked a potentially unwanted program (PUP) on your computer. If you do not recognize it, we recommend that you remove the program.

About this Potentially Unwanted Program
Name: Tool-NirCmd
Location: C:\WINDOWS\TEMP\SBS_VE_AMBR_20090124030041.968_ 369716

I do the same and get these:

McAfee has blocked a potentially unwanted program (PUP) on your computer. If you do not recognize it, we recommend that you remove the program.

About this Potentially Unwanted Program
Name: Tool-NirCmd
Location: C:\WINDOWS\TEMP\SBS_VE_AMBR_20090124030049.734_ 369729
Then These:

McAf... Read more

A:Think I Got a Trojan please help Hijackthis log file included

13 more replies
Answer Match 41.58%

Hi my name is Slavomir.
Lately i encountered BSOD and would really like to know what is the cause so i can prevent it in near future.

I already used SF Diagnostic tool and i will post a zip file with everything you need in orded to find out whats the cause.

Thank you for your help.

A:Windows 7 BSOD cdd.dll and other zip file included

Welcome to the Forum.

Based on the bugchecks, I would recommend you follow and complete the steps given below:1. If you are overclocking any hardware, please stop. Reset any changed values back to default and reset/clear CMOS: Clear CMOS - 3 Ways to Clear the CMOS - Reset BIOS. Uninstall any overclocking tool as these can also be a reason of blue screens.

2. Uninstall your current antivirus software. It can be a cause of BSOD very often. Please remove it with its removal tool and use Microsoft Security Essentials in its place. Malwarebytes is a great combination with it. Go through this thread for more info.

3. Run Disk Check with both boxes checked for all HDDs and with Automatically fix file system errors. Post back your logs for the checks after finding them using Check Disk (chkdsk) - Read Event Viewer Log

4. Run SFC /SCANNOW Command - System File Checker to check windows for integrity violations. Run it up to three times to fix all errors. Post back if it continues to show errors after a fourth run or if the first run comes back with no integrity violations.

5. Make scans with Kaspersky TDSskiller and ESET Online scanner.

6. Perform a Clean Start up, this will help avoid any problematic applications from bugging the system.

7. Use Revo Uninstaller Free to uninstall stubborn software. Opt for Advanced Mode and uninstall the software, delete the leftover registry entries.

8. Use Crystal Disk Info to upload a screenshot of your Hard Drives (s). Test ... Read more

7 more replies
Answer Match 41.58%

For the past few days I have been getting Google redirects. Occasionally when I click on google search results I am taken to an advertising page instead of the result I asked for. Additionally, my browser seems to be running slower than usual, and I am unable to update my antivirus software (Symantec Antivirus Corporate Edition).I ran a full virus scan and a Malwarebytes scan. Malwarebytes found Trojan.Vundo.H and removed it. After Vundo was removed the computer stopped opening IE windows that asked my to buy an antivirus program, but the redirecting problem persists. More recent scans have found nothing.Here's the HJT log. I can also post the Malwarebytes log if that will help. Thanks for any help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:30:37 PM, on 1/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS ... Read more

A:Google Redirects, HJT Log File Included

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.

2 more replies
Answer Match 41.58%

It happened last night, i dont really know what happened.

A:Bsod crash c2 dmp file included

A couple of steps here:
First -
Quote:




H/W Diagnostics:
Please start by running these bootable hardware diagnostics:
http://www.carrona.org/memdiag.html (read the details at the link)
http://www.carrona.org/hddiag.html (read the details at the link)

Also, please run one of these free, independent online malware scans to ensure that your current protection hasn't been compromised: http://www.carrona.org/malware.html (read the details at the link)




Next -
Quote:




Please update or remove these older drivers that were loaded at the time of the crash. Don't use Windows Update or the Update drivers function of Device Manager. Please use the following instructions to locate the most current drivers:

Quote:




How To Find Updated Drivers:
- search Google for the name of the driver
- compare the Google results with what's installed on your system to figure out which device/program it belongs to
- visit the web site of the manufacturer of the hardware/program to get the latest drivers (DON'T use Windows Update or the Update driver function of Device Manager).
- if there are difficulties in locating them, post back with questions and someone will try and help you locate the appropriate program.




- some driver links are on this page: http://www.carrona.org/drvrdown.html

Here's the older drivers:

Code:
cmaudio.sys Mon Jul 15 22:58:09 2002 - VERY IMPORTANT!!! C-Media Aud... Read more

1 more replies
Answer Match 41.58%

Hi all,

I was playing LAN in my appartment when I suddenly BSODed.
Is there anyone who could make out why from the dump file ?

My specs are:
i7 intel.
Win 7 64
8 Bg Ram
Geforce 850

A:BSOD, one dump file included

  
Quote: Originally Posted by dancodan


Hi all,

I was playing LAN in my appartment when I suddenly BSODed.
Is there anyone who could make out why from the dump file ?

My specs are:
i7 intel.
Win 7 64
8 Bg Ram
Geforce 850


Yes

Hi and welcome

You seem to have two problems. One old drivers.

