Over 1 million tech questions and answers.

HIJACKTHIS LOG AND ROOTREPEAL REPORT SCAN:

Q: HIJACKTHIS LOG AND ROOTREPEAL REPORT SCAN:

I AM HAVING PROBLEMS WITH VIRUS,TROJANS AND WHO KNOWS WHAT ELSE I HAVE RAN SUPERANTISPYWARE AND MALWARE BYTES AND THESE ARE WHAT SAS FOUND AND REMOVED:ADWARE.TRACKING COOKIESADWARE.VUNDO VARIENT/RELROGUE.COMPONENT/TRAYWARE 2009CEROGUE.XPDELUXEPROTECTORTROJAN.ANGENT/GEN-FRAUDDROPTROJAN.ANGENT/GEN-FREDDYTROJAN.DROPPER/WIN-NVROGUE.XP ANTISPAND I WAS GETTING ALERTS FOR WIN32 VIRUSI AM ALSO HAVING PROBLEMS WITH MY IE8 BROWSING ASWELL:THIS IS WHAT I KEEP GETTING IN MY BROWSER POP UP EVERY 2-3 SEARCHES TELLING ME I AM INFECTEDInsecure Internet activity. Threat of virus attackDue to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.Also insecure Internet activity can result in revealing your personal information.To get full advanced real-time protection for PC and Internet activity, activate XP Deluxe Protector. We recommend you to protect your PC now and continue safe Internet browsing. Click here to get full advanced real-time protection and continue browsing. Continue to this website unprotected (not recommended).AND WANTS ME TO PURCHASE XP DELUXE PROTECTOR.I HAVE RAN A ROOT REPEAL REPORT SCAN AND A HIJACKTHIS LOG AND HAVE POSTED THEM BELOW...PLEASE HELP THANKSROOTREPEAL REPORT SCAN:ROOTREPEAL © AD, 2007-2009==================================================Scan Time: 2009/07/04 14:35Program Version: Version 1.3.0.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:\windows\System32\Drivers\dump_atapi.sysAddress: 0xED052000 Size: 98304 File Visible: No Signed: -Status: -Name: dump_WMILIB.SYSImage Path: C:\windows\System32\Drivers\dump_WMILIB.SYSAddress: 0xF7B66000 Size: 8192 File Visible: No Signed: -Status: -Name: rootrepeal.sysImage Path: C:\windows\system32\drivers\rootrepeal.sysAddress: 0xB7F79000 Size: 49152 File Visible: No Signed: -Status: -Hidden/Locked Files-------------------Path: C:\hiberfil.sysStatus: Locked to the Windows API!Path: c:\documents and settings\gabriel.your-4105e587b6\local settings\temp\~df27bb.tmpStatus: Allocation size mismatch (API: 16384, Raw: 0)Path: C:\Documents and Settings\SoakGame\Local Settings\Temp\Temporary Internet Files\Content.IE5\03JX331D\qualia_W0QQa10244ZQ2d24QQa31243ZQ2d24QQalistZa31243Q2ca10244QQcatrefZC6QQfromZR10QQfsooZ2QQfsopZ2QQftrtZ1QQftrvZ1QQgcsZ1546QQpfidZ1920QQpfmodeZ1QQrcZ1QQrctrackZ1920QQsac[1].htmStatus: Locked to the Windows API!Path: C:\Documents and Settings\SoakGame\Local Settings\Temp\Temporary Internet Files\Content.IE5\03JX331D\marginad;ad=120x240;sz=120x240;tile=3;dcopt=ist;dept=58271;msn_refer=n;heavy=y;slateid=2081904;poe=yes;fromrss=n;rss=n;pos=120x240top;ord=908252308931720300[2]Status: Locked to the Windows API!Path: C:\Documents and Settings\SoakGame\Local Settings\Temp\Temporary Internet Files\Content.IE5\37TTRCNH\&color_link=007c85&color_url=007c85&color_border=ffffff&color_line=ffffff&ad_type=text&region=main%20sec&cc=100&u_h=768&u_w=1280&u_ah=734&u_aw=1280&u_cd=32&u_tz=-480&u_java=trueStatus: Locked to the Windows API!Path: C:\Documents and Settings\SoakGame\Local Settings\Temp\Temporary Internet Files\Content.IE5\DYP2UQXK\qualia_Televisions_W0QQa10244ZQ2d24QQa14Z1764QQa26446Z31267QQa31243ZQ2d24QQa31245Z31254QQa6Z31247QQalistZa6Q2ca31245Q2ca26446Q2ca14Q2ca31243Q2ca10244QQcatrefZC6QQcoactio[1].htmStatus: Locked to the Windows API!Path: C:\Documents and Settings\SoakGame\Local Settings\Temp\Temporary Internet Files\Content.IE5\WKNFGRBZ\&color_link=007c85&color_url=007c85&color_border=ffffff&color_line=ffffff&ad_type=text&region=main%20sec&cc=100&u_h=768&u_w=1280&u_ah=734&u_aw=1280&u_cd=32&u_tz=-480&u_java=trueStatus: Locked to the Windows API!Path: c:\documents and settings\gabriel.your-4105e587b6\local settings\application data\microsoft\internet explorer\recovery\active\{acbb1422-68e3-11de-9544-001636313a06}.datStatus: Size mismatch (API: 15872, Raw: 17408)SSDT-------------------#: 025 Function Name: NtCloseStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be6b8#: 041 Function Name: NtCreateKeyStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be574#: 065 Function Name: NtDeleteValueKeyStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0bea52#: 068 Function Name: NtDuplicateObjectStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be14c#: 119 Function Name: NtOpenKeyStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be64e#: 122 Function Name: NtOpenProcessStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be08c#: 128 Function Name: NtOpenThreadStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be0f0#: 177 Function Name: NtQueryValueKeyStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be76e#: 204 Function Name: NtRestoreKeyStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be72e#: 247 Function Name: NtSetValueKeyStatus: Hooked by "C:\windows\System32\Drivers\aswSP.SYS" at address 0xed0be8ae#: 257 Function Name: NtTerminateProcessStatus: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xed1a0df0==EOF==HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:41:57 PM, on 7/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\Ati2evxx.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\windows\system32\Ati2evxx.exeC:\windows\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Lexmark 2400 Series\lxcrmon.exeC:\Program Files\Lexmark 2400 Series\ezprint.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Messenger\msmsgs.exeC:\windows\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\windows\system32\spoolsv.exeC:\windows\system32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exeC:\windows\system32\svchost.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXEC:\WINDOWS\system32\lxcrcoms.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO2 - BHO: VMware Class - {3113c6d7-d1bf-4096-94fe-5df265ac881d} - C:\windows\system32\gdi32lib.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /StartO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [AOLAspSunset2] C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\updates\aspapp\sunsetAsp2.exeO4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [pp] C:\windows\pp10.exeO4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy49.exeO4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected] - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exeO4 - HKUS\S-1-5-20\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe (User 'NETWORK SERVICE')O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Register Intellihance Pro 4.0.lnk = C:\Program Files\Extensis\Intellihance\Register Intellihance Pro 4.0.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195282767968O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cabO16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: ssqQgGwx - ssqQgGwx.dll (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe--End of file - 10817 bytes

