Over 1 million tech questions and answers.

Solved: Scan Report.. its from a friend of mine plz at least help her lol

Q: Solved: Scan Report.. its from a friend of mine plz at least help her lol

ACTIVESCAN REPORT PLEASE SOMEONE I NEED SOME HELP

Incident Status Location

Adware:Adware/Lop Not disinfected c:\docume~1\owner\applic~1\mfcdmo~1\bendclock.exe
Adware:Adware/PurityScan Not disinfected c:\progra~1\asembl~1\javaw.exe
Adware:Adware/Lop Not disinfected C:\DOCUME~1\Owner\APPLIC~1\CORNBI~1\oncebalm.exe
Adware:Adware/Lop Not disinfected c:\docume~1\owner\applic~1\mfcdmo~1\bendcl~1.exe
Virus:Trj/Downloader.DFM Disinfected Operating system
Adware:adware/mediatickets Not disinfected C:\WINDOWS\system32\oins.exe
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rk.bin
Adware:adware/oemji Not disinfected C:\Documents and Settings\Owner\Application Data\defaultgood.wl
Adware:adware/gator Not disinfected c:\windows\GatorPdpSetup.log
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_38.exe
Spyware:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/altnet Not disinfected c:\program files\Altnet
Adware:adware/instafinder Not disinfected c:\program files\INSTAFINK
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Spyware:spyware/rxtoolbar Not disinfected c:\program files\RXToolBar
Adware:adware/lop Not disinfected C:\Documents and Settings\Owner\Favorites\ Internet
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Owner\Application Data\Registry Cleaner
Adware:adware/navhelper Not disinfected Windows Registry
Adware:adware/purityscan Not disinfected Windows Registry
Adware:adware/cws.aboutblank Not disinfected Windows Registry
Adware:adware/looksmart Not disinfected Windows Registry
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\body1encante\Closesixth.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\body1encante\free heart.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\body1encante\MpegMath.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\body1encante\Winfree.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\corn bind soft\oncebalm.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\2 idle media.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\bendclock.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\czaykrqd.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\Kind Frag Platform Drive.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\nbzuqboz.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\nqzwmhnm.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\ulqtpiel.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Application Data\mfcd move\zlufzqdl.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.qksrv.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\tai8d4p0.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
Spyware:Cookie/Golden Palace Online Casino Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Owner\Desktop\My Videos\Kazaa\TopSearch.dll
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe
Potentially unwanted tool:Application/Altnet Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\asmfiles.cab
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\bis2F9C.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\bis4622.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\c3f51758.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt

RELEVANCY SCORE 200
Preferred Solution: Solved: Scan Report.. its from a friend of mine plz at least help her lol

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Solved: Scan Report.. its from a friend of mine plz at least help her lol

Read other 16 answers
RELEVANCY SCORE 75.6

I've gone through this and I'm stumped.
It keeps coming back and I've no idea how.

I've managed to get them to clear off most of it but the damage is done; they are severely restricted (task manager [gave them a reg file from [1] to double click each time; that works], my computer, my documents, etc is gone).


Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:00, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: QXK Olive - {0E349C07-A53A-44A9-AA... Read more

A:[SOLVED] For a friend of mine.

Marking thread solved - he was able to use Malwarebytes to remove it.

Read other 2 answers
RELEVANCY SCORE 75.6

I have her on AIM with me so I'm doing this long distance. I'm going to try and get her in here myself as soon as I can so that she can take over her own thread. In the meantime, can you give me some help to help her, please.

She has already run AdAware and Spybot. And her husband did an online virus scan but he has already left for work, she doesn't know what he found. Liz

Logfile of HijackThis v1.98.0
Scan saved at 4:57:41 PM, on 7/28/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\ATICWD32.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\TVTMD.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALAR... Read more

A:[Solved] This is for a friend of mine

Read other 16 answers
RELEVANCY SCORE 66

She keeps getting pop ups non stop and getting multiple errors when using internet explorer. I told her to try and get a HJT log see what can be done. Here is her log:

Logfile of HijackThis v1.99.1
Scan saved at 6:08:11 PM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\bnJ0bw\command.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\Program Files\Phoenix Technologies\cME\Guard\Guard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\outlook\outlook.exe
C:\windows\mousepad13.exe
C:\WINDOWS\ms04762985484.exe
C:\WINDOWS\nopphzmA.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\COMMON~1\uriz\urizm.exe
C:\Program Files\Netwo... Read more

A:Log for a friend of mine

Welcome to TSF

Please download Attribunes Look2Me-Destroyer.exe to your desktop. Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX

Please reboot the computer.

Download and run - bfu.zip
Checkmark the following boxes:Use settings specified in script for the above option
Show log after script ends

Click the Web button located on the top right corner
Copy/Paste this url into the address bar of the Download script window:http://metallica.geekstogo.com/alcanshorty.bfu
Execute the s... Read more

Read other 1 answers
RELEVANCY SCORE 66

Here's a HJT log from a friend of mine who's having a lot of spy/malware issues that she can't seem to get rid of. She uses Netscape, but her son also uses the computer and he uses IE.

Nasty things have names like StartPage-DU.dll, Adware-SearchAid, and VX2.
Hang-ups and error messages concerning TaskBar not closing, etc.

Logfile of HijackThis v1.99.0
Scan saved at 8:16:51 PM, on 3/24/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ANVSHELL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\CRBP.EXE
C:\WINDOWS\JAVALO32.EXE
C:\WINDOWS\JAVALO32.EXE
C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\I... Read more

A:Help a friend of mine out...

Please make sure that Word Wrap is disabled in notepad next time. The formatting it created makes it difficult for us to analyze it.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Go to Start->Settings->Control Panel and double-click on the System icon. On the Performance tab click File System. Click the Troubleshooting tab, and then check Disable System Restore. Click OK. Click Yes when you are prompted to rest... Read more

Read other 1 answers
RELEVANCY SCORE 64.4

Okay my sister is having some major issues with her comp so I am trying to relay whatever she gives to me onto you in hopes you may be able to help her out.computer system properties
microsoft windows xp
professional
version 2002
computer
Intel(R)
pentium(R) 4 CPU 2.80GHz
2.81 GHz
1.00GB of RAM

when she starts her comp up it has like this ms dos thing that goes off fast but it says C/windows/system32/chcfg.exe.
When she logs off it has a error popping up that says mediaacck.exe failed to start and thats all she can get of it before it closes.

It keeps changing her homepage and has serious issues with yahoo and everything to do with yahoo.She says that the dll files keep coming up as missing or no longer valid and she has been unable in all her attempts to find her windows folder. So I am asking you what is your opinion. Is there any hope for it, is it some kind of virus that will need to be reformatted or could it be adware problem that she can get rid of. She said something about aurora I am unaware of what that is so I am hoping someone out there can give me an idea of what to do next. I had her copy what was in her HKEY_LOCAL_MACHINE\SOFTWARE folder to see if that might help with this situation. she came up with the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Acudata
HKEY_LOCAL_MACHINE\SOFTWARE\Adobe
HKEY_LOCAL_MACHINE\SOFTWARE\Ahead
HKEY_LOCAL_MACHINE\SOFTWARE\ALWIL Software
HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\AT... Read more

A:computer issues of a friend of mine

Please click on greyknights link below and follow the steps. Post a hjt log under hjt log help forum here.

Read other 1 answers
RELEVANCY SCORE 64.4

does anyone have a cure? I can already see a dialer and some other things, but what is the best way to clean it up?

thanks.

this is the hijack logfile
Logfile of HijackThis v1.98.1
Scan saved at 13:43:22, on 3-8-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
c:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:... Read more

A:friend of mine has problems...startuppage changes etc.

Read other 8 answers
RELEVANCY SCORE 64.4

Friend of mine recently got a computer that he intended to put Windows 7 on, the OS originally on it was DOS: OS. He went into the BIOS, and tried changing the boot priority to the CD:ROM, which for him appears to be UEFI.

When set to this, he gets this: "EFI DVD/CDROM <HL-DT-ST DVDRAM GUA0N> has been blocked by the current security policy".

Help?

For reference:

A:Help for a friend of mine with installing Windows 7

It says that the BIOS is set to Legacy instead of EFI, with Legacy media meant to be booted first. So the device to be set first to boot is the DVD-RAM shown under Legacy.

But this is not necessary because you should be able to boot the disk using the one-time BIOS Boot Menu key shown on first screen. Choose the Legacy DVD drive and not the EFI one.

If you'd prefer to install to UEFI BIOS then change the top two settings to UEFI mode and UEFI First, then boot the UEFI DVD.

Either way you will need to delete all partitions during the booted install using the Drive Options shown in Steps 7/8 of Clean Install Windows 7

Read other 1 answers
RELEVANCY SCORE 64.4

I have used my friend's wireless internet from my laptop before when I go to her house, but I have always disconnected and connected to MY internet when I get home.
I've done this with tons of people before. I have never had any type of issue with it.
But now, some of my friend's bookmarks randomly started showing up in MY bookmarks, even though I know she's never added them to my computer before. Also, her google history shows up in my google history.
I checked my connection, and it says I'm connected to my wireless router. It's freaking me out that this is happened, how do I fix it?

Read other answers
RELEVANCY SCORE 63.6

Like whenever she searches something it'll redirect to somewhere else. I've done an analysis on her hijackthis log and found nothing that helps... Also got her to do a vundo scan, nothing.

Apparently its happening to all search engines and it redirects her to some other random search engine. She can click the links on there and it'll take her to the real site. Happening in all browsers (ie7, firefox, opera).

Is there any simple answer to how to fix this? >.>

A:A Friend Of Mine Has Her Google Search Hijacked.

Check the Addons for anything suspicious. Use the two programs below and let us know the results.Install Super Antispyware free. Run it in safe mode. Allow it to quarantine whatever it finds. http://www.superantispyware.com/Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.http://www.bitdefender.com/scan8/ie.html

Read other 6 answers
RELEVANCY SCORE 63.6

She says the website claims that "files are not registered or missing from the computer." and when she tries to register them it just gives her an error. Using the updater just gives her an unknown error. I hope this is something to work on, any additional info I'll try and provide.
 

A:Friend of mine having issues with windows update.

not on vista at mo so directions may be bit off, go to control panel windows updates, updates, there is option to see what you have had, whats pending , whats failed, have look in there, if have failed updates check your comp is synced to internet time ( double click clock interent sync) then look to see if any failed updated can be installed one at a time

https://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsvista.mspx

lower part of link " see history"
 

Read other 1 answers
RELEVANCY SCORE 63.2

I have a linksys WMP110 running on a gigabyte M55SLIS4 motherboard every time i try to connect to a wireless connection with the card the OS reboots, But i took the card and installed it on my friend mother running the same release of windows 7 and it worked completely fine no reboot not at all and he ran it for more than a week

So can some help me out here probably tell me what they need to see why it reboots

A:Linksys WMP110 work on my friend computer but not mine

Update the chipset drivers for your motherboard and then install the latest wireless adapter driver too.

I see you have OCZ ram. Set the correct timings and Vdimm in the motherboard bios manually. Their website has this info for your RAM.

Read other 2 answers
RELEVANCY SCORE 59.6

hi,
im new and will need some help,
here's my log report
what should i do?
thanks for help
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Navnt\POPROXY.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\FxRedir.EXE
C:\Program Files\Navnt\Navapw32.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Documents and Settings\Stefaan\Application Data\DownloadPlus.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\Documents and Settings\Stefaan\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.scourweb.net/nph-search.cgi?partner=wesb1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Inter... Read more

A:[Solved] scan hijackthis log report

Read other 16 answers
RELEVANCY SCORE 59.6

I did a virus scan using Avira Antivir. There were no viruses on the computer bit it said there were 53 warnings which are as follows:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\Application Data\Microsoft\Windows Defender\FileTracker\{EF947A62-7966-422B-88F2-591853D7BF54}
[WARNING] The file could n... Read more

A:Solved: Warnings in scan report

Read other 9 answers
RELEVANCY SCORE 58.8

Hello!

