Over 1 million tech questions and answers.

Healing my sister's slow laptop

Q: Healing my sister's slow laptop

I spent the night at my sister's the other day. She was agitated while using her laptop. Typical complaints, it is slow to respond, some programs won't open at all, and pop ups. I ran a few of the scans that I've used in the past and it's more responsive, there aren't any more popups flashing, but it still lags. I am hoping some wise soul on here can take it to the next level.

Thanks in advance!

Preferred Solution: Healing my sister's slow laptop

I recommend trying the free service from Zip Cloud. It's currently our users' favorite backup and storage solution and will save you headaches down the line.

You can get it direct from this link http://goo.gl/rFYDxc. (This link will open the Zip Cloud homepage.)

A: Healing my sister's slow laptop

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Cyndy (administrator) on SANDERS on 24-04-2015 11:28:21
Running from C:\Users\Cyndy\Downloads
Loaded Profiles: Cyndy (Available profiles: Cyndy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Xerox Corporation) C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-15] (Avast Software s.r.o.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-854397576-2017573737-709579596-1002\...\Run: [Google Update] => C:\Users\Cyndy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-11] (Google Inc.)
HKU\S-1-5-21-854397576-2017573737-709579596-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKU\S-1-5-21-854397576-2017573737-709579596-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-854397576-2017573737-709579596-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Cyndy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-06-05]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-15] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKU\S-1-5-21-854397576-2017573737-709579596-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1" target="_blank" class="wLink">http://g.msn.com/HPNOT13/1" target="_blank" class="wLink">http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-854397576-2017573737-709579596-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {D715423F-873A-45CE-B4EA-F93AEFC94326} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D715423F-873A-45CE-B4EA-F93AEFC94326} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-854397576-2017573737-709579596-1002 -> {D715423F-873A-45CE-B4EA-F93AEFC94326} URL = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-854397576-2017573737-709579596-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-15] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-15] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-12] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-12] (Google Inc.)
Toolbar: HKU\S-1-5-21-854397576-2017573737-709579596-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-854397576-2017573737-709579596-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Cyndy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-854397576-2017573737-709579596-1002: @talk.google.com/O1DPlugin -> C:\Users\Cyndy\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-854397576-2017573737-709579596-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Cyndy\AppData\Local\Google\Update\\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin HKU\S-1-5-21-854397576-2017573737-709579596-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Cyndy\AppData\Local\Google\Update\\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Cyndy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Cyndy\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-09]

CHR HomePage: Default -> https://www.yahoo.com?fr=hp-avast&type=iedef
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-12-12]
CHR Extension: (Bookmark Manager) - C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\Cyndy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-15]

Read other 20 answers

plz help my sister laptop is really slow.Plz help.heres a high jack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:21 AM, on 1/1/2000
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Netviews Wireless Monitor\WLService.exe
C:\Program Files\Netviews Wireless Monitor\WLanCfgG.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Netviews Wireless Monitor\InfoMyCa.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Common Files\DriveCleaner Free\dcsm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Trend Micro... Read more

A:help,my little sister laptop is super slow

Hi, welcome to TSF!

If you still need assistance, please post a fresh Hijackthis log

Read other 1 answers

Somehow my computer contracted a Win32.HEUR virus off of an accidental spam site visit, and now my computer is full of infections.

At first I tried using AVG, but the virus basically overpowered it and tried to uninstall it.. So I got Kaspersky's virus removal tool. It seems to have taken care of the heur for the most part, but now I have a rootkit.tdss that just won't go away.

The problem is, I can't kill any processes, it's locked my taskbar out, I can hardly open any programs, it just says "This file does not have a program associated with it for performing this action. Please install a program or, if one is alread yinstalled, create an association in the Default Programs control panel." I can run programs if I select "run as administrator" but thats the only way they will work right now..

There are other symptoms as well, the whole pc is a complete mess right now, I've been working on it all day and night trying to get the infections cleared out. I just ran Hijackthis and I have a log I can post if necessary.

Is there anything else that I can do get this thing off of my computer??


I forgot to mention that when running malwarebytes or kasperskys virus removal, before I can complete the scan, the computer forces a shutdown.

A:Got a nasty virus on my laptop now, need some help healing it.

Hello and welcome let's do these. tell me how we are after.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyTDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make... Read more

Read other 1 answers

HI everyone,

I have gotten hold of my sister's windows vista machine that she had from brand new about 3 years ago but now is SO slow on start up, runs really slow, constantly not responds etc for ages then kicks in!

I have said I would look into helping her out to fix it but really nto sure where the best place to start is.

I am defragging it as I speak which has taken 4 hours so far and no idea when that will be complete.

I wonder if anyone could give me an idea on where to start really to get it back to its glory days.......or just working at a reasonable speed would be great

Thanks to anyone who may help


A:Windows Vista, SO SO slow since sister had it!