RELEVANCY SCORE 200
Preferred Solution: HIJACKTHIS LOG AND ROOTREPEAL REPORT SCAN:

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: HIJACKTHIS LOG AND ROOTREPEAL REPORT SCAN:

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.NEXTPlease download GMER and unzip it to your Desktop. <<mirror>>Please rename the random filename or GMER into GAMERSOpen the renamed program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output resultsPost me these logs in your next reply.. Post each log in separate post..1. Malwarebytes'2. RSIT log.txt3. RSIT info.txt4. Attach GAMERS result..

Read other 17 answers
RELEVANCY SCORE 68

Hi, looking to know what i should or should not delete in this. Main problem i'm having is internet explorer doesnt load any pages but mozilla and all other internet works fine.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:37 AM, on 2/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\Razer\Mamba\RazerTray.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.ex... Read more

A:Hijackthis scan report

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 2 answers
RELEVANCY SCORE 67.2

hi,
im new and will need some help,
here's my log report
what should i do?
thanks for help
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Navnt\POPROXY.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\FxRedir.EXE
C:\Program Files\Navnt\Navapw32.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Documents and Settings\Stefaan\Application Data\DownloadPlus.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\Documents and Settings\Stefaan\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.scourweb.net/nph-search.cgi?partner=wesb1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Inter... Read more

A:[Solved] scan hijackthis log report

Read other 16 answers
RELEVANCY SCORE 67.2

hello everyone, i dont know much about this but i have been having trouble with windows live onecare, the firewall is off on both windows and onecare. when i try to turn on onecare firewall it says one care cant turn on your firewall at this time please try later, sometimes when i go to windows firewall it is greyed out and says at the top firewall is controlled by group policy. i am running vista home premium on this pc but i have the same problem on my XP laptop. both the machines are on my home network. this is the scan result. i would really love some help here.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:58:28, on 15/05/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\AASP\1.00.61\aaCenter.exeC:\Windows\System32\spool\drivers\x64\3\WrtMon.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\SysWOW64\CTHELPER.EXEC:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exeC:\Windows\System32\spool\drivers\x64\3\... Read more

A:Hijackthis scan report need help understanding it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 65.2

Hello there. I'm new here, but have been reading threads and advice all morning. I have the same problem many others seem to have right now -- with the "Your computer is infected" background, pop-ups galore, and fake antivirus software trying to install itself on my computer. I used fatdcuk's self help thread and ran a rootrepeal scan, and thought I found the CLB Driver, but when I select it to wipe, I get a RootRepeal error message "could not find driver on disk". I've pasted my report below. I hope someone can help me. Thank you!

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/04 11:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9DF6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B21000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7CFE000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Kerry\C... Read more

A:RootRepeal Report

In addition (and I don't know if this will help) the only infection that keeps popping up again and again when I run Avast is the following:

c:\svfp.exe\install.exe infected:win32:Neredr (Drp)

This seems to be the only thing that cannot be deleted or repaired when I run a virus scan

Read other 2 answers
RELEVANCY SCORE 63.2

Windows XP. Antivirus 2010 opens when I boot up (I run rkill to stop it).

