Over 1 million tech questions and answers.

Emsisoft Antimalware Scan Result

Q: Emsisoft Antimalware Scan Result

Installed Emsi AM & did a quick scan.
It found few threats & to me it all seems FPs.
Like it mention disabletaskmanager but taskmanager opens fine. Disablecmd but cmd opens fine too. Disable registry tools but regedit opens fine too.
What I could make out of the detection have mentioned.
Attached is the screenshot

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Key: HKEY_USERS\S-1-5-21-191019590-2606562261-3006609305-1000\SOFTWARE\YAHOOPARTNERTOOLBAR detected: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 detected: Application.Win32.InstallExt (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A)

Scanned 59807

RELEVANCY SCORE 200
Preferred Solution: Emsisoft Antimalware Scan Result

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Emsisoft Antimalware Scan Result

Search Emsi support forum. Fabian Wosar discusses this in some threads. If I recall correctly he stated that there are cases where legitimate\safe security or other softs will create the above keys.

Since you have been installing various security softs maybe they are just left over - and are very unlikely an indication of any kind of serious infection...

Read other 11 answers
RELEVANCY SCORE 74.4

Emsisoft antimalware is a very powerful antivirus product.But it is paid and it is also a stand alone antimalware solution.Because emsisoft don't recommend to use it with any other antivirus program.They also have Emsisoft emergency kit which can be used for on demand scanning.I have avast free and MBAM free and I want to have another strong on-demand scanner.So do EEK and EAM has same detection ratio and are they equivalent when it comes to scanning,detection and cleaning?I am not interested in any other real time security software rather than avast on my pc.thank you.

A:Does emsisoft emergency kit and emsisoft antimalware has same detection ratio?

They are both based on the same code base and on-demand detection and removal are therefore identical.

Read other 5 answers
RELEVANCY SCORE 64.4

Hi guys. I'm thinking to change to Emsisoft from ESET, because it's lighter in my system, not slowdown browsing and i have no problems with scheduled updates. My question if it's a enough protection, without firewall, and if there is some recommended settings for this antimalware. Thanks
 

A:Is Emsisoft Antimalware enough?

Yes, Emsisoft is great anti-malware product with good detection(just look to malware hub). In this days is windows firewall very good and powerful. If you are still paranoid you can install some on-demand scanner like a Zemana, HitmanPro.
 

Read other 9 answers
RELEVANCY SCORE 63.6

This is the first time I have installed any Emsisoft software. And I must say impressed. Clean software with no bloats & toolbars. Just 2 processes, light & excellent protection.

I have got 2 licences from the promo mentioned here & planning to install EAM on 2 average users laptop here.

Some queries & suggestions needed---

1. Is EAM suitable for average users?
2. Active Surf Protection - Privacy Risks - is set to "Dont Block", should I change this & to what?
3. Privacy - Privacy & Anti-Malware Network - Nothing should be disabled here as its the Cloud protection of EAM, right?
4. File Guard - PUP Detections - is set to "Alert", should I change this to "Quarantine with notification"?
5. Does EAM scans HTTPS?

Any other suggestions?
 

A:Emsisoft Antimalware Suggestions

1- Yes.
2- Change it to block without notification, anything else will bedge you with popups.
3- You can disable what you dont want to be submitted there
4- Yes.
5- Im not sure on that one, sorry.
 

Read other 56 answers
RELEVANCY SCORE 63.6

Hi guys,
 
well I recently discovered Emsisoft AntiMalware and apparently it is a favorite here at Bleeping Computers. Anyay what I would like to know is if this should be called an antivirus program that includes antimalware technology and so it would be safe to instead of an already existing antivirus.
 
Or is it actually more of an antimalware program that's actually recommended to supplement already exsisting antivirus software.
 
I also know that a lot antivirus programs are now actually all in one security suites (especially the premium versions) and sometimes people confuse the terminology. And this I am guessing that the right thing to call Emsisoft Antimalware is actually a security suiete just like ESET Smart security that includes both antivirus and antimalware funcionality.
 