First thing to check is what "Protection" programs are running?
If there is more than 1 AV program installed remove all but one.

If there are any of the "Registry Cleaners" or "Speed up my PC type's" back up all data and get ready to do a system rebuild back to factory settings.

What is the make and model of this machine?

Read other 1 answers

So my sister has a Windows 8 laptop an wants to know if there are any infections on it and what can safely be unistalled. She particularly would like to know if OneDrive an OneNote can be removed without jeopardizing the OS. Would someone be kind enough to help us with this? Also I ran FRST on her comp may anyone help us with a fixlist? 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015 (ATTENTION: ====> FRST version is 17 days old and could be outdated)
Ran by Angela (administrator) on ANGELA on 19-03-2015 20:49:05
Running from C:\Users\Angela\Desktop\Security Programs
Loaded Profiles: UpdatusUser & Angela (Available profiles: UpdatusUser & Angela & alechner831)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServe... Read more

A:Help with my sister's laptop

She believes her computer was accessed remotely without her consent does anything in her logs confirm or disprove her concerns?

Read other 60 answers

I am hoping someone here can help my sister, she is having issues with her laptop..

her laptop is a toshiba satellite.

her problem is if the computer is idle the screen goes completely blank she can't get it to go back to whatever she was doing, and her wireless mouse and the mouse on the laptop cannot be used. she also had the screen go blank when she attempted to get into microsoft explorer. the only way she can get the pc to do what she wants is to hold in the power button and shut it down improperly. she has already run a virus scan and an ad-ware scan but they turned up nothing. please help her as she has a tight budget and can't afford to take it in to be repaired so hopefully this is something she can do herself --with help from you guys. please respond ASAP thanks in advance.

A:HELP my sister is having laptop issues

Under Power Settings, (which may refer you to the specific Toshiba power management) in Control Panel, disable Hibernation and set it to never use Standby. It sounds like it is going ito hibernation or standby and dying in its sleep, not an uncommon event.

Usually relates to a driver issue, but if hibernation and standby are not used then it should never need to be looked at any deeper.

Read other 1 answers

My sister-in-law's laptop is infected with a virus and I am removing it for her with your help (thank you in advance!). Anyway, it's a Acer Aspire 4730Z and I don't have a boot cd as this laptop was not provided with it and like a lot of laptops it has a special partition.

Anyway, this laptop is locked down! I am unable to use networking (i.e., connect to the internet, etc) or a USB flash drive. The only way I could run the first 2 tests (dds and gmer) was to burn them to a dvd and then copy them to the machine which is running in safe mode.

So, I've run the tests but I am unable to provide the log files as requested. Do you have any suggestions on how to proceed in this situation?

Thank you,

P.S. OS is Windows Vista

A:Sister-in-law's Laptop Infected

I typed the contents of the GMER log (ark.txt file) since I can get the file from the infected laptop. Please note that I have also saved in a text file and attached it. Hope this helps ... here is the content:

GMER - http://www.gmer.net
Rootkit scan 2012-11-03 12:45:31
Windows 6.0.6002 Service Pack 2 Harddisk0/DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: gmer.exe; Driver: C:\Users\Anita\AppData\Local\Temp\kwdorpow.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\Users\Anita\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[1912] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 7666B37C 4 Bytes [00, 26, 00, 10] {ADD [ESI], AH; Add [EAX], DL}
.text C:\Windows\Explorer.EXE[1912] SHELL32.dll!ShellExecuteExW + 18B7 7669DA14 4 Bytes [10, 1B, 00, 10] {ADC [EBX], BL; Add [EAX], DL}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Devices - GMER 1.0.15 ----

Read other 16 answers

Hi everyone,
I build my own systems but need opinions for a laptop for my sister who lives in another state. She's ready to upgrade and plans on buying a new laptop.
Her current PC is 11 years old. What I want her to get is something top of the line because she won't be upgrading again for another 10/11 years.
She's not a gamer, just needs MS [COLOR=blue !important][COLOR=blue !important]Office[/COLOR][/COLOR] and email. But i want her to have lots of speed cause she only has DSL and not cable like i have.
And also because she won't be upgrading again anytime soon.
Any and all recommendations would be appreciated.

A:Opinions for a new laptop for my sister.

how much do you want to spend ?

MS Office does not come with any PCs as standard , unless theres some really special deal - so you will also have to buy the MS package - there are free alternatives - openoffice.org for example

for basic use most machines will cover your needs for email and basic use of word and excel

Read other 1 answers

Okay, so my sister bought an Acer Aspire 4330 almost a year ago.

Lately, it's been... weird? It is overtly slow, crashes a lot, get's BSODs, and generally just sucks.

Is there anyway to fix it back to normal? I'm a computer geek but this.. This i've never dealt with. Malwarebytes, Nod32 online, Bitdefender Online, AVG, Avira, and Avast pick up nothing (No, those all aren't running at once. I tried them randomly. Currently, she has Avira) Windows Vista Basic.

What can I do?

My other sister has a Gateway laptop, and it's like the left button on her touchpad is either broken or jammed. Her right button works. So I had her set her touchpad to left-handed mode (Right click is normal click so on) and when she boots, it automatically opens a context menu as if she clicked the context button. Anything I can do about that? Windows Vista Home Premium.


A:Is my sister's laptop dying?

Okay, so my sister bought an Acer Aspire 4330 almost a year agoFirst, she might check if it carried a 1 year warranty, if so, check with where she bought it on warranty procedures.

Read other 5 answers

I have a laptop I want to give my sister, and I would like to pre-install Windows 7 Home Premium from from my Family Pack Upgrade. Here is what I want to do and I'm hoping someone can tell me if it's possible.

I have the 3 licenses from my Family Pack in use on my own machines. I would like to perform a clean install on the laptop I intend to give to her using the my Family Pack media. When the time comes to enter the product key, I intend to NOT enter a key and deselect the activate Windows when I go online box. As soon as the installation is complete and everything is running properly, I will then navigate in REGEDIT to HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/Setup/OOBE/MediaBootInstall and change the value from 1 to 0. Then, from the Command shell as Administrator, I'll run slmgr/rearm to authorize the UAC, allowing Windows to be activated in 30 days.

I'm hoping that I can give her a good-running laptop and let her purchase her own license. During previous activations, I recall seeing an option to purchase a key online. When she gets the machine and attempts activation, can she just simply purchase her own, new key online during the activation process? Could it be just this easy?

A:Giving Laptop To Sister Without A Key?

You are going thru an awful lot of trouble for nothing. Since you want your sister to buy a license in 30 days, why don't you have her buy e.g. an OEM license for $95 right now and install with that. E.g. this one: Newegg.com - Microsoft Windows 7 Home Premium 64-bit 1-Pack for System Builders - Operating Systems

Read other 9 answers

So a while ago, my sister has been using my mom's laptop to watch YouTube videos. However, some of the keys have been acting up. Here's which keys act up. "E" and "R" would often be type together as either "ER" or "RE". "B" or "N" would start a new tab. "D" and "F" would be typed together as "DF" I don't know what she caused it to act up. I thought it was liquid damage, like what happened to another laptop. But even though she spilled some liquid before, it was only miniscule and they still work after drying it up. There was a time she did something similar where she kept holding on the mute button and it doesn't respond. Maybe I have to let the keyboard exhaust "the typing energy" out. I'm not sure what exact HP laptop my mom used, since it was a refurbished one and there's no lable on the bottom, and she already tossed the box away. Here's what I can figure out. It has "Pavilion" and "B&O", it has close to 900gb,  and it's bigger than a 15 inch. Here's the closet I can find. 

Read other answers

My sister is not all techy, she had vista on her laptop, windows vista 64bit and it was running horribly even with 3gigs of ram, and so I downloaded the 32bit version of windows 7 ultimate on my computer and installed it on my laptop, and so she said that she wanted windows 7 on her laptop too, so I installed it on hers, soo this morning she woke up, and I told her that her laptop was running windows 7 32bit and she thinks that I just ruined her laptop by putting a 32bit operating system on her system, and she is so wrong!, she thinks that there is a lot of difference from 32 bit to 64 bit, her computer only has 3 gigs of ram and its faster than vista 64 bit, I am frustrated because after all the hardwork of putting windows 7, she now wants me to put vista 64bit back, she says "my processors is 64bit! put vista back!", but my laptop, my desktop and her laptop are 64bit capable but are running 32 bit, can anyone explain to her that there isnt a major difference between 32bit and 64bit! plz! she wants to go back to the buggy vista and thats a huge mistake!, , she thinks that her laptop is worthless just becuase it is running on 32bit... help!!!!!

A:I put windows 7 on my sister laptop, she hates it.


even though you are right I think she has made up her mind and it is her computer. why not just put 64bit win 7 on?


Read other 9 answers

Hi - The sister-in-law came for the holidays, and when she tries to hook in to our network, the whole thing goes down. Unplugging her computer doesn't help; rebooting the router & cable modem (with her disconnected) gets everyone running again, except her. I've got to get her off my computer! Which will only happen when she gets hers to work on our network.

So: our network has never had a problem with any other computer like this. Likewise, she swears she's never had a problem connecting to (or killing) another network besides ours. I'm running a Linksys cable modem, then a D-Link WBR-1310 wireless router. Further downstream, there's a switch or two. The behavior is the same whether she tries to connect via WiFi or cat5. She's running Win7; I think most of our other computers are Vista & XP.

Any advice on where to start?


A:Sister-in-law's laptop kills the network

Read other 10 answers

Logfile of HijackThis v1.99.1
Scan saved at 10:08:54 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet E... Read more

A:Review another Logfile....for Sister in Law's Laptop! Please, and thank you!

Add remove programs remove Lime shop


O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

Read other 1 answers

My desktop is running super slow after my sister got the idea from a friend to use Ares to get music. I frown on this, but I believe I removed it completely. I cannot seem to get the computer back to normal speed though. It is a 160GB HDD, with only about 30-40gigs used. I'm not sure exactly what the problem is, but I've heard you can get keylogging programs from p2p programs like Ares. So, I need to just check for and remove anything that is bad for this computer and slowing it down massively. Thanks for your help, time is kinda of the essence because I need this for school and don't want to use any of my passwords.

Here is a Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:09 PM, on 3/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceSe... Read more

A:Computer is running super slow; sister installed Ares to use

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 2 answers

I recently got my computer back from letting my little sister borrow it, and i want to make sure there isn't any viruses in it. IT seems like it runs slower than normal sometimes. I found some adware after running a scan with Malwarebytes, but  not much else with any other scan. My laptop is running Windows 10 64-bit. Please let me know of any possible scans or logs that you will need. Here's thew log for Malwarebytes:
Malwarebytes Anti-Malware
Scan Date: 6/20/2016
Scan Time: 5:28 PM
Administrator: Yes
Malware Database: v2016.06.20.07
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Julian
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 317634
Time Elapsed: 23 min, 9 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 1
Adware.ClickShell, C:\Users\Julian\AppData\Local\Temp\JXfmopDp.exe.part, Quarantined, [52e5fa05bfda9c9af57fee9451b0dc24],
Physical Sectors: 0
(No malicious items detected)

A:Checking my laptop for any viruses after i let my sister borrow it.

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

Read other 0 answers

My little sister (age 10) has been complaining for me to fix her laptop to our Mom, who is in turn pressuring me to fix it, thinking for whatever reason that I know anything about virus removal. Being that I'm only Fifteen, I don't know much about it, because I've always been cautious enough to not get one on my PC. But anyways, here is the report I pulled up on the threats.

C:\Program Files\ESET\nod32fix.reg Win32/HackAV.G application
C:\Users\crescent\AppData\Local\Mozilla\Firefox\Profiles\qtr4hhdl.default\Cache\0\B9\9080Ad01 JS/Kryptik.DU trojan
C:\Users\crescent\AppData\Local\Mozilla\Firefox\Profiles\qtr4hhdl.default\Cache\D\9E\13201d01 JS/Kryptik.DU trojan
C:\Users\crescent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\42d6ad16-7ef0e7bf Java/TrojanDownloader.OpenStream.NCA trojan
C:\Users\crescent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\35d60d30-69e06deb Java/TrojanDownloader.OpenStream.NCA trojan

I have no idea what she got it from, she is always finding some new idioticly risky thing to do with her stuff. Help would be much appreciated.

A:Need help cleaning up sister's laptop, It's a trojan of some sort

Hello Wooden Judas,

If you still need assistance, please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Once I have those logs, we can get started.

Read other 16 answers

This is my sister's computer here, I'm still learning. I've done what I can, but when it comes to fixes like these, i'm in the dark.

I can't include a Panda or Kaspersky log because the IE and Mozilla shuts dwn mid scan.

Deckard's System Scanner v20070711.54
Run by Owner on 2007-07-24 at 19:32:02
Computer is in Normal Mode.

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-07-24 23:32:09 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-24 19:33:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
C:\Program Files\Symantec_Client_... Read more

A:Problems with Sister's Comp, Vundo popups, spyware, slow system

Hello rzantarra

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Read other 8 answers

Hi,Antivir keeps reporting that it found 2 trojan horses everytime i reboot my laptop. Deleting it with antivir does not help. I would be pleased if anyone can/wants to help me.Possibly more malware/virus/trojan horses on this laptop.Please help.ThxDDS (Ver_09-03-16.01) - FAT32x86 Run by Evers Kris at 12:18:21,62 on zo 29-03-2009Internet Explorer: 6.0.2800.1106Microsoft Windows XP Home Edition 5.1.2600.1.1252.31.1043.18.446.145 [GMT 2:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k NetworkServiceC:\WINDOWS\System32\svchost.exe -k LocalServiceC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\svchosts.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\PROGRA~1\LAUNCH~1\QtZpAcer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\{262916F0-031B-1... Read more

A:TR/Spy.Vundo.AF, TR/dldr.agent.13321.3 => on laptop of my sister

Hello kris_e,Download Security Check by screen317 from here or here and save it to your Desktop. Unzip SecurityCheck.zip and a folder named Security Check should appear. Open the Security Check folder and double-click Security Check.bat Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfec... Read more

Read other 2 answers

my sister logged on to my laptop using her outlook email account and now she is listed as the admin and all my files are under her account how can I change her from admin and get her out of my account but still let her use my laptop and not lose any info?

A:sister logged on to my laptop using her outlook email account

Originally Posted by Aylin17

my sister logged on to my laptop using her outlook email account and now she is listed as the admin and all my files are under her account how can I change her from admin and get her out of my account but still let her use my laptop and not lose any info?

Microsoft make it (too) easy to accidentally switch from a local account to a Microsoft account, though usually it's your own account that gets switched to. This Tutorial tells you how to switch back.
Local Account - Switch to in Windows 10

Once you've switched back your sister won't have a log in on your PC. If you want to let your sister log in in the future, you could create a second account for her. You can even set it up as a Microsoft account. You could also make sure it's a standard account, not an admin. There's a Tutorial for that too.
User Account - Add in Windows 10

Read other 1 answers

Hello again,My sister's laptop got infected when she was on youtube on Friday. By accident she click on the VAM2010 pop up to click out which had make it worse with more pop ups. She couldn't use Malwarebytes cuz it wouldn't let her open it. Today I put her laptop on safemode to see if it'll let us go onto Malwarebytes but it still doesn't work and the popups still appears. I need BC assistance removing the virus/malware/spyware. Thank you for the help.

A:My sister's laptop infected with Vista AntiMalware 2010

Before using MBAM download rkill from hereOnce it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself Now try to run MBAM

Read other 12 answers


I have AVG internet security installed on my computer. It runs really well (despite it slowing my computer slightly )

However when I run a scan, reaching the end, it automatically begins "healing" any threats it may have come across. This is all well and good but when it gets right to the end of this process it seems to get stuck almost like it crashes. My cursor turns into the sand timer and "(NOT RESPONDING)" appears in the top of the window?!

It's not a massive problem but I thought I'd post the query in case there's either something I'm doing wrong or in case anyone else has encountered this problem before.

A:AVG Stuck Healing

Hi Mr C, Please stop creating new threads on same subject. You have 2 going already and a moderator will have to close 1 of them.

Read other 2 answers

Listen, guys,
Antivirus: AVG
VIRUS NAME: Trojan Horse PSW.Generic2.QEO ... i didnt find single link on internet.
File size: 3,88kb

I noticed the file keeps popping up -- C:\Windows\system32\CsdDriver.sys , I was reading a post here http://forums.techguy.org/security/502809-solved-virus-keeps-popping-up.htm , but there is a bit different, it pop ups again and again, I updated my AVG, its fixing it, but it appears after a few seconds. The thing is that there are no C:\WINDOWS\system32\UpperHost.dll file... And this is quite odd, if there was, I could act as the man said in the previous Link..

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:16, on 2006.11.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files... Read more

A:Please, help me healing this one virus :|

Read other 8 answers

I recently wrote a review of a just-being-released addition to the ThinkPad line, the 14? T490s.  My writeup was based on the one system I had in front of me and, as always with pre-released systems, documentation was sparse at best.  The computer had very early drivers and system software but was remarkably stable and reliable.  New system software started to appear, and I noticed a new BIOS image, that was described as the initial release, but was substantially newer than what was on my computer.  I always try to apply updates as early as possible on any machines I review, hoping to identify any unexpected issues before the general market.  During the BIOS update, a message I had never seen flashed by.  As a result of nothing more than blind luck, my camera happened to be within reach and the battery was charged.  I apologize for the quality of the photo, but there was no time for staging.
New message
Based on what I can ascertain, the process is intended to be completely invisible to the user, other than the message I noticed.  After a BIOS update, the BIOS restarts and, after initialization, the image is backed up before booting into Windows or another operating system.   On subsequent startups, if there is a problem starting, the backed-up BIOS image is restored automatically.  In some ways, this is similar to the way Microsoft handles drivers in Windows. 
As I would expect, Phoenix Techno... Read more

Read other answers

Logfile of HijackThis v1.99.1
Scan saved at 4:01:52 PM, on 1/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QuickTime\qttask.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Sec... Read more

A:AVG detects threat and keeps healing

Read other 16 answers

Hi, for the last few months I have been using AVG, and in that time I have encountered a few viruses, mainly called JavaByte/Verify, that will not heal, delete, or move to virus vault. Can someone tell me why?
Thanks a lot.

A:Help with AVG removing/healing viruses.

I have ran into this on a clients computer he wanted me to fix. The only way I removed it was to slave the his drive into my test bench computer and used F-Secure to remove it.
Another note. Turn off system restore when removing viruses or removing spyware/malware.

Read other 3 answers

I have had this issue for many months, now. I loaded Vista x64 Home Premium to run in a dual-boot configuration with my XP Pro. I do critical work so I didn't trust going to Vista exclusively. I mainly wanted it to see if I could utilize all my RAM and speed up Photoshop processing.
I have had it working three or four times, (except for tablet functionality) then when I must re-boot because of SP1 and other security updates or in one case, I installed Office 2007, it does nothing on restart; black screens and just sits there, totally unresponsive. No blinking of the LED which shows drive activity. When re-booting, F8 isn't working (nothing happens). Regarding the previous instances, I gave up trying to get it to respond and went back to booting into XP, which always works fine. Then after a period (usually a month or more) I will try booting into Vista, on restart, and viola, it works again!
WTF is going on?

ASUS A8N32-SLI Deluxe motherboard
AMD Athlon 64 X2 4400+ Toledo: 2,400 Mhz on air (10% OC)
Thermalright XP-90C with 92MM Thermoflow temperature sensing fan
4 Gig of OCZ Titanium DDR400 (PC3200) dual channel, unbuffered RAM
MSI NX6600-TD256E video card & dual 24? wide screen LCDs setup
2X - WD 250Gb 7200RPM SATA main drive, w. 16Mb cache
(one for XP Pro and one for Vista x64 Home Premium)
2X - Fujitsu MAU3036NP (15K RPM hard drives running SCSI 0 [striped])
Lian 7077A - full tower case with optional 120mm fan in top,
90mm fan (stock AMD-CPU) angled facing MB chips... Read more

A:No reboot after updates and then mystery healing

How did you set up the dual boot?

Read other 8 answers

I'm currently disturbed by this popup every time i open my computer. Whatever user I log-in the same popup appears. The title of the popup is "C:\WINDOWS\system32\keyboard\services.exe" Below that, a message says that Windows cannot find 'C:\WINDOWS\system32\keyboard\services.exe'.This started when I transferred video clips from an mp4(ipod). Of coarse, I scanned it first using my updated AVG free edition and found no threat. After that i downloaded a free realplayer11 from cnet (here's the url: http://download.cnet.com/RealPlayer/3000-1...-10073040.html). It was saved to my desktop so as the video clips that I transferred. Then I tried to install realplayer but upon running the downloaded installer, it warned me that the computer will be restarted after the installation. So, I decided to cancel it first and remove first the mp4(ipod) and the flash drive of my cousin (which was already there when I used the computer). I failed in safely removing the mp4(ipod) but succeeded in removing the flash drive. I then, decided to forcefully remove the mp4(ipod) and started a computer scan. As expected, I found 1 trojan and successfully healed it. AVG asked for a restart and I clicked 'yes'. From that time, this annoying popup shows.The incident happened while I'm using the Administrator Account.I'm using Windows XP Professional SP2Please help me with this problem....

A:Popup After Healing Infected File

Hi and welcome..Its not unusual to receive such an error after using specialized fix tools.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via ... Read more

Read other 17 answers

I am using AVG Free version 7.5 and it is updated but it doesn't heal viruses anymore example RavmonE.exe that can be healed by other computers with AVG FREEMoved from the "XP" Forum. ~acklan~

A:My Avg Free Is Not Healing Viruses Anymore!

Do you have any other anti-virus software on your computer or something loike security suite?

Read other 1 answers

Xi'an Double Road Import and Export Co., Ltd. is the production and sales of biotechnology products, has always focused on high quality, is China's biotechnology industry's leading enterprises supply.
Since 2010, China in production and sales of our products have been ranked first in the industry, has become a silver antimicrobial technology and products, including silver antibacterial agent 1-MCP preservation of professional manufacturers, the company has a complete and scientific quality management system, integrity, strength and quality of being recognized products, welcome friends from all walks of life come to visit and negotiate business.Skin Wound Healing Cream suppliers

Read other answers

We?ve covered how to use the old school CHKDSK command check on disk in Windows 7 yesterday but what we didn?t touch is actually even better. It?s a nice new feature that I didn?t realize its existed either until very recently.

Basically, once the feature is turned on, Window will detect a physical file system error and automatically fix it on the fly without you even noticing it happened. Because of this, you actually have a lot less chances having to run CHKDSK to check the disk manually because most likely the errors you suspected may have been fixed by this self-healing process already.

NTFS Self-healing is turned on by default in Windows 7 but if you are not sure you can use the following command to make sure. Note that the command has to be run as Administrator.

fsutil repair query c:

However, there is a possible downside that you may have already been thinking and wondering. Yes, the data may potentially be removed silently without user?s knowledge during the self-healing process. To address this issue, Microsoft added BugCheckOnCorrupt option that does something you may think it?s crazy.

It throws a BSOD (blue screen of death) and shuts everything down instead of attempting to fix the error, if the system discovers any NTFS corruptions.

