Over 1 million tech questions and answers.

Questions regarding AVG Scan report, noted hosts change but no other problems

Q: Questions regarding AVG Scan report, noted hosts change but no other problems

Hi Everyone,

Yesterday, I ran a complete system scan with AVG free Version 7.5.432 & it said that everything was fine, except that it noted that there was a change to the hosts (Object Result Status
C:\WINDOWS\system32\drivers\etc\hosts Change Changed). I have pasted a copy of the report below, along with the report from last month which had no such note.

A few days ago, I did download a "test" from http://www.greenborder.com/ at http://www.greenborder.com/test/ & AVG identified it as a trojan, I just moved it to the virus vault and deleted it. I know it probably was not a trojan, but I just deleted it anyway. I also recently upgraded to the new Zone alarm Free 7.0.302.000 but I think I did the AVG full scan before installing the new ZA.

Is this anything to be alarmed about ? I would appreciate any advice or comments. I'm running Windows XP Media Center Version 2002 SP2. I'm also running Zone Alarm Free, Windows defender, and I scan periodically with AVG anti-spyware, spybot, and a-squared free.

Thanks
John

AVG Report from yesterday 1/19/2007

tem Name Item Value
General properties
Report name Complete Test
Start time 1/19/2007 3:50:44 PM
End time 1/19/2007 4:00:26 PM (total: 9:41.9 Min)
Launch method Scanning launched manually
Scanning result No threats found
Report status Scanning completed successfully

Object summary
Scanned 17241
Threats Found 0
Cleaned 0
Moved to vault 0
Deleted 0
Errors 0
Object Result Status
C:\WINDOWS\system32\drivers\etc\hosts Change Changed
AVG Report from 12/28/06

tem Name Item Value
General properties
Report name Complete Test
Start time 12/28/2006 11:44:00 PM
End time 12/28/2006 11:54:18 PM (total: 10:17.3 Min)
Launch method Scanning launched manually
Scanning result No threats found
Report status Scanning completed successfully

Object summary
Scanned 17240
Threats Found 0
Cleaned 0
Moved to vault 0
Deleted 0
Errors 0

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Questions regarding AVG Scan report, noted hosts change but no other problems

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 67.6

Problem: Explorer lag, gaming lag, random internet disruptions
 
Malwarebyte's notes no issues, ran roguekiller.exe then eset scanner.   Eset scan noted 14 viruses,  Olmarik variants, pswtool.rsa.a, opencandy and variants, and an openinstall application.  Kasperky tdss killer notes 7 errors, RKills scan starts and then hangs at SERVICES with one root kit listed.  Seeing as these viruses have multiplied and morphed i think a professional opinion would better suit my position.
 
 

A:Multiple virus noted after ESET scan

Welcome BretB
I moved this from XP to Am I Infected.
 
 Please post ESET and TDSS logs..
 
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on the desktop.
 
 
The TDSS LOG report (log file should be in your C drive)

Read other 6 answers
RELEVANCY SCORE 62.4

I ran an EWIDO scan with two ‘infected’ items found. There seems to be a ? as to whether or not these are a true problem. Therefore, I ask your advice as to what to do. I can not remove them with EWIDO, since I am using a lapsed trial version. The info from the “report” follows:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:54:49 AM, 11/10/2005
+ Report-Checksum: 5CD01CE8

+ Scan result:

C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Ignored
C:\System Volume Information\_restore{8A76E78A-6A78-49A6-A7E2-9B95E126EFAD}\RP384\A0059194.exe -> Heuristic.Win32.AVKiller : Ignored
::Report End

Thanks, {redoak}
p.s. Note the 'word' "AVKiller" at the end of each entry. Significance?
 

A:Solved: EWIDO scan report - problems?

Read other 7 answers
RELEVANCY SCORE 59.2

My computer is infected with something that prevents certain beneficial programs from running and I think make it run even more slowly than it does normally. I installed PC Tools spyware doctor and anti-virus and registry mechanic, but sometimes when I click on them they won't run. I tried cleaning up my system with combofix, but it aborts before actually doing anything. As I was trying to run combofix, spyware doctor and registry mechanic warned me about changes that were attempted on my registry. Because of the warning, I restored to a system configuration from yesterday before continuing. Both DDS and RootRepeal note some problems I don't know how to correct.I'd appreciate some feedback about what to try next.Thanks in advance.Steve

A:TfSysMon and PCTCore problems noted

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 28 answers
RELEVANCY SCORE 58.4

First, a couple of the forums I visit have taken on a new look. See attached graphic. Normally when a page looks like that I empty my Firefox cache and voila. There was hardly anything in my cache and no, it didn't work.