If you could enlightin me a bit more about this program and what it can be used with I'd be very grateful. Thanks.

A:Emsisoft AntiMalware Question

There are people here with much more technical knowledge of the product. I do use the product. I also use it in conjunction with ESET Smart Security. But I am also aware that EAM can be used as a standalone tool as well. EAM is unique in that it defies the never use two AV's rule. We have people who use it alone as they primary defense and we have people who use it supplemented with another AV.It's up to you which way you choose to use it.That's what I know about Emsisoft Anti-Malware (EAM).

Read other 3 answers
RELEVANCY SCORE 63.6

Based on the suggestion on THIS website, I downloaded this product and installed it. Once I did, most of my other software would not run, including such things as Fitbit, monitor calibration, RKill, and IE. I am running and up-to-date Windows 10. To top it off, Windows would/could not uninstall this program!!! I used Task Manager to end all tasks and stop all services related to this software, still no luck. I had to reboot into safe mode and make sure that none of it's components were running before I could get rid of this.
 
So, on a website supposedly dedicated to the end of viruses and malware, to find that one of their recommended products is the very definition of malware is more than a little distressing. I wonder what else, if anything, I can trust from this site.

A:EmsiSoft AntiMalware - is it malware??

Emsisoft is a legitimate Antivirus company and their programs are also legitimate (not malware at all). Many of their employees are also on BleepingComputer providing assistance:Elise, a Malware Analyst is one of the Study Hall's Admin: http://www.bleepingcomputer.com/forums/u/160991/elise/Fabian Wosar, Emsisoft's CTO, is a Security Developer: http://www.bleepingcomputer.com/forums/u/769280/fabian-wosar/GT500, Customer Support, is a Security Colleague: http://www.bleepingcomputer.com/forums/u/377072/gt500/And so on.What security software (Antivirus, Antimalware, Firewall, etc.) do you have installed on your system? There might have been a conflict between Emsisoft and these programs.

Read other 14 answers
RELEVANCY SCORE 63.6

Based on the suggestion on THIS website, I downloaded this product and installed it. Once I did, most of my other software would not run, including such things as Fitbit, monitor calibration, RKill, and IE. I am running and up-to-date Windows 10. To top it off, Windows would/could not uninstall this program!!! I used Task Manager to end all tasks and stop all services related to this software, still no luck. I had to reboot into safe mode and make sure that none of it's components were running before I could get rid of this.
 
So, on a website supposedly dedicated to the end of viruses and malware, to find that one of their recommended products is the very definition of malware is more than a little distressing. I wonder what else, if anything, I can trust from this site.

A:EmsiSoft AntiMalware - is it malware??

Emsisoft is a legitimate Antivirus company and their programs are also legitimate (not malware at all). Many of their employees are also on BleepingComputer providing assistance:Elise, a Malware Analyst is one of the Study Hall's Admin: http://www.bleepingcomputer.com/forums/u/160991/elise/Fabian Wosar, Emsisoft's CTO, is a Security Developer: http://www.bleepingcomputer.com/forums/u/769280/fabian-wosar/GT500, Customer Support, is a Security Colleague: http://www.bleepingcomputer.com/forums/u/377072/gt500/And so on.What security software (Antivirus, Antimalware, Firewall, etc.) do you have installed on your system? There might have been a conflict between Emsisoft and these programs.

Read other 3 answers
RELEVANCY SCORE 63.2

Hi All,

Today Emsisoft has detected Free Download Manager as trojan.


I have downloaded FDM from the official website and also scanned with Zemana. Not sure whether it's a false positive or FDM wa actually trying to do something fishy.

Has anyone else faced the same issue? Should I whitelist FDM?
 

A:Emsisoft Antimalware detected FDM as threat

I have FDM and emsisoft and no detection. Fdm has been updated recently and still no reaction from the anti-virus...
 

Read other 3 answers
RELEVANCY SCORE 63.2

Hello I have a dilemma:I have 613 days left on my Malwarebytes Anti Malware Premium on the other hand i have got Emisoft Antimalware with 300 days left(i purchased it to another pc witch i do not have anymore).
What shall i do i have Malwarebytes installed for the moment,but i have heard so much good said about emisoft on this forum,any opinions?
 