Yes, not every BSOD is bad. Some of them happened in purpose, just like this as designed. It does sound crazy because why you would want the system crash, but from the data safety perspective, this att... Read more

A:NTFS Self-Healing is An Overlooked but Useful Feature in Windows 7

Thanks Nick, interesting read.

Read other 2 answers

Does anybody have any information on this virus in English, the only references are in Russian that I can find.

After AVG has scanned and healed the thing it comes up with warning box saying it has been found (Krepper.V) and to run AVG but it does not show up after scanning.

A:trojan horse virus and AVG healing THEN displaying warning

Sophos KrepperSee this link for info on Krepper from Sophos. There's also removal instructions but this means running Sav32Cli but this is command line based if you aren't happy using the command line I suggest using my tool RescueME see the sig.I would also suggest taking a hijack this log before and after cleaning and post both http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ here for analysis to ensure that you are clean.

Read other 3 answers

AVG keeps on detecting "virus found exploit" with the file extensions of .htm/.html. while in the healing process, it would result in error along in the process...
i dunno what to do but here is the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 947 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSch... Read more

Read other answers


Incident Status Location

Adware:adware/ilookup Not disinfected c:\windows\iLookup
Adware:adware/comet Not disinfected c:\documents and settings\all users\application data\Starware
Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\FunWebProducts
Adware:adware/s... Read more

A:Weird "can't find file" message on startup, viruses not deleting or healing

Please go HERE and carry out the instructions that are posted.Thankyou..

Read other 19 answers

my sister/brother in laws pc is in a right state. It only stays logged on for about and hour, then switches itself off.. when i run Spybot.. it switches off every time after 30 seconds.. the minimize page function really messes around.. anyway.. i've tried to run HJT and sent it to my pc.. it should be attached below.. any advice appreciated at always.

Logfile of HijackThis v1.99.1
Scan saved at 19:44:28, on 11/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe ... Read more

A:Sister's HJT Log

I thought it might be tricky.. but i expected one reply? Is it really that bad.. come on break it to me.

Read other 14 answers

Here's her log from the analyzer....

Log was analyzed using HijackThis Analyzer - Updated on 1/7/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


Logfile of HijackThis v1.99.0
Scan saved at 12:16:35 PM, on 1/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\NaviSearch\bin\nls.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websea... Read more

A:trying to help my sister, please help me

I Recommend having 2 or more Spyware removal programs there are what i use.

Ad-aware se


Spybot Search & Destroy


Webroot Spy Sweeper 3.5


Spyware Doctor 3.1


I also make sure to "update" all these products. They all have a build in update button of some sort.

After scanning with any 2 of these products fix all registry related problems with this

Registry Mechanic 4.0



Read other 4 answers

My sister managed to load her PC up with malware/adware/viruses and god knows what else. She insists she has no idea how or when this occured, but I have been working on the problem all day and still haven't fully resolved it so I am turning to my friends at TSF for their expert support!

The initial symptoms were a message on the desktop talking about spyware, disabled task manager, disabled windows installer, error messages that say NT Authority\System (or another user) and force shut down in X seconds, as well as an item in the system tray talking about spyware (via flag type pop-up) and mentioning there is a 3rd party watching.

I have gotten rid of all of those symptoms except the NT restart thing, but still feel like remnants of spyware remain.

Thanks in advance,


DDS (Ver_09-01-07.01) - NTFSx86
Run by User at 22:44:20.60 on Wed 01/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.383 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\b... Read more

A:I don't know...my sister did it

BUMP, please

Read other 13 answers

Please can someone help my sister.
She has downloaded something called Free Internet Washer Pro from a pop up ad and now she can't get rid of the icon and searchbar. She says her computer is running slower than usual. She has run Spybot, but nothing was found.
She removed it through add/remove programmes, but it's still there.
She's running W98 IE5.
Any help would be greatly appreciated.
One more thing, she has run reg cleaner as well and removed what was left from there.

A:Help for my sister

Read other 12 answers

Could someone please take a look at this, ran spybot and ad-aware to remove some junk.


Logfile of HijackThis v1.99.1
Scan saved at 2:22:42 AM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\{4065618A-0510-1033-0327-010923990001}\Update.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Marisa\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-spree.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = ... Read more

A:Sister's log

Read other 16 answers

My sister's visiting from NYC and she brought her laptop (I'm trying to help her set it up so she can use her cell phone to connect online), but before doing that we need to clean up her computer. It's a mess! We've downloaded and ran Ad-aware and SpyBot and Cleanup and we've cleared up all kinds of things, but there's a lot left, including a bug (TopRebates) that's giving us a heck of a time. If anyone can help, we'd appreciate it. Here's her log:

Logfile of HijackThis v1.97.7
Scan saved at 4:35:15 PM, on 10/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\dla\tfs... Read more

A:Sister's Hijackthis log

Read other 9 answers

Her computer is awfully slow.. I did get rid of some spyware, but thought I would help her by posting the log with you guys. YOu did a wonder job with my computer. I hope you can do the same with this one.