Avast won't turn on, and none of my malware programs work.

Here is a rootrepeal report.
ROOTREPEAL ? AD, 2007-2009
==================================================
Scan Start Time: 2010/10/18 14:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2871000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DD6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF0175000 Size: 49152 File Visible: No Signed: -
Status: -

Name: vbma4ada.SYS
Image Path: C:\WINDOWS\System32\Drivers\vbma4ada.SYS
Address: 0x86282000 Size: 25344 File Visible: - Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf28b9cf0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers�... Read more

A:MBAM, HJT, SUPER AntiSpyware won't run (RootRepeal report)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 62

Under proccesses, rootrepeal found "Function Name: -NtConnectPort- Module: <Unknown> Hooked: -Yes-"Should I force delete this? or wipe it? or unhook it? If I need to upload a print screen, just say so and I'll try...Thanks.

A:RootRepeal Scan - What do I do?

Greetings Need HelpWith IS2010 and Welcome to the Forums,You provide very little usable data to make an informed decision, but to quickly answer your question, you should NOT force delete, wipe or unhook the unknown module. Not yet...not until we see more logs. Can you read through This sticky note and post back the requested logs?In the meantime, just to put your mind at ease for now, some security applications would have an "unknown" module. I know Avira is one of them and Unhooking THAT would not be good.

Read other 5 answers
RELEVANCY SCORE 62

I have been using my desjtop with windows xp without any problems for several years, but yesterday I was suddenly unable to open 2 of my programmes - AVG and my mobile internet, both displaying .exe application errors when I try to run them.

I would be very grateful if you could provide me with some help.

I followed some advice i found on this forum and 7 infections were found using Dr.web cureit.

Unfortunately I cant open the saved report on my desktop from Dr. Web. It appears I have a Microsoft XP Standard problem. It says I need to open the folder containing STD.MSI, whatever that means.

I then did a root repeal scan. The root repeal report is:

ROOTREPEAL ? AD, 2007-2009
==================================================
Scan Start Time: 2009/08/11 19:06
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2D74000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79D4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2739000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\HIBERFIL.SYS
Status: Loc... Read more

A:RootRepeal Scan

Hello,Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take ... Read more

Read other 6 answers
RELEVANCY SCORE 62

I can hardly type .... my space key barely functions.I-will-use-hyphens-for-spaces.I-am-not-sure-it-is-just-a-damaged-keyboard .....some-time-ago-I-noticed-that-fairly-often-what-I-had-typed-was-not-what-was-on-the-screen. Even completely new words (spelt-correctly) would appear.After-the-RootRepeal-scan, this-warning-appeared:'WARNING - the number of SSDT entries from the kernel and the number on-disc are different (297 and 284).'What-do-you-think? Thanks.-----ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/11/02 02:20Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:WINDOWSSystem32Driversdump_atapi.sysAddress: 0xAA750000 Size: 98304 File Visible: No Signed: -Status: -Name: dump_WMILIB.SYSImage Path: C:WINDOWSSystem32Driversdump_WMILIB.SYSAddress: 0xF8AEA000 Size: 8192 File Visible: No Signed: -Status: -Name: rootrepeal.sysImage Path: C:WINDOWSsystem32driversrootrepeal.sysAddress: 0xA9809000 Size: 49152 File Visible: No Signed: -Status: -SSDT-------------------#: 025 Function Name: NtCloseStatus: Hooked by "C:WINDOWSSystem32DRIVERSklif.sys" at address 0xaa833c00#: 041 Function Name: NtCreateKeyStatus: Hooked by "Lbd.sys" at address 0xf864287e#: 047 Function Name: NtCreateProcessStatus: Hooked by "C:WINDOWSSystem32DRIVERSklif.sys" at address 0xaa833930#: 048 Function Name:... Read more

A:Could someone look at my RootRepeal scan log?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 2 answers
RELEVANCY SCORE 60.4

Have a virus (i believe) that won't allow me to download anything from Micorsoft or anti-virus/malware programs. Followed steps 1-6 on hijackthis guide with no problems. When I so the scan for rootrepeal in step 7 my computer freezes.

A:RootRepeal Scan Freezes computer

For what it is worth, I am having the same problem.

I can create the HJT log, but RootRepeal freezes the computer. I don't want to post an incomplete log but I am not sure how to get past this problem.

Read other 1 answers
RELEVANCY SCORE 60.4

Running Windows XP Home SP3.

I left my laptop on overnight and in the morning I noticed the CPU was at 100%. Ran process explorer and saw msa.exe, b.exe running and msa.exe had run Adobe Reader or another Adobe program. I killed the processes and searched my hard drive for msa.exe and b.exe and deleted the files. Did a google search and deleted everything I could find of msa.exe, b.exe, Pop Rock, Nord Bull from registry and hard drive. Downloaded Avast to do a boot time scan.

I started the boot time scan but then had to go to the store and someone moved my laptop and unplugged it so it never finished. When I got home, I started Windows and nothing happened, just saw the wallpaper. Ran Process Explorer and saw that explorer.exe and all other application processes were not running. System processes were running. (I will try to include a screenshot that i just took.) I tried to start C:\WINDOWS\explorer.exe from File>Run... but i got the following error message:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Restarted to Safe Mode and did a system restore to earliest restore date (8 days ago). Restore failed but after computer rebooted, explorer.exe was running but msa.exe and b.exe were back. Deleted them again from hard drive and registry. Avast was not installed anymore so i reinstalled it and did a boot time scan but avast wouldn't open after the reboot. I received... Read more

A:Cannot start explorer.exe, dds.scr and Rootrepeal cannot scan

One thing to note, when you finally post in the HJT forum do not add additional post. It will only move you back in linePlease copy and paste the root Repeal log you ran and also run this logPlease download peek.bat and save it to your Desktop. Double-click on peek.bat to run it. A black Command Prompt window will appear indicating the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates in your next reply.If you encounter a problem downloading or getting peek.bat to run, go to > Run..., and in the open box, type: NotepadClick OK.Copy and paste everything in the code box below into the Untitled - [email protected] OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0Go to File > Save As, click the drop-down box to change the Save As Type to *All Files and save it as "peek.bat" on your desktop.Double-click peek.bat to run the script. A window will open and close quickly, this is normal.A file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.-- Vista users, users can refer to these instructions to Run a Batch File as an Administrator.

Read other 5 answers
RELEVANCY SCORE 59.2

Ok I give up... after 4 days of failed attempts at removing whatever infection I have, I must now turn to the experts.

I am running Windows XP Media Center Edition (SP3) on a Toshiba laptop, here is what I've done so far after following related topics on this website.

-I've ran Rootrepeal successfully in all areas BUT the file section (it scans for about a minute then disappears) in safe mode and normal.
-I can get MBAM to start by either renaming it or changing the permissions which get altered after every attempt to run, but unfortunately it too disappears after a 10 second attempts at scanning (in safe mode and normal).
-SAS attempts to scan and disappears (in safe mode and normal).
-DDS loads but gets hung up and does not output a log file (I've left it running for over an hour in safe mode and normal).
-HJT attempts to scan, then gives 2 errors, then disappears, though I am able to load the program by renaming it and changing permissions.

The trend seems to be the following: Not all, but several .exe spyware programs, unlocker.exe, iexplorer.exe, and a few others have run, then they stop working... the only way to open them again is to go to properties:security and ADD my normal permissions to the sole/existing EVERYBODY permission that is there.

(Following was done with a boot cd) I have scanned the file scecli.dll and nothing was found. Kaspersky found trojan.Win32 in sfcfiles.dll; the file is now removed. Spyware doctor found several registry entries contain... Read more

A:HJT, MBAM, Rootrepeal (file scan), DDS, SuperAS, all not working!

I do not mean to bump this topic but I think it was overlooked as many posts after August 23 have been answered already... Please, I really need help

(I apologize if this is not the case and I will continue to wait patiently; again, I did not mean to bump this, sorry for any inconvenience)

Read other 38 answers
RELEVANCY SCORE 56

I have had approximately 6-10 trojans on my computer and only recently have I been able to access the internet, open files, and run programs more effectively. I ran hijackthis and have attached the log(s). However, when I tried to run RootRepeal (twice) I got a blue screen with an error message saying that it was not safe for my computer to continue with the scan, and it restarted my computer. Any help would be appreciated!

A:Hijackthis Log File - no Rootrepeal Log

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

Read other 13 answers
RELEVANCY SCORE 55.6

Two separate emails with different passwords have been broken into, as well as two gaming accounts attached to them. I've run an AVG scan, malware bytes, windows defender is running and updated, and Sophos anti-virus. None of them found anything. Here are the logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:56:23, on 2009-09-15Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Gigabyte\EasySaver\ESSVR.EXEC:\Program Files\Sophos\AutoUpdate\ALsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Razer\Diamondback 3G\razerhid.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Windows Live\Messenger ... Read more

A:Hijackthis log + rootrepeal log: Help diagnose my problem

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 6 answers
RELEVANCY SCORE 55.6

My browser is not working properly, malwarebytes, spybot s&d, hijackthis, root repeal also don't work.

I tried to run MWAM, and after starting the scan for a few seconds, the open program dissapeared, and when trying to run it again, and "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access this item."

Reinstalling and renaming the program still resulted in the same problem.

A:Malwarebytes, HijackThis, RootRepeal don't work

Try one of these two and see if you have any luckPlease download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.---------------------------If you cannot get DDS to work, please try this instead.Please download runscanner.zip and save to your desktop.Create a new folder on your hard drive called Runscanner (C:\Runscanner) and extract (unzip) the file there.
(click here if you're not sure how to do this.)Double-click Runscanner.exe to launch.Select Beginner mode and click Ok.Select Do a full s... Read more

Read other 3 answers
RELEVANCY SCORE 55.6

in response to. - http://www.bleepingcomputer.com/forums/ind...p;#entry1406296"My browser is not working properly, malwarebytes, spybot s&d, hijackthis, root repeal also don't work. I tried to run MWAM, and after starting the scan for a few seconds, the open program dissapeared, and when trying to run it again, and "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access this item."Reinstalling and renaming the program still resulted in the same problem."garmanma was working with me on this. sorry for not attaching dds logs. here they are. hope it helps.