Secondly, I could not upload this graphic on the Insider Build. Nothing happened. Windows 10 Home worked fine.

The forums work as they should in Windows 10 Home.

Read other answers
RELEVANCY SCORE 58

Hello all,
 
New member/poster here. I must admit that I am not all that computer savvy, though I use a computer a lot at work and at home.
 
Now, the reason for my post, but first a little background...
 
I just purchased a fairly new (but used) Dell vostro 270 off eBay. The seller said it was used only a brief time and he reformatted the drive and reloaded the Win7 OS and all drivers. Got it on Wedneday afternoon (04/09/14) and it was working fine. I downloaded the free AVG antivirus, which is what I had on my old PC. I loaded my MS Office 7 and printer software.... so far so good, and working great. Next, I decided to download new newest edition of the free Malewarebites as an added security precaution; this is when the problems started, big-time.
 
After I downloaded Malewarebites and ran the first scan, it said there were several bad files... and deleted them. I rebooted and then could not log on to the internet, in either Foxfire or IE. I would get an error message like "Proxy server not recognizing user" or something like that. In my panic, I attempted a system restore, to no avail, apparently. At first the system restore had an error message saying I needed to disable my antivirus. In the meantime, I uninstalled Malewarebites because I figured that is what caused the problem. After several attempts to do a system restore, which I don't think was ever successful, I gave up.
 
I have a lap-top that I use sometimes and connected it my modem and h... Read more

A:New PC problems after Malewarebites scan; Combofix fixed but questions remain

You cannot post a combofix log in this forum.
 
I would like to see the Malwarebytes log though.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Read other 12 answers
RELEVANCY SCORE 55.6

Incident Status Location

Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp.cab[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar ... Read more

A:Active Scan Report + DSS Report

hi EddyMeuh

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================


Download this file to your desktop.- Here

IMPORTANT - You must place combofix on your desktop!!

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=================

Please Run a scan with HiJackThis and save the log

=================

In your next post, please include fresh logs from: ComboFix.txt
HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Read other 19 answers
RELEVANCY SCORE 54

I have a few quick questions about HOSTS files. 1. Is it OK to edit the HOSTS file in the regular notepad and save it when done as long as use the proper format? 2. If i have to rename the HOSTS file...do i have to use a batch file or anything...or can i just use the usual right click, rename way? 3. What happens if and when i put a invalid entry in? Example: "127.0.0.1 www.ebayyyyyy.com" or accidentally put in a comma instead of a period and never catch it. Does it drastically slow down my internet connection or anything bad....or does the site i want blocked simply never get blocked b/c its the wrong address entry and thats it? 4. lastly, does it make a difference if i have a duplicate entry in my hosts file and what would happen if i do?

Thanks for atleast reading
 

A:Questions about the HOSTS file

bump
 

Read other 1 answers
RELEVANCY SCORE 53.6
A:WinMe: The Hosts File - Questions On.

Do you still need help here or did you find the information you were looking for?
 

Read other 3 answers
RELEVANCY SCORE 53.6

I have checked the FAQs and haven't found the specific info I was looking for. Please feel free to redirect me if the answers already exist.

I'm familiar with the Hosts file from my Unix days back in the early 80s. Back then it was a necessity just for everyday use. These days I (must) use Windows XP Home Edition SP3, and it's Windows that I don't know as well as I should (or would like to).

In reading "The Hosts File and what it can do for you," here at Bleepingcomputer the location of the Hosts file for Windows XP Home is listed as:

Windows XP Home c:\windows\system32\drivers\etc\hosts

but when I open up to c:\windows\system32\drivers\ I don't have an "etc" directory. Before I assume that I should create the directory I thought I should ask.
Also, I have Spybot installed. I mostly use it for the TeaTimer, but I did use the immunize Firefox feature. This sounded a lot like a Hosts file. Does Firefox have its own Hosts file somewhere else that I should know about?
Thanks very much!

A:Newbie questions about Hosts file

Spybot adds entries to the HOSTS file if that's the setting you did. They put their entries at the end of the HOSTS file. Also they add entries to the restricted sites in IE.
etc directory may not be visible if your folder options are to hide system files Tools > Folder options > View > Show hidden files and folders or Hide Protected system files is on.

I can't comment on the Firefox question, I don't use it.

Read other 6 answers
RELEVANCY SCORE 52.4

Hi guys,

Although I am 26 please assume technical knowledge of a 5 year old.

I am using Windows XP, after running an AVG 7.5 check and remedying whatever was found, I then had no volume on my laptop.

From a bout of googling I think these are related problems:

When I go into Device Manager on My Computer I get the following error:

MMC.EXE - UNABLE TO LOCATE COMPONENT
THIS APPLICATION HAS FAILED TO START BECAUSE OLEACC.DLL WAS NOT FOUND. RE-INSTALLING THE APPLICATION MAY FIX THE PROBLEM.

When typing in the hosts file into Notebook, this file is missing. I have tried re-loading it with HostsXpert but this does not work.

Any help would be much appreciated, if I cannot resolve this please can someone recommend a repair shop in the West Midlands?!!!
 

A:No sound after AVG Scan, Hosts file and oleacc.dll missing! Please help

Hi,
Use this Windows file checking utility. To use this utility, you will need your Windows CD.

Go to the Start Menu --> Run, and type in: SFC /Scannow ( allow a space after SFC).Reboot after process completion.

Let us know if you have any difficulties.
 

Read other 2 answers
RELEVANCY SCORE 52

Just loaded Spyware Terminator. Has detected something called "Hosts change" under IEXPLORE.exe.

Asked if i wanted to Block or Allow. Blocked it to be on safe side. IEXPLORE.EXE keeps coming up now as blocked on a "Security Shield" program that I assume prtof thisSpyware Terminator.

What is it and is itok to leave it blocked or should i try to get to it andallow this proces.

Thanks
 

A:Hosts Change

Read other 7 answers
RELEVANCY SCORE 52

Hi. First time poster. My AVG Free tells me that, among other viruses (which it heals), that I have a virus. Under the File Heading it says "hosts", under the Result/Infection heading it says "change" and other under the Path heading it says "c:\windows\system32\drivers\etc\hosts". At the end of the scan it pretty much ignores the virus but clears any others. Should I worry?

Thanks,


P.S. Apologies for posting this same post in the Introduce Yourself forum. Like I said, first time poster.

A:Hosts Change

Welcome to BleepingcomputerIf you navigate to the hosts file you can use wordpad to look at itMine is immunized by spybot search and destroy127.0.0.1 localhost# Start of entries inserted by Spybot - Search & Destroy127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.1001-search.info127.0.0.1 1001-search.infothe entries are all bad and are directed to the local ip address which serves as a dead end for themAn infection can reverse these and direct me to bad sites not protect me from themYou might want to run a scan/fix with MBAM as a second opinion on what has actually happenedhttp://www.bleepingcomputer.com/forums/ind...mp;#entry811062We have been seeing a lot of problems with AVG free recently

Read other 5 answers
RELEVANCY SCORE 52

Hello! I've been having problems with my computer for a while now. I use Windows 7 Ultimate Edition. I've tried scanning with Malwarebytes, Spybot, and Avast! Free Antivirus, but those freeze up at some point and can't be completed. I've done scans with Roguekiller, adwcleaner, TDSSKiller, and Rkill, all of which take longer than they used to before I supposedly became infected, some longer than others. However, after they're done, they don't show anything seriously wrong, except with the Rkill log which says:
 
"* Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file."
 
But upon running again, it keeps giving this same message. When I use the immunize feature in Spybot and run Rkill after, it says the same thing but also lists a few of about 15,000 HOSTS files that have domain names that are obviously fishy, with some that have names that suggest pornography. Some of these HOSTS files are: 127.0.0.1 www.007guard.com, 127.0.0.1 007guard.com, 127.0.0.1 www.0scan.com, 127.0.0.1 1000gratisproben.com, 127.0.0.1 032439.com, 127.0.0.1 100sexlinks.com, 127.0.0.1 100888290cs.com, 127.0.0.1 www.1001namen.com, among others.
 