I have been running regular virus scans and everything has shown to be clean, but things seemed a bit slow so I ran a Kaspersky online scan and got this report. Maybe it is something simple but I have never encountered this before:

KASPERSKY ONLINE SCANNER REPORT
Sunday, April 22, 2007 3:41:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/04/2007
Kaspersky Anti-Virus database records: 282984
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 107859
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 00:53:06

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local... Read more

A:Solved: Suspicious online scan report

Read other 16 answers
RELEVANCY SCORE 58.8

I ran an EWIDO scan with two ‘infected’ items found. There seems to be a ? as to whether or not these are a true problem. Therefore, I ask your advice as to what to do. I can not remove them with EWIDO, since I am using a lapsed trial version. The info from the “report” follows:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:54:49 AM, 11/10/2005
+ Report-Checksum: 5CD01CE8

+ Scan result:

C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Ignored
C:\System Volume Information\_restore{8A76E78A-6A78-49A6-A7E2-9B95E126EFAD}\RP384\A0059194.exe -> Heuristic.Win32.AVKiller : Ignored
::Report End

Thanks, {redoak}
p.s. Note the 'word' "AVKiller" at the end of each entry. Significance?
 

A:Solved: EWIDO scan report - problems?

Read other 7 answers
RELEVANCY SCORE 58.8

A friend of mine recently purchased a Dell Inspirion 537S. I personally set it up and installed all the additional software, and everything on it was running just dandy. However, a couple days after I set the system up, his Internet started acting screwy. He can only access a very small handful of websites (Google.com, PhiladelphiaEagles.com, state.nj.us, Marvel.com). But about 95% of other websites simply wont load including major sites like CNN.com, Microsoft.com, Dell.com and Firefox.

I get no error messages. The page keeps trying to load, and you can see the little IE icon doing it's thing, but the page just stays white. It's not an ISP issue. 3 Comcast technicians have looked into it and left scratching their heads. I've tried 2 different laptops, and both can access the internet using the wireless router just fine.

I've disabled the Windows Firewall and the Mcafee Firewall that came with the machine. I've set the IE security settings to the lowest possible settings, I've even used Dell's System Restore to bring the system back to it's factory settings (it formats the partition and everything). Still, the internet is a no go.

To add to the mystery, if I ping a site like www.disney.com I get a response, but the site wont load. I've tried everything short of installing a new browser (a last resort which I don't think will really work).

I spent 70 dollars talking to Dell tech support, which at best is completely oblivious. I spent an hour waiting for the guy to flip thr... Read more

A:Internet Explorer 8 Only Loads a Handful of WebsitesA friend of mine recently purchased a Dell Inspirion 537S. I personally set...

I am no expert but the only thing that springs to mind is the host file.Programmes like H.P.Hosts can block bad websites.If you can connect to a few websites could it be you have a corrupt host file.Only a thought but since you have had no response its the best I can come up with.

Read other 1 answers
RELEVANCY SCORE 58.4

Doing as told...This dont look to pretty good...(lol)
Panda online scan results..Help



Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adam White\Cookies\adam [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Adam White\Cookies\adam [email protected][1].txt
Spyware:Cookie/BestOffersNetworks Not disinfected C:\Documents and Settings\Adam White\Cookies\adam [email protected][2].txt ... Read more

A:[SOLVED] Panda active scan report..Highjacked..Help

bump bump

Read other 5 answers
RELEVANCY SCORE 55.6

Incident Status Location

Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp.cab[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar ... Read more

A:Active Scan Report + DSS Report

hi EddyMeuh

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================


Download this file to your desktop.- Here

IMPORTANT - You must place combofix on your desktop!!

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=================

Please Run a scan with HiJackThis and save the log

=================

In your next post, please include fresh logs from: ComboFix.txt
HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Read other 19 answers
RELEVANCY SCORE 53.2

New Hijach scanComments Please.DonLogfile of HijackThis v1.98.2Scan saved at 10:42:20 AM, on 12/14/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXEC:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32 ... Read more

A:New Scan, New Friend

Hi if you are still having a problem:You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download SiteThen post a new log

Read other 2 answers
RELEVANCY SCORE 52.4

Here's the scan for my friend's Hijackthis, his system is having the same problem my was having, pop ups. Please help, thanks!

Logfile of HijackThis v1.97.7
Scan saved at 9:55:21 PM, on 2/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\Mouse\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\System32\wjview.exe
C:\WINDOWS\qkshield.exe
C:\Program Files\Common files\updmgr\updmgr.exe
C:\PROGRA~1\AIM95\AIMWDI~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\In Ho\Application Data\aato.exe
C:\WINDOWS\System32\wnsapisv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PCLEScheduler.exe
C:\Program Files\LimeShop\LimeShop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avant Browser\iexplore.exe
C:\Documents and S... Read more

A:Hijack scan for my friend

Read other 10 answers
RELEVANCY SCORE 50.4

Hi i'm new to computers can someone please tell me what these scan results mean

Thank you

A:Scan report Help

Welcome to PCHF
Can you tell us what program you used to make this report? Also are you having any issues with your computer?

