geek

She has most of that and has been running it. Thanks for your time. Just to let you know, Sygate was bought by Symantec and no longer offers a free version unfortunatly.

May I ask what it is you find suspicious? What is problematic? Logfile of HijackThis v1.99.1 Scan saved at 5:06:22 PM, on 10/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgups

--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 8:52:47 PM 10/12/2006 + Scan result: C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP403\A0089634.exe -> Adware.PurityScan : No action taken. C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090827.exe -> Adware.PurityScan : No action taken. C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP405\A0090834.exe -> Adware.PurityScan : No

VundoFix V6.2.1 Checking Java version... Scan started at 10:11:54 PM 10/10/2006 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.2.1 Checking Java version... Scan started at 8:34:45 PM 10/11/2006 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.2.1 Checking Java version... Scan started at 8:52:42 PM 10/11/2006 Listing files found while scanning.... No infected files were found. Beginning removal...

Logfile of HijackThis v1.99.1 Scan saved at 8:08:10 PM, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG

ignore

Logfile after the above found no files and removal of Yinstall.exe. Logfile of HijackThis v1.99.1 Scan saved at 10:20:01 PM, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft

Ok, here is the log. Upon rebooting, the PC keeps opening a site at web . link4all . biz without the spaces, and asks the person to download photogbase.com/install.html. Even when the user doesn't install, it keeps popping up. Ok, well, looks like I figure out the problem. "O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\Yinstall.exe" was the culprit, it seems. Stopping it's process and deleting it at it's root file seems to have eliminated the web based pop up. After logging in on every account on this PC, it appears the situation is resolved. If anyone sees anything other that is suspicio

Ok, here is the log. Upon rebooting, the PC keeps opening a site at web . link4all . biz without the spaces, and asks the person to download photogbase.com/install.html. Even when the user doesn't install, it keeps popping up. Logfile of HijackThis v1.99.1 Scan saved at 8:38:54 PM, on 10/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:

Ad-Aware SE Personal Adobe Flash Player 9 ActiveX Adobe Reader 6.0 AVG Free Edition eMachines Bay Reader GdiplusUpgrade Google Talk (remove only) HijackThis 1.99.1 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB896344) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP PSC & OfficeJet 4.7 HP Software Update Intel® Extreme Graphics Driver Intel® PRO Network Adapters and Drivers Java 2 Runtime Environment, SE v1.4.2 K-Lite Codec Pack 2.25 Full Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB8

Known trojan was said to have been removed by AVG, but is still present. Figured someone here might be able to point out issues to be resolved. Thanks in advance. Logfile of HijackThis v1.99.1 Scan saved at 3:46:18 PM, on 10/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA

I used hijack this, then went in via command prompt to delete the kernelll.pif file, and upon restart my registry eidtor and taskmanager work flawlessly. updated log below Logfile of HijackThis v1.99.0 Scan saved at 9:27:17 PM, on 2/7/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\sp

Problem: on reboot, my task manager and registry editing tools are disabled, no matter the user. Specs: AMD 2100+, 512 MB RAM, 80 GB HD nearly full. Let me know what else you need. Logfile of HijackThis v1.99.0 Scan saved at 8:18:59 PM, on 2/7/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS