Over 1 million tech questions and answers.

Hijackthis scan report need help understanding it

Q: Hijackthis scan report need help understanding it

hello everyone, i dont know much about this but i have been having trouble with windows live onecare, the firewall is off on both windows and onecare. when i try to turn on onecare firewall it says one care cant turn on your firewall at this time please try later, sometimes when i go to windows firewall it is greyed out and says at the top firewall is controlled by group policy. i am running vista home premium on this pc but i have the same problem on my XP laptop. both the machines are on my home network. this is the scan result. i would really love some help here.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 08:58:28, on 15/05/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Program Files (x86)\ASUS\AASP\1.00.61\aaCenter.exeC:\Windows\System32\spool\drivers\x64\3\WrtMon.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\SysWOW64\CTHELPER.EXEC:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Google\Google Desktop Search\GoogleServices.exeC:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exeC:\Windows\System32\spool\drivers\x64\3\WrtProc.exeC:\PROGRA~2\SQUEEZ~1\server\SQUEEZ~1.EXEC:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files (x86)\Internet Explorer\ieuser.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exeC:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Microsoft\Office Live\OfficeLiveSignIn.exeC:\Windows\sysWow64\SearchProtocolHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllF2 - REG:system.ini: UserInit=userinit.exeO1 - Hosts: ::1 localhostO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLLO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootO4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe"O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe" 1O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files (x86)\Microsoft Windows OneCare Live\winssnotify.exe"O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Global Startup: SqueezeCenter Tray Tool.lnk = C:\Program Files (x86)\SqueezeCenter\SqueezeTray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cabO20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Desktop Manager 5.2.803.20506 (GoogleDesktopManager-032008-165311) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~2\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exeO23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 9345 bytes

RELEVANCY SCORE 200
Preferred Solution: Hijackthis scan report need help understanding it

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Hijackthis scan report need help understanding it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HEREOrange Blossom

Read other 2 answers
RELEVANCY SCORE 75.2

Hello, I was just wondering if there is anything wrong with this HijackThis Scan

Thank you
Logfile of HijackThis v1.99.1
Scan saved at 7:13:13 PM, on 4/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\... Read more

A:Solved: Need help understanding HijackThis Scan plz

Read other 14 answers
RELEVANCY SCORE 68

Hi, looking to know what i should or should not delete in this. Main problem i'm having is internet explorer doesnt load any pages but mozilla and all other internet works fine.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:16:37 AM, on 2/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\Razer\Mamba\RazerTray.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.ex... Read more

A:Hijackthis scan report

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 2 answers
RELEVANCY SCORE 67.2

hi,
im new and will need some help,
here's my log report
what should i do?
thanks for help
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Program Files\Navnt\POPROXY.EXE
C:\Program Files\ahead\InCD\InCD.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\FxRedir.EXE
C:\Program Files\Navnt\Navapw32.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\Documents and Settings\Stefaan\Application Data\DownloadPlus.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RapidBlaster\rb32.exe
C:\Documents and Settings\Stefaan\Local Settings\Temp\Tijdelijke map 1 voor hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.scourweb.net/nph-search.cgi?partner=wesb1&look=sbar1_srchbtn
R1 - HKCU\Software\Microsoft\Inter... Read more

A:[Solved] scan hijackthis log report

Read other 16 answers
RELEVANCY SCORE 67.2

I AM HAVING PROBLEMS WITH VIRUS,TROJANS AND WHO KNOWS WHAT ELSE I HAVE RAN SUPERANTISPYWARE AND MALWARE BYTES AND THESE ARE WHAT SAS FOUND AND REMOVED:ADWARE.TRACKING COOKIESADWARE.VUNDO VARIENT/RELROGUE.COMPONENT/TRAYWARE 2009CEROGUE.XPDELUXEPROTECTORTROJAN.ANGENT/GEN-FRAUDDROPTROJAN.ANGENT/GEN-FREDDYTROJAN.DROPPER/WIN-NVROGUE.XP ANTISPAND I WAS GETTING ALERTS FOR WIN32 VIRUSI AM ALSO HAVING PROBLEMS WITH MY IE8 BROWSING ASWELL:THIS IS WHAT I KEEP GETTING IN MY BROWSER POP UP EVERY 2-3 SEARCHES TELLING ME I AM INFECTEDInsecure Internet activity. Threat of virus attackDue to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.Also insecure Internet activity can result in revealing your personal information.To get full advanced real-time protection for PC and Internet activity, activate XP Deluxe Protector. We recommend you to protect your PC now and continue safe Internet browsing. Click here to get full advanced real-time protection and continue browsing. Continue to this website unprotected (not recommended).AND WANTS ME TO PURCHASE XP DELUXE PROTECTOR.I HAVE RAN A ROOT REPEAL REPORT SCAN AND A HIJACKTHIS LOG AND HAVE POSTED THEM BELOW...PLEASE HELP THANKSROOTREPEAL REPORT SCAN:ROOTREPEAL © AD, 2007-2009==================================================Scan Time: 2009/07/04 14:35Program Version: Version 1.3.0.0Windows Version: Windows XP SP3=====... Read more