Read other 5 answers
RELEVANCY SCORE 50.4

hi
here is my HDD scan report, and I want to ask is it repairable or not?

A:HDD scan report

Check out spinrite, not only can it repair drives but it can condition a drive as well... a proven performer for over 20 years!

Read other 7 answers
RELEVANCY SCORE 50

Here are things my computer does:

The "paste" function does not work.

Many things I try to open on my computer (whether they are programs that came with the computer, downloads, windows live, magicjack...) do not open and this message pops up: "This application failed to start because it's side-by-side configuration is incorrect. Please see the application log for more details."

Some friends recommended using malwarebytes to scan the computer... i was able to download it, but when I tried to run it, the above message came up.

A friend recommended downloading the Microsoft Visual C +++ 2008 Redistributable from their website, which I was able to do... but that was all. It didn't change any of my problems.

I am attaching the results... I HOPE someone knows what to do!!

THANKS

A:I have the report from my Combofix scan... Can someone help me?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 50

I have scan results from GRM & COMBOFIX, thanks

A:GRM & COMBO FIX scan log report

On start up, I get message[ chrome://searchshield/content/overlay.js:234] also [js:90] & message says [do you want to continue running script? yes or no]anyone know what that means? and how to fix it? , Logs are attached. thanks

Read other 3 answers
RELEVANCY SCORE 50

I can not acsess adobe.com's web site. I have tried to go through I.E. and netscape. Can you tell me what would be going on with this computer that would prevent me from this. Ive checked the security on this computer. Thanks
Here is the results to my scan.
Logfile of HijackThis v1.97.2
Scan saved at 10:53:16 AM, on 10/08/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TPPALDR.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\SMARTDRAW PHOTO\SDPHOTOBAR.EXE
C:\PROGRAM FILES\KONTIKI\BIN\KONTIKI.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\EBAYTBAR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WM... Read more

A:Check my scan report, please

Read other 8 answers
RELEVANCY SCORE 50

After updating MalwareBytes Database, I did a quick scan today. It identified one malicious item as follows.

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> No action taken.

Of course I ignored it but why is an iTunes Registry entry being identified as a malicious item? I have been using my iTunes for ever but MalwareBytes had never identified this entry as malicious earlier.

Could someone please give me an answer.

A:MalwareByte Scan Report

IFEO's, which is what this is, aren't always bad. In fact what triggered this is fairly commonplace in both good and bad apps.

In this particular case if itunes is working properly I wouldn't be too worried about it.

Read other 5 answers
RELEVANCY SCORE 50

i have the following error, c\:windows\system32
msiefr40.dll- i ran the highjack scan and here is my report:

can anyone help me please?

thanks,
sherri
 

A:highjack scan report

Read other 8 answers
RELEVANCY SCORE 50

Incident Status Location

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick... Read more

A:My Online Scan Report

Hi tomavfcno1 and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do not run option #2 unless instructed to!!

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open... Read more

Read other 13 answers
RELEVANCY SCORE 50

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:45 PM 8/4/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\rainbowgirlwp.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
[464] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning.
C:\Program Files\filesubmit\rainbowgirlwp.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Brenda\Cookies\[email protected][2].txt ... Read more

A:report from ewido scan

Hi and welcome

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

Read other 2 answers
RELEVANCY SCORE 50

well... my problem started before a restore and HDD format(but format erases... yea i know...) before the crash it seemed in working order, till it crashed. after MUCH time trying to restore my files and system, i got fed up and just formatted my hard drive and re-installed windows xp. The massive 65-70GB chunk of "locked" information(presumably my backup i couldnt restore???) was gone but the directory it was under <C:\Documents and Settings\Owner\> is still there, only directly in C:\ labeled <My Backup -- 09-01-30 0235PM> it only contains the single root path leading into Owner\ which cannot be opened, deleted, altered in any way. obviously, it didn't get wiped from the formatting. Now occasionally on startup or after reboot only a few startup programs load and when i go to My Computer it has to "search/locate" just about every folder i click on and basic system operation is really slow, even seems like it freezes every now and again(but hasn't) i usually let it work itself out before just shutting my comp off cold. Takes a while sometimes but usually "catches up" with whatever it was doing, enough for me to shutdown from start menu or task manager. Then again, on occasion, it starts fine and runs good except for constant CPU usage and the computer seems to run abnormally hard(loud). I'm no professional computer tech but to the best of my knowledge and understanding this is whats going on. I've run Numerous anti virus, malware, s... Read more

A:DDS Scan Detail/Report

Hello and welcome to TSF.

