Does anyone know if there is a virus or malware that can affect the keyboard function of a laptop? There are certain sites that I go to and when trying to comment on issues, I seems that my keyboard is being disabled. It will skip letters and I lose control over what I am typing completely.
security
↧
↧
Is this some kind of Spam?
I went to java's site as you suggested & it told me Java on my computer is up to date & it didn't find any old versions on my pc. I guess the site i was forwarded to was trying to give me malware.
↧
Computer is slower. Possible virus
Hello and thanks in advance for all help and suggestions.
I'm posting because I've noticed my computer is running slower. I do run antivirus and antispyware tools but it seems it doesn't speed my computer up that much. I suspect I may have a virus that's not being picked up. Any special "tools" I need to use?
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+, x64 Family 15 Model 107 Stepping 2
Processor Count: 2
RAM: 3005 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 64 Mb
Hard Drives: C: Total - 293829 MB, Free - 165510 MB; D: Total - 11413 MB, Free - 1562 MB;
Motherboard: ECS, Iris8
Antivirus: AVG Internet Security 2014, Updated and Enabled
I'm posting because I've noticed my computer is running slower. I do run antivirus and antispyware tools but it seems it doesn't speed my computer up that much. I suspect I may have a virus that's not being picked up. Any special "tools" I need to use?
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+, x64 Family 15 Model 107 Stepping 2
Processor Count: 2
RAM: 3005 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 64 Mb
Hard Drives: C: Total - 293829 MB, Free - 165510 MB; D: Total - 11413 MB, Free - 1562 MB;
Motherboard: ECS, Iris8
Antivirus: AVG Internet Security 2014, Updated and Enabled
↧
MBAM not working..Backdoor Trojan...HELP!!
I don't know how, or when, this happened. But I am very concerned now. I thought it was just malware.
The black command prompt box keeps appearing on the screen, if you blink you just might miss it.
MBAM WILL NOT WORK. I love MBAM and never had issues with it...until recently, the past couple months. I have uninstalled and reinstalled several times, I tried chameleon, I tried completely cleaning MBAM from my laptop...no luck whatsoever.
Web pages keep trying to redirect, new pages open(not tabs) without my doing so.
I have also noticed the CPU usage max out often, but I am unsure if it is related to the issues.
Your help is very much appreciated!!!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3682 Mb
Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
Hard Drives: C: Total - 280052 MB, Free - 193714 MB; D: Total - 23952 MB, Free - 2845 MB;
Motherboard: Hewlett-Packard, 188B
Antivirus: Windows Defender, Disabled
The black command prompt box keeps appearing on the screen, if you blink you just might miss it.
MBAM WILL NOT WORK. I love MBAM and never had issues with it...until recently, the past couple months. I have uninstalled and reinstalled several times, I tried chameleon, I tried completely cleaning MBAM from my laptop...no luck whatsoever.
Web pages keep trying to redirect, new pages open(not tabs) without my doing so.
I have also noticed the CPU usage max out often, but I am unsure if it is related to the issues.
Your help is very much appreciated!!!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD E-300 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3682 Mb
Graphics Card: AMD Radeon HD 6310 Graphics, 384 Mb
Hard Drives: C: Total - 280052 MB, Free - 193714 MB; D: Total - 23952 MB, Free - 2845 MB;
Motherboard: Hewlett-Packard, 188B
Antivirus: Windows Defender, Disabled
↧
ESET - no START button
I heard about ESET online scanner. I tried to use it but for some reason, I don't have a START button to click. What happened?
↧
↧
Malwarebytes Scan Threats Detected .