A:HIJACKTHIS LOG AND ROOTREPEAL REPORT SCAN:

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and ... Read more

Read other 17 answers
RELEVANCY SCORE 61.2

I wish I had seen the warning not to run Combofix before I ran it.  Here is what happened. Ever since those 12 updates from Microsoft June 12 my computer has been behaving strangely on and off. It started with Firefox reporting that the Google Earth plugin needing updating, but when I clicked the link to update, it just rerouted back to the update now link. Filed a request for help in Mozillas help pages, noticed others were having the same problem, so didn't worry about it. Next, was Avast Free 8.0.1489 giving a red warning that it had saved my computer from crashing from an emailed link I had clicked. Tried to get more info but was not told what malware I had been saved from. Closed everything running and ran a full Avast scan, then full scans with Malwarebytes and Sophos Virus removal tool. All came up clean. Thought I had dodged a bullet.A few days ago with 4 tabs open in Firefox, clicked to open a new tab and when I clicked the bookmark on the bookmark toolbar Firefox opened that site but closed the other 4 tabs. It has never done that before, or since. Later that day when typing a message I got the change user screen in Windows 7 and had to log in again with my password. No idea how that happened. Have not been able to recreate it with different key combos.2 days ago when I turned on the computer the blue circle spun around for many minutes before telling me the password was incorrect, I had not yet had the opportunity to type my password. I clicked OK, typed ... Read more

A:I ran Combofix need help understanding the report, what next?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499546 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 83 answers
RELEVANCY SCORE 57.6

For some reason the registers have become corrupted and I can not bring up Windows 7. I have search for solutions and have tried restore off the installation/repair disc. I have also copied the five files from regbck into the windows\system32\config but it appears that they are corrupted as well since it get the same corrupt error message when I try the repair option off the installation disc. I am almost at a point to reinstall but I still not there yet. I did run sfc scannow and looked at the cbs log. I do not full understand it but I am hoping that someone might be able to interpret it with the hope that if I resolve the error messages, I can restart windows 7:

called (stack @0x734ed85e @0x73715d11 @0x73712b9e @0xd81c99 @0xd81236 @0x77d375a8)
2012-07-06 06:30:11, Info CSI [email protected]/7/6:14:30:11.413 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x734ed85e @0x73934bb0 @0x7393548e @0xd81327 @0xd81245 @0x77d375a8)
2012-07-06 06:30:11, Info CBS Failed to load SxsStore.dll [HRESULT = 0x8007007e - ERROR_MOD_NOT_FOUND]
2012-07-06 06:30:11, Info CBS Failed to initialize SxS. [HRESULT = 0x8007007e - ERROR_MOD_NOT_FOUND]
2012-07-06 06:30:11, Info CBS Ending TrustedInstaller initialization.
2012-07-06 06:30:11, Info CBS Starting the TrustedInstaller main loop.
2012-07-06 06:30:11, Info CBS TrustedInstaller service starts successfully.
2012-07-06 06:30:1... Read more

A:understanding output of SFC scan

Charles, welcome to Sevenforums.

I cannot interperate that info, but try these tutorials out if you haven't already:
Startup Repair - created by Brink
SFC /SCANNOW : Run in Command Prompt at Boot - created by Bare Foot Kid

Read other 1 answers
RELEVANCY SCORE 57.6

Ran an AVG10 (free) whole computer scan on an HP desktop pc running Windows Vista SP2 because I have a laptop on the same wireles home network with a serious infection. I checked ALL scan options (including 'additional') and I am not sure if there is anything in the results to be concerned with. AVG has cleaned some spyware off the pc sometime ago but has ran regular scans since with nothing but a few cookies and removed them all. A regular scheduled scan ran just 30 minutes prior to this one and found nothing.

This scan found 312 items...The log was a long one so i saved it in notepad to attach it to this post but I could not figure out how to attach a file so I am taking the liberty of pasting it in this post, my apologies if this is incorrect protocol. Could someone please analyze the results to determine if there is anything suspicious?

One note the item referencing credit101 (4 files in this folder with credit in the file name) is a personal password protected file so I do know that one and the other files listed in the "my financial" directory I do know but I do not know if they should have macros. Sorry if this confusing, please let me know if there is a better way to explain it.

Many thanks for any help!

Stephanie

EDIT: I did want to note that I have not had any symptoms or unusual behavior on this pc, all software updates normally and runs with no problems. Computer boots quickly and connects to network almost instantly. As I mentioned the ... Read more

A:Need help understanding AVG scan results

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan"... Read more

Read other 21 answers
RELEVANCY SCORE 57.2

Picked up a virus/s a couple of weeks ago. Guy on Nt compatible read hijack this log , said I had Spysheriff, I had seen that on the Hijacked browser. Followed your self help guide (v.good by the way), also followed your remove Spysheriff instructions. To date the P.C has been scanned by Adaware, Spybot, Spydoctor,Noadaware, Trojan hunter, Ewido, Panda, Bit defender, Norton, Anti vir, plus something else on the self help page i'd forgotten, and the Microsoft stuff. All virus activity has stopped as far as I can see, but I don't undrstand the results of the scans that I'll show you, Norton etc are coming up clean, but Panda and Bit defender are still finding stuff, some of the B.D are files in Norton's quarantine, but I'm not sure about the rest. Would be really pleased if you can check it out for me Thanks. Sorry it's so long !Logfile of HijackThis v1.99.1Scan saved at 12:09:30, on 04/02/2006Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:D:\WINNT\System32\smss.exeD:\WINNT\system32\winlogon.exeD:\WINNT\system32\services.exeD:\WINNT\system32\lsass.exeD:\WINNT\system32\svchost.exeD:\WINNT\System32\WBEM\WinMgmt.exeD:\WINNT\system32\userinit.exeD:\WINNT\Explorer.EXEC:\hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://... Read more

A:Need Help Understanding Logs And Scan Results

Hello smeagol and welcome to the BC HijackThis forum. Let's start off with a couple of things here.Step #1It appears that you have an L2M infection. Please do the following:Download l2mfix.exe and save it to your desktop.Double click l2mfix.exe to start the installation. Click the Install button to extract the files and follow the prompts.Open the newly added l2mfix folder on your desktop.Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing the Enter key.This will scan your computer and it may appear nothing is happening, then, after a minute or 2, Notepad will open with a log. Copy/paste the entire content of that log into this thread and I will review the information when it comes in.Step #2I just want to verify that this file is legitimate. It should be but I do not know why the Task Manager would be running at startup.Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:D:\WINNT\system32\taskmgr.exeSeveral scanning engines will be used to check the file for any threats. Please post the results of the scans back here along with the l2mfix log from Step 1 and a new HijackThis log.Cheers.OT

Read other 7 answers
RELEVANCY SCORE 57.2

Hi, this is my first post.
 
I found the thread about Windows 7 with a black screen and movable cursor on boot. Master Surgeon General did a thorough and methodical job in tracking down and removing the infection for Glascow, I am trying to follow the procedure. The first issue I have encountered is the "reading" (understanding) of the logs generated by the scans, MSG has shortened the log file from the farbar scan to a file list to remove. Does he or anyone have an explanation of how this list was decided on, I have seen some decidedly suspicious entries (WOW) but what about the other stuff?
 
G
 
Mod Edit: Moved topic from Windows 7 to a more appropriate forum. ~bloopie

A:Understanding computer scan results

A link to the topic or topics would be quite helpful. As it stands I have no idea who or what you are referencing for scans and content of those scans.

Read other 9 answers
RELEVANCY SCORE 56.4

This might be really simple, but when AVG has finished scanning, it claims no viruses. Ok, but the log list shows NOT TESTED files, is this normal, should i be concerned?
 

A:AVG 9 scan results NOT TESTED files-understanding

Close all the programs you have running and rerun the scan. Most of the not tested files are saying locked file, meaning its in use by another program.
 

Read other 1 answers
RELEVANCY SCORE 55.6

Incident Status Location

Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\Marie\Local Settings\Temp\mit49.tmp.cab[NNBar_VCSetup_876088_log.exe]
Adware:Adware/Mirar ... Read more

A:Active Scan Report + DSS Report

hi EddyMeuh

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

Additional Downloads

Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

=================


Download this file to your desktop.- Here

IMPORTANT - You must place combofix on your desktop!!

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=================

Please Run a scan with HiJackThis and save the log

=================

In your next post, please include fresh logs from: ComboFix.txt
HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Read other 19 answers
RELEVANCY SCORE 55.2

I ran scan disc and after it says i have several corrupt files that it wasnt able to repair.  I have posted below just a few of the entries on the cbs.log.  Can someone please help me to fix these issues??
Thank you
 
Marshall
 
 
2014-10-29 12:57:02, Info                  CSI    00000090 [DIRSD OWNER WARNING] Directory [ml:520{260},l:88{44}]"\??\C:\WINDOWS\Help\Windows\IndexStore\en-US" is not owned but specifies SDDL in component Microsoft-Windows-Assistance-CollectionFiles-Help.Resources, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
 
2014-10-29 12:57:02, Info                  CSI    00000091 [DIRSD OWNER WARNING] Directory [ml:520{260},l:50{25}]"\??\C:\WINDOWS\Help\en-US" is not owned but specifies SDDL in component Microsoft-Windows-Assistance-CollectionFiles-Help.Resources, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"en-US", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
 
2014-10-29 12:57:02, Info                  CSI    00000092 [DIRSD OWNER WARNING] Directory [ml:520{260},l:92{46}]"\??\C:\WINDOWS\Help\Windows\ContentStore\en-US" is not owned but spe... Read more

A:Need Help understanding CBS.log file after scan-disc found corrupt files.

