Over 1 million tech questions and answers.

ComboFix Scan Result Interpretation

Q: ComboFix Scan Result Interpretation

I have the following output from a ComboFix scan and need help with interpreting the results. I recently purchased this machine used and do not know much history on it. Thanks for any help.((((((((((((((((((((((((((((( [email protected]_06.29.10 ))))))))))))))))))))))))))))))))))))))))).+ 2009-05-23 06:30 . 2009-05-23 06:30 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928]c:\documents and settings\Administrator\Start Menu\Programs\Startup\mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-7-26 552960]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]Compaq A3000 Settings Utility.lnk - c:\program files\Compaq A3000\CPQA3000.exe [2004-1-1 1142784]Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2006-12-25 294912]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]2003-02-21 10:50 40960 ----a-w c:\program files\Softex\OmniPass\OPXPGina.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-05-17 02:38 11952 ----a-w c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CTpdpsrv.exe"="c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="c:\\Program Files\\Maple 7\\BIN.WNT\\mserver.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\AVG\\AVG8\\avgam.exe"="c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"="c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/16/2009 9:38 PM 12552]R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/16/2009 9:38 PM 325896]R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/16/2009 9:38 PM 108552]R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/16/2009 9:36 PM 298776]R2 Super G Wireless Cardbus Service;Super G Wireless Cardbus Adapter Service;c:\program files\Airlink101\AWLH4030\WLService.exe [2/12/2006 10:29 AM 49152]S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]S2 BITSShellHWDetection;Background Intelligent Transfer Service BITSShellHWDetection;?%?|x srv --> ?%?|x srv [?]S2 DcomLaunchPolicyAgent;DCOM Server Process Launcher DcomLaunchPolicyAgent;?%?|x srv --> ?%?|x srv [?]S2 RemoteAccessThemes;Routing and Remote Access RemoteAccessThemes;?%?|x srv --> ?%?|x srv [?]S3 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [4/3/2006 5:12 PM 14032].Contents of the 'Scheduled Tasks' folder2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]2009-05-23 c:\windows\Tasks\MP Scheduled Scan.job- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]2005-10-28 c:\windows\Tasks\Symantec NetDetect.job- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-01-01 14:04]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000LSP: c:\windows\system32\VetRedir.dllDPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cabFF - ProfilePath - .**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-23 20:03Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITSShellHWDetection]"ImagePath"="?%?|x\01\09 srv"[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DcomLaunchPolicyAgent]"ImagePath"="?%?|x\01\09 srv"[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteAccessThemes]"ImagePath"="?%?|x\01\09 srv".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(1096)c:\program files\Softex\OmniPass\opxpgina.dll- - - - - - - > 'lsass.exe'(1288)c:\windows\system32\VetRedir.dllc:\windows\system32\ISafeIf.dll- - - - - - - > 'explorer.exe'(3636)c:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2009-05-24 20:12ComboFix-quarantined-files.txt 2009-05-24 01:12ComboFix2.txt 2009-05-22 06:33Pre-Run: 4,164,108,288 bytes freePost-Run: 4,160,892,928 bytes freeCurrent=2 Default=2 Failed=1 LastKnownGood=3 Sets=,1,2,3,4162 --- E O F --- 2009-05-12 12:21

RELEVANCY SCORE 200
Preferred Solution: ComboFix Scan Result Interpretation

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: ComboFix Scan Result Interpretation

ComboFix logs should not be posted outside the HijackThis forums, and then ONLY WHEN REQUESTED. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and an anti-malware scanner or two. If you feel you need a second opinion, try running online scans. If you feel you might need surgery, come here to BC and ask for help--that is what we're here for.From: http://www.bleepingcomputer.com/forums/ind...t&p=1159014That said, please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. This information is much more informative than a log. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

Read other 1 answers
RELEVANCY SCORE 70.8

what is meant by the dips in this graph. Is this a jitter packet lost or what?

thx

A:speedtest.net result interpretation

It's the fluctuation in bandwidth you're getting during the test. As the needle on the speedo moves up and down it draws that graph.