A:Should I keep Emsisoft, if I have Malwarebytes AntiMalware Premium?

you can turn off MBAM realtime and use it for 2-nd Scanner
MBAM web protection is better than Emsisoft web protection but Emsisoft has better protection than MBAM
 

Read other 6 answers
RELEVANCY SCORE 63.2

Hi i want to know what you think about use emsisoft alongside a antiexe like voodoo, appguard or nvt?
A antiexe will reforce emsi or cause any conflict?
a antiexe are redundant?
 

A:Do you think antiexe is need to run alongside emsisoft antimalware?

Pairing it with an anti-exe will be far more effective than relying on Emsisoft alone.
Emsisoft's signatures will catch any malware it knows and the anti-exe will block execution of anything it doesn't know. If malware ends up bypassing the the anti-exe somehow then Emsisoft's behaviour blocker will act as the last line of defence.
 

Read other 2 answers
RELEVANCY SCORE 63.2

I know HMPA and EAM work perfectly together for I'm using them in another system. Now, I want to combine them with ESET IS 10

Let's start with HMPA first

Prior to installing HMPA I disable the webcam protection in ESET since it's a duplicate in HMPA. I then install HMPA.

Upon starting my chrome browser HMPA prompt an interception message which prevented my chrome browser from starting. This is an exploit protection compatibility issue. I had this with Dr Web Katana before and the advise is to disable HMPA's exploit protection for my chrome browser. It worked since Katana do NOT have a check box to disable its exploit protection.

It also work for ESET that I can start my chrome browser. However, I cannot key anything in the address bar.

Here's a description of what ESET exploit blocker does

Exploit Blocker is designed to fortify often exploited application types on users? systems, such as web browsers, PDF readers, email client or MS office components. It adds another layer of protection by using a completely different technology, compared to techniques focusing on detection of malicious files themselves...

Instead, it monitors behavior of processes and watches for suspicious activities that are typical for exploits. When triggered, the suspicious behavior is analyzed and the threat might be blocked immediately on the machine. Certain suspicious activities are processed further in our cloud systems, which gives Exploit Blocker the potential ... Read more

Read other answers
RELEVANCY SCORE 61.6

Which is the best one on Windows 10? I noticed that the impact on the system of 360TSE with Bitdefender engine is pretty high.
What about Emsisoft?
Thanks in advance!
 

A:360 Total Security Essential vs. Emsisoft Antimalware 10 (For Windows 10)

hi, I think that the system impact is almost the same.
Emsisoft is heavy in many systems but 360 TSE can be heavy too.
if I could choose I choose Emsisoft. their behavior detector is very good, compared to the 360.
Emsisoft seems to be more consistent than the Qihoo.
Qihoo 360 has Glasswire as firewall and sandbox plus protection for documents against ransomware or other malware.
I think it's much the same...
in the end I would get Qihoo 360 because it is totally free
 

Read other 26 answers
RELEVANCY SCORE 61.6

Hi,
The main aspect is the high level of protection and user friendliness

Thanks
 

A:ESET NOD32 vs Emsisoft AntiMalware 10 vs BitDefende Antivirus Plus

Bitdefender is very buggy and slow down my internet speed. I dislike it.
And I prefer Emsisoft to ESET..
So I would go with Emsisoft.
 

Read other 19 answers
RELEVANCY SCORE 61.2

The Intel Driver & Support Assistant said that it had an update: Intel® Graphics Driver for Windows* [15.40]. When I did a scan with the Lenovo Companion app, it said there were no updates available. Why the difference of opinion betwee the two apps?

Read other answers
RELEVANCY SCORE 56.4

here's something that showed up from emsisoft scan not sure what to do with results leave alone or delete them.
 