A:Malwarebytes, HijackThis, RootRepeal don't work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 50 answers
RELEVANCY SCORE 55.6

I hope this is enough info from RootRepeal Log to help me. THANKING the BC TEAM in advance When I first tried to get to "BleepingComputer.com" via my ThinkPad, I received a FireFox message Network Connection Interrupted. I was only able to use the zip folder at RootRepeal, but as soon as I tried running in Normal Mode the hidden files scan, my laptop screen started freezing, so I quickly disconnected from the Internet and rebooted into Safe Mode without network. Here is my best copy n paste log (this is from my flashstick). Of note RP wouldn't run Hidden files scan.Still unable to run HJT - it will not openJust saw ElsieO25 reply and instructions to post links from previous thread http://www.bleepingcomputer.com/forums/t/253149/malware-has-taken-over-my-xp-pro-help/http://www.bleepingcomputer.com/forums/topic249117-15.htmlThanksP.S. I'm apologizing for posting a partial log in a reply to my posting in "I am Infected?" I was so nervous and rushing.*sending this info from a dying Dell Desktop via AOL-dialup- so sorry for any delayed response

A:RootRepeal Log, PC Can't Run HiJackThis/MBAM.exe - I've Max++ infection

Please download the Win32kDiag.exe tool from the following location and save it to your desktop:http://download.bleepingcomputer.com/rootr.../Win32kDiag.exeOnce downloaded, double-click on the program and let it finish. When it states Finished! Press any key to exit..., you can press any key on your keyboard to close the program. On your desktop should now be a file called Win32kDiag.txt.Double-click on this file and post the contents as a reply to this topic. Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.

Read other 76 answers
RELEVANCY SCORE 55.6

Incident Status Location

Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp.cab[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar ... Read more

A:Active Scan Report + DSS Report

hi EddyMeuh

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================


Download this file to your desktop.- Here

IMPORTANT - You must place combofix on your desktop!!

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=================

Please Run a scan with HiJackThis and save the log

=================

In your next post, please include fresh logs from: ComboFix.txt
HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Read other 19 answers
RELEVANCY SCORE 50.4

Hi i'm new to computers can someone please tell me what these scan results mean

Thank you

A:Scan report Help

Welcome to PCHF
Can you tell us what program you used to make this report? Also are you having any issues with your computer?

Read other 5 answers
RELEVANCY SCORE 50.4

hi
here is my HDD scan report, and I want to ask is it repairable or not?

A:HDD scan report

Check out spinrite, not only can it repair drives but it can condition a drive as well... a proven performer for over 20 years!

Read other 7 answers
RELEVANCY SCORE 50

I did a scan 3 days ago with pctools and was told there was a virus trojan Backdoor.Retro64 but I had to pay to remove it.

I came across HijackThis tonight and have followed instructions.

This is my logfile:-

Logfile of HijackThis v1.99.1
Scan saved at 21:28:33, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTa... Read more

A:Did scan before and was told virus backdoor.retro64 on pc. This is Hijackthis scan.

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

Read other 1 answers
RELEVANCY SCORE 50

Incident Status Location

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick... Read more

A:My Online Scan Report

Hi tomavfcno1 and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do not run option #2 unless instructed to!!

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open... Read more

Read other 13 answers
RELEVANCY SCORE 50

well... my problem started before a restore and HDD format(but format erases... yea i know...) before the crash it seemed in working order, till it crashed. after MUCH time trying to restore my files and system, i got fed up and just formatted my hard drive and re-installed windows xp. The massive 65-70GB chunk of "locked" information(presumably my backup i couldnt restore???) was gone but the directory it was under <C:\Documents and Settings\Owner\> is still there, only directly in C:\ labeled <My Backup -- 09-01-30 0235PM> it only contains the single root path leading into Owner\ which cannot be opened, deleted, altered in any way. obviously, it didn't get wiped from the formatting. Now occasionally on startup or after reboot only a few startup programs load and when i go to My Computer it has to "search/locate" just about every folder i click on and basic system operation is really slow, even seems like it freezes every now and again(but hasn't) i usually let it work itself out before just shutting my comp off cold. Takes a while sometimes but usually "catches up" with whatever it was doing, enough for me to shutdown from start menu or task manager. Then again, on occasion, it starts fine and runs good except for constant CPU usage and the computer seems to run abnormally hard(loud). I'm no professional computer tech but to the best of my knowledge and understanding this is whats going on. I've run Numerous anti virus, malware, s... Read more

A:DDS Scan Detail/Report

Hello and welcome to TSF.

If you still need help, please post a fresh DDS.txt as it has been a while since you posted.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 50

Here are things my computer does:

The "paste" function does not work.

Many things I try to open on my computer (whether they are programs that came with the computer, downloads, windows live, magicjack...) do not open and this message pops up: "This application failed to start because it's side-by-side configuration is incorrect. Please see the application log for more details."

Some friends recommended using malwarebytes to scan the computer... i was able to download it, but when I tried to run it, the above message came up.

A friend recommended downloading the Microsoft Visual C +++ 2008 Redistributable from their website, which I was able to do... but that was all. It didn't change any of my problems.

I am attaching the results... I HOPE someone knows what to do!!

THANKS

A:I have the report from my Combofix scan... Can someone help me?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 50

After updating MalwareBytes Database, I did a quick scan today. It identified one malicious item as follows.