Read other 1 answers
RELEVANCY SCORE 64.8

 5 1 11.txt   20.91KB
  2 downloads

A:ComboFix log needs interpretation

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

Hi,Love this site--always find answers here. Kaspersky keeps popping up a message that C:Windows/svc host 32.exe is connecting to a URL with malicious content. The message comes up every 3 minutes or so. My home network is protected, but I just came back from a trip where wifi access was public only. hxxp://10.0.0.1:80/Public_UPNP_gatedesc.xml Downloading object, containing malicious URL. Kaspersky blocks it, but it worries me that it keeps popping up. Hate those windows updates! Here's the report from Combofix:ComboFix 11-07-31.03 - glorificous 07/31/2011 11:31:42.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.1344 [GMT -4:00]Running from: c:\users\glorificous\Downloads\ComboFix.exeAV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\isRS-000.tmp..((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))..2011-07-31 15:37 . 2011-07-31 15:37 0 ----a-w- c:\windows\SysWow64\shoFD54.tmp2011-07-31 15:37 . 2011-07-31 15:37 -------- d-----w- c:\users... Read more

A:combofix txt interpretation

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412215 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

Read other 2 answers
RELEVANCY SCORE 64.4

Hi;

My Pc Windows Vista, sometimes have CPU usage almost 100 % and no other tasks could be run, I used AVG antivirus, Malware Bytes, Hitman, and finally COMBOFIX. I have a combofix log file but can not understand all thse results; does someone can help me to analyse the results? Sorry for poor english.

Read other answers
RELEVANCY SCORE 64.4

Hi.
I have a 2 year old laptop that I just reflowed due to excessive overheating. The factory installed heat sync paste was silicone based garbage so I used silver based paste. It's running a lot better, but I'm still having some mild issues. Being (mildly) computer savvy, I ran TDSSKiller and Combofix to see what might be going on.
I can't even begin to wade through the mess though. Can somebody help me?

A:Interpretation of Combofix log would be appreciated

Accidental bump due to cats... Sorry.

Read other 4 answers
RELEVANCY SCORE 63.6

hi!

here we go, from the begining:
till yesterday everything was fine, and then 'suddenly' evendo net was connected pages wouldn't load. cheked settings, found nothing suspicious (atleast to me), run registry booster and spy eraser, they found few minor errors, fixed them automaticly but pages still wont load (no, browser wasn't in offline mode, and yes, pc is connected to router - dsl, ethernet cable, connected, reseted it just to be safe, works fine).
tryed ccleaner, it also found few errors, in registry, and repaired them. still pages wont load.
tryed winsock reset, ipconfig/registerdns and /flushdns. still nothing .

then my brother admited that he has pluged friend's usb, and that afterwards problems began.
searched tech support forum for help (since i already run spy eraser and ccleaner and obviusly they didn't help, and since it started with unknown usb i supposed it has to be some kind of malware)) and found few suggestions to try run combofix so i did. so, after running combofix, it seems that whatever caused problem is fixed (as i can understand from logs, it was some kind of malware? sorry if i'm wrong), cause pages are loading (not rly fast, but hey at least now it works) but i don't have enough knowledge to interpret combofix logs - what does it mean, are there other problems that combofix couldn't fix automaticly, do i have to do something else?

so, if anyone can help, pls

oh, jeah, i'm using MS Windows XP ... Read more

Read other answers
RELEVANCY SCORE 61.2

The Intel Driver & Support Assistant said that it had an update: Intel® Graphics Driver for Windows* [15.40]. When I did a scan with the Lenovo Companion app, it said there were no updates available. Why the difference of opinion betwee the two apps?

Read other answers
RELEVANCY SCORE 56.4

ComboFix 08-06-20.4 - -CJ- 06/24/2008 3:09:46.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1440 [GMT 8:00]Running from: C:\Documents and Settings\-CJ-\Desktop\ComboFix.exe * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\BMef4d959f.xmlC:\WINDOWS\exre.exeC:\WINDOWS\pskt.iniC:\WINDOWS\recover.regC:\WINDOWS\system32\geBstssP.dllC:\WINDOWS\system32\jlnpsBeg.iniC:\WINDOWS\system32\jlnpsBeg.ini2C:\WINDOWS\system32\PsstsBeg.ini.((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-23 19:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP2008-06-23 18:48 --------- d-----w C:\Program Files\Spyware Doctor2008-06-23 18:46 --------- d-----w C:\Documents and Settings\-CJ-\Application Data\PC Tools2008-06-23 18:33 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware2008-06-23 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data... Read more