Emsisoft Internet Security - Version 10.0.0.5641
Last update: 9/9/2015 12:34:29 AM
Initiated by:
Scan settings:
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start:    9/9/2015 1:25:53 AM
Value: HKEY_USERS\S-1-5-21-2192339956-2877831773-121380301-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR      Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-2192339956-2877831773-121380301-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS      Setting.DisableRegistryTools (A)
Scanned    79851
Found    2
Scan end:    9/9/2015 1:28:36 AM
Scan time:    0:02:43
 

A:emsisoft scan results

Hi there,The two detections by EEK are policies that, if set to 1 will disable your ability to access Task Manager and Registry Editor. These are not created by Windows and can be exploited by malware, so EEK detects them as threats.You can choose to delete, quarantine them or leave them alone. It won't hurt either way.

Read other 1 answers
RELEVANCY SCORE 55.2

I have not found any post on this topic in MT, so I assume it has not been well known, though I should admit that it is quite trivial.

Please note that the method discussed here may not be practical for users who install EEK on USB.

An interesting utility provided by EEK is "a2cmd.exe". Suppose that EEK is installed on




D:\Program Files (x86)\EEK\Click to expand...

Then you can find "a2cmd.exe" in




D:\Program Files (x86)\EEK\bin\Click to expand...

A2cmd.exe allows us to perform the functions of EEK with command line and parameters.
For example, if you run

Code:
a2cmd.exe /u
Then the signature database of EEK will be updated. Please note that the command above should be carried out either under the path of :\Program Files (x86)\EEK\bin\ or using the full path of a2cmd.exe.
Here "/u" is the parameter of this command line. You can find more parameters and their usage by running:




Start Commandline Scanner.exeClick to expand...

which is also in the folder of EEK.

Now let's see how to schedule the update of EEK.
You can first create a batch script (for example, "a2Update.bat") at any place you want. (If you are using an anti-exe, of course you need to whitelist this script).

Then, edit this script with notepad.exe or any text editor you like. Insert the following command into it:

Code:
"D:\Program Files (x86)\EEK\bin\a2cmd.exe" /u
Please note that:

Please change the path &quo... Read more

A:Scheduled Update/Scan with EEK (Emsisoft Emergency Kit)

Thank you very much, this i did not know and will be very handy. Nice tutorial.
 

Read other 1 answers
RELEVANCY SCORE 55.2

Hi,
 
I did a scan with EEK today and for the 1st time it alerted me to some problems.  I did a search online to try to get information on the items it listed but didn't really find anything helpful.  Can someone take a look at my log and tell me what these things are?  Occasional scans with Malwarebytes never picked up a thing.  Thanks in advance.
 
Emsisoft Emergency Kit - Version 4.0
Last update: 2/27/2014 3:54:35 PM
User account: ****-PC\****
 
Scan settings:
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start:    2/27/2014 3:56:23 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3151099521-301102294-2406360421-1001\SO... Read more

A:Did a scan with Emsisoft Emergency Kit, found Issues

The command prompt and Task manager have been disabled by whom I don`t know.Do you use optimization software like Advance system care or similar? I am guessing at the moment.

Read other 11 answers
RELEVANCY SCORE 54.8

Hey guys,
I posted this originally on May 2nd and have never gotten a response. If I don't have anything to be concerned about, please, just let me know. I have always gotten very good assistance with my troubles and questions before. Maybe I just posted my question in the wrong place.

Question about scan
I am not really having a problem but I am curious about the results of a scan by AVG Free. When my scan is complete, I get the results shown in Attach. #1. I click on "remove all unhealed infections and I get the results shown in Attach. #2. Also enclosed is the results from my HiJackThis scan. Thanks for the help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:31 PM, on 5/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\A... Read more

Read other answers
RELEVANCY SCORE 54.8

When I run a virus scan using AVG I get the message C:\windows\system32\drivers\etc\hosts change result: changed. I have attached Kappersky and DSS scan results. Do I have something to worry about? besides AVG I have SpyBot which I update and run every couple of days. Thanks in advance for your help.

