Over 1 million tech questions and answers.

have any documents explain mbsa scan result xml attribute means

Q: have any documents explain mbsa scan result xml attribute means

hany any documents explain mbsa scan result xml attribute means
like
UpdateData ID="MS09-062" GUID="16bb6a11-b540-4486-ab13-f3b9789e90b5" BulletinID="MS09-062"




ID="MS09-062" equles BulletinID="MS09-062"
ID equles BulletinID


<UpdateData ID="2737155" GUID="30cbedc1-1036-4087-a6c4-aeda7a0547ef" BulletinID="" KBID="2737155"
ID equles KBID
ID="2737155 KBID="2737155"

have any resources descript attrbuites means
like ID GUID BulletinID Severity
I google webiste i cann find any document explain this mbsa xml report tag means


<Detail>



<UpdateData ID="MS09-062" GUID="16bb6a11-b540-4486-ab13-f3b9789e90b5" BulletinID="MS09-062" KBID="972221" Type="1" IsInstalled="true" Severity="1" RestartRequired="false">



<Title>
Security Update for Microsoft Visual Studio 2008 (KB972221)
</Title>




<References>



<BulletinURL>
http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx
</BulletinURL>


<InformationURL>http://go.microsoft.com/fwlink/?LinkId=162544</InformationURL>


<DownloadURL>
http://download.windowsupdate.com/msdownload/update/software/secu/2009/09/vs90-kb972221-x86_92f3c86b14ae4b1f710a11dc42bd8d9b4ff208c5.exe
</DownloadURL>



</References>



</UpdateData>

Read other answers
RELEVANCY SCORE 200
Preferred Solution: have any documents explain mbsa scan result xml attribute means

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 215.2

hany any documents explain mbsa scan result xml attribute means
like
UpdateData ID="MS09-062" GUID="16bb6a11-b540-4486-ab13-f3b9789e90b5" BulletinID="MS09-062" 




ID="MS09-062" equles BulletinID="MS09-062" 
ID equles BulletinID


<UpdateData ID="2737155" GUID="30cbedc1-1036-4087-a6c4-aeda7a0547ef" BulletinID="" KBID="2737155" 
ID equles KBID
ID="2737155 KBID="2737155" 

have any resources descript attrbuites means
like ID GUID BulletinID Severity
I google webiste i cann find any document explain this mbsa xml report tag means


<Detail>



<UpdateData ID="MS09-062" GUID="16bb6a11-b540-4486-ab13-f3b9789e90b5" BulletinID="MS09-062" KBID="972221" Type="1" IsInstalled="true" Severity="1" RestartRequired="false">



<Title>
Security Update for Microsoft Visual Studio 2008 (KB972221)
</Title>




<References>



<BulletinURL>
http://www.microsoft.com/technet/security/bulletin/MS09-062.mspx
</BulletinURL>


<InformationURL>http://go.microsoft.com/fwlink/?LinkId=162544</InformationURL>


<DownloadURL>
http://download.windowsupdate.com/msdownload/update/softwa... Read more

Read other answers
RELEVANCY SCORE 79.6

I read an article that IPV4 addresses are running out and that some crisis is about to present itself concerning IPV4 addresses. Frankly, I have little-to-no understanding of what this means. I have only uninformed guesses what it means to run out of IPV4 addresses.

Here's the article: http://www.infoworld.com/print/121729

I don't need to know about the black market aspect of it. I guess I just need to know what IPV4 is and IPV6 is and how running out of those addresses matters to me.
 

A:Someone explain what this means 'running out of IPV4' means

IPV4 is the present standard used to assign addresses to computers
and servers on the internet.
Each computer has an IP address.
It's like a phone number for each computer.
When you view a web page,it connects to that servers IP.
The domain name is assigned to that IP address.
Running out of IPV4 addresses shouldn't be a major problem
as IPV6 is already in place to extend the number of available addresses.
The modem you use to connect to the internet more than likely
is assigned an IPV4 IP address by your internet provider.
 