A:Combofix Log Result

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic Here explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed. The BC Staff

Read other 1 answers
RELEVANCY SCORE 55.6

ComboFix 15-10-21.01 - hp 10/21/2015   7:57.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.1789.719 [GMT 1:00]
Running from: c:\users\hp\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hp\Documents\~WRL0005.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-21 to 2015-10-21  )))))))))))))))))))))))))))))))
.
.
2015-10-21 07:04 . 2015-10-21 07:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-21 06:47 . 2015-10-21 06:47 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5BC3FA5-E4D7-4987-9B9D-3170EE9CB604}\offreg.5856.dll
2015-10-21 06:44 . 2015-10-21 07:04 -------- d-----w- C:\32788R22FWJFW
2015-10-21 04:13 . 2015-10-13 09:30 8985080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5BC3FA5-E4D7-4987-9B9D-3170EE9CB604}\mpengine.dll
2015-10-21 03:42 . 2015-08-11 07:38 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-10-16 21:58 . 2015-10-16 21:58 -------- d-----w- c:\users\hp\Tracing
2015-10-16 21:57 . 2015-10-16 21:57 -------- d-----w- c:\users\hp\A... Read more

A:the result after running combofix (what should i do next)

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Lately my pc has been behaving strangely. I experience dns error while browsing and my sound output om media player scratches while audio output on my smplayer works fine. i have attached the log generated after running combofix.
hope to hear from you soon

A:Log Result ofter running combofix

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/448670 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 16 answers
RELEVANCY SCORE 54.8

Hi,

Can anyone tell me if this file is harmful, it was picked up while scanning with AVG software, status read at the top of the it said it had been changed, this is the file:

C:WINDOWS\SYSTEM32\ntoskrnl.exe

Is this whats called a kernal, this is not in my virus vault but keeps coming up on the scan each time.

Thanks
 

A:AVG scan result

See post #4 in this thread: http://forums.techguy.org/security/554221-solved-avg-finds-ntoskrnl-exe.html
 

Read other 2 answers
RELEVANCY SCORE 54.8

When I run a virus scan using AVG I get the message C:\windows\system32\drivers\etc\hosts change result: changed. I have attached Kappersky and DSS scan results. Do I have something to worry about? besides AVG I have SpyBot which I update and run every couple of days. Thanks in advance for your help.

A:Avg Scan Result

Hello StalagmiteWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, download and install Hijackthis by Trendmicro and post a log, copy and paste it into the thread by using the Add Reply button, please do not attach it. I am looking at a possible trojan on your system.Download Trendmicros Hijackthis to your desktop.Double click it to installFollow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exeOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Read other 2 answers
RELEVANCY SCORE 54.8

Hey guys,
I posted this originally on May 2nd and have never gotten a response. If I don't have anything to be concerned about, please, just let me know. I have always gotten very good assistance with my troubles and questions before. Maybe I just posted my question in the wrong place.

Question about scan
I am not really having a problem but I am curious about the results of a scan by AVG Free. When my scan is complete, I get the results shown in Attach. #1. I click on "remove all unhealed infections and I get the results shown in Attach. #2. Also enclosed is the results from my HiJackThis scan. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:31 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\A... Read more

Read other answers
RELEVANCY SCORE 54.4

Hello.
Some time ago I was able to drop a txt file into the combofix file so that it would delete other files. I have since lost my notes on how to do that.

Was something like

delete:

<filenameloc/filename>
<filenameloc/filename>
<filenameloc/filename>
in a text doc.

Could someone help me remember?

A:Remove other files by using Combofix result drop in.

Please note the message text in blue at the top of the Am I infected? What do I do? forum.ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Honoring the creators wishes, ComboFix usage cannot be discussed outside the HJT forum in conjunction with trained staff.This topic is now closed.

Read other 1 answers
RELEVANCY SCORE 54.4

Hello,

I'm experiencing an infection that is causing my google search results to redirect to a random site. I have Microsoft Security Essentials and have done a full MalawareBytes scan and it says I'm clean.

However, when I run ComboFix, it tells me there is a possible rootkit detected. Even after running ComboFix, I'm still experiencing the browser redirection problem.