I dont see how 42 different  people read this post but not 1 responce.  ???
 
 

Read other 48 answers
RELEVANCY SCORE 53.2

Having trouble understanding the good and bad from a HiJackThis Log, looking for anytype of help, thanks:Log Info:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:51:41 AM, on 1/27/2011Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\jkessner\Desktop\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=R1 - HKLM\Software\... Read more

A:Help Understanding HijackThis Log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 4 answers
RELEVANCY SCORE 53.2

Greetings, respect and salutations.I must apologise if this is in the wrong section. My path of logic led me here.I'm wanting to know a little about Hijackthis.If you have the time and patience, it is most appreciated.I downloaded Trend Micro Hijackthis v.2.0.2, ran the scan and now I'm sitting here looking at it wondering what on earth it's for.I've downloaded the DDS scan from bleepingcomputer and I am more familiar with the results of DDS as I've seen it on countless forums.Q1. Does DDS run off of Hijackthis?Would it be just as good to only download/run DDS, or will it work without HJT installed?Q2. Is Hijackthis used only for locating spyware/malware/virus?Would it also be used to 'clean' out unneccessary programs or have other uses?Q3. What can you do with the actual HJT scan?I'm failing to see what benefit of it without being able to post the info, as with DDS.(thus the reasoning behind DDS, I am supposing . . .)Q4. I've noticed on sites like: http://www.hijackthis.de they just say copy/paste the log.The only log I can find is the DDS.txt file. I feel I'm missing something here. Is there a log I can obtain from the HJT program (scan)?That's about it actually.The main headscratcher is Q3.After scanning, I'm left with a page full of choices knowing if I delete (fix) the wrong one, my PC throws a fit and dies on me . . . Again, thank you for your time and apologise if I've landed in the wrong topic.-Brad

A:Understanding Hijackthis

Hijackthis and DDS.scr are two different things to my understanding. I only have Hijackthis installed as a backup just in case I can't get something off of my computer and need the help of experts from here. Other than that, HJT is, in a sense, just there collecting dust on my computer (in Layman's terms, it's there just in case of a worse case scenario)

Both are tools used for advanced Malware Removal teams such as BC's HJT Team to use. After that, I'm not sure in the workarounds to it or I'm probably not authorized to talk about it (not that I'd know anything anyways)

Read other 4 answers
RELEVANCY SCORE 53.2

Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 12:53:47 AM, on 3/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\SYSTEM32\SPOOLSV.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\LxrSII1s.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXEC:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\WINDOWS\system32\wwSecure.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\ehome&... Read more

A:Need Help Understanding Hijackthis Log

Hello,* Please download VundoFix.exe to your C:\.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.Select ?Add More Files?? from the menu that comes up. This will open a new VundoFix window.In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\dpment.dllClick the ?Add Files? button.Click the "Close Window" button.Click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.After reboot,* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://... Read more

Read other 6 answers
RELEVANCY SCORE 53.2

Can someone please tell me what i need to do after running Hijackthis?My computer always has virus and I can not get rid of them and someone had told me about Hijackthis but I have not idea what to fix, delete, etc....This is my log, Please HELP!! Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:37:38 PM, on 10/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\WIND... Read more

A:Understanding Hijackthis

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

I am lucasjamesw and I need  help Diagnosing this Log file. See Attach Files  thank for your help.Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

A:understanding Hijackthis

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517593 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

A couple days ago I was hit with some form of malware or virus causing my internet functions to begin running terribly. Internet speed is exceptionally slow (or IE fails altogether) and the computer is bombarded with pop-ups. I've run Norton 360 and Ad-Aware but nothing comes up.

Can any experts in this forum help me out by examining my HJT log below? What is causing the pop-ups and slow processing speeds? I noticed a program called "winshow.exe" running - is this malware? I have no idea what it is... how do I get rid of it if it is malware? Any step by step instructions would be very much appreciated.

btw - this is my first time using HiJackThis so go easy on me if I do something wrong/leave info out.

Thanks in advance!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:22 PM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Visual... Read more

A:Help understanding HiJackThis log

Hi Punkaweedus,

Step 1
Please go to C:\Program Files\Trend Micro\HijackThis and right click on HijackThis.exe. Select Rename.
Type in scanner and press Enter.
Double click on scanner to run it.
Select Do a system scan and save a logfile. Please post back this log in your next reply.
Don't close HijackThis yet.