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 7/31/2014
Scan Time: 12:51:23 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.31.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259624
Time Elapsed: 5 min, 58 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 9
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\CLSID\{65daaf6f-90ac-49a4-9b47-d353c427367a}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3d2409fc-ae09-4859-baa1-032c4af0c952}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9D842DD0-7F7D-444C-8BDD-EC9A702C62D9}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{65DAAF6F-90AC-49A4-9B47-D353C427367A}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\CLSID\{65DAAF6F-90AC-49A4-9B47-D353C427367A}\INPROCSERVER32, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [14fd8d194338c571a6080494a35f6898],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AtuZi, , [fc1574329fdcbc7a1f5a1fc562a0e917],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\AtuZi, , [26ebb5f14e2d8fa7bebd0cd8c939e818],
PUP.Optional.AtuZi.A, HKU\S-1-5-21-1291597386-3153512252-1289185995-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AtuZi, , [c9486e38097223134733549037cbdf21],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi, , [fc1574329fdcbc7a1f5a1fc562a0e917],
Files: 4
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\AtuZiBHO.dll, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\AtuZi.ico, , [fc1574329fdcbc7a1f5a1fc562a0e917],
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\7za.exe, , [fc1574329fdcbc7a1f5a1fc562a0e917],
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\AtuZiUninstall.exe, , [fc1574329fdcbc7a1f5a1fc562a0e917],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 7/31/2014
Scan Time: 12:51:23 PM
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.07.31.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259624
Time Elapsed: 5 min, 58 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 9
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\CLSID\{65daaf6f-90ac-49a4-9b47-d353c427367a}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3d2409fc-ae09-4859-baa1-032c4af0c952}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9D842DD0-7F7D-444C-8BDD-EC9A702C62D9}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{65DAAF6F-90AC-49A4-9B47-D353C427367A}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\CLSID\{65DAAF6F-90AC-49A4-9B47-D353C427367A}\INPROCSERVER32, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [14fd8d194338c571a6080494a35f6898],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AtuZi, , [fc1574329fdcbc7a1f5a1fc562a0e917],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\AtuZi, , [26ebb5f14e2d8fa7bebd0cd8c939e818],
PUP.Optional.AtuZi.A, HKU\S-1-5-21-1291597386-3153512252-1289185995-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AtuZi, , [c9486e38097223134733549037cbdf21],
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi, , [fc1574329fdcbc7a1f5a1fc562a0e917],
Files: 4
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\AtuZiBHO.dll, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\AtuZi.ico, , [fc1574329fdcbc7a1f5a1fc562a0e917],
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\7za.exe, , [fc1574329fdcbc7a1f5a1fc562a0e917],
PUP.Optional.AtuZi.A, C:\Program Files\AtuZi\AtuZiUninstall.exe, , [fc1574329fdcbc7a1f5a1fc562a0e917],
Physical Sectors: 0
(No malicious items detected)
(end)
↧
Infected
Stickers,
Are you connected to a business with this machien?
-----------------------------------------------------------
You have multiple antivirus programs running on your PC at the same time. They will conflict with each other and cause system instability and/or improper AntiVirus protection.
Choose to keep just one: either the COMODO or Advanced System Care or BitDefender, and Uninstall the other two.
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click the Entries you want to remove, one at a time, choose Uninstall, and give permission to Continue.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when some text appears in the box, click Save List To File.
A message box will verify the file saved. It is important that you run the program just once..
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
askey127
Are you connected to a business with this machien?
-----------------------------------------------------------
You have multiple antivirus programs running on your PC at the same time. They will conflict with each other and cause system instability and/or improper AntiVirus protection.
Choose to keep just one: either the COMODO or Advanced System Care or BitDefender, and Uninstall the other two.
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click the Entries you want to remove, one at a time, choose Uninstall, and give permission to Continue.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when some text appears in the box, click Save List To File.
A message box will verify the file saved. It is important that you run the program just once..
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
askey127
↧
Hacked Internet Connection ,Remotely Controlled
Forgot to add if it would help things, I can go online anyway, but it would have to be tomorrow or later.
Also forgot to add I believe they used Thunderbird to download my emails, as that is what I was using for my email client. Thanks again
Also forgot to add I believe they used Thunderbird to download my emails, as that is what I was using for my email client. Thanks again
↧
Invoice 951266 fake PDF malware
I have just received the email below and am trying to find the answer as to how to search for any malware and also remove any harmful programmes etc that I may have inadvertently downloaded.