Here is my ComboFix log, can someone help me with this?

ComboFix 10-01-19.03 - nskitch 01/19/2010 15:18:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1474 [GMT -8:00]
Running from: C:\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\nskitch\Application Data\Desktopicon
c:\documents and settings\nskitch\Application Data\Desktopicon\config.ini
C:\install.exe
C:\s
C:\Thumbs.db
c:\windows\EventSystem.log
c:\windows\system32\Cache
c:\windows\unins000.dat
c:\windows\unins000.exe

----- BITS: Possible infected sites -----
... Read more

Read other answers
RELEVANCY SCORE 54.4

Hiya All

Happy Easter.

I ran Malwarebytes yesterday as PC not right.Results of 15 objects found.Can someone please explain them or advise further?

Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3

11/04/2009 20:23:50
mbam-log-2009-04-11 (20-23-50).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 130528
Time elapsed: 1 hour(s), 17 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTW... Read more

A:Malwarebytes scan result

Hello

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Read other 1 answers
RELEVANCY SCORE 54.4

Anyone know what this result means?

My windows processes are running really slow and was wondering if this is causing the problem.
 

A:AVG Virus Scan Result Help

Hi and welcome to TSG.
It should only concern you if it says it was infected.
Quote from Avg help forum.
"It is normal that AVG shows that files, the MBR or Boot record to have changed.
These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive.
The only time that you should worry is if they also show as infected."

Check link below for suggestions on Pc Maintenance.
http://computercleanup.blogspot.com/
List includes..
Scan For Viruses.
Scan for Spyware.
Microsoft updates.
-----------------------------------
Disk Cleanup.
Check Hard Drive for Errors.
Defragment Your Hard Drive.
-------------------------------------
Registry Cleanup is in their list but
Cleaning the registry may cause you more problem than you started with..
so it would be best to skip that one.
 

Read other 2 answers
RELEVANCY SCORE 54.4

Windows RegData Malware HKEY_Classes_Root:refi Possi This is what I get as malware. What is it. Adaware won't remove it and Spybot doesn't recognize it as a problem. Please help.
 

A:Adaware scan result

bump
 

Read other 1 answers
RELEVANCY SCORE 54.4

I have Windows XP and an AdAware scan hit on this as malware[Windows Reg Data Malware HKEY -Classes-Root:regfi Possi]. Can anyone tell me what this is? AdAware can seem to do anything with it and SpyBot doesn't recognize it . Please help.
 

A:AdAware scan Result

This could possibly be a sign of a possible browser hijack attempt. If ad-aware has found it, remove it. Download, update and run spybot, post your log and I'm sure someone will be along to help you with any problem soon. Nothing to worry about though, I have had lots of possible hijack attempts.
Wizzkid
 

Read other 3 answers
RELEVANCY SCORE 54.4

Hi guys,

I just finished running a scan with spybot search & destroy and it came back with the following result (attached a pic). The problem is that I have heard the name before coolwwwsearch which is what was picked up and I thought it must be bad but just to be sure I checked the particular files in my registry. The files all belong to a program I just recently installed called Zero popup pro which as you can guess from the name is a popup blocker. I'm not sure what to do now and was hoping someone can advise whether to ignore what spybot has found or could that popup blocker program be some type of spyware?
 

A:Spybot scan result

Read other 9 answers
RELEVANCY SCORE 54.4

Hello everyone, I have no clue how to distinguish virus from essential files???

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:54 AM, on 22/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\NEGIN\Desktop\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft&... Read more

A:Need help with "hijack this" scan result PLEASE!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

Thought I may have got an infection (sonar.heuristic.130).  So I ran numerous scans.  
Norton Internet Security A/V, Norton Power Eraser, MS Safety Scanner, ESET Online Scanner, Super-Antispyware, Malwarebytes, ADW, TDS Killer, and R Kill.
All my scans ok, less the ADW find.  Wasn't sure to delete the registry key, so I didn't.  I took a screen shot of LAN settings but couldn't figure how to attach, if I was supposed to.
 