I've noticed since I've had these problems, my computer has significantly dropped in performance and freezes up programs constantly. There is also a csrss.exe running without description or file location, though I don't know if that is relevant to the main issue at hand.
  
All these problems st... Read more

A:Can't scan or scans take a long time, HOSTS files seem fishy.

There are several legitimate security programs which can add numerous entries to the HOSTS file. Spybot S&D offers four levels of protection to include...Immunization, Resident SDHelper, TeaTimer, Hosts file protection (adding entries).If you use Spybot's immunization feature, the "Global (Hosts)" profile adds entries to the HOSTS file. Any inactive domains and those reported as false positives will be removed when doing immunization. However, the large size of the Hosts file created by Spybot immunisation has sometimes been reported to cause problems such as a significant delay when opening Internet Explorer.If you open the Hosts file, the note at the top and bottom will show the entries were inserted by Spybot:# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2008 Safer Networking Limited
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
127.0.0.1...
# This list is Copyright 2000-2007 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
If you perform an "Undo" via the Immunize button on the Spybot main screen, the entries Spybot added should be removed. From the Immunize panel, deselect the Hosts file protection as follows:Click the Undo option at top of screen to remove all immunizations.Uncheck Global Hosts...the last item in th... Read more

Read other 12 answers
RELEVANCY SCORE 52

My laptop got the Security Master AV Virus. I did the virus removal steps outlined on Bleeping Computer. Everything went smoothly until Step 18, which is deleting the Windows HOSTS File. I was able to download the hostsperm.bat file, however I'm not sure which HOSTS file to delete. In the designated folder (under the Drivers folder), I don't have a file named simply HOSTS. I have files named lmhosts.sam, networks, protocol, and services. I wasn't sure if the lmhosts.sam file was the one I should delete so I haven't yet. I tried to download the file that corresponds to Vista in Step 19 but I kept getting a message saying I didn't have administrator access. I saved the file instead to the desktop and then copied and pasted and that seemed to work. However, I did not delete any other host file and I'm not sure if this is a problem.

I still think the virus is on my laptop, though I don't have the constant popups anymore. I believe this because when I open Windows Security Center, it says "Security Master AV is on but is reporting its status to Windows Security Center in a format that is no longer supported." I'm not sure if this is because I did not finish the steps or what. My current antivirus (Avira) is also not completely working. AntiVir Guard's status says "Service Stopped" and there is no start link. So I know my computer is not fully being protected. I don't know if I need to uninstall and reinstall the antivir... Read more

A:Security Master AV Virus - Windows HOSTS File and other questions

Hello jax1221, I too have the same questions. I only saw hosts.ics or imhosts.sam. but if i uncheck hide system folders then i can see a file simply named hosts as a system file. Maybe somebody could clarify this is the correct file to be deleting?

Read other 1 answers
RELEVANCY SCORE 51.2

My AVG virus scan popped up noting a Hosts change. with C:\\WINDOWS\system32\drivers\etc\hosts Result : changed.. It has also removed > Trojan horse generic_c.EQ .. However it continues to list the Hosts as changed. I have gone to the etc folder, and to the hosts and opened it up by notepad and it says
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Here's Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 5:16:08 AM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\... Read more

Read other answers
RELEVANCY SCORE 51.2

Trying to give permissions to hosts file and get this "unable to save permission changes on hosts"

I cant save over the hosts file.. currently it has a bunch of junk in it from a URL Redirectory virus.
 

A:Can't change hosts file

Read other 6 answers
RELEVANCY SCORE 50.8

I have changed from W7 to W10 but find that although I am logged in as the administrator, I am unable to save any changes to my hosts file and get the message that I don't have accees/permission and should contact the administrator.
Can anyone advise me as to what's going on ?

A:No permission to change hosts file ?