Hello,
Please can you let me have a payment date for the attached March Invoice?
Kind Regards
Sue Mockridge
Accounts Administrator
(Main) 01884 242626 (Direct Dial) 01884 250764
Please consider the environment before printing
Broad Oak Toiletries Ltd, Tiverton, Tiverton Way, Tiverton Business Park, Tiverton, Devon, EX16 6TG
Registered No. 1971053 England & Wales
Telephone: +44 (0) 1884 242626
Facsimile: +44 (0) 1884 242602
CONFIDENTIALITY:
The information in this email and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). The unauthorised copying, retransmission, dissemination and other use of, or taking of any action in reliance upon, this information is prohibited. Unless explicitly stated otherwise, the contents of this message are strictly subject to contract; any views expressed may be personal and shall not create a binding legal contract or other commitment on the part of Broad Oak Toiletries Ltd.
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
23 April 2014: Invoice 288910 March 2014 ( 10 kb) Extracts to Invoice 288910 March 2014.exe Current Virus total detections: 2/50
25 April 2014: March invoice {DIGIT5}.zip ( 462 kb) Extracts to March invoice 627710.exe Current Virus total detections: 11/51
2nd version on 25 April 2014: March-821777 2014.zip ( 364 kb) Extracts to March invoice 627710.exe Current Virus total detections: 14/50
6 May 2014: April invoice 867984.pdf ( 11kb) Current Virus total detections: 10/51
This Invoice 951266 is another one of the spoofed icon files that unless you have show known file extensions enabled, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying look at this picture of me I took last night and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Be very careful when unzipping them and make sure you have show known file extensions enabled, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.
Hello,
Please can you let me have a payment date for the attached March Invoice?
Kind Regards
Sue Mockridge
Accounts Administrator
(Main) 01884 242626 (Direct Dial) 01884 250764
Please consider the environment before printing
Broad Oak Toiletries Ltd, Tiverton, Tiverton Way, Tiverton Business Park, Tiverton, Devon, EX16 6TG
Registered No. 1971053 England & Wales
Telephone: +44 (0) 1884 242626
Facsimile: +44 (0) 1884 242602
CONFIDENTIALITY:
The information in this email and any attachments is confidential. It is intended solely for the attention and use of the named addressee(s). The unauthorised copying, retransmission, dissemination and other use of, or taking of any action in reliance upon, this information is prohibited. Unless explicitly stated otherwise, the contents of this message are strictly subject to contract; any views expressed may be personal and shall not create a binding legal contract or other commitment on the part of Broad Oak Toiletries Ltd.
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
23 April 2014: Invoice 288910 March 2014 ( 10 kb) Extracts to Invoice 288910 March 2014.exe Current Virus total detections: 2/50
25 April 2014: March invoice {DIGIT5}.zip ( 462 kb) Extracts to March invoice 627710.exe Current Virus total detections: 11/51
2nd version on 25 April 2014: March-821777 2014.zip ( 364 kb) Extracts to March invoice 627710.exe Current Virus total detections: 14/50
6 May 2014: April invoice 867984.pdf ( 11kb) Current Virus total detections: 10/51
This Invoice 951266 is another one of the spoofed icon files that unless you have show known file extensions enabled, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying look at this picture of me I took last night and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Be very careful when unzipping them and make sure you have show known file extensions enabled, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.
↧
↧
Hijack This report questions
I ran the Hijack This software for Windows Vista and found the following report:
I am wondering what should I have removed from my notebook?