If you still need help, please post a fresh DDS.txt as it has been a while since you posted.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 50

Hi, looking to know what i should or should not delete in this. Main problem i'm having is internet explorer doesnt load any pages but mozilla and all other internet works fine.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:37 AM, on 2/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\Razer\Mamba\RazerTray.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.ex... Read more

A:Hijackthis scan report

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 2 answers
RELEVANCY SCORE 50

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:11:11, on 20/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\hpq\... Read more

A:Hijack This Scan Report pls

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------StartupLite sounds like the one for you.Please download StartupLite. to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.See how you go with that.

Read other 20 answers
RELEVANCY SCORE 49.2

Howdy,

I just ran a Kaslersky online scan .When the scan was completed I got a window that tells me it picked up a few thing.

I did not see a tab to click to view the items. I clicked on the help tab. It said that after the scan I would be able to view what these items are. Is does not mention where to click to view.
I have a screen shot if that would be helpful.
Dennis

A:How To View Kaspersky Scan Report

hi again dennis
does it have a save log button?
if it does that should pull it up(i think don't usually use kapersky)
hope that helps
mz30

Read other 14 answers
RELEVANCY SCORE 49.2

I followed the procedure recommended by noadhfear to get rid of Smitfraud. It seemed to have worked for the most part, but a couple of days before I did it, I started having trouble with Internet Explorer, so I was not able to run the ActiveScan.
When I run IE, it will work for a very short while and then just stop and all of the IE windows are gone and a message comes up saying something like "An error has occured and an error log will be generated" - although I can't find the error log.

I have included the report from HJT and from Ewido. Please check over these and let me know what needs to be removed and if there is any sign of why IE is not running properly.

Thanks.
Astro99

Logfile of HijackThis v1.99.1
Scan saved at 11:21:05 PM, on 8/24/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\A... Read more

A:Help with HJT Log and Scan report after removing Smitfraud

Read other 7 answers
RELEVANCY SCORE 49.2

Incident Status LocationAdware:adware/swimsuitnetwork Not disinfected c:\windows\system32\MYDLL.dllSpyware:spyware/cws.olehelp Not disinfected Windows RegistryMy Comp is running Good but What Should i nead to do now?

A:Panda Active Scan Report

MYDLL.dll is related to Spyware.ActualNames and often includes other malware files which ActiveScan may not have found. If you click on the Removal Tab in the Symantec link there are instructions for removing/unregistering the .dll.What OS (Win XP/2000, etc) are you using? What is your primary anti-virus and when was the last time you ran a scan? Have you performed any anti-spyware scans other than ActiveScan? If not, start here:If your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".Print out the Ewido Install and Scan Instructions. Download and scan with Ad-Aware SE Personal 1.06. Setup & Configure as shown here.Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.[DO NOT choose the option to install TeaTimer]Note: If you encounter any error messages while downloading the updates, manually download them from here.

Read other 6 answers
RELEVANCY SCORE 49.2

hello everyone, i dont know much about this but i have been having trouble with windows live onecare, the firewall is off on both windows and onecare. when i try to turn on onecare firewall it says one care cant turn on your firewall at this time please try later, sometimes when i go to windows firewall it is greyed out and says at the top firewall is controlled by group policy. i am running vista home premium on this pc but i have the same problem on my XP laptop. both the machines are on my home network. this is the scan result. i would really love some help here.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:58:28, on 15/05/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\AASP\1.00.61\aaCenter.exeC:\Windows\System32\spool\drivers\x64\3\WrtMon.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\SysWOW64\CTHELPER.EXEC:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exeC:\Windows\System32\spool\drivers\x64\3\... Read more

A:Hijackthis scan report need help understanding it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations

The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.

I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.