Option 1:

Click on Start ->All Apps->Windows Accessories then right click on Notepad->Run As Admin.Navigate to C:\Windows\System32\Drivers\etc. Click on All Files to see hosts then open
Option 2:
Download: Hosts File Editor - Amazify then right click and run as Admin

Read other 4 answers
RELEVANCY SCORE 50.8

I have a nasty infection call Enterprise Edition. I've used Spybot and Malwarebytes both cleaned up stuff but haven't resolved the block on the hosts file. I have updated these by downloading their respective updates and transporting to the troubled computer. The problem computer can't connect to any website because the hosts file redirects everything. I can't even remove the "read only" property. Here is my HijackThisFileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:32 PM, on 11/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\system32\spoolsv.exeH:\WINDOWS\Explorer.EXEH:\Program Files\Java\jre6\bin\jqs.exeH:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeH:\WINDOWS\system32\wuauclt.exeH:\WINDOWS\ALCXMNTR.EXEH:\WINDOWS\AGRSMMSG.exeH:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeH:\Program Files\Java\jre6\bin\jusched.exeH:\WINDOWS\system32\ctfmon.exeH:\Program Files\Messenger\msmsgs... Read more

A:Can't Change Hosts File due to Infection

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 13 answers
RELEVANCY SCORE 50.8

Hi, well I know something is wrong because I had a trojan. When I scanned with AVG it said the trojan and thats hosts.exe has been changed. Ever since my computer has been running slower and i'm not sure what to do. I've tried replacing hosts.exe with a fixed one instead of one that has been infected but no success. Any help would be great.

Logfile of HijackThis v1.99.1
Scan saved at 10:58:53 AM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitLord\BitLord.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
c:\progra~1\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\DOCUME~1\Cody\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink... Read more

Read other answers
RELEVANCY SCORE 50.8

On XP sp3 system. I've logged in as admin and checked file permissions - read-only is unticked, however I cannot save changes to the file, or delete it. Error on attempting to save is: hosts file cannot be created
I tried disabling MSE real-time, didn't help. How do I save a change to this file?
 

A:Unable to change hosts file

You got something locking you out.

If you just want to be able to edit hosts file and have more control then a hosts file manager will help out a lot.

http://winhelp2002.mvps.org/hosts.htm

Your see HostsMan and HostsXpert on the page.

You will still need Admin rights but your be able to edit the hosts file.
 

Read other 1 answers
RELEVANCY SCORE 50.4

Hi i'm new to computers can someone please tell me what these scan results mean

Thank you

A:Scan report Help

Welcome to PCHF
Can you tell us what program you used to make this report? Also are you having any issues with your computer?

Read other 5 answers
RELEVANCY SCORE 50.4

hi
here is my HDD scan report, and I want to ask is it repairable or not?

A:HDD scan report

Check out spinrite, not only can it repair drives but it can condition a drive as well... a proven performer for over 20 years!

Read other 7 answers
RELEVANCY SCORE 50.4

I made a change in my hosts file myself, in order to block Google ads.
Windows Defender immediately gave a warning.
A scan with Malwarebytes free did not give any notice.
Remarkable.

A:Malwarebytes does not detect change in hosts file

That's because it detects malware but not attempts to deprive internet publishers of their income.

Read other 4 answers
RELEVANCY SCORE 50

well... my problem started before a restore and HDD format(but format erases... yea i know...) before the crash it seemed in working order, till it crashed. after MUCH time trying to restore my files and system, i got fed up and just formatted my hard drive and re-installed windows xp. The massive 65-70GB chunk of "locked" information(presumably my backup i couldnt restore???) was gone but the directory it was under <C:\Documents and Settings\Owner\> is still there, only directly in C:\ labeled <My Backup -- 09-01-30 0235PM> it only contains the single root path leading into Owner\ which cannot be opened, deleted, altered in any way. obviously, it didn't get wiped from the formatting. Now occasionally on startup or after reboot only a few startup programs load and when i go to My Computer it has to "search/locate" just about every folder i click on and basic system operation is really slow, even seems like it freezes every now and again(but hasn't) i usually let it work itself out before just shutting my comp off cold. Takes a while sometimes but usually "catches up" with whatever it was doing, enough for me to shutdown from start menu or task manager. Then again, on occasion, it starts fine and runs good except for constant CPU usage and the computer seems to run abnormally hard(loud). I'm no professional computer tech but to the best of my knowledge and understanding this is whats going on. I've run Numerous anti virus, malware, s... Read more

A:DDS Scan Detail/Report

Hello and welcome to TSF.