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:58:52 AM, on 8/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal
Running processes:
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\NetworkHostTask\vmhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\SYSTEM32\Taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\NetworkHostTask\vmhost.exe
C:\Users\Administrator\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_4330
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pricechop - {2E22F689-D976-3962-F33E-D65AB1ED40F9} - C:\Program Files\pricechop\LgC4n0pmGH.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Greg & Angel\AppData\Roaming\Qwiklinx\Qwiklinx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CostMin - {7351B25C-2A41-05D4-B3E3-8DCB5FDC799A} - C:\Program Files\CostMin\ChMP.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)
O2 - BHO: (no name) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - (no file)
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: (no name) - {31d8407c-62e4-4125-a4a9-717efb1a56ae} - (no file)
O3 - Toolbar: (no name) - !!{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: ControlCronDatabase.exe - Unknown owner - C:\Users\Administrator\AppData\Local\ControlCronDatabase\ControlCronDatabas e.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MediaDeviceSrv - NetWork Host Corporation - C:\ProgramData\MediaDevice\1406759475\mediadev.exe
O23 - Service: MezvcV1 - Mezaa - C:\Program Files\Mezaa\MezaaSvc.exe
O23 - Service: MezvcV2 - mezaa - C:\Program Files\Mezaa\Mezaa.Service.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MZA - MZA - C:\Program Files\Mezaa\MZA.exe
O23 - Service: NetSoftwareWindows - Unknown owner - C:\Windows\system32\NetSoftwareWindows\NetSoftwareWindows.exe
O23 - Service: NetworkHostSrv - NetWork Host Corporation - C:\ProgramData\Online\sv.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10858 bytes
Thanks a bunch!
I am wondering what should I have removed from my notebook?
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:58:52 AM, on 8/1/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal
Running processes:
C:\PROGRA~1\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~1\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Users\ADMINI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\NetworkHostTask\vmhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\SYSTEM32\Taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\NetworkHostTask\vmhost.exe
C:\Users\Administrator\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...&m=aspire_4330
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.10.51.38 a1.review.zdnet.com
O1 - Hosts: 69.10.51.38 d1.reviews.cnet.com
O1 - Hosts: 69.10.51.38 reviews.riverstreams.co.uk
O1 - Hosts: 69.10.51.38 reviews.download.com
O1 - Hosts: 69.10.51.38 review.2009softwarereviews.com
O1 - Hosts: 69.10.51.38 reviews.pcmag.com
O1 - Hosts: 69.10.51.38 reviews.pcadvisor.co.uk
O1 - Hosts: 69.10.51.38 reviews.techradar.com
O1 - Hosts: 69.10.51.38 reviews.pcpro.co.uk
O1 - Hosts: 69.10.51.38 www.reevoo.com
O1 - Hosts: 69.10.51.38 toptenreviews.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: pricechop - {2E22F689-D976-3962-F33E-D65AB1ED40F9} - C:\Program Files\pricechop\LgC4n0pmGH.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrec ordplugin.dll
O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Greg & Angel\AppData\Roaming\Qwiklinx\Qwiklinx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: CostMin - {7351B25C-2A41-05D4-B3E3-8DCB5FDC799A} - C:\Program Files\CostMin\ChMP.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)
O2 - BHO: (no name) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - (no file)
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)
O3 - Toolbar: (no name) - {31d8407c-62e4-4125-a4a9-717efb1a56ae} - (no file)
O3 - Toolbar: (no name) - !!{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mza.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\bin\SPVC32~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: ControlCronDatabase.exe - Unknown owner - C:\Users\Administrator\AppData\Local\ControlCronDatabase\ControlCronDatabas e.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MediaDeviceSrv - NetWork Host Corporation - C:\ProgramData\MediaDevice\1406759475\mediadev.exe
O23 - Service: MezvcV1 - Mezaa - C:\Program Files\Mezaa\MezaaSvc.exe
O23 - Service: MezvcV2 - mezaa - C:\Program Files\Mezaa\Mezaa.Service.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MZA - MZA - C:\Program Files\Mezaa\MZA.exe
O23 - Service: NetSoftwareWindows - Unknown owner - C:\Windows\system32\NetSoftwareWindows\NetSoftwareWindows.exe
O23 - Service: NetworkHostSrv - NetWork Host Corporation - C:\ProgramData\Online\sv.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10858 bytes
Thanks a bunch!