A:Avg Scan Result

Hello StalagmiteWelcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, download and install Hijackthis by Trendmicro and post a log, copy and paste it into the thread by using the Add Reply button, please do not attach it. I am looking at a possible trojan on your system.Download Trendmicros Hijackthis to your desktop.Double click it to installFollow the prompts and by default it will install in C:\Program Files\Trendmicro\Hijackthis\Highjackthis.exeOpen HJT Scan and Save a Log File, it will open in Notepad Go to Format and make sure Wordwrap is UncheckedGo to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Read other 2 answers
RELEVANCY SCORE 54.8

Hi,

Can anyone tell me if this file is harmful, it was picked up while scanning with AVG software, status read at the top of the it said it had been changed, this is the file:

C:WINDOWS\SYSTEM32\ntoskrnl.exe

Is this whats called a kernal, this is not in my virus vault but keeps coming up on the scan each time.

Thanks
 

A:AVG scan result

See post #4 in this thread: http://forums.techguy.org/security/554221-solved-avg-finds-ntoskrnl-exe.html
 

Read other 2 answers
RELEVANCY SCORE 54.4

Emsisoft Emergency Kit Scan Detects the Following: Application.InstallExt (A)
 
Is this a threat?

Read other answers
RELEVANCY SCORE 54.4

Thought I may have got an infection (sonar.heuristic.130).  So I ran numerous scans.  
Norton Internet Security A/V, Norton Power Eraser, MS Safety Scanner, ESET Online Scanner, Super-Antispyware, Malwarebytes, ADW, TDS Killer, and R Kill.
All my scans ok, less the ADW find.  Wasn't sure to delete the registry key, so I didn't.  I took a screen shot of LAN settings but couldn't figure how to attach, if I was supposed to.
 
The result of ADW scan:
# AdwCleaner v4.110 - Logfile created 16/02/2015 at 01:37:05
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Fred - ATHEIST
# Running from : C:\Users\Fred\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
 
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
*************************
AdwCleaner[R0].txt - [679 bytes] - [16/02/2015 01:37:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [737 bytes] ##########
 
Screen I tried to attach
Internet Options/Connections/LAN Settings
   Automatic configuration heading........only Automatically detect settings is checked
   Proxy server heading..........................box is un... Read more

Read other answers
RELEVANCY SCORE 54.4

I found following items with earthlink protection virus scanner.
Winmovieplugin homepage hijacker, dialer
Coolwebsearch bho, adware
Pornmagpass adware, homepage hijacker, Trojan M
Elitemediapopup adware, driveby download
Transponder.bloger adware bho
Searchsquire adware, searchpage hijacker
spywareQuake thiefware
SafetyBar adware,Bho

I deleted the items but I cannot update avg spyscanner, but can still scan with it. Should I take any other steps to ensure that my system has really gotten rid of these things. Thanks in advance.

A:I got following in one virus scan result

G'Day hes4l,


Quote:




Should I take any other steps to ensure that my system has really gotten rid of these things.




Yes indeed there are!

Go to the link "The 5 Steps", in my signature; read the instructions carefully; then, post a HJT Log in the HJT Forum, where one of the trained analysts will help you 'clean' your machine.

Now once you have posted your HJT log, there are two things you need to do....

Firstly, subscribed to your posting, so that you can receive instant email notification about any replies.

The other thing is; please be patient with receiving your first reply, as the HJT analysts are usually very busy.
So, I recommend if after say, 48 hours, you have not received any response to your request, go back into your thread, and type in "bump"; this will bring your post back to the front page, and to the attention of an available analyst.

Good luck with it!

If you have any other queries/concerns, feel free to post back.

Read other 1 answers
RELEVANCY SCORE 54.4

Anyone know what this result means?

My windows processes are running really slow and was wondering if this is causing the problem.
 

A:AVG Virus Scan Result Help

Hi and welcome to TSG.
It should only concern you if it says it was infected.
Quote from Avg help forum.
"It is normal that AVG shows that files, the MBR or Boot record to have changed.
These are done during normal maintainance, when you or windows updates files or have had to correct errors on the drive.
The only time that you should worry is if they also show as infected."

Check link below for suggestions on Pc Maintenance.
http://computercleanup.blogspot.com/
List includes..
Scan For Viruses.
Scan for Spyware.
Microsoft updates.
-----------------------------------
Disk Cleanup.
Check Hard Drive for Errors.
Defragment Your Hard Drive.
-------------------------------------
Registry Cleanup is in their list but
Cleaning the registry may cause you more problem than you started with..
so it would be best to skip that one.
 

Read other 2 answers
RELEVANCY SCORE 54.4

Any Malaware experts out there to take a look at these results and let me know what to do next ????

Refers to my earlier thread this morning about desktop startup errors.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:35, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TOSHIBA\TOSHIBA RAID\Service\kraidsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~4\NORTON~1\NPROTECT.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\... Read more

A:DLL Error HJT Scan result

This is a duplicate post.
Original thread and HJT log are here
AND has been moved to the MalWare forum,
 

Read other 1 answers
RELEVANCY SCORE 54.4

I have Windows XP and an AdAware scan hit on this as malware[Windows Reg Data Malware HKEY -Classes-Root:regfi Possi]. Can anyone tell me what this is? AdAware can seem to do anything with it and SpyBot doesn't recognize it . Please help.
 

A:AdAware scan Result

This could possibly be a sign of a possible browser hijack attempt. If ad-aware has found it, remove it. Download, update and run spybot, post your log and I'm sure someone will be along to help you with any problem soon. Nothing to worry about though, I have had lots of possible hijack attempts.
Wizzkid
 

Read other 3 answers
RELEVANCY SCORE 54.4

I have been having some problems as of late with my internet connection... various sites not being found, timeouts, cannot find server etc....

I call me EARTHLINK TECH support... and they suggested I make some cahnges in my dial-up networking, etc... and suggested I do a HIJACK-THIS scan.

I did the scan... and here are the results. I was wondering if anyone would look at the results and maybe make some reccomendations.....

Thank you.

DAVID
Logfile of HijackThis v1.97.7
Scan saved at 2:14:06 AM, on 1/18/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MS HARDWARE\POINT32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MINDBEAT\INVISIBLE! 2001\INVISIBLE.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\OPERA7\OPERA.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = DAVIDS' INTERNET BROWSER
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Can someone help me with this HIJACK THIS scan result.

Read other 7 answers
RELEVANCY SCORE 54.4

Hiya All

Happy Easter.

I ran Malwarebytes yesterday as PC not right.Results of 15 objects found.Can someone please explain them or advise further?

Malwarebytes' Anti-Malware 1.36
Database version: 1966
Windows 5.1.2600 Service Pack 3

11/04/2009 20:23:50
mbam-log-2009-04-11 (20-23-50).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 130528
Time elapsed: 1 hour(s), 17 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTW... Read more

A:Malwarebytes scan result

Hello

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

Read other 1 answers
RELEVANCY SCORE 54.4

Hi guys,

I just finished running a scan with spybot search & destroy and it came back with the following result (attached a pic). The problem is that I have heard the name before coolwwwsearch which is what was picked up and I thought it must be bad but just to be sure I checked the particular files in my registry. The files all belong to a program I just recently installed called Zero popup pro which as you can guess from the name is a popup blocker. I'm not sure what to do now and was hoping someone can advise whether to ignore what spybot has found or could that popup blocker program be some type of spyware?
 

A:Spybot scan result

Read other 9 answers
RELEVANCY SCORE 54.4

Hello everyone, I have no clue how to distinguish virus from essential files???

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:26:54 AM, on 22/11/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\NEGIN\Desktop\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742z&r=27361110x915l04g4z155v47j2134s
R1 - HKLM\Software\Microsoft&... Read more

A:Need help with "hijack this" scan result PLEASE!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

Windows RegData Malware HKEY_Classes_Root:refi Possi This is what I get as malware. What is it. Adaware won't remove it and Spybot doesn't recognize it as a problem. Please help.
 

A:Adaware scan result

bump
 

Read other 1 answers
RELEVANCY SCORE 54

I was having a problem after starting my computer and logging in I would encounter a black screen and the cursor with no programs loading. After going into safe mode and restarting I got it to work and download Emsisoft. I did a scan, quarantined the files and everything seemed to be good. After a couple hours, I got a popup that said there was an application error (I think NVIDIA related). A couple hours after that, I tried to open a new tab in Chrome and it wouldn't work so I tried to open Firefox and got the same application error. Then I tried to open a few other programs and they all got the same error. I restarted my computer, got the black screen and cursor again, rebooted in safe mode, rebooted again and that's where I am now. Please let me know how I can fix this. Here's my FRST file:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by AM (administrator) on ANDREW (06-11-2016 11:03:35)
Running from C:\Users\AM\Downloads
Loaded Profiles: AM (Available Profiles: AM)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NV... Read more

A:After deleting files from Emsisoft scan I get "cannot open application" popups

Greetings A10M and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems sim... Read more

Read other 7 answers
RELEVANCY SCORE 54

I was having a problem after starting my computer and logging in I would encounter a black screen and the cursor with no programs loading. After going into safe mode and restarting I got it to work and download Emsisoft. I did a scan, quarantined the files and everything seemed to be good. After a couple hours, I got a popup that said there was an application error (I think NVIDIA related). A couple hours after that, I tried to open a new tab in Chrome and it wouldn't work so I tried to open Firefox and got the same application error. Then I tried to open a few other programs and they all got the same error. I restarted my computer, got the black screen and cursor again, rebooted in safe mode, rebooted again and that's where I am now. Please let me know how I can fix this. Here's my FRST file:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by AM (administrator) on ANDREW (06-11-2016 11:03:35)
Running from C:\Users\AM\Downloads
Loaded Profiles: AM (Available Profiles: AM)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NV... Read more

Read other answers
RELEVANCY SCORE 54

hi, when I was walking by AVG inteface, I discovered something that I was not expecting.
The image below comes a reference to a new type of anti-malware module (AMSI), it seems to me...




my doubts are:
-what is this, its a new windows 10 antimalware protection ?
-windows defender relies on the same technology ?
-windows AMSI work along side AVG?

I would be grateful to know your opinion and clarifications, thanks in advance
 

A:AVG - Antimalware Scan Interface?

Present since Windows 8.0.
 

Read other 2 answers
RELEVANCY SCORE 53.6

Is this Ok now?

Logfile of HijackThis v1.99.1
Scan saved at 6:56:47 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Pro... Read more

A:Hijack log and Ewido scan result

Hi and welcome.

You need to reply back to this thread instead of creating a new one. I'd merge, but the site appears to be having problems right now.

http://forums.techguy.org/security/430387-hijackthis-log-help.html
 

Read other 1 answers
RELEVANCY SCORE 53.6

can someone review a highjack this txt and provide info on system???
there are a number of 023 dll's & exe listed unknown owners..

I trying to establish if the laptop cureenetly has / or has been infected with any spyware enabling backdoor hack / keyloggers.

A:Please review highjack this scan result

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be foun... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

I recently loaded my os vis recovery disc I downloaded Avast free version. All seems ok until I looked at the scan log for this scan and it has 15 files that could not be scanned explaining it witht he message after each one Error: Archive is password Protect... Nothing should be password protected on the machine yet asd I haven set any.
The path indicated is the same except for the ending;
C: User\user2\...|>download.js
downloader.dll
downloaderror.js
downloadfailure.js
downloadmanager.js
downloadslate.js
manifest.json
launcher.dll
launcher.js
manifest.json
process.js
serialize.js
textfilereader.js
textfilewriter.js

IS the usual procedure of hijackthis, necessary here or can someone explain this?

Thanks
 

A:Solved: Avast scan result is odd

Read other 8 answers
RELEVANCY SCORE 53.6

I have just run a Malwarebytes (free version) scan, and get one potential problem as per the image below.

It refers to a tool I downloaded & used to display the Windows key for my Win 8.1 installation

Is this tool a potential security threat?

A:Malwarebytes scan & result ... what action to take?

If it is this one:
ProduKey - Recover lost product key (CD-Key) of Windows/MS-Office/SQL Server

don't worry. Nirsoft produces some of the best small Windows utilities around. The developer has an excellent reputation. I have used many of them for years without issues.

Read other 3 answers
RELEVANCY SCORE 53.6

I have an HP Precision Scan LTX and it was working just fine the last time I used it. Today it will not work properly and no matter what I scan I just get an all black page with no picture or text.

Any suggestions? Thanks.
 

A:Scanner will not scan - result is all blacked out

Is the scanner lamp operating?
 

Read other 2 answers
RELEVANCY SCORE 53.6

I just ran a full system scan with Avast 5.0. I got the result "Threat Detected". Avast found the following:

NPSExec.exe.

The file was moved to the Avast Virus Chest (quarantine) with the following information:

Threat: Win32: Malware-Gen Location: C:\Windows

I ran a general web search and also searched several Virus Libraries with no results found. Since it's in quarantine I can restore it if needed. Has anyone heard of this file or infection?

Thanks for your help and input.
 

Read other answers
RELEVANCY SCORE 53.6

Hi there!

I just recently got my system put back together and I have been slowly running a few online scans to make sure everything was clean while I was downloading security updates over this last weekend.

I ran one recommended to me called BitDefender last night, and it came up absolutely clean. I also ran another earlier called ewido, which also came up clean, other than a few tracking cookies which were no problem getting rid of.

I just ran Panda's free online scan and it brought up something...

C:/Windows/system32/Tools/Restart.exe It says that files is "Potentionally Unwanted Tool"

I did a search on these forums and found somebody else had this file come up in a Panda scan, so I followed one of the instructions listed, and uploaded it to a site to run several scans. Here are those results:
------------------
http://virusscan.jotti.org/
File: Restart.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 eb1b125ee5d2022cbf5e2f7226f47638
Packers detected: -
Scanner results
AntiVir Found SecurityPrivacyRisk/Destart.A riskware
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found... Read more

A:Panda Scan Result.. Restart.exe

Read other 9 answers
RELEVANCY SCORE 53.6

My computer is really messed up right now - it's running slow and freezing and I ran this scan but I don't know what any of it means -
Thank you!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:17 PM, on 9/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\... Read more

A:Can someone analyze this hijackthis scan result for me?

According to your HiJackThis log, your computer is infected.

I'm not authorized to assist you in this section without the approval of a Moderator or gold shield member, so you need to wait until one replies.

You also need to read here.

-------------------------------------------------------
 

Read other 2 answers
RELEVANCY SCORE 53.6

I have the following output from a ComboFix scan and need help with interpreting the results. I recently purchased this machine used and do not know much history on it. Thanks for any help.((((((((((((((((((((((((((((( [email protected]_06.29.10 ))))))))))))))))))))))))))))))))))))))))).+ 2009-05-23 06:30 . 2009-05-23 06:30 16384 c:\windows\Temp\Perflib_Perfdata_3a4.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928]c:\documents and settings\Administrator\Start Menu\Programs\Startup\mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-7-26 552960]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c: ... Read more

A:ComboFix Scan Result Interpretation

ComboFix logs should not be posted outside the HijackThis forums, and then ONLY WHEN REQUESTED. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need those restore points.Read and abide by the disclaimer people. It's there for a reason. Stick to running and protecting yourself with a good AV and firewall and ... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

Hi everybody, I performed a hardware scan and go this result code: WHD400000-UN7YZE What does it mean and what should I do? Thank you

Read other answers
RELEVANCY SCORE 53.6

Every time I run a Malwarebytes scan I get the same result, as per the attached screenshot.

Can anyone advise me (1) if there is a problem, and (2) how to get rid of the offending result permanently?
(I have blanked the XXXXXX part of the result - it is just my PC user name)

A:MalwareBytes: Same result every time I run the scan

See this::
Remove PUP.Optional.DownloadSponsor.A (Removal Guide)

Read other 4 answers