The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet config... Read more

Read other answers
RELEVANCY SCORE 49.2

Good morning,

I had my hijack log analysed and was asked totake certain actions which i did. Because the computer was in safemode when the scan was performed I had to save the report file with the results. I saved it to DEsktop then, because I was in another user's account I then transferred it to a floppy.

Now that I ahve tried to post to the hijack log I cannot get the report in readable format. By this I mean I went through "File" on my browser and opened the report - it came up with a number of small squares and letters (the usual jargon when a file is opened in the wrong application).

What do i have to do to post it into my hijack log thread to ensure that you guys could lookat it since i am not seing anything here that allows opening of files.

Thanks

Tempest

Read other answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations
The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.
I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.
The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet configuration settings... Read more

Read other answers
RELEVANCY SCORE 49.2

I AM HAVING PROBLEMS WITH VIRUS,TROJANS AND WHO KNOWS WHAT ELSE I HAVE RAN SUPERANTISPYWARE AND MALWARE BYTES AND THESE ARE WHAT SAS FOUND AND REMOVED:ADWARE.TRACKING COOKIESADWARE.VUNDO VARIENT/RELROGUE.COMPONENT/TRAYWARE 2009CEROGUE.XPDELUXEPROTECTORTROJAN.ANGENT/GEN-FRAUDDROPTROJAN.ANGENT/GEN-FREDDYTROJAN.DROPPER/WIN-NVROGUE.XP ANTISPAND I WAS GETTING ALERTS FOR WIN32 VIRUSI AM ALSO HAVING PROBLEMS WITH MY IE8 BROWSING ASWELL:THIS IS WHAT I KEEP GETTING IN MY BROWSER POP UP EVERY 2-3 SEARCHES TELLING ME I AM INFECTEDInsecure Internet activity. Threat of virus attackDue to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.Also insecure Internet activity can result in revealing your personal information.To get full advanced real-time protection for PC and Internet activity, activate XP Deluxe Protector. We recommend you to protect your PC now and continue safe Internet browsing. Click here to get full advanced real-time protection and continue browsing. Continue to this website unprotected (not recommended).AND WANTS ME TO PURCHASE XP DELUXE PROTECTOR.I HAVE RAN A ROOT REPEAL REPORT SCAN AND A HIJACKTHIS LOG AND HAVE POSTED THEM BELOW...PLEASE HELP THANKSROOTREPEAL REPORT SCAN:ROOTREPEAL © AD, 2007-2009==================================================Scan Time: 2009/07/04 14:35Program Version: Version 1.3.0.0Windows Version: Windows XP SP3=====... Read more

A:HIJACKTHIS LOG AND ROOTREPEAL REPORT SCAN:

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and ... Read more

Read other 17 answers
RELEVANCY SCORE 49.2

I scanned my computer with Adwcleaner in safe mode because adwcleaner wouldn't run otherwise, and the report is below. Neither Malwarebytes Pro or Hitman Pro finds anything, and after Adwcleaner says it has put the objects in quarantine and reboots the computer, the objects are back when I do another adwcleaner scan. What do I have?

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\1v5ybk8r.default-1410832319735\prefs.js ]
[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\6xb7mt61.default\prefs.js ]
[ File : C:\Users\monsterzillaBAM\AppData\Roaming\Mozilla\Firefox\Profiles\hjeups96.default\prefs.js ]

Line Found : user_pref("[email protected]", true);

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\allan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\monsterzillaBAM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Thanks in advance!

A:Firefox infected, scan report says:

Could just be tracking cookies. Do a cleaning of history in browser ( cache) ? How is Firefox and Chrome working, any pop ups or redirecting to other websites ?
Seems like the folders were web browsing history is put and browser settings.
Try resetting firefox too.