↧
FB remote access trojans
i'll run the program on my computer but i have no doubt that the malware is attached inside the fb account and that you will probably find nothing on the computer.
will post results in the next 3 days.
thx,
ld
will post results in the next 3 days.
thx,
ld
↧
malware & usb flash drive
You're welcome.
I'll mark this thread as Solved, but if you have any other problem or questions you can still post here.
I'll mark this thread as Solved, but if you have any other problem or questions you can still post here.
↧
win 8 missing cmd.exe
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Celeron(R) CPU 877 @ 1.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 3986 Mb
Graphics Card: Intel(R) HD Graphics, 1801 Mb
Hard Drives: C: Total - 447422 MB, Free - 414866 MB; D: Total - 28272 MB, Free - 3300 MB;
Motherboard: Hewlett-Packard, 18FC
Antivirus: Windows Defender, Disabled
I am missing cmd.exe from my HP Laptop. I have used regedit to check as outlined in another post.
It is not there.
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Celeron(R) CPU 877 @ 1.40GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 3986 Mb
Graphics Card: Intel(R) HD Graphics, 1801 Mb
Hard Drives: C: Total - 447422 MB, Free - 414866 MB; D: Total - 28272 MB, Free - 3300 MB;
Motherboard: Hewlett-Packard, 18FC
Antivirus: Windows Defender, Disabled
I am missing cmd.exe from my HP Laptop. I have used regedit to check as outlined in another post.
It is not there.
↧
↧
bnvdrs.com adware AND general sluggishness
slight addition:
Ran malware bytes again. this time it indicated that it quarantined SuperFish. I 'copied to text', but it looks different than the simple report declaring it quarantined SuperFish.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/2/2014
Scan Time: 12:22:08 AM
Logfile: 14-0802_Malwarebytes log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.02.01
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: brandon
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355946
Time Elapsed: 25 min, 54 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
Ran malware bytes again. this time it indicated that it quarantined SuperFish. I 'copied to text', but it looks different than the simple report declaring it quarantined SuperFish.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/2/2014
Scan Time: 12:22:08 AM
Logfile: 14-0802_Malwarebytes log.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.02.01
Rootkit Database: v2014.08.01.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: brandon
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355946
Time Elapsed: 25 min, 54 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
↧
Hijack This Scan Help
yayo_chulo1976,
We are going to download fresh copies of FRST64.exe and FixList.txt to use.
These instructions are quite specific and exact.
You will need to follow them to continue receiving online help.
-------------------------------------------------------
IF You Don't Have Firefox, get it here and install it : http://www.getfirefox.net/
---------------------------------------------------------
Set Firefox as Default and Always Ask Where to Save Downloads
Open Firefox, then hit the Alt key once if necessary, so you can see the menu bar at the top.
In the top menu, click on Tools, and select Options.
In the new dialog window that pops up:
Click on the General icon in the top bar, and click the radiobutton labeled "Always ask me where to save files"
Click on the Advanced icon in the top bar.
Click the radiobutton labeled, "Always check to see if Firefox is the Default browser on startup."
Click OK.
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
Download FRST64 and save to your Desktop.
Choose Save File
Click on Desktop as the location
Click Save
-----------------------------------------------------------
Save newest FixList.txt onto your desktop.
Click on the File attachment FixList.txt at the bottom of this post.
Choose Save File
Click on Desktop as the location
Click Save
If IE or Chrome asks to make itself the default browser, answer NO every time.
Now open FRST64.exe by right clicking and choosing Run as administrator.
Click the FIX button once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
askey127
We are going to download fresh copies of FRST64.exe and FixList.txt to use.
These instructions are quite specific and exact.
You will need to follow them to continue receiving online help.
-------------------------------------------------------
IF You Don't Have Firefox, get it here and install it : http://www.getfirefox.net/
---------------------------------------------------------
Set Firefox as Default and Always Ask Where to Save Downloads
Open Firefox, then hit the Alt key once if necessary, so you can see the menu bar at the top.
In the top menu, click on Tools, and select Options.