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> No action taken.

Of course I ignored it but why is an iTunes Registry entry being identified as a malicious item? I have been using my iTunes for ever but MalwareBytes had never identified this entry as malicious earlier.

Could someone please give me an answer.

A:MalwareByte Scan Report

IFEO's, which is what this is, aren't always bad. In fact what triggered this is fairly commonplace in both good and bad apps.

In this particular case if itunes is working properly I wouldn't be too worried about it.

Read other 5 answers
RELEVANCY SCORE 50

i have the following error, c\:windows\system32
msiefr40.dll- i ran the highjack scan and here is my report:

can anyone help me please?

thanks,
sherri
 

A:highjack scan report

Read other 8 answers
RELEVANCY SCORE 50

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:11:11, on 20/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\hpq\... Read more

A:Hijack This Scan Report pls

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------StartupLite sounds like the one for you.Please download StartupLite. to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.See how you go with that.

Read other 20 answers
RELEVANCY SCORE 50

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:45 PM 8/4/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\rainbowgirlwp.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
[464] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning.
C:\Program Files\filesubmit\rainbowgirlwp.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Brenda\Cookies\[email protected][2].txt ... Read more

A:report from ewido scan

Hi and welcome

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

Read other 2 answers
RELEVANCY SCORE 50

I can not acsess adobe.com's web site. I have tried to go through I.E. and netscape. Can you tell me what would be going on with this computer that would prevent me from this. Ive checked the security on this computer. Thanks
Here is the results to my scan.
Logfile of HijackThis v1.97.2
Scan saved at 10:53:16 AM, on 10/08/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TPPALDR.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\SMARTDRAW PHOTO\SDPHOTOBAR.EXE
C:\PROGRAM FILES\KONTIKI\BIN\KONTIKI.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\EBAYTBAR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WM... Read more

A:Check my scan report, please

Read other 8 answers
RELEVANCY SCORE 50

I have scan results from GRM & COMBOFIX, thanks

A:GRM & COMBO FIX scan log report

On start up, I get message[ chrome://searchshield/content/overlay.js:234] also [js:90] & message says [do you want to continue running script? yes or no]anyone know what that means? and how to fix it? , Logs are attached. thanks

Read other 3 answers
RELEVANCY SCORE 49.2

I followed the procedure recommended by noadhfear to get rid of Smitfraud. It seemed to have worked for the most part, but a couple of days before I did it, I started having trouble with Internet Explorer, so I was not able to run the ActiveScan.
When I run IE, it will work for a very short while and then just stop and all of the IE windows are gone and a message comes up saying something like "An error has occured and an error log will be generated" - although I can't find the error log.

I have included the report from HJT and from Ewido. Please check over these and let me know what needs to be removed and if there is any sign of why IE is not running properly.

Thanks.
Astro99

Logfile of HijackThis v1.99.1
Scan saved at 11:21:05 PM, on 8/24/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\A... Read more

A:Help with HJT Log and Scan report after removing Smitfraud

Read other 7 answers
RELEVANCY SCORE 49.2

Incident Status LocationAdware:adware/swimsuitnetwork Not disinfected c:\windows\system32\MYDLL.dllSpyware:spyware/cws.olehelp Not disinfected Windows RegistryMy Comp is running Good but What Should i nead to do now?

A:Panda Active Scan Report

MYDLL.dll is related to Spyware.ActualNames and often includes other malware files which ActiveScan may not have found. If you click on the Removal Tab in the Symantec link there are instructions for removing/unregistering the .dll.What OS (Win XP/2000, etc) are you using? What is your primary anti-virus and when was the last time you ran a scan? Have you performed any anti-spyware scans other than ActiveScan? If not, start here:If your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".Print out the Ewido Install and Scan Instructions. Download and scan with Ad-Aware SE Personal 1.06. Setup & Configure as shown here.Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.[DO NOT choose the option to install TeaTimer]Note: If you encounter any error messages while downloading the updates, manually download them from here.

Read other 6 answers
RELEVANCY SCORE 49.2

Hey there, I am a member of the World of Warcraft community and fell for a post on their forums claiming to be a picture of in game action, but it was at world0fwarcraft.com - the "O" in 'of' is a zero, and many people labeled it as a keylogger. I got a windows message at the top that a download had been stopped to assure my security, the information bar below the address bar. I've only run Spybot other than Hijack This, and I didn't pick up anything (Spybot is up to date).I guess I'm paranoid that I still might have something, but heres a list of processes and my Hijack this scan:Process PID CPU Description Company Name
System Idle Process 0 100.00
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 268 Windows NT Session Manager Microsoft Corporation
csrss.exe 316 Client Server Runtime Process Microsoft Corporation
winlogon.exe 492 Windows NT Logon Application Microsoft Corporation
services.exe 540 Services and Controller app Microsoft Corporation
svchost.exe 740 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 1784 WMI Microsoft Corporation
unsecapp.exe 900 WMI Microsoft Corporation
svchost.exe 812 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 3576 Windows Security Center Notification App Microsoft Corporation
svchost.exe 904 Generic Host Process for ... Read more

A:Possible Keylogger (full Scan Report)

Arthas Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks

Read other 1 answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations
The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.
I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.
The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet configuration settings... Read more

Read other answers
RELEVANCY SCORE 49.2

I scanned my computer with Adwcleaner in safe mode because adwcleaner wouldn't run otherwise, and the report is below. Neither Malwarebytes Pro or Hitman Pro finds anything, and after Adwcleaner says it has put the objects in quarantine and reboots the computer, the objects are back when I do another adwcleaner scan. What do I have?