Use Windows malicious Removal tool, at run, MRT.exe

Read other 4 answers
RELEVANCY SCORE 49.2

Hey there, I am a member of the World of Warcraft community and fell for a post on their forums claiming to be a picture of in game action, but it was at world0fwarcraft.com - the "O" in 'of' is a zero, and many people labeled it as a keylogger. I got a windows message at the top that a download had been stopped to assure my security, the information bar below the address bar. I've only run Spybot other than Hijack This, and I didn't pick up anything (Spybot is up to date).I guess I'm paranoid that I still might have something, but heres a list of processes and my Hijack this scan:Process PID CPU Description Company Name
System Idle Process 0 100.00
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 268 Windows NT Session Manager Microsoft Corporation
csrss.exe 316 Client Server Runtime Process Microsoft Corporation
winlogon.exe 492 Windows NT Logon Application Microsoft Corporation
services.exe 540 Services and Controller app Microsoft Corporation
svchost.exe 740 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 1784 WMI Microsoft Corporation
unsecapp.exe 900 WMI Microsoft Corporation
svchost.exe 812 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 3576 Windows Security Center Notification App Microsoft Corporation
svchost.exe 904 Generic Host Process for ... Read more

A:Possible Keylogger (full Scan Report)

Arthas Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks

Read other 1 answers
RELEVANCY SCORE 48.8

Hello everyone,
I'm using a Toshiba Satellite laptop that I purchased in December 2010 and I received a few messages today telling me that "Windows detected a hard disk problem" and advising me to backup everything and contact the manufacturer. The HDD is a Toshiba MK5065GSXN. I'm using Windows 7 64bit. I performed a disk scan and am hoping that someone can help me interpret the results (the steps I followed were taken from this thread: http://www.sevenforums.com/crashes-d...k-warning.html).

Thank you very much for any help or advice you can give!

Checking file system on C: The type of the file system is NTFS. Volume label is TI105927W0F. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 228096 file records processed. File verification completed. 3044 large file records processed. 0 bad file records processed. 0 EA records processed. 60 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 298156 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 228096 file SDs/SIDs processed. Cleaning up 189 unused index entries from index $SII of file 0x9. Cleaning up 189 unused index entries from index $SDH of file 0x9. Cleaning up 189 unused security descriptors. Security descriptor verification completed. 35031 data files processed. CHKDSK is verifying Usn Journal... 3644... Read more

A:HDD failure on its way? disk scan report inside

Checkdisk cleaned up the file system that had some entries that pointed nowhere, but did not find any bad sectors on the drive. That is good news.

The next thing to try is a HDD diagnostic program that can be booted from a CD or USB stick so it can run outside of the OS. Toshiba does not offer one but most folks use the Hitachi Drive Fitness Test instead.
https://www1.hgst.com/hdd/support/download.htm

(Note: Toshiba HDDs are usually manufactured by Fujitsu. Fujitsu does have a diagnostic but it only boots from floppy disk - the last time I checked)

Read other 2 answers
RELEVANCY SCORE 48.8

I've been infected with spysheriff as well. here are my HJT and Ewido scan logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:32 AM, on 6/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\hijackthis\HijackThis.exe

F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 -... Read more

A:Hijack This Log, Ewido Scan Report, need to rid spysheriff

Read other 7 answers
RELEVANCY SCORE 48.8

i attempted logging into a game account of mine and got the message that my login info was incorrect. (i log into this account daily and am 100% on my login info). i saw an announcement from the game company on the login screen warning people not to use the same password on webistes and to run virus checks and such because there have been keyloggers stealing guild wars accounts for money recently. my question is not how to get the account back, but how to get rid of these things and MAKE SURE THEY DON'T COME BACK. thanks a lot - peace everyonea-squared Free - Version 4.5Last update: 12/23/2009 9:20:07 PMScan settings:Scan type: Deep ScanObjects: Memory, Traces, Cookies, C:\Scan archives: OnHeuristics: OffADS Scan: OnScan start: 12/27/2009 4:01:45 PM[3816] C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE detected: Riskware.AdWare.Mywebsearch!IKC:\Program Files (x86)\MyWebSearch\bar\2.bin\mwsoestb.dll detected: Adware.Win32.MyWebSearch!A2c:\program files (x86)\funwebproducts detected: Trace.Directory.FunWebProducts!A2c:\program files (x86)\funwebproducts\screensaver detected: Trace.Directory.MyWebSearch Toolbar!A2c:\program files (x86)\funwebproducts\screensaver\images detected: Trace.Directory.MyWebSearch Toolbar!A2c:\program files (x86)\mywebsearch\bar detected: Trace.Directory.MyWebSearch Toolbar!A2c:\program files... Read more

A:help: analyze a scan report (identify keyloggers)

Let's get another opinion.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at th... Read more

Read other 5 answers