Step 2
Click on the Config... button at the bottom right hand corner.
At the top, click on the Misc Tools button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

In your next reply, please post:
A new HijackThis log
The Uninstall list

Read other 19 answers
RELEVANCY SCORE 53.2

well......
here are a few HJT tutorials:
HijackThis Tutorial
HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware
HJT Tutorial - DO NOT POST HIJACKTHIS LOGS - MajorGeeks Support Forums
PC Hell: HijackThis Tutorial for Removing Spyware

and this
to get a direct online HJT analysis

HijackThis Logfileauswertung

A:Understanding HijackThis

All of the public HJT tutorials are based on the original Bleeping Computer tutorial and have been around for many years. That said, HijackThis is no longer relied on by security experts as providing much more than a general overview. It just doesn't provide enough information to fully analyze the extent of a malware infection.

Warning: Online HijackThis analysis tools should be used with extreme caution as f/p's are very common.

Read other 9 answers
RELEVANCY SCORE 53.2

Hi guys,
I wonder if someone could help me. I have a home LAN and PCs are
running WinXP SP2, WinXP SP1, and Win2K AdvSvr. I connect to the
internet through WinXP SP2 machine using CC-Proxy. I noticed that
the main IC-sharing PC was running extremely slowly and ran ad-aware. It seems everytime I run my Ad-AwareSE it returns a large number of 'strange objects' it has discovered, typically tracking objects. Naturally I ask for this to be removed. If I then run the application again, it returns no objects. However, if I reboot and run the application, it again returns a large number of 'strange objects'. Therefore , I ran HijackThis and don't know what to do with the result. See below for the part of HijackThis log where I don't know what is going on.

What surprises me is that I had thought my system had been fortified
with Avast! and Zone Alarm Security Suite. But it seems these haven't
been able to protect my machine from attack. I've also clear the
Windows' and users' temp files (including temporary internet files).
Despite all this, I'm still getting a lot of trackers everytime I run
Spybot and Ad-Aware SE

I'd be grateful for any help to resolve this problem.

Latest HijackThis Log:

Logfile of HijackThis v1.98.2
Scan saved at 22:42:03, on 27/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon... Read more

A:Understanding HijackThis Log

Right click my computer> properties and turn OFF system restore Reboot Do your scans again getting rid of amything found Turn system restore back on and reboot
 

Read other 3 answers
RELEVANCY SCORE 52.8

Hi, I am new to this forum and I have been using HijackThis to aid in the process of removing malware. I am not familiar enough with what I am looking at and if someone would help me in understanding what I am looking at, i would be grateful. I would like to provide a brief explanation of what has happened so far. I received a call from a client and who is running McAfee free and I was told that it found (and I believe removed) some detected problems. He wanted me to come over and check things out. I went over and ran the following programs. * Malwarebytes (Found one problem and removed it) * Norton's standalone security scan program. (found tracking cookies, no infections) * SpyBot (found problems and fixed them) * McAfee (found one problem and removed it) I have gotten the client's permission to post the log.Here is the log file. I do not understand the MRI_Disabled entries. My and a friend's guess are they were malware that a program removed but left the hooks in. Is this correct? Also, is the nerocheck.exe in the system32 a valid entry? I have read that nerocheck can be a valid program, but is it supposed to be in system32? Thank you for your help.cwaLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:52 PM, on 7/21/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS ... Read more

A:understanding entry in Hijackthis log

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

Read other 9 answers
RELEVANCY SCORE 52

Hi a friend of mine believes he has spyware on his computer I asked to run hijackthis , I'm still learning how to interpret the results I do believed he has some spyware , can somebody take a look at this log and let me know.thanks
Logfile of HijackThis v1.97.7
Scan saved at 9:44:24 PM, on 2/24/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SERVICES.EXE
C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\WAOL.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\SHELLMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0A\AOLWBSPD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
A:\HIJACKTHIS2\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ... Read more

A:helping friend understanding hijackthis

Read other 13 answers
RELEVANCY SCORE 52

My computer is running slower than i would like and I am not very happy with that. Also, I want to make sure that I don't have any viruses or malware.

I am very nooby (for lack of a better word) when it comes to computers. I'm not sure what the best anti-viruses are. I have McAfee Security Center and Ad-Aware 2007 Free on my computer. I also have AVG Anti-Rootkit Free installed.

Here is my HijackThis Log. (it's long)
----------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:34 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe... Read more

A:Help Understanding HijackThis Log and Then Fixing Problems

New HijackThis log.

====================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:19 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe ... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

Good evening,
I'm a new entry, just of today, and first of all I apologize for my poor English. I'm writing from Italy.
I'm just a simple  pc user but I'm trying to understand more deeply how to use it better and how to protect it from malware's attacks.
I've red your HijackThis guide, and I've scanned my pc with the software itself.
The log of the results tells about only one server in the 017 section, and its IP address corresponds to a private address (10.206.56.132     10.207.43.46).
I would like understanding the meaning of this result. In Others words, what does a private IP address means in the 017 section?  Why are there not any else server? And, should I fix it?
Furthermore, my pc seems working good, without any strange behaviours.
Thank you for your attention.
 