The result of ADW scan:
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 01:37:05
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Fred - ATHEIST
# Running from : C:\Users\Fred\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
 
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
*************************
AdwCleaner[R0].txt - [679 bytes] - [16/02/2015 01:37:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [737 bytes] ##########
 
Screen I tried to attach
Internet Options/Connections/LAN Settings
   Automatic configuration heading........only Automatically detect settings is checked
   Proxy server heading..........................box is un... Read more

Read other answers
RELEVANCY SCORE 54.4

I found following items with earthlink protection virus scanner.
Winmovieplugin homepage hijacker, dialer
Coolwebsearch bho, adware
Pornmagpass adware, homepage hijacker, Trojan M
Elitemediapopup adware, driveby download
Transponder.bloger adware bho
Searchsquire adware, searchpage hijacker
spywareQuake thiefware
SafetyBar adware,Bho

I deleted the items but I cannot update avg spyscanner, but can still scan with it. Should I take any other steps to ensure that my system has really gotten rid of these things. Thanks in advance.

A:I got following in one virus scan result

G'Day hes4l,


Quote:




Should I take any other steps to ensure that my system has really gotten rid of these things.




Yes indeed there are!

Go to the link "The 5 Steps", in my signature; read the instructions carefully; then, post a HJT Log in the HJT Forum, where one of the trained analysts will help you 'clean' your machine.

Now once you have posted your HJT log, there are two things you need to do....

Firstly, subscribed to your posting, so that you can receive instant email notification about any replies.

The other thing is; please be patient with receiving your first reply, as the HJT analysts are usually very busy.
So, I recommend if after say, 48 hours, you have not received any response to your request, go back into your thread, and type in "bump"; this will bring your post back to the front page, and to the attention of an available analyst.

Good luck with it!

If you have any other queries/concerns, feel free to post back.

Read other 1 answers
RELEVANCY SCORE 54.4

I have been having some problems as of late with my internet connection... various sites not being found, timeouts, cannot find server etc....

I call me EARTHLINK TECH support... and they suggested I make some cahnges in my dial-up networking, etc... and suggested I do a HIJACK-THIS scan.

I did the scan... and here are the results. I was wondering if anyone would look at the results and maybe make some reccomendations.....

Thank you.

DAVID
Logfile of HijackThis v1.97.7
Scan saved at 2:14:06 AM, on 1/18/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MS HARDWARE\POINT32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DAVIDS' INTERNET BROWSER
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Can someone help me with this HIJACK THIS scan result.

Read other 7 answers
RELEVANCY SCORE 54.4

Any Malaware experts out there to take a look at these results and let me know what to do next ????

Refers to my earlier thread this morning about desktop startup errors.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:35, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\... Read more

A:DLL Error HJT Scan result

This is a duplicate post.
Original thread and HJT log are here
AND has been moved to the MalWare forum,
 

Read other 1 answers
RELEVANCY SCORE 53.6

Hi there!

I just recently got my system put back together and I have been slowly running a few online scans to make sure everything was clean while I was downloading security updates over this last weekend.

I ran one recommended to me called BitDefender last night, and it came up absolutely clean. I also ran another earlier called ewido, which also came up clean, other than a few tracking cookies which were no problem getting rid of.

I just ran Panda's free online scan and it brought up something...

C:/Windows/system32/Tools/Restart.exe It says that files is "Potentionally Unwanted Tool"

I did a search on these forums and found somebody else had this file come up in a Panda scan, so I followed one of the instructions listed, and uploaded it to a site to run several scans. Here are those results:
------------------
http://virusscan.jotti.org/
File: Restart.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 eb1b125ee5d2022cbf5e2f7226f47638
Packers detected: -
Scanner results
AntiVir Found SecurityPrivacyRisk/Destart.A riskware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found... Read more

A:Panda Scan Result.. Restart.exe

Read other 9 answers
RELEVANCY SCORE 53.6

Is this Ok now?

Logfile of HijackThis v1.99.1
Scan saved at 6:56:47 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Pro... Read more

A:Hijack log and Ewido scan result

Hi and welcome.

You need to reply back to this thread instead of creating a new one. I'd merge, but the site appears to be having problems right now.

http://forums.techguy.org/security/430387-hijackthis-log-help.html
 

Read other 1 answers
RELEVANCY SCORE 53.6

can someone review a highjack this txt and provide info on system???
there are a number of 023 dll's & exe listed unknown owners..

I trying to establish if the laptop cureenetly has / or has been infected with any spyware enabling backdoor hack / keyloggers.