If you still need help, please post a fresh DDS.txt as it has been a while since you posted.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 50

Here are things my computer does:

The "paste" function does not work.

Many things I try to open on my computer (whether they are programs that came with the computer, downloads, windows live, magicjack...) do not open and this message pops up: "This application failed to start because it's side-by-side configuration is incorrect. Please see the application log for more details."

Some friends recommended using malwarebytes to scan the computer... i was able to download it, but when I tried to run it, the above message came up.

A friend recommended downloading the Microsoft Visual C +++ 2008 Redistributable from their website, which I was able to do... but that was all. It didn't change any of my problems.

I am attaching the results... I HOPE someone knows what to do!!

THANKS

A:I have the report from my Combofix scan... Can someone help me?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 50

i have the following error, c\:windows\system32
msiefr40.dll- i ran the highjack scan and here is my report:

can anyone help me please?

thanks,
sherri
 

A:highjack scan report

Read other 8 answers
RELEVANCY SCORE 50

I can not acsess adobe.com's web site. I have tried to go through I.E. and netscape. Can you tell me what would be going on with this computer that would prevent me from this. Ive checked the security on this computer. Thanks
Here is the results to my scan.
Logfile of HijackThis v1.97.2
Scan saved at 10:53:16 AM, on 10/08/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TPPALDR.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\SMARTDRAW PHOTO\SDPHOTOBAR.EXE
C:\PROGRAM FILES\KONTIKI\BIN\KONTIKI.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\EBAYTBAR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WM... Read more

A:Check my scan report, please

Read other 8 answers
RELEVANCY SCORE 50

Hi, looking to know what i should or should not delete in this. Main problem i'm having is internet explorer doesnt load any pages but mozilla and all other internet works fine.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:37 AM, on 2/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\Razer\Mamba\RazerTray.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.ex... Read more

A:Hijackthis scan report

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 2 answers
RELEVANCY SCORE 50

Incident Status Location

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick... Read more

A:My Online Scan Report

Hi tomavfcno1 and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do not run option #2 unless instructed to!!

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open... Read more

Read other 13 answers
RELEVANCY SCORE 50

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:11:11, on 20/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\hpq\... Read more

A:Hijack This Scan Report pls

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------StartupLite sounds like the one for you.Please download StartupLite. to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.See how you go with that.

Read other 20 answers
RELEVANCY SCORE 50

I have scan results from GRM & COMBOFIX, thanks

A:GRM & COMBO FIX scan log report

On start up, I get message[ chrome://searchshield/content/overlay.js:234] also [js:90] & message says [do you want to continue running script? yes or no]anyone know what that means? and how to fix it? , Logs are attached. thanks

Read other 3 answers
RELEVANCY SCORE 50

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:45 PM 8/4/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\rainbowgirlwp.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
[464] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning.
C:\Program Files\filesubmit\rainbowgirlwp.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Brenda\Cookies\[email protected][2].txt ... Read more

A:report from ewido scan

Hi and welcome

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

Read other 2 answers
RELEVANCY SCORE 50

After updating MalwareBytes Database, I did a quick scan today. It identified one malicious item as follows.

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> No action taken.

Of course I ignored it but why is an iTunes Registry entry being identified as a malicious item? I have been using my iTunes for ever but MalwareBytes had never identified this entry as malicious earlier.

Could someone please give me an answer.

A:MalwareByte Scan Report

IFEO's, which is what this is, aren't always bad. In fact what triggered this is fairly commonplace in both good and bad apps.

In this particular case if itunes is working properly I wouldn't be too worried about it.