Read other 2 answers
RELEVANCY SCORE 70

Good day! How to get the full combined report on all scanned computers? I like the report on each PC, I want to make a combined report for all scanned PC with all the options that are specified in the individual reports (such as which administrative user
accounts created on a PC, their names) and so on cscript.exe rollup.js does not give detailed information, as in the individual report

Read other answers
RELEVANCY SCORE 69.6

H:\ is not accessible

The request culd not be performed because of an I/O device error. ?
Would someone be so kind to explain this message for me.

Much Appricated

Lockeyp
 

A:Could someone please explain what this message means?

Here is an explanation from Microsoft:

http://support.microsoft.com/kb/891894
 

Read other 1 answers
RELEVANCY SCORE 68.8

Hello
I have experimented with this all day and don't know if it even matters. I can understand that if a pic is altered yet remains the same size it can change it's KB but if I take the same pic and just save it a few times under a different name ie: horse1 horse 2 etc without changing a thing the KB are sometimes very different though the size remains the same 500px X 400px.
The reason I care is because I wonder if this slows down the loading when someone goes to my site if they are not on broadband and if it means that I use up my space on my site.
Thanks
rob
 

A:Solved: Please explain what KB means in pics

Read other 14 answers
RELEVANCY SCORE 68.4

Hi Guys,
Could you please assist me in understanding numerical parameters (Check ID, Grade, Type, Cat, and Rank) in the XML result of MBSA 2.3.2211.0.

What are their definitions?
<Check ID="500" Grade="5" Type="5" Cat="1" Rank="1">
   <Detail>
       <UpdateData ID="4023307" Type="1" Severity="4"> </UpdateData>
   </Detail>
</Check>


Thanks in advance,
Dmitriy

Read other answers
RELEVANCY SCORE 62

Hi Team,
I am facing a problem while doing a remote scan to Windows 10 machine.
I am initiating a scan from the machine Windows 10 to remote machine Windows 10 same configuration.
I am getting the below error
An error occurred while scanning for security updates. (0x80070005) [ I had tried choosing all the three options which is been listed out there].
Could you please help me the possibility of the error step by step.

Regards,
Sumeet Mishra

Sumeet Mishra

Read other answers
RELEVANCY SCORE 62

Hello guys.
So, i was trying to use MBSA and i only get that result.
Downloaded the newest MBSA from website.
Scanner PC = Windows Server 2008. This computer is our DC and im doing that with my Domain Administrator.
Scanned PC = Windows 7, windows 8 and windows 10.
None of them worked.
BUT.... i tried to scan another server (server 2012, server 2008) and it worked. MBSA only works with my servers, but dont work with workstations.
Already stopped the firewall on both computers.
Dont know what else i can do.

Read other answers
RELEVANCY SCORE 61.2

MBSA command line / off-line scan returns "An error occurred while scanning for security updates.  (0x8007000e)". 

Scanning 32 bit Windows 7 professional, on a system w/ 4GB memory, that cannot be connected to the internet, but still required to be patch compliant.  Scanning with .cab file identifies required patches w/ no problems (no error as above). 
Patches applied, including upgrade to .NET 4.5.2 and WMF 4 (PowerShell 4), etc.  After patches applied, re-scan with the same .cab results in the error listed above.  Problem occurs on three identical systems.  Problem does not occur on other
non-identical 32 bit or other 64 bit systems.
Scanning w/ a batch job on each local system (not a network scan), w/ Windows Automatic Update Service turned on, and command line interface as follows:
c:\...\mbsacli.exe /target %COMPUTERNAME% /n SQL+IIS+Password /offline /noadd /qp /catalog ".\wsusscn2.cab" /nd /nvc
MBSA Scan version is 2.3.2211.0   wsusscn2.cab catalog synchronization date is 2015-09-07T18:39:143
Any ideas what to try?

Read other answers
RELEVANCY SCORE 61.2

The Intel Driver & Support Assistant said that it had an update: Intel® Graphics Driver for Windows* [15.40]. When I did a scan with the Lenovo Companion app, it said there were no updates available. Why the difference of opinion betwee the two apps?

Read other answers
RELEVANCY SCORE 60.8

Hi,
I know my system infected with virus or adware or spyware. All of sudden my desktop changed all files and documents were msiing and desktop also changed.
 
I have gone through this forum and tried all the means( installed malware bytes, adware cleaner, spyware removal) and making Attributes ad unhidden and still I am having the issue. I tried unhide.exe but it is not working my system.
 
http://www.bleepingcomputer.com/forums/t/387625/all-of-my-documents-pictures-and-downloads-are-missing/
 
and other topics also followed.
 
I also tried to boot form USB by following
http://forums.avg.com/in-en/avg-forums?sec=thread&act=show&id=235354
 
but my system is not bale to recognize USB and not loading.
 
Please help me
 
Thanks,
Suman

A:All my documents and Pictures are hidden...try all means but nothing help.

Try using a Linux Live CD like Xubuntu 12.04 LTS 32 bit. It will allow you to go into the drive that Windows is on, then go into the Users folder, that the documents should be in.
Some malware will hide stuff like this, some will actually erase it, along with certain clean-up programs, if you are not careful.

Read other 2 answers
RELEVANCY SCORE 60.8

I'm trying to run the quarterly MBSA scans for the systems on the domain I manage from the domain controller, this is usually done using a batch file that runs MBSA 2.3. However this time whenever I run the scan it just gets stuck on "scanning"
I left it for a whole weekend and this was still the case.

I've tried uninstalling and reinstalling MBSA but with no luck, does anyone have any ideas what could be causing this From the WindowsUpdate.log on the target machine i get the following but then nothing happens.

2018-06-28 15:42:32:930
10132 b24
COMAPI -----------  COMAPI: IUpdateServiceManager::AddScanPackageService  -----------
2018-06-28 15:42:32:930
10132 b24
COMAPI   - ServiceName = MBSA Offline Scan Package
2018-06-28 15:42:32:930
10132 b24
COMAPI   - ScanFileLocation = C:\Windows\Temp\MBSA\Cache\wsusscn2.cab
2018-06-28 15:42:33:648
880 1788
Misc Validating signature for C:\Windows\SoftwareDistribution\ScanFile\1957b81e-8c4a-4311-8aca-88df571069c6\Source.cab with dwProvFlags 0x00000080:
2018-06-28 15:43:07:269
880 1788
Misc Microsoft signed: Yes
2018-06-28 15:43:12:324
880 1788
DtaStor Default service for AU is {9482F4B4-E343-43B6-B170-9A65BC822C77}
2018-06-28 15:43:12:324
10132 b24
COMAPI   - Added scan package service, ServiceID = {1957B81E-8C4A-4311-8ACA-88DF571069C6} Third party service
2018-06-28 15:43:12:340
10132 b24
COMAPI -------------
2018-06-28 15:43:12:340
10132 b24
COMAPI -- START --  ... Read more

Read other answers
RELEVANCY SCORE 60.8

Is there a step by step guide or script for making the required changes on remote PCs (firewall ports changes - enable remote registry) available?

Read other answers
RELEVANCY SCORE 58.8

I have a Windows 7 pro laptop. I want to know if I can install MBSA on my PC and use it to analyze the very same PC that MBSA is installed on. I don't have more than on PC. MBSA seems to be rather complicated and I think it will take some time for an unexperienced
user like me to configure. But if it is possible to use MBSA on one single PC I would like to try...

Read other answers
RELEVANCY SCORE 58.8


I'm trying to run a scan on the domain computer, but I keep getting the error User is not an administrator on the scanned machine. I am running the scan from the DC with a domain admin account. This account works on all computers in the domain, so I don't
understand why it's saying the user is not an administrator.  Any information as to why this is happening is appreciated. Thanks, Chris

Read other answers
RELEVANCY SCORE 57.6

Hi, I have question, can you create and format documents using windows 7 explain your answer please. I'm not too shabby at figuring out what to do on the computer when I need to do something, but I'm not too familiar with computer lingo and I have to answer this question for a class .
thank you

A:can you create and format documents using windows 7 how to explain thi

Not sure what exactly you're asking but in simplest terms, yes, you can create and format documents using Win 7. You could always install a word processing program such as Microsoft Word, OpenOffice, LibreOffice, etc... All of which have extensive capabilities for creating and formatting documents. Win 7 also comes with a limited feature word processing program called WordPad that can create and format docs but isn't nearly as feature rich as the other programs listed.

Read other 7 answers
RELEVANCY SCORE 57.6

Could scan all remote servers previously from same sources and version.  Replaced/updated all cabs and other files associated (C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache) with no change.  Removed/re-installed
MBSA 2.2 with not effect.
Local scans appear to function fine, but do not wish to download MBSA on EVERY system we need to scan.
Settings for remote scan are: Check for security updates>Configure computers for Microsoft
Update and scanning prerequisites>Advanced Update Services
options:>Scan using
Microsoft Update only
Have attempted from different systems/OS's, with same results.  Checked firewall for any blocked traffic from both host and scanner, no entries.
Checked Technet/blogged for about two hours, without any positive results. Please advise/assist.
Regards,

 
AJ Lebeau
MCSE, MCP, MCP+I, CNA, ACNA, A+
Server Administrator
Progenics Pharmaceuticals
[email protected]
(914) 789-4558

 

A:Using MBSA 2.2 getting error 'Cannot load security CAB file" when attempting to scan any remote systems

Thank you for sending this to the MBSA forums!
If you haven't already, you may want to check the MBSA FAQ located here:
http://technet.microsoft.com/en-us/security/cc184922 specifically under the sections titled, "How can I scan a computer that is protected by a firewall" (to resolve potential DCOM connectivity issues), and "When attempting to scan a remote machine,
why do I see the error 'Cannot deploy security metadata?"
This is also a very misleading error message since the problem could be due to connectivity to the target (client) machines - nothing relating to the CAB file.  In any circumstance, you should not need to install MBSA on all of the target machines to
successfully assess their security state. 
 
Possible solutions include

Confirm the latest WUA client is installed on all target machines (with the files you've already placed in the cache directory, you can simply check the scan option to "Configure computers for Microsoft
Update and scanning prerequisites" - which will update and re-register each target machine with the latest WUA client and the ability to respond to requests from MBSA.
Check whether the target machines have limited disk space (unlikely) Check DCOM settings on both the server - but more likely due to the failure to remotely scan - the target machines.
Change the scan options to further troubleshoot.  Specifically, 'Check for security updates' option uses a DCOM connection ... Read more

Read other 5 answers
RELEVANCY SCORE 56.8

I am not sure. Did it find something or am I clean?
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2015
Ran by Andris (administrator) on ANDRA-PC (02-09-2015 12:43:07)
Running from C:\Users\Andris\Downloads
Loaded Profiles: Andris & UpdatusUser (Available Profiles: Andris & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
() C:\Program Files\HTC\Internet Pass-Through\htcnat.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtH... Read more

Read other answers
RELEVANCY SCORE 56

Internet explorer has been launching itself and coming up with multiple screens and script errors. I ran a scan of Hijackthis. Here is a sample. Please advise on how to proceed.
Platform: XP SP1 (winNT 5.01.2600)
MSIE:Internet Explorer v 6.00 SP1 (6.00.2800.1106)
R1-HKCU\Software\Microsoft|Internet Explorer\Main,search.Bar=http://www.commonname/english/toolbar/sidebar.asp
There are 3 of theese with different web addresses
Two more start with HKLM\ and continue as above
01-Hoasts:216.177.73.139 auto.search.msn.com
There are 4 of these with different addresses
02-BHO(no name) {lots of letters and #}-c:\Windows\System32\FOne.d11
Other prefixes include:
HKCU
Global Startup
Extra content menu item
Extra button
Hijacked internet access By New.Net
DPF
etc...
Please help !!
Thanks----Aline
 

A:XP log file\Hijackthis scan\explain

Those 3 examples are:

CommonName Toolbar (aka: CNBabe / WinNet)
http://doxdesk.com/parasite/CommonName.html

New.Net domains (NewDotNet browser hijacker)
http://doxdesk.com/parasite/NewDotNet.html

Favorite Man (Fone.DLL)
http://www.doxdesk.com/parasite/FavoriteMan.html

These are notorious spyware/scumware/parasiteware items usually installed by file-sharing programs such as Kazaa, Morpheus, Grokster, iMesh, Limewire, Audiogalaxy, Bearshare, and more.

Further info here
I strongly suggest you uninstall whichever p.o.s. p2p program you installed, and then download and install Spybot Search & Destroy

Close all browser windows

Open Spybot S&D for the first time
Select Country & click out of the setup section (Next button)

Click "Online" button, click "check for updates"
(note: you need to be online for this)
Checkmark and download the latest Includes/Updates
(skins/languages aren't important)

"Settings" button, click "File Sets"
Uncheck "Usage Tracking" and "System Internals"

Go back to main "Spybot S&D" button
Click "Check for problems"

Let the scan run

When done, all spyware/adware/etc will be auto checked in the results,
so just click "Fix selected problems"

If you are prompted that some files are in use and can't be deleted,
Click "Yes" to allow Spybot S&D to run on reboot.

Reboot
Spybot S&D will load before the Windows GUI
Run th... Read more

Read other 1 answers
RELEVANCY SCORE 54.8

When I run a virus scan using AVG I get the message C:\windows\system32\drivers\etc\hosts change result: changed. I have attached Kappersky and DSS scan results. Do I have something to worry about? besides AVG I have SpyBot which I update and run every couple of days. Thanks in advance for your help.

A:Avg Scan Result

Hello StalagmiteWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, download and install Hijackthis by Trendmicro and post a log, copy and paste it into the thread by using the Add Reply button, please do not attach it. I am looking at a possible trojan on your system.Download Trendmicros Hijackthis to your desktop.Double click it to installFollow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exeOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Read other 2 answers
RELEVANCY SCORE 54.8

Hey guys,
I posted this originally on May 2nd and have never gotten a response. If I don't have anything to be concerned about, please, just let me know. I have always gotten very good assistance with my troubles and questions before. Maybe I just posted my question in the wrong place.

Question about scan
I am not really having a problem but I am curious about the results of a scan by AVG Free. When my scan is complete, I get the results shown in Attach. #1. I click on "remove all unhealed infections and I get the results shown in Attach. #2. Also enclosed is the results from my HiJackThis scan. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:31 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\A... Read more

Read other answers
RELEVANCY SCORE 54.8

Hi,

Can anyone tell me if this file is harmful, it was picked up while scanning with AVG software, status read at the top of the it said it had been changed, this is the file:

C:WINDOWS\SYSTEM32\ntoskrnl.exe

Is this whats called a kernal, this is not in my virus vault but keeps coming up on the scan each time.

Thanks
 

A:AVG scan result

See post #4 in this thread: http://forums.techguy.org/security/554221-solved-avg-finds-ntoskrnl-exe.html
 

Read other 2 answers
RELEVANCY SCORE 54.4

Hi guys,

I just finished running a scan with spybot search & destroy and it came back with the following result (attached a pic). The problem is that I have heard the name before coolwwwsearch which is what was picked up and I thought it must be bad but just to be sure I checked the particular files in my registry. The files all belong to a program I just recently installed called Zero popup pro which as you can guess from the name is a popup blocker. I'm not sure what to do now and was hoping someone can advise whether to ignore what spybot has found or could that popup blocker program be some type of spyware?
 