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\1v5ybk8r.default-1410832319735\prefs.js ]
[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\6xb7mt61.default\prefs.js ]
[ File : C:\Users\monsterzillaBAM\AppData\Roaming\Mozilla\Firefox\Profiles\hjeups96.default\prefs.js ]

Line Found : user_pref("[email protected]", true);

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\allan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\monsterzillaBAM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Thanks in advance!

A:Firefox infected, scan report says:

Could just be tracking cookies. Do a cleaning of history in browser ( cache) ? How is Firefox and Chrome working, any pop ups or redirecting to other websites ?
Seems like the folders were web browsing history is put and browser settings.
Try resetting firefox too.

Use Windows malicious Removal tool, at run, MRT.exe

Read other 4 answers
RELEVANCY SCORE 49.2

Good morning,

I had my hijack log analysed and was asked totake certain actions which i did. Because the computer was in safemode when the scan was performed I had to save the report file with the results. I saved it to DEsktop then, because I was in another user's account I then transferred it to a floppy.

Now that I ahve tried to post to the hijack log I cannot get the report in readable format. By this I mean I went through "File" on my browser and opened the report - it came up with a number of small squares and letters (the usual jargon when a file is opened in the wrong application).

What do i have to do to post it into my hijack log thread to ensure that you guys could lookat it since i am not seing anything here that allows opening of files.

Thanks

Tempest

Read other answers
RELEVANCY SCORE 49.2

Howdy,

I just ran a Kaslersky online scan .When the scan was completed I got a window that tells me it picked up a few thing.

I did not see a tab to click to view the items. I clicked on the help tab. It said that after the scan I would be able to view what these items are. Is does not mention where to click to view.
I have a screen shot if that would be helpful.
Dennis

A:How To View Kaspersky Scan Report

hi again dennis
does it have a save log button?
if it does that should pull it up(i think don't usually use kapersky)
hope that helps
mz30

Read other 14 answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations

The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.

I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.

The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet config... Read more

Read other answers
RELEVANCY SCORE 49.2

I did a virus scan using Avira Antivir. There were no viruses on the computer bit it said there were 53 warnings which are as follows:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\Application Data\Microsoft\Windows Defender\FileTracker\{EF947A62-7966-422B-88F2-591853D7BF54}
[WARNING] The file could n... Read more

A:Solved: Warnings in scan report

Read other 9 answers
RELEVANCY SCORE 48.8

I've been infected with spysheriff as well. here are my HJT and Ewido scan logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:32 AM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 -... Read more

A:Hijack This Log, Ewido Scan Report, need to rid spysheriff

Read other 7 answers
RELEVANCY SCORE 48.8

ACTIVESCAN REPORT PLEASE SOMEONE I NEED SOME HELP

Incident Status Location

Adware:Adware/Lop Not disinfected c:\docume~1\owner\applic~1\mfcdmo~1\bendclock.exe
Adware:Adware/PurityScan Not disinfected c:\progra~1\asembl~1\javaw.exe
Adware:Adware/Lop Not disinfected C:\DOCUME~1\Owner\APPLIC~1\CORNBI~1\oncebalm.exe
Adware:Adware/Lop Not disinfected c:\docume~1\owner\applic~1\mfcdmo~1\bendcl~1.exe
Virus:Trj/Downloader.DFM Disinfected Operating system
Adware:adware/mediatickets Not disinfected C:\WINDOWS\system32\oins.exe
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rk.bin
Adware:adware/oemji Not disinfected C:\Documents and Settings\Owner\Application Data\defaultgood.wl
Adware:adware/gator Not disinfected c:\windows\GatorPdpSetup.log
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_38.exe
Spyware:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet
Adware:adware/instafinder Not disinfected c:\program files\INSTAFINK
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Spyware:spyware/rxtoolbar Not disinfected c:\program files\RXToolBar
Adware:adware/lop Not disinfected C:\Documents and Settings\Owner\Favorites\ Internet
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Owner... Read more

A:Solved: Scan Report.. its from a friend of mine plz at least help her lol

Read other 16 answers
RELEVANCY SCORE 48.8

Hello everyone,
I'm using a Toshiba Satellite laptop that I purchased in December 2010 and I received a few messages today telling me that "Windows detected a hard disk problem" and advising me to backup everything and contact the manufacturer. The HDD is a Toshiba MK5065GSXN. I'm using Windows 7 64bit. I performed a disk scan and am hoping that someone can help me interpret the results (the steps I followed were taken from this thread: http://www.sevenforums.com/crashes-d...k-warning.html).

Thank you very much for any help or advice you can give!