Roberto

A:HijackThis: understanding 017 section log (Domain Hacks)

Welcome to BCO17 entries correspond to keys in registry hive HKEY LOCAL MACHINE for specific values which help windows to resolve domain names into IP addresses. Removing a needed 017 entry may break Internet connectivity since they may be used by an ISP or company network.IMPORTANT NOTE: HijackThis only scans certain areas of a computer's system/registry to help diagnose the presence of undetected malware in known hiding places. Given the sophistication of malware hiding techniques used by attackers in today's environment, HijackThis is limited in its ability to detect infection and generate a report outside these known hiding places. This limitation has made its usefulness nearly obsolete since a HijackThis log cannot reveal all the malware residing on a computer. As such, HijackThis has been replaced by other preferred tools like DDS, OTL and RSIT that provide comprehensive logs with specific details about more areas of a computer's system, files, folders and registry keys which may have been modified by malware infection.Unless you know how to read and analyze logs from DDS, OTL or RSIT there's no point on downloading and using them. If those tools are needed for a malware infection you should seek assistance from an expert who will advise you accordingly.Like HijackThis, these are powerful tools which rely on trained experts to interpret the log entries, determine what needs to be fixed and plan a strategy for disinfection. Using such tools requires advanced knowledge ab... Read more

Read other 1 answers
RELEVANCY SCORE 50.4

hi
here is my HDD scan report, and I want to ask is it repairable or not?

A:HDD scan report

Check out spinrite, not only can it repair drives but it can condition a drive as well... a proven performer for over 20 years!

Read other 7 answers
RELEVANCY SCORE 50.4

Hi i'm new to computers can someone please tell me what these scan results mean

Thank you

A:Scan report Help

Welcome to PCHF
Can you tell us what program you used to make this report? Also are you having any issues with your computer?

Read other 5 answers
RELEVANCY SCORE 50

I did a scan 3 days ago with pctools and was told there was a virus trojan Backdoor.Retro64 but I had to pay to remove it.

I came across HijackThis tonight and have followed instructions.

This is my logfile:-

Logfile of HijackThis v1.99.1
Scan saved at 21:28:33, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipCheapCom\VoipCheapCom.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTa... Read more

A:Did scan before and was told virus backdoor.retro64 on pc. This is Hijackthis scan.

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

Read other 1 answers
RELEVANCY SCORE 50

I can not acsess adobe.com's web site. I have tried to go through I.E. and netscape. Can you tell me what would be going on with this computer that would prevent me from this. Ive checked the security on this computer. Thanks
Here is the results to my scan.
Logfile of HijackThis v1.97.2
Scan saved at 10:53:16 AM, on 10/08/2003
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPERWORKSTATION\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TPPALDR.EXE
C:\USBSTORAGE\USBDETECTOR.EXE
C:\PROGRAM FILES\IOMEGA HOTBURN PRO\AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\SMARTDRAW PHOTO\SDPHOTOBAR.EXE
C:\PROGRAM FILES\KONTIKI\BIN\KONTIKI.EXE
C:\PROGRAM FILES\COMMON FILES\INTUIT\QUICKBOOKS\QBUPDATE\QBUPDATE.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\EBAYTBAR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WM... Read more

A:Check my scan report, please

Read other 8 answers
RELEVANCY SCORE 50

Incident Status Location

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\hugh\Application Data\Mozilla\Firefox\Profiles\8podr1n4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick... Read more

A:My Online Scan Report

Hi tomavfcno1 and welcome to TSF.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do not run option #2 unless instructed to!!

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open... Read more

Read other 13 answers
RELEVANCY SCORE 50

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:11:11, on 20/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\hpq\... Read more

A:Hijack This Scan Report pls

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------StartupLite sounds like the one for you.Please download StartupLite. to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance.See how you go with that.

Read other 20 answers
RELEVANCY SCORE 50

After updating MalwareBytes Database, I did a quick scan today. It identified one malicious item as follows.

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> No action taken.

Of course I ignored it but why is an iTunes Registry entry being identified as a malicious item? I have been using my iTunes for ever but MalwareBytes had never identified this entry as malicious earlier.

Could someone please give me an answer.

A:MalwareByte Scan Report

IFEO's, which is what this is, aren't always bad. In fact what triggered this is fairly commonplace in both good and bad apps.

In this particular case if itunes is working properly I wouldn't be too worried about it.

Read other 5 answers
RELEVANCY SCORE 50

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:07:45 PM 8/4/2006

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\rainbowgirlwp.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
[464] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning.
C:\Program Files\filesubmit\rainbowgirlwp.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Brenda\Cookies\[email protected][2].txt ... Read more

A:report from ewido scan

Hi and welcome

I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread".
It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

Please continue in this thread.
 