A:Spybot scan result

Read other 9 answers
RELEVANCY SCORE 54.4

Thought I may have got an infection (sonar.heuristic.130).  So I ran numerous scans.  
Norton Internet Security A/V, Norton Power Eraser, MS Safety Scanner, ESET Online Scanner, Super-Antispyware, Malwarebytes, ADW, TDS Killer, and R Kill.
All my scans ok, less the ADW find.  Wasn't sure to delete the registry key, so I didn't.  I took a screen shot of LAN settings but couldn't figure how to attach, if I was supposed to.
 
The result of ADW scan:
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 01:37:05
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Fred - ATHEIST
# Running from : C:\Users\Fred\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
 
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
*************************
AdwCleaner[R0].txt - [679 bytes] - [16/02/2015 01:37:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [737 bytes] ##########
 
Screen I tried to attach
Internet Options/Connections/LAN Settings
   Automatic configuration heading........only Automatically detect settings is checked
   Proxy server heading..........................box is un... Read more

Read other answers
RELEVANCY SCORE 54.4

Any Malaware experts out there to take a look at these results and let me know what to do next ????

Refers to my earlier thread this morning about desktop startup errors.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:35, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\... Read more

A:DLL Error HJT Scan result

This is a duplicate post.
Original thread and HJT log are here
AND has been moved to the MalWare forum,
 

Read other 1 answers
RELEVANCY SCORE 54.4

I have Windows XP and an AdAware scan hit on this as malware[Windows Reg Data Malware HKEY -Classes-Root:regfi Possi]. Can anyone tell me what this is? AdAware can seem to do anything with it and SpyBot doesn't recognize it . Please help.
 

A:AdAware scan Result

This could possibly be a sign of a possible browser hijack attempt. If ad-aware has found it, remove it. Download, update and run spybot, post your log and I'm sure someone will be along to help you with any problem soon. Nothing to worry about though, I have had lots of possible hijack attempts.
Wizzkid
 

Read other 3 answers
RELEVANCY SCORE 54.4

Hiya All

Happy Easter.

I ran Malwarebytes yesterday as PC not right.Results of 15 objects found.Can someone please explain them or advise further?

Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3

11/04/2009 20:23:50
mbam-log-2009-04-11 (20-23-50).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 130528
Time elapsed: 1 hour(s), 17 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTW... Read more

A:Malwarebytes scan result

Hello

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Read other 1 answers
RELEVANCY SCORE 54.4

I found following items with earthlink protection virus scanner.
Winmovieplugin homepage hijacker, dialer
Coolwebsearch bho, adware
Pornmagpass adware, homepage hijacker, Trojan M
Elitemediapopup adware, driveby download
Transponder.bloger adware bho
Searchsquire adware, searchpage hijacker
spywareQuake thiefware
SafetyBar adware,Bho

I deleted the items but I cannot update avg spyscanner, but can still scan with it. Should I take any other steps to ensure that my system has really gotten rid of these things. Thanks in advance.

A:I got following in one virus scan result

G'Day hes4l,


Quote:




Should I take any other steps to ensure that my system has really gotten rid of these things.




Yes indeed there are!

Go to the link "The 5 Steps", in my signature; read the instructions carefully; then, post a HJT Log in the HJT Forum, where one of the trained analysts will help you 'clean' your machine.

Now once you have posted your HJT log, there are two things you need to do....

Firstly, subscribed to your posting, so that you can receive instant email notification about any replies.

The other thing is; please be patient with receiving your first reply, as the HJT analysts are usually very busy.
So, I recommend if after say, 48 hours, you have not received any response to your request, go back into your thread, and type in "bump"; this will bring your post back to the front page, and to the attention of an available analyst.

Good luck with it!

If you have any other queries/concerns, feel free to post back.

Read other 1 answers
RELEVANCY SCORE 54.4

Windows RegData Malware HKEY_Classes_Root:refi Possi This is what I get as malware. What is it. Adaware won't remove it and Spybot doesn't recognize it as a problem. Please help.
 