Checking file system on C: The type of the file system is NTFS. Volume label is TI105927W0F. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 228096 file records processed. File verification completed. 3044 large file records processed. 0 bad file records processed. 0 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 298156 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 228096 file SDs/SIDs processed. Cleaning up 189 unused index entries from index $SII of file 0x9. Cleaning up 189 unused index entries from index $SDH of file 0x9. Cleaning up 189 unused security descriptors. Security descriptor verification completed. 35031 data files processed. CHKDSK is verifying Usn Journal... 3644... Read more

A:HDD failure on its way? disk scan report inside

Checkdisk cleaned up the file system that had some entries that pointed nowhere, but did not find any bad sectors on the drive. That is good news.

The next thing to try is a HDD diagnostic program that can be booted from a CD or USB stick so it can run outside of the OS. Toshiba does not offer one but most folks use the Hitachi Drive Fitness Test instead.
https://www1.hgst.com/hdd/support/download.htm

(Note: Toshiba HDDs are usually manufactured by Fujitsu. Fujitsu does have a diagnostic but it only boots from floppy disk - the last time I checked)

Read other 2 answers
RELEVANCY SCORE 48.8

I ran an EWIDO scan with two ‘infected’ items found. There seems to be a ? as to whether or not these are a true problem. Therefore, I ask your advice as to what to do. I can not remove them with EWIDO, since I am using a lapsed trial version. The info from the “report” follows:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:54:49 AM, 11/10/2005
+ Report-Checksum: 5CD01CE8

+ Scan result:

C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Ignored
C:\System Volume Information\_restore{8A76E78A-6A78-49A6-A7E2-9B95E126EFAD}\RP384\A0059194.exe -> Heuristic.Win32.AVKiller : Ignored
::Report End

Thanks, {redoak}
p.s. Note the 'word' "AVKiller" at the end of each entry. Significance?
 

A:Solved: EWIDO scan report - problems?

Read other 7 answers
RELEVANCY SCORE 48.8

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:17:08 PM 9/9/2006

+ Scan result:

C:\WINDOWS\system32\vtutrop.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Cleaned with backup (quarantined).
[1988] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[284] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[596] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[620] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[776] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
[836] C:\WINDOWS\system32\ntswrl32.dll -> Backdoor.Cakl.a : Error during cleaning.
C:\WINDOWS\system32\ldapi32.exe -> Backdoor.Dosia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntcvx32.dll -> Backdoor.Dosia : Cleaned with backup (quarantined).
[2060] C:\WINDOWS\system32\ntcvx32.dll -> Backdoor.Dosia : Error during cleaning.
[2292] C:\WINDOWS\system32\ntcvx32.dll -> Backdoor.Dosia : Error during cleaning.
C:\Documents and Settings\Danilo Ambrosio\Local... Read more

A:Ewido Anti-spyware - Scan Report

Hello pnoiboi03_ and welcome to BleepingComputer. My name is Charles and I will be helping you to clean your computer today. Click here to download HJTSetup.exeSave HJTsetup.exe to your desktop. Double click on the HJTsetup.exe icon on your desktop, and follow the installation guide to install HijackThis.Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required. Post back with the log it creates.Thanks,CharlesEDIT: I see you are already being helped by somebody. Please do [b]not[/b[ start new topics, as we get confused and do not realise that somone is already helping you.

Read other 1 answers
RELEVANCY SCORE 48.8

i attempted logging into a game account of mine and got the message that my login info was incorrect. (i log into this account daily and am 100% on my login info). i saw an announcement from the game company on the login screen warning people not to use the same password on webistes and to run virus checks and such because there have been keyloggers stealing guild wars accounts for money recently. my question is not how to get the account back, but how to get rid of these things and MAKE SURE THEY DON'T COME BACK. thanks a lot - peace everyonea-squared Free - Version 4.5Last update: 12/23/2009 9:20:07 PMScan settings:Scan type: Deep ScanObjects: Memory, Traces, Cookies, C:\Scan archives: OnHeuristics: OffADS Scan: OnScan start: 12/27/2009 4:01:45 PM[3816] C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE detected: Riskware.AdWare.Mywebsearch!IKC:\Program Files (x86)\MyWebSearch\bar\2.bin\mwsoestb.dll detected: Adware.Win32.MyWebSearch!A2c:\program files (x86)\funwebproducts detected: Trace.Directory.FunWebProducts!A2c:\program files (x86)\funwebproducts\screensaver detected: Trace.Directory.MyWebSearch Toolbar!A2c:\program files (x86)\funwebproducts\screensaver\images detected: Trace.Directory.MyWebSearch Toolbar!A2c:\program files (x86)\mywebsearch\bar detected: Trace.Directory.MyWebSearch Toolbar!A2c:\program files... Read more

A:help: analyze a scan report (identify keyloggers)

Let's get another opinion.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at th... Read more

Read other 5 answers
RELEVANCY SCORE 48.8

Hello!

I have been running regular virus scans and everything has shown to be clean, but things seemed a bit slow so I ran a Kaspersky online scan and got this report. Maybe it is something simple but I have never encountered this before:

KASPERSKY ONLINE SCANNER REPORT
Sunday, April 22, 2007 3:41:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/04/2007
Kaspersky Anti-Virus database records: 282984
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 107859
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 00:53:06

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local... Read more

A:Solved: Suspicious online scan report

Read other 16 answers