Read other 2 answers
RELEVANCY SCORE 50

I have scan results from GRM & COMBOFIX, thanks

A:GRM & COMBO FIX scan log report

On start up, I get message[ chrome://searchshield/content/overlay.js:234] also [js:90] & message says [do you want to continue running script? yes or no]anyone know what that means? and how to fix it? , Logs are attached. thanks

Read other 3 answers
RELEVANCY SCORE 50

Here are things my computer does:

The "paste" function does not work.

Many things I try to open on my computer (whether they are programs that came with the computer, downloads, windows live, magicjack...) do not open and this message pops up: "This application failed to start because it's side-by-side configuration is incorrect. Please see the application log for more details."

Some friends recommended using malwarebytes to scan the computer... i was able to download it, but when I tried to run it, the above message came up.

A friend recommended downloading the Microsoft Visual C +++ 2008 Redistributable from their website, which I was able to do... but that was all. It didn't change any of my problems.

I am attaching the results... I HOPE someone knows what to do!!

THANKS

A:I have the report from my Combofix scan... Can someone help me?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 2 answers
RELEVANCY SCORE 50

i have the following error, c\:windows\system32
msiefr40.dll- i ran the highjack scan and here is my report:

can anyone help me please?

thanks,
sherri
 

A:highjack scan report

Read other 8 answers
RELEVANCY SCORE 50

well... my problem started before a restore and HDD format(but format erases... yea i know...) before the crash it seemed in working order, till it crashed. after MUCH time trying to restore my files and system, i got fed up and just formatted my hard drive and re-installed windows xp. The massive 65-70GB chunk of "locked" information(presumably my backup i couldnt restore???) was gone but the directory it was under <C:\Documents and Settings\Owner\> is still there, only directly in C:\ labeled <My Backup -- 09-01-30 0235PM> it only contains the single root path leading into Owner\ which cannot be opened, deleted, altered in any way. obviously, it didn't get wiped from the formatting. Now occasionally on startup or after reboot only a few startup programs load and when i go to My Computer it has to "search/locate" just about every folder i click on and basic system operation is really slow, even seems like it freezes every now and again(but hasn't) i usually let it work itself out before just shutting my comp off cold. Takes a while sometimes but usually "catches up" with whatever it was doing, enough for me to shutdown from start menu or task manager. Then again, on occasion, it starts fine and runs good except for constant CPU usage and the computer seems to run abnormally hard(loud). I'm no professional computer tech but to the best of my knowledge and understanding this is whats going on. I've run Numerous anti virus, malware, s... Read more

A:DDS Scan Detail/Report

Hello and welcome to TSF.

If you still need help, please post a fresh DDS.txt as it has been a while since you posted.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

Read other 2 answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations
The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.
I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.
The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet configuration settings... Read more

Read other answers
RELEVANCY SCORE 49.2

I did a virus scan using Avira Antivir. There were no viruses on the computer bit it said there were 53 warnings which are as follows:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\World of Destiny\Application Data\Microsoft\Windows Defender\FileTracker\{EF947A62-7966-422B-88F2-591853D7BF54}
[WARNING] The file could n... Read more

A:Solved: Warnings in scan report

Read other 9 answers
RELEVANCY SCORE 49.2

Hi there,

I have 2 machines, a Sony Vaio VGC-LS1 & a Dell XPS1730 laptop.....not on a network....using zoom adsl X6 modem for both.

Needed help to unintsall 2 softwares: Sonic encoders & Image Station....I get an error using Revo......need this file C:\abu\software603703.SND\ but I cannot find its location.

Contacted Sony neither they could help depite taking remote acess of the machine. Ran a PC health & gave me this report.

1. "The computer's video card is unsatisfactory "

Your computer's video card has been checked and is found to be not as per recommendations

The video card application demands a lot of space and resources from your computer. Thus it is essential to assess the requirements of this application to determine the condition of your computer.

I am using there own bultin Intel 945 GM graphic acelerator??

2. "The Internet Connection Sharing Service needs to be disabled "

The Internet Connection Sharing Service has been enabled.

The Internet Connection Sharing (ICS) service is applicable to provide network address translation, addressing, name resolution and/or intrusion prevention services to a home computer or small office network. This service helps multiple users on your network to browse through a single account. You need to enable this service if your computer is in a network but can be disabled otherwise.

3. "Non optimal internet configuration settings "

Your current internet config... Read more

Read other answers
RELEVANCY SCORE 49.2

Howdy,

I just ran a Kaslersky online scan .When the scan was completed I got a window that tells me it picked up a few thing.

I did not see a tab to click to view the items. I clicked on the help tab. It said that after the scan I would be able to view what these items are. Is does not mention where to click to view.
I have a screen shot if that would be helpful.
Dennis

A:How To View Kaspersky Scan Report

hi again dennis
does it have a save log button?
if it does that should pull it up(i think don't usually use kapersky)
hope that helps
mz30

Read other 14 answers
RELEVANCY SCORE 49.2

I followed the procedure recommended by noadhfear to get rid of Smitfraud. It seemed to have worked for the most part, but a couple of days before I did it, I started having trouble with Internet Explorer, so I was not able to run the ActiveScan.
When I run IE, it will work for a very short while and then just stop and all of the IE windows are gone and a message comes up saying something like "An error has occured and an error log will be generated" - although I can't find the error log.

I have included the report from HJT and from Ewido. Please check over these and let me know what needs to be removed and if there is any sign of why IE is not running properly.

Thanks.
Astro99

Logfile of HijackThis v1.99.1
Scan saved at 11:21:05 PM, on 8/24/2005
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\explorer.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\A... Read more

A:Help with HJT Log and Scan report after removing Smitfraud

Read other 7 answers
RELEVANCY SCORE 49.2

Good morning,

I had my hijack log analysed and was asked totake certain actions which i did. Because the computer was in safemode when the scan was performed I had to save the report file with the results. I saved it to DEsktop then, because I was in another user's account I then transferred it to a floppy.

Now that I ahve tried to post to the hijack log I cannot get the report in readable format. By this I mean I went through "File" on my browser and opened the report - it came up with a number of small squares and letters (the usual jargon when a file is opened in the wrong application).

What do i have to do to post it into my hijack log thread to ensure that you guys could lookat it since i am not seing anything here that allows opening of files.

Thanks

Tempest

Read other answers
RELEVANCY SCORE 49.2

Hey there, I am a member of the World of Warcraft community and fell for a post on their forums claiming to be a picture of in game action, but it was at world0fwarcraft.com - the "O" in 'of' is a zero, and many people labeled it as a keylogger. I got a windows message at the top that a download had been stopped to assure my security, the information bar below the address bar. I've only run Spybot other than Hijack This, and I didn't pick up anything (Spybot is up to date).I guess I'm paranoid that I still might have something, but heres a list of processes and my Hijack this scan:Process PID CPU Description Company Name
System Idle Process 0 100.00
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 268 Windows NT Session Manager Microsoft Corporation
csrss.exe 316 Client Server Runtime Process Microsoft Corporation
winlogon.exe 492 Windows NT Logon Application Microsoft Corporation
services.exe 540 Services and Controller app Microsoft Corporation
svchost.exe 740 Generic Host Process for Win32 Services Microsoft Corporation
wmiprvse.exe 1784 WMI Microsoft Corporation
unsecapp.exe 900 WMI Microsoft Corporation
svchost.exe 812 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation
wscntfy.exe 3576 Windows Security Center Notification App Microsoft Corporation
svchost.exe 904 Generic Host Process for ... Read more

A:Possible Keylogger (full Scan Report)

Arthas Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis logThanks

Read other 1 answers
RELEVANCY SCORE 49.2

Incident Status LocationAdware:adware/swimsuitnetwork Not disinfected c:\windows\system32\MYDLL.dllSpyware:spyware/cws.olehelp Not disinfected Windows RegistryMy Comp is running Good but What Should i nead to do now?

A:Panda Active Scan Report

MYDLL.dll is related to Spyware.ActualNames and often includes other malware files which ActiveScan may not have found. If you click on the Removal Tab in the Symantec link there are instructions for removing/unregistering the .dll.What OS (Win XP/2000, etc) are you using? What is your primary anti-virus and when was the last time you ran a scan? Have you performed any anti-spyware scans other than ActiveScan? If not, start here:If your running Win XP/2000, download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".Print out the Ewido Install and Scan Instructions. Download and scan with Ad-Aware SE Personal 1.06. Setup & Configure as shown here.Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.[DO NOT choose the option to install TeaTimer]Note: If you encounter any error messages while downloading the updates, manually download them from here.

Read other 6 answers
RELEVANCY SCORE 49.2

I scanned my computer with Adwcleaner in safe mode because adwcleaner wouldn't run otherwise, and the report is below. Neither Malwarebytes Pro or Hitman Pro finds anything, and after Adwcleaner says it has put the objects in quarantine and reboots the computer, the objects are back when I do another adwcleaner scan. What do I have?

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\1v5ybk8r.default-1410832319735\prefs.js ]
[ File : C:\Users\allan\AppData\Roaming\Mozilla\Firefox\Profiles\6xb7mt61.default\prefs.js ]
[ File : C:\Users\monsterzillaBAM\AppData\Roaming\Mozilla\Firefox\Profiles\hjeups96.default\prefs.js ]

Line Found : user_pref("[email protected]", true);

-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\allan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\monsterzillaBAM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Thanks in advance!

A:Firefox infected, scan report says:

Could just be tracking cookies. Do a cleaning of history in browser ( cache) ? How is Firefox and Chrome working, any pop ups or redirecting to other websites ?
Seems like the folders were web browsing history is put and browser settings.
Try resetting firefox too.

Use Windows malicious Removal tool, at run, MRT.exe

Read other 4 answers