Logfile of HijackThis v1.97.7
Scan saved at 7:28:08 PM, on 12/28/2003
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

A:Sister-in-laws HJ log...

Read other 14 answers

hi guys!as many of you may have read, my sister is having a stem cell transplant sometime soon...when we finally rid her body of infections. in the meantime, i am living at her house, caring for her kids, until they're ready for MY stem cells.her puter is a mess....hopefully you can help. i've dl'ed adaware, spybot, and avg...and ripped norton (useless piece of.....) out. adaware did a decent job, as did spybot...and now avg can help keep out new stuff...but her puter is still running pretty slow. course, part of that is her dial up connection...the only thing available in her area. cable is less than 3 blocks away, dsl is at the end of the street.....go figure. i personally think qwest is too lazy to look, but oh well. it won't be for much longer as we'll be moving them much closer to family (where cable internet roams!) as she'll be needing full time help for a year or so.so here it is, the hjt log! thanx, guys.....you work SO hard and are SO underappreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:32:35 AM, on 1/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Sy... Read more

A:Sister's Puter

Hi nmdamgud, If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.Thanks for your patience.

Read other 1 answers

I just went through the normal paces trying to clean my sister's computer. I ran adaware/spybot/panda/pc-cillin/stinger/windows update EXCEPT for SP2. I would like to upgrade her to SP2 now, but if someone could help me tell if she is really clean or not, I would appreciate it. Here is her log:Logfile of HijackThis v1.99.1Scan saved at 2:38:49 PM, on 12/28/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\DSentry.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Support.com\bin\tgcmd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttas... Read more

A:My Sister's Computer... Did I Fix It?

Hi Goody16 and welcome, My name is SifuMike and I will be helping you. I am reviewing your log, and will post back shortly

Read other 5 answers

she just got highspeed internet and is setting up outlook express and for some reason it won't accept her password when she puts it in, what can she do to fix this?

A:help needed for my sister

Hi kosp41302

Can you clarify?
She cannot key in the password, or she is receiving an error message when she tries to send and receive?

The server may require authentication.
In Outlook Express,
Tools > Accounts > (Account Name) > Properties > Servers tab
At the bottom, place a check mark in: My server requires authentication
Click the Settings button.

The default should be: Use same settings as my incoming mail server
OK, Apply, OK, Close

Try sending a test message.

Let us know if that works or if indeed she is unable to enter the password.

Read other 1 answers

ok, i recently made a thread about a spyware problem i had, and thanks to some nice people i got rid of it. Right now i'm on my sisters computer and its in horrible condition. i downloaded adaware and updated it/ran it, and it found something like 1,413 items . i did the same with search and destroy right after and it found a few that were left over. i downloaded spy blaster just incase it was going to get infected when i connected back on the internet but amazingly i haven't got a sigle pop-up.

anyway, they have way too many programs on their computer for me to be deleting stuff. i ran the updated hijack this . please give me any other info on what i should do to clean up their system.
here is the log:

Logfile of HijackThis v1.98.2
Scan saved at 8:11:10 PM, on 11/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Fil... Read more

A:my sister's computer needs your help!

Hi......Download "Winsockfix.exe" from here: http://www.tacktech.com/display.cfm?ttid=257
Use the program,only if you lose internet conectivity after removing "NewDotNet"
Go to Add/Remove Programs,select "New.Net" from the list and click Add/Remove.
Repeat this for ".P2PNetworking",Reboot after.
Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows including this one and "fix checked"

R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: BHO - {00000015-A527-34E7-25C2-03A4E313B2E9} - c:\WINDOWS\system32\winsrvs_1.dll
O4 - HKLM\..\Run: [O1KbqGP] C:\documents and settings\shady\local settings\temp\O1KbqGP.exe
O4 - HKLM\..\Run: [requester] "C:\WINDOWS\System32\requester.5.exe"
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/initial.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Reboot into safe mode by following instructions here: http://... Read more

Read other 1 answers

Im visiting in Florida in two weeks and Im going to fix her computer then.Shes ran spybot and adaware, but shes so ignorant (not in a bad way) when it comes to this removal stuff that she has to have me do it for her. I would appreciate some guidance as to what to do when I get there. I've had success here before so I thank you in advance.LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:54:51 PM, on 8/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Mcafee\MWL\MWLGui.exeC:\Program Files\SiteAdvisor\6253\SiteAdv.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\lphce1pj0e19v.exeC:\Program Files\rhca1pj0e19v\rhca1pj0e19v.exeC:\WINDOWS&#... Read more

A:Hijack Log For Sister!

Hello vertigoa,

I apologise for the delay, the forum is too busy.

If you still need help, post a new HijackThis log.

Read other 2 answers