Read other 5 answers
RELEVANCY SCORE 49.6

I ran the Hijack This software for Windows Vista and found the following report:
I am wondering what should I have removed from my notebook?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:58:52 AM, on 8/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal

Running processes:
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\NetworkHostTask\vmhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\SYSTEM32\Taskmgr... Read more

Read other answers
RELEVANCY SCORE 49.6

Can someone tell me what this report means? I've had SchedLgU.Txt show up several times in my scans, but it's never been fixed; neither from running the program on bootup nor desktop. Also, there's no file for RunOnce, and no file or command for Power2Go Express on the Startup Entries list. Should I be concerned? --- Search result list ---Common Dialogs: History (8 files) (Registry key, fixed) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRULog: Activity: SchedLgU.Txt(Backup file, fixing failed) C:\WINDOWS\SchedLgU.TxtLog: Install: setupact.log (Backup file, fixed) C:\WINDOWS\setupact.logLog: Shutdown: System32\wbem\logs\wbemess.log (Backup file, fixed) C:\WINDOWS\System32\wbem\logs\wbemess.logLog: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed) C:\WINDOWS\System32\wbem\logs\wmiprov.logCookie: Cookie (59) (Cookie, fixed) Congratulations!: No immediate threats were found. () --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---2005-05-31 blindman.exe (1.0.0.1)2005-05-31 SpybotSD.exe (1.4.0.3)2005-05-31 TeaTimer.exe (1.4.0.2)2007-05-26 unins000.exe (51.41.0.0)2005-05-31 Update.exe (1.4.0.0)2007-05-23 advcheck.dll (1.5.3.0)2005-05-31 aports.dll (2.1.0.0)2005-05-31 borlndmm.dll (7.0.4.453)2005-05-31 delphimm.dll (7.0.4.453)2005-05-31 SDHelper.dll (1.... Read more

A:Spybot 1.4 Report Questions

Link below has your answer.http://www.safer-networking.org/en/faq/6.htmlThis is what is really important:"Congratulations!: No immediate threats were found. () "

Read other 3 answers
RELEVANCY SCORE 49.6

I'm really struggling with a handful of coolwwwsearch apparent infections, as well as an Igetnet one.
I'm running XP Pro, with SP2 just recently installed, but apparently POST infection.

spybot finds a handful of CWS variants, but doesn't successfully remove them. I've done the manual removal procedures, but I'm still stuck.
Adaware doesn't do it, either.
I've got hosts supposedly locked down by Spybot, but if I go look at it manually, it has this in it:
69.20.16.183 for 3 domains.
I delete those lines, they reappear.
I cannot change the hosts file to read-only.
I AM full administrator.
I have System Restore turned OFF.

I've been screwing with this, with manual removal, etc. for 2 days now.

HELP!
 

A:hosts file won't stay changed, cant change attrib

Read other 10 answers
RELEVANCY SCORE 49.6

Hello,

I am currently trying to help a friend with his Dell Mini netbook. The netbook is running Windows XP SP3 and it's current with all updates and security patches. He does not have an anti-virus program running, but I'll install Avira later (once I can navigate to the site).

Last week, while browsing the internet, his browser shut down and he was asked to install an anti-virus program. Since then, he's had all sorts of issues, mostly with browsing the internet. It sounded like malware to me. I got the netbook and installed Malwarebytes' Anti-Malware on it. It cleaned the following three items:

Malwarebytes' Anti-Malware 1.44
Database version: 3826
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/5/2010 11:40:41 AM
mbam-log-2010-03-05 (11-40-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 152852
Time elapsed: 13 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Roger\Application Data\Security Antivirus (Rogue.SecurityAntivirus) -> Quarantin... Read more

A:Browsing issues, unable to change hosts file, and more

Bump.
 

Read other 1 answers
RELEVANCY SCORE 49.2

hi,
im new and will need some help,
here's my log report
what should i do?
thanks for help
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Navnt\POPROXY.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\FxRedir.EXE
C:\Program Files\Navnt\Navapw32.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Documents and Settings\Stefaan\Application Data\DownloadPlus.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\Documents and Settings\Stefaan\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.scourweb.net/nph-search.cgi?partner=wesb1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Inter... Read more

A:[Solved] scan hijackthis log report

Read other 16 answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations

The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.

I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.

The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet config... Read more

Read other answers
RELEVANCY SCORE 49.2

I followed the procedure recommended by noadhfear to get rid of Smitfraud. It seemed to have worked for the most part, but a couple of days before I did it, I started having trouble with Internet Explorer, so I was not able to run the ActiveScan.
When I run IE, it will work for a very short while and then just stop and all of the IE windows are gone and a message comes up saying something like "An error has occured and an error log will be generated" - although I can't find the error log.