In the new dialog window that pops up:
Click on the General icon in the top bar, and click the radiobutton labeled "Always ask me where to save files"
Click on the Advanced icon in the top bar.
Click the radiobutton labeled, "Always check to see if Firefox is the Default browser on startup."
Click OK.
-----------------------------------------------------------
Download and Run the Farbar Scan Tool
Download FRST64 and save to your Desktop.
Choose Save File
Click on Desktop as the location
Click Save
-----------------------------------------------------------
Save newest FixList.txt onto your desktop.
Click on the File attachment FixList.txt at the bottom of this post.
Choose Save File
Click on Desktop as the location
Click Save
If IE or Chrome asks to make itself the default browser, answer NO every time.
Now open FRST64.exe by right clicking and choosing Run as administrator.
Click the FIX button once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished, FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
askey127
↧
Win 8 Igot sysmenu.dll missing also
Please do not start more than one thread for the same issue.
Closing duplicate.
Closing duplicate.
↧
Laptop becoming very lethargic
I have also noticed that my Google Chrome is now crashing more often, as well as my Microsoft Word program. There appears to be something running in the background that is using up my resources, especially my graphic card. This is a total assumption on my part as I am not really qualified to make such claims...lol. I have had to wait as long as 5 minutes for my screen to update in virtually anything, hence the reason I believe something is running in the background eating up my resources. Thank you for your time and consideration and for reading this. Here's to a bright future on my laptop! ;)
↧
↧
Computer running slow. CPU is always at 100%! Maybe virus related.
thanks for the update Steve, it was a pleasure to work with you...
take care and surf safe,
Kevin
take care and surf safe,
Kevin
↧
Zlob.Downloader Problem
Hi:
Several weeks ago I started having problems accessing certain websites, verizonwireless.com being one, and keep getting the message "Firefox can't establish a connection to the server at www.verizonwireless.com. My laptop is five months old so I went to HP online support and had them check things. There conclusion was that my laptop is infected and that I should do a system recovery to remedy the situation.
I have tried all the antivirus software that I have.....Norton, Norton Power Eraser, SuperAntispyware, Spybot, Malwarebytes, MS Malicious Removal Tool in normal mode and safe mode but nothing seems to remove anything.
While using Spybot I noticed that it scanned a Zlob.Downloader folder and I found from online research that this is a trojan. I did another scan using Spybot and noticed other things it scans that seem to be trojans as well (didn't write them down though). Spybot scans these items but does not remove them.
Can someone help me out......I know you use Hijackthis for a scan result but I would prefer that you send me a response with a link to go to download the program to post the results.......THANKS!!!
Several weeks ago I started having problems accessing certain websites, verizonwireless.com being one, and keep getting the message "Firefox can't establish a connection to the server at www.verizonwireless.com. My laptop is five months old so I went to HP online support and had them check things. There conclusion was that my laptop is infected and that I should do a system recovery to remedy the situation.
I have tried all the antivirus software that I have.....Norton, Norton Power Eraser, SuperAntispyware, Spybot, Malwarebytes, MS Malicious Removal Tool in normal mode and safe mode but nothing seems to remove anything.
While using Spybot I noticed that it scanned a Zlob.Downloader folder and I found from online research that this is a trojan. I did another scan using Spybot and noticed other things it scans that seem to be trojans as well (didn't write them down though). Spybot scans these items but does not remove them.
Can someone help me out......I know you use Hijackthis for a scan result but I would prefer that you send me a response with a link to go to download the program to post the results.......THANKS!!!
↧
Unable to remove AAddBloicknWattch extention from Chrome
I retract my request. I have fixed it.
So after doing all the Antivirus and spybot scans I decided to drop the hammer down. I used Revo to OBLITERATE the chrome install. after re-install and re-sync the extension has not returned yet. Calling this solved for now
So after doing all the Antivirus and spybot scans I decided to drop the hammer down. I used Revo to OBLITERATE the chrome install. after re-install and re-sync the extension has not returned yet. Calling this solved for now
↧
More Pages to Explore .....