A:Please review highjack this scan result

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be foun... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

I recently loaded my os vis recovery disc I downloaded Avast free version. All seems ok until I looked at the scan log for this scan and it has 15 files that could not be scanned explaining it witht he message after each one Error: Archive is password Protect... Nothing should be password protected on the machine yet asd I haven set any.
The path indicated is the same except for the ending;
C: User\user2\...|>download.js
downloader.dll
downloaderror.js
downloadfailure.js
downloadmanager.js
downloadslate.js
manifest.json
launcher.dll
launcher.js
manifest.json
process.js
serialize.js
textfilereader.js
textfilewriter.js

IS the usual procedure of hijackthis, necessary here or can someone explain this?

Thanks
 

A:Solved: Avast scan result is odd

Read other 8 answers
RELEVANCY SCORE 53.6

I have an HP Precision Scan LTX and it was working just fine the last time I used it. Today it will not work properly and no matter what I scan I just get an all black page with no picture or text.

Any suggestions? Thanks.
 

A:Scanner will not scan - result is all blacked out

Is the scanner lamp operating?
 

Read other 2 answers
RELEVANCY SCORE 53.6

Here's the result after I scanned the computer. I hope this would help to solve my problem. I also want to thank you all for helping me.

DDS (Version 1.0) - NTFSx86
Run by Aaron Tran at 22:08:32.39 on Mon 11/24/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1501 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\... Read more

A:Rootkit, Gmer and DDS scan result

I Have A Message Saying" Error In:c\windows\system32\caewqgeycilvoe.dll
Missing Entry:dllstart:".
I Currently Run On Xp Home Edition. After I logged in, everything on the desktop disappeared. The only left to see is the screen saver. Results shown above after the Gmer and DDS scan. Please advise of what to do and how to fix this. Thank you!

Read other 3 answers
RELEVANCY SCORE 53.6

Installed Emsi AM & did a quick scan.
It found few threats & to me it all seems FPs.
Like it mention disabletaskmanager but taskmanager opens fine. Disablecmd but cmd opens fine too. Disable registry tools but regedit opens fine too.
What I could make out of the detection have mentioned.
Attached is the screenshot

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.Di... Read more

A:Emsisoft Antimalware Scan Result

Search Emsi support forum. Fabian Wosar discusses this in some threads. If I recall correctly he stated that there are cases where legitimate\safe security or other softs will create the above keys.

Since you have been installing various security softs maybe they are just left over - and are very unlikely an indication of any kind of serious infection...
 

Read other 11 answers
RELEVANCY SCORE 53.6

Every time I run a Malwarebytes scan I get the same result, as per the attached screenshot.

Can anyone advise me (1) if there is a problem, and (2) how to get rid of the offending result permanently?
(I have blanked the XXXXXX part of the result - it is just my PC user name)

A:MalwareBytes: Same result every time I run the scan

See this::
Remove PUP.Optional.DownloadSponsor.A (Removal Guide)

Read other 4 answers
RELEVANCY SCORE 53.6

My computer is really messed up right now - it's running slow and freezing and I ran this scan but I don't know what any of it means -
Thank you!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:17 PM, on 9/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\... Read more

A:Can someone analyze this hijackthis scan result for me?

According to your HiJackThis log, your computer is infected.

I'm not authorized to assist you in this section without the approval of a Moderator or gold shield member, so you need to wait until one replies.

You also need to read here.

-------------------------------------------------------
 

Read other 2 answers
RELEVANCY SCORE 53.6

I just ran a full system scan with Avast 5.0. I got the result "Threat Detected". Avast found the following:

NPSExec.exe.

The file was moved to the Avast Virus Chest (quarantine) with the following information:

Threat: Win32: Malware-Gen Location: C:\Windows

I ran a general web search and also searched several Virus Libraries with no results found. Since it's in quarantine I can restore it if needed. Has anyone heard of this file or infection?

Thanks for your help and input.
 

Read other answers
RELEVANCY SCORE 53.6

I have just run a Malwarebytes (free version) scan, and get one potential problem as per the image below.

It refers to a tool I downloaded & used to display the Windows key for my Win 8.1 installation

Is this tool a potential security threat?

A:Malwarebytes scan & result ... what action to take?