A:Adaware scan result

bump
 

Read other 1 answers
RELEVANCY SCORE 54.4

Hello everyone, I have no clue how to distinguish virus from essential files???

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:54 AM, on 22/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\NEGIN\Desktop\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft&... Read more

A:Need help with "hijack this" scan result PLEASE!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

I have been having some problems as of late with my internet connection... various sites not being found, timeouts, cannot find server etc....

I call me EARTHLINK TECH support... and they suggested I make some cahnges in my dial-up networking, etc... and suggested I do a HIJACK-THIS scan.

I did the scan... and here are the results. I was wondering if anyone would look at the results and maybe make some reccomendations.....

Thank you.

DAVID
Logfile of HijackThis v1.97.7
Scan saved at 2:14:06 AM, on 1/18/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MS HARDWARE\POINT32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DAVIDS' INTERNET BROWSER
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Can someone help me with this HIJACK THIS scan result.

Read other 7 answers
RELEVANCY SCORE 54.4

Anyone know what this result means?

My windows processes are running really slow and was wondering if this is causing the problem.
 

A:AVG Virus Scan Result Help

Hi and welcome to TSG.
It should only concern you if it says it was infected.
Quote from Avg help forum.
"It is normal that AVG shows that files, the MBR or Boot record to have changed.
These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive.
The only time that you should worry is if they also show as infected."

Check link below for suggestions on Pc Maintenance.
http://computercleanup.blogspot.com/
List includes..
Scan For Viruses.
Scan for Spyware.
Microsoft updates.
-----------------------------------
Disk Cleanup.
Check Hard Drive for Errors.
Defragment Your Hard Drive.
-------------------------------------
Registry Cleanup is in their list but
Cleaning the registry may cause you more problem than you started with..
so it would be best to skip that one.
 

Read other 2 answers
RELEVANCY SCORE 53.6

can someone review a highjack this txt and provide info on system???
there are a number of 023 dll's & exe listed unknown owners..

I trying to establish if the laptop cureenetly has / or has been infected with any spyware enabling backdoor hack / keyloggers.

A:Please review highjack this scan result

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be foun... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

I have an HP Precision Scan LTX and it was working just fine the last time I used it. Today it will not work properly and no matter what I scan I just get an all black page with no picture or text.

Any suggestions? Thanks.
 

A:Scanner will not scan - result is all blacked out

Is the scanner lamp operating?
 

Read other 2 answers
RELEVANCY SCORE 53.6

I have the following output from a ComboFix scan and need help with interpreting the results. I recently purchased this machine used and do not know much history on it. Thanks for any help.((((((((((((((((((((((((((((( [email protected]_06.29.10 ))))))))))))))))))))))))))))))))))))))))).+ 2009-05-23 06:30 . 2009-05-23 06:30 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928]c:\documents and settings\Administrator\Start Menu\Programs\Startup\mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-7-26 552960]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c: ... Read more

A:ComboFix Scan Result Interpretation

ComboFix logs should not be posted outside the HijackThis forums, and then ONLY WHEN REQUESTED. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and ... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

Here's the result after I scanned the computer. I hope this would help to solve my problem. I also want to thank you all for helping me.

DDS (Version 1.0) - NTFSx86
Run by Aaron Tran at 22:08:32.39 on Mon 11/24/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1501 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\... Read more

A:Rootkit, Gmer and DDS scan result

I Have A Message Saying" Error In:c\windows\system32\caewqgeycilvoe.dll
Missing Entry:dllstart:".
I Currently Run On Xp Home Edition. After I logged in, everything on the desktop disappeared. The only left to see is the screen saver. Results shown above after the Gmer and DDS scan. Please advise of what to do and how to fix this. Thank you!

Read other 3 answers
RELEVANCY SCORE 53.6

Hi everybody, I performed a hardware scan and go this result code: WHD400000-UN7YZE What does it mean and what should I do? Thank you

Read other answers
RELEVANCY SCORE 53.6

I have just run a Malwarebytes (free version) scan, and get one potential problem as per the image below.

It refers to a tool I downloaded & used to display the Windows key for my Win 8.1 installation

Is this tool a potential security threat?

A:Malwarebytes scan & result ... what action to take?

If it is this one:
ProduKey - Recover lost product key (CD-Key) of Windows/MS-Office/SQL Server

don't worry. Nirsoft produces some of the best small Windows utilities around. The developer has an excellent reputation. I have used many of them for years without issues.

Read other 3 answers
RELEVANCY SCORE 53.6

Installed Emsi AM & did a quick scan.
It found few threats & to me it all seems FPs.
Like it mention disabletaskmanager but taskmanager opens fine. Disablecmd but cmd opens fine too. Disable registry tools but regedit opens fine too.
What I could make out of the detection have mentioned.
Attached is the screenshot

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.Di... Read more

A:Emsisoft Antimalware Scan Result

Search Emsi support forum. Fabian Wosar discusses this in some threads. If I recall correctly he stated that there are cases where legitimate\safe security or other softs will create the above keys.

Since you have been installing various security softs maybe they are just left over - and are very unlikely an indication of any kind of serious infection...
 

Read other 11 answers
RELEVANCY SCORE 53.6

I just ran a full system scan with Avast 5.0. I got the result "Threat Detected". Avast found the following:

NPSExec.exe.

The file was moved to the Avast Virus Chest (quarantine) with the following information:

Threat: Win32: Malware-Gen Location: C:\Windows

I ran a general web search and also searched several Virus Libraries with no results found. Since it's in quarantine I can restore it if needed. Has anyone heard of this file or infection?

Thanks for your help and input.
 

Read other answers
RELEVANCY SCORE 53.6

Hi there!

I just recently got my system put back together and I have been slowly running a few online scans to make sure everything was clean while I was downloading security updates over this last weekend.

I ran one recommended to me called BitDefender last night, and it came up absolutely clean. I also ran another earlier called ewido, which also came up clean, other than a few tracking cookies which were no problem getting rid of.

I just ran Panda's free online scan and it brought up something...

C:/Windows/system32/Tools/Restart.exe It says that files is "Potentionally Unwanted Tool"

I did a search on these forums and found somebody else had this file come up in a Panda scan, so I followed one of the instructions listed, and uploaded it to a site to run several scans. Here are those results:
------------------
http://virusscan.jotti.org/
File: Restart.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 eb1b125ee5d2022cbf5e2f7226f47638
Packers detected: -
Scanner results
AntiVir Found SecurityPrivacyRisk/Destart.A riskware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found... Read more

A:Panda Scan Result.. Restart.exe

Read other 9 answers
RELEVANCY SCORE 53.6

Is this Ok now?

Logfile of HijackThis v1.99.1
Scan saved at 6:56:47 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Pro... Read more

A:Hijack log and Ewido scan result

Hi and welcome.

You need to reply back to this thread instead of creating a new one. I'd merge, but the site appears to be having problems right now.

http://forums.techguy.org/security/430387-hijackthis-log-help.html
 

Read other 1 answers
RELEVANCY SCORE 53.6

My computer is really messed up right now - it's running slow and freezing and I ran this scan but I don't know what any of it means -
Thank you!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:17 PM, on 9/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\... Read more

A:Can someone analyze this hijackthis scan result for me?

According to your HiJackThis log, your computer is infected.

I'm not authorized to assist you in this section without the approval of a Moderator or gold shield member, so you need to wait until one replies.

You also need to read here.

-------------------------------------------------------
 

Read other 2 answers
RELEVANCY SCORE 53.6

Every time I run a Malwarebytes scan I get the same result, as per the attached screenshot.

Can anyone advise me (1) if there is a problem, and (2) how to get rid of the offending result permanently?
(I have blanked the XXXXXX part of the result - it is just my PC user name)

A:MalwareBytes: Same result every time I run the scan

See this::
Remove PUP.Optional.DownloadSponsor.A (Removal Guide)

Read other 4 answers