These need to be updated


Code:
secdrv.SYS fffff880`07f41000 fffff880`07f4c000 0x0000b000 0x4508052e 9/13/2006 8:18:38 AM
LVUSBS64.sys fffff880`04c6c000 fffff880`04c78900 0x0000c900 0x45ee07ec 3/6/2007 7:31:40 PM
Rtnic64.sys fffff880`047e7000 fffff880`047f9000 0x00012000 0x48401957 5/30/2008 10:12:23 AM

Code:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\K\Desktop\022010-20451-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*d:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7600 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7600.16385.amd64fre.win7_rtm.090713-1255
Machine Name:
Kernel base = 0xfffff800`02c0d000 PsLoadedModuleList = 0xfffff800`02e4ae50
Debug session time: Sat Feb 20 13:01:19.990 2010 (GMT-5)
System Uptime: 0 days 3:08:51.004
Loading Kernel Symbols
................. Read more

2 more replies
Answer Match 41.58%

Well, I've ran many various virus scans, spyware scans, done much cleaning... booted into safe mode, ran more scans... every single night until I come up clean. Then suddenly, boom! I end up getting hit with either Worm/Allaple.A or IRC/BackDoor.SdBot2.KWD again! I've followed instructions on removing SdBot2.KWD a few times, yet it keeps coming back, often times when I open Firefox. (Tried clearing the cache several times to no avail)

I'm also having problems with disconnecting from the internet (I'm on dial-up) Which arose when I got the first infection... it was constantly using the internet, probably trying to download more junk. I got rid of it, and i'ts no longer giving me that problem, but 2 out of 3 times, my internet will disconnect, yet my computer thinks it's still connected. I'll try to disconnect, nothing happens. When I try to bring up the status window, it just flickers on screen and then disappears right away. I'm not sure if this is related to my infections, but I'm thinking it just might be...

I haven't installed any new programs lately, so it must've been something that slipped when somebody else was using the computer. I realize it's probably my own fault for not having SP2 installed, but as I said, I'm on dial-up, so until I find somebody with the updates on a disc, it's going to stay the way it is. I just need to know how to get rid of whatever keeps letting these pesky little viruses... Read more

A:Solved: I keep getting reinfected (HJT file included)

9 more replies
Answer Match 41.58%

Hi I downloaded some stuff that apparently must have had a virus. Here's what happened. The Trend PC Micro Cillin popped up and said I had some sort of malware, which said both C: autorun.inf and D:autorun.inf, and everytime I clicked to remove these files, more would pop up in less than a minute. So I quickly deleted what I could find of these programs and anything else that may have downloaded with it to my computer, and there seemed to be a problem still, as I got the same Trend Micro PC Cillin warning. Then I restarted my computer thinnking that would help. Then I looked on the taskbar (the bar on the bottom of the screen), and the volume and network icons were gone. When I tried to fix these settings,the check boxes were blanked out where I couldn't check them (gray). So I just gave up until today, when I got on my computer, the password thing looked exactly the same (for the computer) but when the page loaded, my background was black, the taskbar and windows looked like the old Windows Basic, (gray and blue boxy), but my pictures and programs all appeared to be the same! So I just freaked out and unplugged the computer, started Windows normally, and now my internet is redirecting me to all these Ads sites such as elle.com and yellowpages.com, (not sure if that's relevant) and now I did a log file so Here it is, if anyone can help me, i guess it serves me right from those stupid downloads. And the taskbar is back to normal but those icons are still gone. P... Read more

A:Malware Virus, Please Help! (log file included)

bump
 

2 more replies
Answer Match 41.58%

Good morning, Tech Support People.
About a week ago, my circa 4 year-old Dell Inspiron 6000 labtop running XP OS was operating somewhat decently. Then I downloaded a rather large word file and attempted to download an unwieldy .jpg---both for work and both having cleared Gmail's virus scan. System's been runningly increasingly slowly ever since. Tried removing suspect Word files and have run several Norton scans---diagnostic, spy/mal-ware, optimization---all of which produced nothing of note other than my "CPU is running slowly" (not v. helpful). Thought that before I gave into the dark temptation of registry scrubbing, I'd reach out to y'all for a little assistance.

Any thoughts? My sincere thanks in advance!

To this end here is my HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:35 AM, on 5/13/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Exp... Read more

A:XP Sluggishness - Hijack File included

16 more replies
Answer Match 41.58%

I have run Spybot, Adaware and online virus scan and cleaned everything they told me but my IE browser is still hijacked. Below is the HJT log file. This is my church's computer and I need to get it back on line. Thanks.

Logfile of HijackThis v1.99.0
Scan saved at 9:05:11 AM, on 1/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\S3tray2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\SED\SED.exe
C:\WINDOWS\system32\rkvuwr.exe
C:\Program Files\Spy... Read more

A:Browser hijacked, HJT log file included

First download lspfix.exe from http://www.spyware911.net/downloads/LSPFix.exe. Launch the application, and
click the "I know what I'm doing" checkbox. and move all instances of calsp.dll to the remove
pane(left hand) and click finish.

Now start your computer in Safe Mode and delete:
C:\windows\system32\calsp.dll - file

How to restart to safe mode:
Because XP will not always show you hidden files and folders by default, Go to Start - Search and under "More advanced search options". Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types". Now click "Apply to all folders"
Click "Apply" then "OK

Post a new hijackthis log
 

3 more replies
Answer Match 41.58%

Hello my wifes computer was being use to browse the web and got attacked by massive amounts of pop ups. I ran spybot and AVG and after doing this her computer can no longer get online w/ IE when you try to go to a site it just acts as if you dont have any internet service. Below is the Hijack this file.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:46:58 AM, on 6/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\rundll32.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\ARPWRMSG.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\windows\system32\RUN... Read more

A:cant log online w/ IE Hijack this file included

9 more replies