If it is this one:
ProduKey - Recover lost product key (CD-Key) of Windows/MS-Office/SQL Server

don't worry. Nirsoft produces some of the best small Windows utilities around. The developer has an excellent reputation. I have used many of them for years without issues.

Read other 3 answers
RELEVANCY SCORE 53.6

Hi everybody, I performed a hardware scan and go this result code: WHD400000-UN7YZE What does it mean and what should I do? Thank you

Read other answers
RELEVANCY SCORE 53.2

I the log seems to only provide the following code (no explanation I can find) for a warning associated with the Quadro M1000M videl memory test. How/where do I determine the significance/explanation of the result code to determine if the problem is sufficient to contact warranty support? Quadro M1000MResult Code: WVC007000-UM7V1E  Mark   


























Log.PNG ?69 KB

Read other answers
RELEVANCY SCORE 52.4

trend micro was the only product to score 100% in scan section conducted by avtest with win 7
http://www.av-test.org/en/news/news...ty-packages-at-the-end-of-mainstream-support/
 

A:Trend Micro scan result Scores 100% in AVTest

Myself alongside others take that result with a grain of salt so to say
 

Read other 1 answers
RELEVANCY SCORE 52.4

During a hardware scan, the USB test Failed. I got a result code: WMB01A008-WL7A8I.Why did my computer fail the USB test? and how can I fix this probem??

Read other answers
RELEVANCY SCORE 52.4

Hi again,,,just getting ready to install vista,, hopefully tomorrow,,,read loads just need a little advice on the last things before i go for it,,, Ran a vista scan to check software as i guessed i should be ok on the hardware and i am,,,,ran the scan from here,,,, http://www.microsoft.com/windowsvist...r/default.mspx ,,,, and heres the result of it as i need some advice on what some of these things are and where's the best place to get them from please
1,,,System Devices,,,,,,, AMD Special Tools Driver,,,,,,,,, Advanced Micro Devices,,,,,
2,,, System Devices,,,,,,,Silicon Image's Pseudo Processor Device,,,,, Silicon Image,,,
3,,,Network Adapters,,,,,, NVIDIA nForce Networking Controller,,,,,, Nvidia,,,,
4,,,Universal Serial Bus Controllers,,Maxtor OneTouch II ,,,,,,,,Maxtor,,,,
5,, Other Devices,,,,,,,,, Patin Couffin engine,,,,,,,,, VSO Software,,,,,
6,SCSI and RAID Controllers,, Silicon Image SiI 3114 SoftRaid 5 Controller,, Silicon Image
They come under 3 sections ,,,,,Category,,,,Model,,,,,,and,,Manufacturer,,,
I know it sounds really lazy not going to look for them and read about them but i have started and i am not quite sure about everything and a lot of you here know a lot more than me and would like to go for installing tomorrow but i would be greatful if you all could give a little bit of information please
 

A:Solved: vista scan result and information needed please

Read other 9 answers
RELEVANCY SCORE 52.4

I scanned my laptop with gmer, and I was suprised because it showed lots of malware / rootkit. Are these result reliable ?
 
 

A:Shocking "Rootkit" result from results from GMER scan

Hello,
Actually that log looks clean. What do you think is an indication of malware in this log? It just looks like you have Comodo or something similar installed which explains what you see in the log.

Read other 5 answers
RELEVANCY SCORE 52.4

i need help.my pc keeps crashing and im trying to figure out why.im running windows 10 updated from windows 8 latelyi im currently defragging my harddisc and updating driversthe problem is that after half an hour or two my pc freezes and the only way to restart is to hold down the power button or pull out  the battery. afteer restart i have another half an hour or something.  

A:Lenovo z50 result code from error scan of storage ...

I'm having the exact same issue but my Code is: WHD01V011-DL7C8J What does this mean?  Does it mean my HDD is knackered?  I run a Lenovo Diagnostics Test and it passed all barring a few - Smart Drive etc failed. I'm concerned my laptops faulty and wondering if it's quick, easy and CHEAP to repair. ThanksAsh.

Read other 1 answers
RELEVANCY SCORE 52.4

Please help me with the  below result code of Hardware Scan Result Code: WHD01V002-UL7AGH 300-15ISK LAPTOP (IDEAPAD)

Read other answers