I have included the report from HJT and from Ewido. Please check over these and let me know what needs to be removed and if there is any sign of why IE is not running properly.

Thanks.
Astro99

Logfile of HijackThis v1.99.1
Scan saved at 11:21:05 PM, on 8/24/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\A... Read more

A:Help with HJT Log and Scan report after removing Smitfraud

Read other 7 answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations
The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.
I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.
The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet configuration settings... Read more

Read other answers
RELEVANCY SCORE 49.2

Hey there, I am a member of the World of Warcraft community and fell for a post on their forums claiming to be a picture of in game action, but it was at world0fwarcraft.com - the "O" in 'of' is a zero, and many people labeled it as a keylogger. I got a windows message at the top that a download had been stopped to assure my security, the information bar below the address bar. I've only run Spybot other than Hijack This, and I didn't pick up anything (Spybot is up to date).I guess I'm paranoid that I still might have something, but heres a list of processes and my Hijack this scan:Process PID CPU Description Company Name
System Idle Process 0 100.00
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 268 Windows NT Session Manager Microsoft Corporation
csrss.exe 316 Client Server Runtime Process Microsoft Corporation
winlogon.exe 492 Windows NT Logon Application Microsoft Corporation
services.exe 540 Services and Controller app Microsoft Corporation
svchost.exe 740 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 1784 WMI Microsoft Corporation
unsecapp.exe 900 WMI Microsoft Corporation
svchost.exe 812 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 3576 Windows Security Center Notification App Microsoft Corporation
svchost.exe 904 Generic Host Process for ... Read more

A:Possible Keylogger (full Scan Report)

Arthas Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks

Read other 1 answers
RELEVANCY SCORE 49.2

I scanned my computer with Adwcleaner in safe mode because adwcleaner wouldn't run otherwise, and the report is below. Neither Malwarebytes Pro or Hitman Pro finds anything, and after Adwcleaner says it has put the objects in quarantine and reboots the computer, the objects are back when I do another adwcleaner scan. What do I have?

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\1v5ybk8r.default-1410832319735\prefs.js ]
[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\6xb7mt61.default\prefs.js ]
[ File : C:\Users\monsterzillaBAM\AppData\Roaming\Mozilla\Firefox\Profiles\hjeups96.default\prefs.js ]

Line Found : user_pref("[email protected]", true);

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\allan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\monsterzillaBAM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Thanks in advance!

A:Firefox infected, scan report says:

Could just be tracking cookies. Do a cleaning of history in browser ( cache) ? How is Firefox and Chrome working, any pop ups or redirecting to other websites ?
Seems like the folders were web browsing history is put and browser settings.
Try resetting firefox too.

Use Windows malicious Removal tool, at run, MRT.exe

Read other 4 answers
RELEVANCY SCORE 49.2

Good morning,

I had my hijack log analysed and was asked totake certain actions which i did. Because the computer was in safemode when the scan was performed I had to save the report file with the results. I saved it to DEsktop then, because I was in another user's account I then transferred it to a floppy.

Now that I ahve tried to post to the hijack log I cannot get the report in readable format. By this I mean I went through "File" on my browser and opened the report - it came up with a number of small squares and letters (the usual jargon when a file is opened in the wrong application).

What do i have to do to post it into my hijack log thread to ensure that you guys could lookat it since i am not seing anything here that allows opening of files.

Thanks

Tempest

Read other answers
RELEVANCY SCORE 49.2

hello everyone, i dont know much about this but i have been having trouble with windows live onecare, the firewall is off on both windows and onecare. when i try to turn on onecare firewall it says one care cant turn on your firewall at this time please try later, sometimes when i go to windows firewall it is greyed out and says at the top firewall is controlled by group policy. i am running vista home premium on this pc but i have the same problem on my XP laptop. both the machines are on my home network. this is the scan result. i would really love some help here.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:58:28, on 15/05/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\AASP\1.00.61\aaCenter.exeC:\Windows\System32\spool\drivers\x64\3\WrtMon.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\SysWOW64\CTHELPER.EXEC:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exeC:\Windows\System32\spool\drivers\x64\3\... Read more

A:Hijackthis scan report need help understanding it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers