Computer Support Forum

Badly Infected With Cid Popups And Awola

Question: Badly Infected With Cid Popups And Awola

Ive had this infection for sometime. Tried a bunch of methods from computerforum but still cant finish the virus off. I constantly get CID popups and on my moms guest account she has this annoying AWOLA popup that appears to say its an anto virus program. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:31:45 PM, on 5/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Orb Networks\Orb\bin\OrbTray.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\DNA\btdna.exeC:\WINDOWS\mdm.exeC:\Program Files\ASUS WiFi-AP Solo\RtWLan.exeC:\Program Files\Orb Networks\Orb\bin\Orb.exeC:\Program Files\internet explorer\iexplore.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\BitTorrent\bittorrent.exeC:\WINDOWS\system32\mspaint.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\system32\winlogon.exeC:\Program Files\internet explorer\iexplore.exeC:\Documents and Settings\Valued Customer\Desktop\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {27EB87B7-2C51-4337-9BBA-794CFC4CB694} - C:\Program Files\Common Files\home83122.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"O4 - HKLM\..\Run: [watelkj] C:\WINDOWS\system32\watelkj.exeO4 - HKLM\..\Run: [o] C:\WINDOWS\system32\o.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\long upload.exeO4 - HKLM\..\Run: [MODE FREE BIRD SURF] C:\Documents and Settings\All Users\Application Data\beep axis mode free\Grim third.exeO4 - HKLM\..\Run: [ec731d21] rundll32.exe "C:\WINDOWS\system32\xffamony.dll",bO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [BMef402ebd] Rundll32.exe "C:\WINDOWS\system32\ycdeixoo.dll",sO4 - HKLM\..\RunServices: [watelkj] C:\WINDOWS\system32\watelkj.exeO4 - HKLM\..\RunServices: [o] C:\WINDOWS\system32\o.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [logo link] C:\DOCUME~1\VALUED~1\APPLIC~1\FINDOK~1\Hold Log.exeO4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [mdm] C:\WINDOWS\mdm.exeO4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mom')O4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Mom')O4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User 'Mom')O4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Mom\LOCALS~1\Temp\awvvs.dll,c (User 'Mom')O4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [MS Juan] rundll32 "C:\DOCUME~1\Mom\LOCALS~1\Temp\lefpbtid.dll",run (User 'Mom')O4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [ec731d21] rundll32.exe "C:\DOCUME~1\Mom\LOCALS~1\Temp\dgbppfhm.dll",b (User 'Mom')O4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [Microsoft Windows Adapter 5.1.3214] C:\Documents and Settings\Mom\Application Data\jlius.exe (User 'Mom')O4 - HKUS\S-1-5-21-790525478-963894560-725345543-1006\..\Run: [Awola6] "C:\Documents and Settings\Mom\Application Data\Awola6\Awola6.exe" /MIN (User 'Mom')O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...llMgr_v01_5.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cabO16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6CE3FB5E-A75E-430E-8347-262B2620F726}: NameServer = 192.9.9.3O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: iifeefd - iifeefd.dll (file missing)O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\prohdyxe.htmlO24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\prohdyxe.html--End of file - 10133 bytes

Relevance 100%
Preferred Solution: Badly Infected With Cid Popups And Awola

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Badly Infected With Cid Popups And Awola

also in my c: folder I have like 200 TMP files that look like pos1A2F.tmp what are these??

3 more replies
Relevance 73.39%

Here is my HiJack This! LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:09:57 PM, on 21/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\VIAudioi\SBADeck\ADeck.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exeC:\PROGRA~1\McAfee\MSC\mcpromgr.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOW... Read more

Answer:Infected Badly, 100000's Of Popups, Spybot And Av Not Helping

Sorry for the delay, we've been very busyDownload the latest version of ComboFix from Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

15 more replies
Relevance 62.73%

I have a simular issue to other but I dont see a common fix - HELP!

I've ran all the programs you recommended. Here are the logs.

This virus puts a yellow bang in my tray and states i've been infected. After closing the message a few times it launches Awola.

I belive it hit me 2 weeks ago.
 

Answer:Awola virus has infected my pc

More files attached.
 

10 more replies
Relevance 62.73%

Hi there, I believe my computer was recently infected by the Awola Virus / Trojan, and I could really use some assistance. I thank you in advance for any suggestions and help, they are appreciated. I'll put up a detailed description here of what's happened so far, and can certainly provide any additional information that may be required. My computer knowledge is okay, but very limited in terms of spyware and troubleshooting complex problems like this one.

Operating System = Windows XP

A couple of days ago I was doing some stuff online at 7:45pm, preoccupied and in somewhat of a rush. I got a popup menu that a trojan had been found, I assumed it was from my McAfee Security Centre (as this has happened several times before) but I didn't really look at it that closely, and selected okay (I think). I then started to receive a bunch of popups about Spyware, and Awola spyware removal program. I kept closing them because I was in a rush, didn't really look that closely, thought it was just ads and may very well have clicked something I shouldn't have. I did see the Awola Program box come up at one point and I thought I attempted to close it, but I may have clicked on something inadvertently.

Upon rebooting later, I realized that the computer was probably infected. I cannot click or open any application, by double-clicking an icon or program name I always receive the same error message (tailored to whatever application I attempted to open). A black empty box a... Read more

Answer:Infected By Awola 6.0 And Could Really Use Some Help Removing It

if you have not already done so you could try the superantispyware program?http://www.superantispyware.com/superantis...efreevspro.htmldownload it fromhttp://www.superantispyware.com/downloadfi...ANTISPYWAREFREErun the installation program and start the program from the desktop icon; fully update the definitions , reboot the computer into safe mode if it will let you , then run superantispyware from the desktop icon on a full computer scan when the scan is complete, reboot your computer into normal mode, and come back and post the log report you should find by opening the program and go to preferences/statistics.logsleft mouse click on the most recent entry, click on 'view log' and copy and paste that report into here for examination so folks can see what help you may need

30 more replies
Relevance 62.73%

hello guys/gals:



here with my computer again. it now has a phony anti-virus software on it "awola" the computer has been taken over, no task manager, no wallpaper, random shut downs, constant "warning" pop ups, i cant do anything anymore......


please help thanks


here are the logs:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:02:31.03 on Mon 04/06/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.500 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\awolaantispy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTune... Read more

Answer:AWOLA has infected my system

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs ... Read more

2 more replies
Relevance 62.73%

Hi, my mother recently infected her PC with AWOLA, and ever since, everything has been running much worse. I've tried to use previous posts / fixes, but to no avail. I've included the DSS report below. Thank you so much.

Deckard's System Scanner v20071014.68
Run by sconstan on 2008-02-01 14:59:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-01 14:59:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Progress\OpenEdge\bin\admsrvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL ... Read more

Answer:Older PC Infected with AWOLA, Please Help

Bump. Thanks again.

8 more replies
Relevance 61.91%

Hi,

Earlier today I managed to get the Awola malware onto my computer. I have run Ad-Aware & Spybot S&D along with F-Prot anti-virus software. I have also ran Hijackthis! & removed the Awola line. I also ran a search of my computer files & removed all files relating to Awola. I have rebooted my computer & the annoying yellow triangle warning message continues to popup every 30 seconds. Could someone help to squash this pest?

Thanks in advance!
haroldff1082

Answer:Annoying "your Computer Is Infected!" Pop-up (awola)

Hello and welcome haroldff1082What antivirus procuct do you have installed and have you scanned with it in safe move.Please do this also Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop .. DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to start Windows in Safe ModeDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click it at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make sure you check C:\Fixed Drive.Perform a Complete scan. After scan,Verify they are all checked.Click OK on the summary screen to quarantine all found items.If asked if you want to reboot, click "Yes" and reboot normally.To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs... Read more

3 more replies
Relevance 61.91%

Hi there. I believe I contracted a virus / trojan through Awola 6.0 a few weeks back. I started a thread in the 'Am I Infected' section, here's the link for that full thread: http://www.bleepingcomputer.com/forums/t/143729/infected-by-awola-60-and-could-really-use-some-help-removing-it/Long story short, I believe this virus was contracted on Wednesday, April 23 around 745pm. My operating system is Windows XP. Whenever I double-click on any .exe file I get an all-black window, and a little window above it with an error message similar to this: "16-bit MS-DOS SubsystemC:\Documents and Settings\All Users\Desktop\Winamp.InkThe NTVDM CPU has encountered an illegal instruction.CS:054d IP: 013d OP: f0 85 38 90 3a Choose 'Close' to terminate the application." I can right-click certain programs and select "Run As" to use them, but can't double-click on anything. I also think this virus has taken over Administrator duties, changed my registry and is preventing me from properly installing programs. It was also preventing me from running anti-virus scans, but I believe we have found a way around this, and I was finally able to process a scan with DSS (and Hijack This). I also did a scan using the Kaspersky scanner. I will copy and paste all logs below. Thanks in advance for all your help. HIJACK THIS MAIN.TXTDeckard's System Scanner v20071014.68Run by Mania on 2008-05-19 22:51:49Computer is in Normal Mode.---------------------------------------------------------------------------------- ... Read more

Answer:Infected With Awola 6.0 Virus / Trojan

HelloApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the c... Read more

18 more replies
Relevance 61.91%

This is definitely not an anti-spyware program. It opens a window off the toolbar disguised as a Windows security update. It warns, "Your computer is infected! Click here to protect your computer...". The balloon does not go away. It worked its way onto the computer uninvited. I've followed all the procedures listed in the Preparation Guide but to no avail. Please help. Thanks for your time and expertise. Here's the hijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:35:13 PM, on 8/31/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\M... Read more

Answer:Infected With "awola Anti-spyware 6.0"

Welcome to the BleepingComputer HijackThis Logs and Analysis forum rosevilledad My name is Richie and i'll be helping you to fix your problems.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each Java versions.12. Reboot your computer once all Java components are removed.13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:... Read more

7 more replies
Relevance 60.68%

I am attempting to clean my in-laws computer but I have been unable to remove AWOLA spyware from their system. I have downloaded Ad-Aware and also followed the steps that you suggested and I am still seeing the yellow box pop-up and AWOLA will uninstall and then re-install itself. I have been unable to locate the original file only shortcuts. Also, I have not been able to do any Windows Updates on their system. PLEASE HELP!

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-16 17:15:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:55 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Owner\Applicati... Read more

Answer:AWOLA Removal and Your computer is infected! Popup continuous

Hi, welcome to TSF!

If you still need assistance, please post a fresh main.txt log

1 more replies
Relevance 56.58%

Hi... I'm having some trouble with my computer -_- I haven't downloaded anything new, other than anti-virus and spyware/adware removers, and they've been downloaded from safe places as well, so I'm sure it's not them. But now my desktop has icons that won't go away, for various things: sex, drugs, etc. Also, I cannot change my desktop background, and I get pop-ups for bleep-enlargement ads, computer "fixing" programs, and porn. Really obnoxious. Here's my log.. I hope you can help me!Logfile of HijackThis v1.99.1Scan saved at 5:29:28 PM, on 5/18/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Creative\Shared Files\CAMTRAY.EXEC:\Program Files\Dell AIO Printer A940\dlbabmgr.exeC:\Progra... Read more

Answer:Need Help Badly! Popups and errors galore!

Hello shainako and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.Step #1Download CCleaner and install it but do not run it yet.We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.Open Microsoft AntiSpyware.Click on Options>Settings.In the left pane, click on Real-time Protection.Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).After you uncheck these, click on the Save button and close Microsoft AntiSpyware.Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.After all of the fixes are complete it is very important that you enable Real-time Protection again.Now we need to remove a service.Part 1Click Start>Run, type services.msc into the Open editbox and click the Ok button.Locate the b service and click the Stop button.In the Startup type dropdown select Disabled.Click the Apply button and then the Ok button.Repeat the above steps for the Task Manager Help service.Close the Services windowPart 2Click Start>Run, type cmd into the Open editbox and click the Ok button.Copy/paste each line below into the Command Prompt window and press the Enter key after each on... Read more

5 more replies
Relevance 56.58%

I hate popups. I ran adaware, spybot and xclean today and they found a lot but im still getting them and now when i start my computer i get a message from some file associated with 123 dialer, telling me it cant open itself.
when i open internet explorer (which i dont use, i use yahoo browser instead) i get searchweb2 and ringtones popups.
please help, im gonna end up throwing my pc out the window soon.

heres my hijackthis log

Logfile of HijackThis v1.98.0
Scan saved at 23:41:29, on 01/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\oeftwr.exe
C:\WINDOWS\Sy... Read more

Answer:[Solved] help needed badly with popups

8 more replies
Relevance 55.35%

Hi everytime I start Windows I get the error message 'explorer.EXE-There is no disk. Insert disk into drive A' and the option to try again, cancel or continue. It also sometimes pops up when on the internet. Today I also recieved an error saying something about explorer.EXE and it was over buffered or something
I am also getting pop ups of ads, some seemingly harmful e.g. centre parks and ugg boots but also ones for anti spyware software and telling me that my system is infected. I have tried to eliminate them using a variety of programmes such as ad-aware, stopzilla, AVG anti spyware and anti virus programmes but they are still there along with the error message at startup. Can someone please help me

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:23:30, on 28/01/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Progra... Read more

More replies
Relevance 53.71%

I'm in an identical situation to another post. I'm not sure though if the response to other post was based on the reports or not. So, like the other guy:

Ran all the "READ & RUN ME FIRST" (Win XP) steps. Still have popups from yield sign in tray that say "Your computer is infected!" Also still have Awola Anti-spyware that either Spybot S&D or AVG had detected, and I thought, deleted.

Thank you so much for this forum!! Just let me know if I should simply follow what the other thread described.
 

Answer:AWOLA antispy and "Your Computer is Infected"

Hi kilgore!
I'll take a look at your logs and get back to you. This takes some time, so thanks for your patience. Please don't use your computer too much until we're sure it's clean.
abri
 

14 more replies
Relevance 52.89%

Ran all the "READ & RUN ME FIRST" (Win XP) steps. Still have popups from yield sign in tray that say "Your computer is infected!" Also still have Awola Anti-spyware that either Spybot S&D or AVG had detected, and I thought, deleted.

Attached Combofix and MGTools logs. AVG had no report to save even though I had "Automatically generate report after every scan" checked and "Only if threats are found" unchecked. The only thing AVG found was 9 cookies.

Thanks.
 

Answer:"Your computer is infected!" & Awola

Hi cee3!
Welcome to Major Geeks!

I'm looking at your logs.
abri
 

8 more replies
Relevance 52.48%
Question: Badly infected

Can someone help with this pc. It has over 200 startup processes and the thing won't even run unless you turn many off. If some one could just tell me where to start....Hijackthis log is attached.
Any help would be appreciated.

Thanks,

ncyank

Logfile of HijackThis v1.99.1
Scan saved at 9:02:08 AM, on 7/24/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\DRIVERS\dcfssvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\Promon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINNT\tppaldr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Real\Player\realplay.exe
C:\documents and settings\shawn cassidy\local settings\t... Read more

Answer:Badly infected

Hi there and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

We also suggest that you Subscribe to this thread to be notified of fixes as soon as they are posted by our Team. You can do this simply by clicking the "Thread Tools" button located in the original thread line and selecting "Subscribe to this Thread".
regards
alba

2 more replies
Relevance 52.48%
Question: Badly Infected PC

Hello Tech Support Guys,

I am posting here in desperation. My son's comp is badly infected and doing all kinds of crazy things as well as being slow as a turtle. I am posting from my own computer because his is so badly messed up

1. His Spybot stopped working completely, so I uninstalled it and tried to do a clean install and I can't even install it, I get an error message saying it can't communicate with the server.

2. His internet browser (FireFox) takes you to a completely different site when clicking on a link after doing a search.

3. It takes sometimes up to 20 minutes to open a program , yesterday he waited 25 minutes for iTunes to open.

4. When rebooting it sometimes hangs at the blue screen where it says hit F2..., F10 etc, when that happens you have to turn the PC off for at least a few hours then it will boot ok

Yesterday I tried to start cleaning it up. I uninstalled all programs that he isn't using or that I thought were possibly containing malware/spyware.

I deleted any old files hanging around cluttering up the comp, deleted temp files and emptied the recycle bin.

Currently (for the past 12 hours) there is a virus scan (avast thorough scan) running, it is around 35% complete. Once that is complete I will await your advice before I do anything else.

If needed I am prepared to do a re-format of his hard drive.

You have been such great help in the past I am hoping you can help me out again.

Thanks so much,
Stacey
 

Answer:Badly Infected PC

6 more replies
Relevance 52.48%

My internet explorer is very slow opening and when I explore on the start button, files will not open.I ran adaware in safe modeI ran avgas in safe modeI ran cwshredder in safe mode...found cws.msconfigI ran reg fix in safe mode....found Adware.CoolWebSearch, Adware.RogueSuspect, Dowloader.Fugif, Adware.AlfaCleaner, Trojan.ClassLoader.gI ran Hijack This...here is the log...Logfile of HijackThis v1.99.1Scan saved at 12:27:11 PM, on 7/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\tbctray.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\FreezeScreenSaver.exeC:\Program Files\Norton In... Read more

Answer:Help Think I Am Infected Badly

I would like to take a look at this log for you and will get back to you as soon as I can.

Thank You.

15 more replies
Relevance 52.48%
Question: Badly infected!!!

Hey friends..happy new year ..Well my computer is badly infected with a strange virus Virus.Win32.Virut.ce.This visrus's behaviour is very strange.This virus spread over my whole cumputer swiftly damaging all exe and .htm files badly.Everytime i disinfect them using Kaspersky Internet Security 2011 the virus is detected after 2 3 days.I used malwarebytes' antimalware to remove threat but that didnt help.Windows MRT was not able to remove the threat completely.Also i found some unusual activity blocked by Malwarebytes' Antimalware and KIS,the activity is blocking of some ip address that is trying to connect to my computer.Also with this virus a trojan virus is also detected after the removal of it,and some backdoor viruses is also detected! Please someone help me out!! Thanks Bleeping computer for everytime helping me! Have a prosperous year ahead :D

Answer:Badly infected!!!

I'm afraid I have very bad news.Your system is seriously infected.Virut is a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. -- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.Understanding virus namesThreat aliases for Win32.Win32.VirutThreat aliases for Win32.Virtob.Gen.12With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. Why? According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disi... Read more

3 more replies
Relevance 52.48%
Question: Badly Infected

Hi , My laptop got badly infected .
After lot of tires , I am not able to get it normal working stage. Everytime I run spybot search and destroy, it comes up with some problems. They keep coming even after fixing using Spybot Search and destroy.

Following are the programs that got modfied/created newly when it all started. ( I RENAMED THEM AS JUNK . )

08/21/2005 12:33 AM 4,096 hclean32.exe.JUNK
08/21/2005 12:33 AM 155,648 ccjsq.dll.JUNK
08/21/2005 12:34 AM 12,592 gpsresl32.exe.JUNK
08/21/2005 12:34 AM 12,592 popcorn72.exe.JUNK
08/21/2005 12:34 AM 705 msexnpbi.exe.JUNK
08/21/2005 12:34 AM 45,568 ntfsnlpa.exe.JUNK
08/21/2005 12:34 AM 643,471 loadctr32.exe.JUNK
08/21/2005 12:56 AM 26,801 azebar.xml.JUNK
08/21/2005 04:38 AM 8 winctrl64.exe.JUNK
08/21/2005 04:38 AM 8 winctrl32.exe.JUNK
08/21/2005 04:38 AM 8 winctrl16.exe.JUNK
08/21/2005 12:32 PM <DIR> CatRoot2.JUNK
08/21/2005 03:17 PM 111 msblank.html.JUNK
08/21/2005 03:24 PM 439,376 PerfStringBackup.INI.JUNK
08/21/2005 03:24 PM 52,962 perfc009.dat.JUNK
08/21/2005 03:24 PM 380,588 perfh009.dat.JUNK

Here are the problems identified by SPYBOT SEARCH AND DESTROY.


DoubleClick: Tracking cookie (Internet Explorer: mcp) (Cookie, nothing done)


Avenue A, Inc.: Tracking cookie (Internet Exp... Read more

Answer:Badly Infected

Please download HijackThis - this program will help us determine if there are any spyware/malware

on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post that log here!

5 more replies
Relevance 52.48%

Hello, I have had many problems with my PC lately including:

-Self restart (error saying system recovered from a serious error)
-Internet crashes constantly
-Pop ups from Firefox saying that something is trying to trick it into thinking it's a different sight?
-Can not update Malwarebytes
-Computer says it's firewall is disabled, when I try and enable the firewall an error occurs saying that for some unknown reason it is unable to
-And many more weird things.....

Here is what I have done up until this point to try and resolve the problem:

-Downloaded SuperAntiSpyware; ran in regular boot up and safe mode, found and removed via software the following threats:

-Trojan.Agent/Gen-Injector
-Trojan.Agent/Gen-Nullo[Short]
-C:\Program Files\WHITESMOKE\WSMouseHook.dll
-C:\Program Files\WHITESMOKE
-MANY cookies

-Used ESET Online Scanner found and removed the following threats:

-HTML/ScrInject.B.Gen virus (x5)
-HTML/Iframe.B.Gen virus (x2)
-HTML/Agent.G trojan
-MSIL/Injector.ZY trojan
-PHP/Kryptik.AB trojan (x2)
-MSIL/Injector.ZY trojan

I have attached the following documents as per the first steps; Please see below for the 'DDS.text' log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0
Run by Joseph Knox at 20:03:28 on 2012-05-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1294 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA... Read more

Answer:BADLY INFECTED, PLEASE HELP!

Hi,

Please do the following:

Please download TDSSKiller.zipExtract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start ScanIf Malicious objects are found then ensure Cure is selected
If TDLFS File System is found then ensure Delete is selected
Then click Continue > Reboot now

Copy and paste the log in your next replyA copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem ... Read more

9 more replies
Relevance 52.48%

I have been unable to clean this computer. Can not boot into safe mode and it has apparently reset the admin password so I can not do a recovery console. I have just in the last couple of hours had something that worked to break the deadlock on it so I could run DDS and RootRepeal. Here are the logs. Thanks for any and all help.DDS______________________________________________________________________________________________DDS (Ver_09-07-30.01) - NTFSx86 Run by MAPPING at 16:44:20.40 on Wed 09/09/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.362 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\DOCUME~1\MAPPING\LOCALS~1\Temp\a.exeC:\WINDOWS\system32\fxssvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\WINDOWS\mse.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\sy... Read more

Answer:Badly infected with a.exe and others

Please save this file to your Desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

2 more replies
Relevance 52.48%

http://www.bleepingcomputer.com/forums/ind...mp;#entry842565Forum originated Dss LogsDeckard's System Scanner v20071014.68Run by Owner on 2008-06-03 00:20:56Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --18: 2008-06-03 04:21:06 UTC - RP18 - Deckard's System Scanner Restore Point17: 2008-06-02 07:00:34 UTC - RP17 - Software Distribution Service 3.016: 2008-06-01 23:13:51 UTC - RP16 - Installed SUPERAntiSpyware Free Edition15: 2008-06-01 10:03:52 UTC - RP15 - Software Distribution Service 3.014: 2008-06-01 10:00:05 UTC - RP14 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-05-26 05:07:13 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 495 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:22:17 AM, on 6/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS... Read more

Answer:Help Badly Infected

SDfix LogsSDFix: Version 1.187 Run by Administrator on Tue 06/03/2008 at 12:51 AMMicrosoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Restoring Windows Registry ValuesRestoring Windows Default Hosts FileRebootingChecking Files : No Trojan Files FoundRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-06-03 01:02:21Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\BIT2E.tmp 154875 bytesC:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\_downloadprogress_.state 4 bytesC:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\_usedelta_.state 34 bytesC:\WINDOWS\system32\fjyjy.cfg 824 bytesC:\WINDOWS\system32\fjyjy.dll 32024 bytes executableC:\WINDOWS\system32\fnhwe.dll 9216 bytes executableC:\WINDOWS\system32\jzijj.cfg 1368 bytesC:\WINDOWS\system32\njritc.cfg 688 bytesC:\WINDOWS\system32\njritc.dll 30352 bytes executableC:\... Read more

2 more replies
Relevance 52.48%

My father alerted me that the computer was acting up. I first ran a HJT Log and got this:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:25:55 AM, on 5/22/2010Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16851)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxpers.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeC:\Users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d...ch/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/d....yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM�... Read more

Answer:Infected very badly!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 52.48%
Question: Infected Badly

Hey guys, I was hoping I could get some help here with my problem.

It's like this, today I started up my computer just like normal, BUT, when I try start up World of Warcraft, nothing happens. I can't start Internet Explorer, but FireFox works just fine. So basically I can't start any programs except for Firefox. When I click an icon it just loads for a bit and then nothing else happens.

I've tried system-restore and everything else. HijackThis won't work either.

I'll be very happy if anybody has a solution for this.

Thanks!

Answer:Infected Badly

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

1 more replies
Relevance 52.48%

I have a gateway that is rumung xp home and was so infected I couldn't oven services or get on the internet. I have just done a repair installation of the operating system and am doing online scans that are comming up with tons of malware but no fix unless I buy their product.I am hoping someone can help. Here are some of the scans: Panda Active scanIncident Status Location Adware:adware/keenvalue Not disinfected c:\winnt\system32\drivers\etc\hosts.bho Spyware:spyware/whazit Not disinfected c:\winnt\system32\fiz1 Adware:adw... Read more

Answer:Infected Badly Please Help

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. There really is no way to secure your computer without first patching and updating Windows to close numerous security holes in your current system. Please visit Windows Update and install Service Pack 1.http://windowsupdate.microsoft.com/Once you have done that, please post a fresh hijackthis log back here as a reply in this thread.

2 more replies
Relevance 52.48%
Question: PC badly infected

Hi guys, Have been trying to sort out father-in- laws pc for the past few days. It has been running for about the past eight months with no AV set up and no cleaning any any sort.I have found 308 spyware programs running and loads of virus's. What has got me worried ,is the fact that Avast AV has found serveral virus's in the memory which seem to be quite bad.I'm coming around to the idea of wiping the HD and starting again, Would like your thoughts on this.I would need some simple instructions on wiping HD and reinstalling O/S which is xp home. Thanks

Answer:PC badly infected

Windows XP makes wiping the drive easy - you can do this during the install click hereHowever, before you do that you might want to post a HJT log click here on this specialised forum click here

3 more replies
Relevance 52.48%

Hi all! Sorry for not making an introduction but I'm in a bit of a hurry. I run a forum and somehow zlob or some other hunk of junk has attached itself to everything I post. Please help! Here is my hijack log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:36:56 PM, on 4/3/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Tesco internet phone\TescoIP.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Deskt... Read more

Answer:Please help - badly infected

Hello Nicole510 and welcome to TSF,

The log you've posted is the beta version of HijackThis and is still under development. Please refer to the sticky thread at the top of the HijackThis Help Forum:

TrendMicro's HijackThis version2 Beta

Then, please note this thread (Updated!) IMPORTANT - Read This Before Posting A Log

-------------------------------------------------------------------

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Please download SmitfraudFix (by S!Ri) to your Desktop.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop.

--------------------------------------------------------------

Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter"
A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

--------------------------------------------------------------

Run a scan with dss.exe:

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Tempo... Read more

1 more replies
Relevance 52.48%

idk what to do...idk what ive done.  when im on my laptop it feels like i have to pull against an unseen force just to type.  this has never happened before and im at a loss as to what i should do.  this is a toshiba laptop running windows 7 - i havent used 1/2 of my RAM.  btw in case you cant already tell i am not very pc literate.  in fact im a 62 year old lady who has taught myself most of what i know. i will gladly do whatever you tell me to do....PLEASE help me!
tyvm -kaygee809

Answer:i think i am badly infected - pls help me

Welcome to BC!!!!! The first thing I would try is to download and run a full scan with Malwarebytes. See what this finds. Another thing that comes to mind is disk fragmentation. You can click start/all programs/accessories folder/system tools/ then disk defragmenter. I'm guessing that your  disks are fragmented which can slow down or even render the PC unusable. Thank you and good luck.

13 more replies
Relevance 52.48%
Question: Badly Infected

Hi guys -

I have read the sticky and have tried to follow your instructions.

1 - I ran adaware as instructed with the proper settings. It found all kinds of stuff and they were quaranteed and removed but my computer is still in bad shape.

2 - I have AVG Free on my computer and it detected some viruses but couldnt remove them. Also my AVG E-mail Scanner is going off and it is saying I am sending messages out to all kinds of places, people I dont know at all.

3 - On my desktop there is text that says

" a fatal error in IE occurred at 0028:C0011E36 in VXD VMM<01> + 0001036. Error was caused by Trojan.spy.html.SMITFRAUD.c.

system cannot function in normal mode. check settings"

4 - Somehow I do not have notepad anymore!

5 - I have a toshiba laptop. It is an old work computer. It used to run on NT. My hard drive croaked and I was able to retrieve most of my stuff. I loaded windows xp. I created a recovery directory and put all my old NT recovered stuff on it. (This is just FYI)

6 - I connect to the internet using Verizon wireless.

7 - I ran my hjt without being connected to the internet. my verizon wireless may have been running but I was not connected to the net.

With that said here is my log file. You guys have saved me before. Sorry I goofed up again.

ar

Logfile of HijackThis v1.99.1
Scan saved at 4:04:44 PM, on 6/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.110... Read more

Answer:Badly Infected

You have a small collection of nasties there -

Let's start with the startpage trojan, then work from there:

Download CWShredder http://www.greyknight17.com/spy/CWShredder.exe

Right click a blank part of your desktop & select New->Folder. Call it SPFix. Go to http://www.derbilk.de/404.html and download SpSeHjfix. Get the one that's specified for your Operating System. So if you have Windows 98, get the one that's listed for Windows 98.

Disconnect from the net and close all programs. Run SpSeHjfix and click on 'Start Disinfection'. When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

Now run the CWShredder and hit the Fix button.

Reboot and post a fresh HijackThis log and the log that was created by SpSeHjfix.

19 more replies
Relevance 52.48%
Question: Badly infected

Not sure what all for virus's I have I know i had/have the win32trojan one. Ive tried to get rid of it. My IE closes on its own or freezes. I also get the page where it says cant display casue not connected to the internet. And the pc runs slower then usual.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:38 AM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Fil... Read more

More replies
Relevance 52.48%

Hello, I am new at this. Found my computer was badly infected with all sorts of things. With the help of a friend got it cleaned up alot.

A few things we have not been able to get rid of.

One is a entry found by SpyBot. When the computer is rebooted it returns. (Hope this attaches right, is screen snap of SpyBot) Below is a screen snapshot of what SpyBot reports. It is after the HiJack Log.

Also I have some stuff Panda is finding that I don't know how to get rid of. Below is the Panda Log.
Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MSN Messenger\MSIMG32.dll
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Potentially unwanted tool:application/funweb Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}

Also included is my HiJack Log. Hope all this makes sense. My computer is running a lot faster once we started to get it cleaned up and I am learning a lot. Still have to get a good firewall installed.

Please keep it simple, I am a bit of a rookie. So far Adware, SpyBot, Trend Micro and Panda are reporting I have gotten rid of most of it, there were thousands of nasty things when we first started and the computer was super slow.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:58:23 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600... Read more

Answer:Been badly infected.....Need help getting last ones

We think the spybot report is being caused by Norton....I am going to get rid of Norton in the near future..

Can someone please read the above hijack log and see if there are some things to be fixed there?

Thanks for your good work..
 

1 more replies
Relevance 52.48%
Question: Badly Infected

This is the second time I've been hit with Trojans. The first time I got rid of two of them myself through many days of work and going through old forums and downloading programs to help get rid of it. Now, my computer is infected yet again. yeah ! I had aliant antivirus on my computer and it detected I think 4 trojans all together along with numerous other viruses, most of which could not be removed. However, this was a little while ago. I spent many weeks trying to get rid of it by going through forums and looking at information about how to remove them, etc but couldn't do it.

I eventually gave up and unfortunatly let my computer sit in its turmoil, putting up with the exteme! slowness, altering home pages and never being able to click on links since they led me to random sites such as searchdaily, etc. But I put up with it. Now, I can't any longer. My computer is now coming up with a blue screen at random times saying it must be shut down and then I have no other option other than to shut it off and turn it back on. And now, when I do my virus scan, the scan says there is no viruses or trojans, but I know they are still there. If there is any way someone can help, it would be really great!
Thank you!

Answer:Badly Infected

Hello ...What is your operating system?Have you scanned from safe mode?Stop the BSOD and write down the complete messageto stop the automatic reboot try Click Start..right click My Computer and scroll to and click PropertiesIn the resulting window ,click the Advanced tabUnder StartUp and Recovery click SettingsUnder System failure Uncheck the box Automatically Restartclick OK and then OKNextDownload and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)Under "Configuration and Preferences", click the Preferences button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next"... Read more

8 more replies
Relevance 52.48%

Hiiii

My PC seems to be infected. The task manager and Regedit have been disabled. I have tried taskmanagerfix but after 2-3 seconds task manager again gets disabled. Also on trying to boot into safe mode the PC restarts. On doing right click or search the explorer hangs and I am able to access only documents which are already opened. The explorer also hangs on selecting a zip file.

I am attaching the zip file containing ark.txt and attach.txt. Since my pc is hanging on clicking on a zip file therefore I have renamed it as Attach.txt. Please replace the extention .txt by .zip and use the zip file to extract the text files. I have access to a Windows Install disc.

The DDS.txt file contents are as follows:-


-----------------------------------
DDS.txt
-----------------------------------


DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 18:19:52.79 on Wed 11/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1013.555 [GMT 5.5:30]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\Common Files\VMware\VMware Vi... Read more

Answer:PC infected badly please help

further update. My PC has stopped booting into windows completely i.e. now it restarts everytime windows starts initilizing. So I installed windows again without formatting the partition. But as soon as I installed windows again without installing any other software, again my task manager has been disabled. Please help.

thanx and Regards
ksarkar

1 more replies
Relevance 52.48%
Question: Infected Badly

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:34:30 PM, on 9/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Video ActiveX Access\iesmn.exeC:\Program Files\Video ActiveX Access\imsmain.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\Program Files\Video ActiveX Access\iesmin.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Java\jre1.5.0_02\bin\jucheck.exeC:\Program Files\Video ActiveX Access\imsmn.exeC:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exeC:\Program Files\MarkAny\ContentSafer\MAAgent.exeC:\Program Files\QuickT... Read more

Answer:Infected Badly

Hi,* Go to start > controlpanel > software > Add or Remove Programs and uninstall next if present:MalwareAlarmAntivirusPCSuiteVirusHeal 3.9VirusProtectPro 3.6Then, * Please download SmitfraudFix (by S!Ri)* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Doubleclick SmitFraudFix to start the tool.Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 will set your desktop background blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process.Post the log from smitfraudfix in your next reply together with a new hijackthislog.The report can also be found at the root of the system drive, us... Read more

2 more replies
Relevance 52.48%

Downloaded Search and destroy and wound up with all kinds of garbage even at this site I get redirected to Bright fact,Your softsite.com,Web survey central,Find,.com speed analysis.Thought I uninstalled everything with Revo uninstall but didn't work Please help
Edit/Delete Message
 

More replies
Relevance 52.48%
Question: badly infected

I have been asked to help clean a wndows XP machine that has the ' about blank' problem.....also AVG will not update and I am being stopped from visiting some malware sites.....please can someone help

Answer:badly infected

I think this is also referred to as a Homepage Highjack.

10 more replies
Relevance 52.48%

So i just got hold of my sisters laptop.... Im not even sure if you guys can do anything, but here we go.

I've looked at her computer and it runs maybe 1/5th as fast as it used to.. She has alot of stupid bleep on there that i know can and should be deleted. She does have some stupid game toolbars on her broswers and this 1 real annoying one called funmoods. When i scanned with malwarebytes it showed 40 detected objects all related to this "funmoods" crap. I could really use help clearing this laptop up.

Answer:i ~AM~ infected, badly.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

8 more replies
Relevance 52.48%
Question: Badly Infected

Dear All:My computer is badly infected and is infecting and USB drive I am using... Too Bad!!Please help me out and thank you in advance.RoseThe DSS log file is below Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:21 PM, on 7/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exeC:\MATLAB701\webserver\bin\win32\matlabserver.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\T... Read more

Answer:Badly Infected

PLease help all my usb drives and even my mobile phone are infected....

18 more replies
Relevance 52.48%

my kids use my computer all the time, all of a sudden it is so slow its almost impossible to use, my desktop is very old but i have windows 7 on it i believe, i tried to download some virus or malware programs from file hippo to see if i could get rid of this infection myself but they wont even download

Answer:i am badly infected

Hi keekee... Lets see if we can get thru these...MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. V... Read more

6 more replies
Relevance 52.48%
Question: Badly infected

Ive been trying for two days to post my problem when I click next it says IE cant find the internet

Answer:Badly infected

The computer started out running slow. I get redirected to a page other then what Im typing in. And then it started freezing up where you could not do anything on it. It had avg on it. I tried to uninstall avg and while it was going through the uninstall the computer froze up. So once I got it to where I could get back into the add/remove program the avg was still in there but when I tried to uninstall it. It told me it wasnt there. There are still files that say avg on it. I downloaded ccleaner and went into the add/remove prgrams through that and was able to remove it that way. But again there are still files that say avg. I then installed advanced systemcare and ran that and did the fix through that. At which point I am able to do this. I still have the same problems but it dont freeze as much as it did. After that I installed avast and avast found somethings and I moved all to chest what I could. There were a few that it wont let me do anything with. Again Im still have the same problem with it redirected, running super slow, takes forever to load things. freezes, and at times dont allow me on the internet. Now I have followed all your steps on the page. I ran into a problem. I trid to run the GMER Rootkit Scanner as it was scanning it shut down the computer. I didnt try it again because I didnt know what caused it and didnt want to risk anything else. I do not have the windows disk
When I try to upload the attach file or the dds I get the same thing

2 more replies
Relevance 52.48%

Hiya,
i keep getting positive results after running a adw cleaner scan
even though i also run hitman pro & malwarebytes
 
Can anyone please tell how bad the taste of my box is?
Thx, user9898
 
 
# AdwCleaner v2.301 - Logfile created 05/29/2013 at 21:16:55
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User :XXXXXXXXX
# Boot Mode : Normal
# Running from : C:\Users\blub\Downloads\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\Users\blub\AppData\Roaming\Mozilla\Firefox\Profiles\ns8qeldw.default\searchplugins\SweetIM Search.xml
Folder Found : C:\Users\blub\AppData\Roaming\Mozilla\Firefox\Profiles\ns8qeldw.default\extensions\staged
Folder Found : C:\Windows\SysWOW64\WNLT
 
***** [Registry] *****
 
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\WNLT
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Found : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Found : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B983844983... Read more

Answer:How badly is my box infected

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

1 more replies
Relevance 52.48%
Question: badly infected pc

Can somebody please have a look at this logThere are a lot of popups, and the pc is becoming very slow with random freezesLogfile of Trend Micro HijackThis v2.0.2Scan saved at 13:39, on 2009-01-03Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\System32\snmp.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\WebMediaViewer\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\PixArt\PAC207\Monitor.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32 ... Read more

Answer:badly infected pc

Hello FruityKicker,Welcome to Bleeping Computer.My name mas_pogi and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Attention!Please do not run any other tool untill instructed to do so.Please tell me about any problems that have occurred during the fix.Please tell me of any other symptoms you may be having as these can help also.Please try as much as possible not to run anything while executing a fix.Please reply to this thread, do not start another.You might want to save this page on your bookmark, so you can find it again when you return.Firefox: Then click on Done.IExplorer: Then click on Add.Stay calm and everything will be just alright.I will be analyzing your log. I will get back to you with instructions after it is approved.With Regards,mas_pogi

4 more replies
Relevance 52.48%

Hi somehow i dont know how i got the virus i think its because i mistake and posted my ip address when i took a screenshot to post on a site, and someone probably hacked into my pc and put them on or something, but my Browser opens up in either Chinese , japanese or taiwan im not sure what language it is, then sometimes my Keyboard seems to be disabled when i type sometimes strange boxes or commands are typed like if i hit the key S it would ask me if i want to save or anything without pressing ctrl and the key W closes webpages, also sometimes my mouse moves by itself and it greatly slowed down my internet and computer speed, my download speed was once 100kbps and now its downloading at 3-20 kbps, i currently dont have a Cd to reformat the laptop is there any other way to get rid of these viruses? also when i try to run my antivirus(symantec antivirus) it either freezes or does'nt open, and when i try to download any other antiviruses(like avg) not only does it download at a very slow rate but the download freezes before 15%, lastly my auto-protect detected something called infostealer so im guessing its alot of spyware on the laptop please help
thankyou for taking your time for reading this (my Os system is Windows Xp )
Also there is no sound on my pc althought its not muted and the speakers are in good condition

Answer:Badly Infected Help Please

Hi and welcome lets try to do these,it may be easier to run till we remove some junk.Online Scans ... please post the scan results.ESET Online ScannerBitDefender Online Scanner

58 more replies
Relevance 52.48%

Gday all,

I just got hit hard i think with that VUNDO Trojan. here is the story. I just updated my PC @ home to IE7 and when i restarted to complete the process my computer has started acting weird in the last couple days, and I started getting popups even with blocker on, and also my computer will max out to 100% on certain web pages. A friend reffered me to you guys, as you are fast and excellent service. I have been reading some topics and tried following some instructions but still. showwing up with a Trojan.Vundo and a Trojan Agent in Malwarebytes, and Fecati.and FAl.mav somthing in Spy Sweeper and a couple in SpyHunter. but after running these programs and doing the removals they return everytime. as well as my computer maxing out @ 100%. I need help I run a Small Busniess, I am looking forward to your help Thanks in Advance.

Answer:OH S!@# I think I am Infected badly! need help!

Sorry for the Wrong Section

4 more replies
Relevance 52.48%

Hi All,
I have been infected with a trojan or something similar, I have noticed this thing keeps creating lots of *.tmp files in my windows\temp directory.
I have zonealarm internet security / spybot & superantispyware installed as per reading messages from this site.

It seems to create these files and send mass emails from my system as per netstat.exe in command prompt.

I can prevent the sending spam with zonealarm by disabling services.exe - but this will cause its own set of problems I would imagine.

I have a log from superantispyware and others however as per header I will not attach until requested I assume this is correct procedure.

Hopefully someone can help as I have tried everything I know for the past 4 days and my head is melted and the wife very lonely

Cheers
Martin

Answer:I'm Infected Need Help Badly Please

please post the superantispyware log if you could =]

6 more replies
Relevance 52.48%
Question: Badly Infected

E
 attach.txt   24.84KB
  0 downloads
 dds.txt   14.87KB
  5 downloadsnclosed is DDS log will explain via LaptopDave

Answer:Badly Infected

Hi,
I've had to reply from my laptop.I got a phone call from someone who addressed me by my name and obviously he had my telephone number supposedly from Window security. He said I had problems with my computer and it was a new virus which had infected a large number of computers. I laughed at him before hanging up. He rang back next day and he said "they" could see my computer was infected and that he had my windows serial number which he then proceeded to tell me! He said the number over the phone and it was correct. He then took me into the event viewer on my computer and there are a lot (over 2000) errors and warnings all dated from 2nd April to date 17th April and ongoing.
He then said he would help me to clean up my computer by taking me into safe mode. At this point I hung up on him again.(I thought at the time that it was worrying that he had both my name and telephone number as I live in Tenerife and am not in any telephone book!) Also I haven’t downloaded anything of any consequence that I know of but I did buy a 10way USB Hub from Amazon which I installed at about the time of the first errors in the Event Viewer,(is it possible to doctor a USB hub with a microchip to gain access to my computer? As after installing it the boot up hangs for about 10 secs after checking memory but before detecting HDD drives but after removing the Hub it goes to loading windows OK but takes about 10 mins to load instead of the normal 3-4 mins). One other thing when I uninstalled... Read more

17 more replies
Relevance 52.48%
Question: ami infected badly

my computer slows doen suddenly....
it gets back to its normal speed when system restore is done..

this was happening for sometime..
but nw.....
all my outlook express mails have been deleted automatically
once background changed automatically when i started my system...
and wasn't able to recorrect it for some time...

then i updated Mcafee which i am using ....and did a quick scan
d background problem got correcetd....... but no virus was detected.....
when i was closing firefox tabs it was giving "firefox crashed".... but fter update and scan this problem is also ok...
later when i again started my comp.. nd connected net ... Mcafee was automatically getting updated....suddenly an error came.......
mcshield.exe .... is stopped.. then internet speed slowed down.... so i immeditely disconnected ... then reconnected...
and problem was ok..
so is it that mcafee isn't able to cope up with some kind of a virus...

Answer:ami infected badly

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

1 more replies
Relevance 52.48%

Hi,

I've been infected for a couple of days now and it's gone to the point that I can no longer use the internet. IE seems to get killed. I'm writing this post from my wife's laptop!

It started with a McAfee pop up saying that it deleted the Vundo trojan except for a .dll in C:\windows\system32 directory. This failed deletion seem to get McAfee stuck in a delete loop as the registry changes reappear in the warning pop up. I get something about InprocServer32 entries.

I wasn't able to delete the .dll file in the system 32 folder, even in safe mode. I finally deleted it through the recovery console but as I expected it came back. It's now called YAYVWOEU.DLL.

Another thing I notice is that if I have Tea Timer from SB S&D running and I deny the attempted registry change from something called bm6b77dae3 it gets stuck in a loop constantly displaying a blocked instance. It sucks the life out of my PC's ressources.

I've had a few reads here and there on the internet but I get so many possible causes and solutions that I figured I should get expert help since I'm not likely to solve this on my own.

Here's my HJT log:

Logfile of HijackThis v1.99.1

Scan saved at 16:38:58, on 06/08/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.... Read more

Answer:Badly infected, please help.

16 more replies
Relevance 52.48%
Question: badly infected

Hi there. I have a few virus's I tried to get rid of the one I knew I had and that was the Win32trojan. But my computer still is not running correctly. It freezes up, IE closes itseld out. Takes forever to load up or load any program up. Reboots itself. Also when Im trying to surf the web the IE cant display the pages. Says Im not online which I am. This is what I know that I can give yas so far. Im running WinXp Home. I downloaded and ran finally fast.com And ran the scan and this is what its telling me. I didnt do anything at this point. please help me

It tells me that I have 42 Class errors, 74 Missing shortcut errors, 35 Missing shared files errors, 2 Missing Application errors, 7 Missing help files, 111 Invalid file extension errors. I didnt buy the program so it wont give me a log but if there is another way to do it Id be more then happy to do it so you can see what all the errors are.

And now here are the steps I folled from your website
 

Answer:badly infected

Welcome to Major Geeks!





PaGrrl said:





I downloaded and ran finally fast.com And ran the scan and this is what its telling me.Click to expand...

Get this JUNK off your PC immediately and never download stuff like this. Yes I know it is on commercials. It is still pure junk that you don't need and even if you purchase this, it is not going to fix any real problems that you have. In fact it would not have fixed all the problems fixed just be running our cleaning procedure and it is free. Uninstall PC SpeedScan Pro (which is what they install) immediately. Also uninstall Performance Center if it shows which they also install.

While uninstalling things also uninstall Java(TM) 6 Update 3 which is an old out dated version.

Also uninstall a-squared HiJackFree and a-squared Free which you don't need and will just add to your slow PC problems since you do not have any memory to spare.

Also uninstall Ad-Aware which is a waste of system resources and SUPERAntiSpyware and Malwarebytes we asked you to install are far more superior applications.

If the reason you started all of this is because your PC is slow, it is not due to the minor infections you had. It is due to the fact that you have one-quarter of the amount of memory in your PC that you really need to run Windows XP SP3 and all of your applications. Your logs show:



Total Physical Memory 256.00 MB
Available Physical Memory 81.84 MBClick to expand...

You ... Read more

7 more replies
Relevance 52.48%

This is my boss's laptop I'm working on. He is completely computer illiterate and has managed to completely hose his computer. I have done everything listed in the help topic, as well as installed Spyguard and Spyware Blaster. The computer is stilll taking a good ten minutes to boot up and does crazy things when connected to the internet. The log file is posted below. Thank you so much!Logfile of HijackThis v1.99.1Scan saved at 6:11:58 PM, on 11/30/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\SymantecNorton\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXEC:\Program Files\Common Files\S... Read more

Answer:Badly Infected - Tried Everything

Hi Kimberly and Welcome to the Bleeping Computer!Download WinPFind: WinPFindRight Click the Zip Folder and Select "Extract All"Don't use it yetDownload and unzip BFUzip from HERERight Click the Zip folder and select "Extract All"Locate and double click BFU.exeNow locate and click the Greenish Blue globe with the chord plugged into itWhen the next small window pops up-> Copy&Paste this URL into it and click OKhttp://metallica.geekstogo.com/2search.bfuOnce the URL has appeared in the "Scriptfile to Execute"-> Confirm that 2search.bfu is in the BFU folder.Now click the execute button and let the script runReboot into SAFE MODE(F5 or F8 when restarting)Here is a link on how to boot into Safe Mode: SafeModeOnce in Safe Mode,Run the BFU Script once more to confirm nothing has survived.Once in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"It will scan the entire System, so please be patientOne you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folderRun MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!Under the "General" TabMake Sure "Normal Startup-load all device drivers and services" has a green tick by itClick Apply>>Close>>Follow the Prompts to RestartRestart Normal and have the PC Scanned here: Panda A... Read more

24 more replies
Relevance 52.48%
Question: Badly infected

Hi,

I am trying to help out a small nonprofit (www.manoamano.org) with their malware problems.

WindowsXP on Dell Inspiron 710m

This computer (Segundo) will not allow updates to the installed AVG Free antivirus. Any attempt to access an antivirus site is redirected to bogus sites or are blocked. It will NOT boot into safe mode. (Comes up with a blue screen that says "A problem has been detected and windows has been shut down to prevent damage to your computer. The video driver failed to initialize... dump of physical memory...)

MS Windows Malware Removal tool finds no infections. McAfee Stinger reports no infections. AVG Free (which I can't update) reports no infections.

I have it off-line and moving everything to it via a write-protected thumb drive. From it another thumb drive.

GMER produced a warning: "Loaded Gmer's driver version is incompatible with the currently running GMER application. You need to stop the driver with the command "net stop gmer" or restart your computer." (OK)Then C:\WINDOWS\system32\config\system: The process cannot access the file because it is being used by another process. (OK) All choices grayed out except Services, Registry, Files, and ADS. (Scan) Then same "...cannot access the file..." again (OK) FOUR TIMES. Then "GMER hasn't found any system modification." (OK) There was no output.

I am so frustrated! I bet you hear that a lot. :)

I am grateful for any direction or help... Read more

Answer:Badly infected

Additional Information: System Security Trojan
There is a program called "System Security" on the desktop. (Black and Yellow Striped Shield Icon.) When you click it, it "looks like" is is scanning the computer for malware. There doesn't appear to be any "Help About" or any other information about what it is. I am pretty sure it is a Trojan application. (Dan and Segundo said they downloaded and paid for something that looked good. Dan doesn't remember, but I suspect this is it.) I can't find anything from a source I know to be reliable with an internet search. It does not show up on the "Add or Remove Programs" menu. A friend on Twitter said: "acomputerpro @Honda_Insight, yes... that is exactly what I killed. http://tinyurl.com/9lo998 doesn't work." and "acomputerpro @Honda_Insight, I had to go beyond the instruction set from BleepingComputer.com and remove the rootkit portions manually from the registry."

16 more replies
Relevance 52.48%

I am absolutely desperate. I have been trying to get rid of this thing for 2 weeks but as I am not the most literate of users I am absolutely stuck now......
I have read as many of the posts as I could but none that Ive read seem to have the same problem.....

When I got the virus initially I downloaded rkill as suggested, ran that & then Malware Bytes and thought that I had it licked, within minutes of restarting it all came back ....I was, and still am, unable to run task manager, rkill ot hijack this to stop the processes so that I can open any other program to try & kill it.I then tried the safe mode start up, again as suggested, this was also blocked, all the other options were totally unknown to me so I didnt dare do any of those. the internet does not work on the infected computer so I downloaded rkill to a cd, as suggested, but it wont let it run....

I really dont know that much about computers, I am a 'mature-aged-user' and dont really understand too much about the registry or many of the other things you all talk about so fluently, I live way out in the bush so getting technical help to come out here is not really an option for me, I am borrowing this laptop at a friends house where I am staying temporarily with my grandchildren so that they can at least get some of their homework done.....I would appreciate ANY help and advice from you knowledgeable people out there -

Many thanks in advance to anyone who can help, I really am most grateful for... Read more

More replies
Relevance 52.48%
Question: badly infected

My computer has been infected with viruses and many other things. Many programs freeze or won't open. Here's a list of some problems:
-white background
-no task manager
-no sound from internet
-internet doesnt respond a lot
-my computer cannot open
-when i open a folder and click on the arrow to see more folders, the computer just freezes
-different pop ups, and ads
I tried to download spybot but it would not open. I have already downloaded dds and gmer. DDS gave me the files however, gmer did not open. Here are the files from DDS.

Thanks


DDS (Version 1.1.0) - NTFSx86 NETWORK
Run by Administrator at 0:24:15.70 on Sat 01/03/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.804 [GMT -8:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://windiwsfsearch.com
mDefault_Search_URL = hxxp://www.google.com/ie
m... Read more

Answer:badly infected

bump, sorry if i was unclear, by my computer i meant the folder

19 more replies
Relevance 52.48%
Question: badly infected???

i am having problems with my computer and was wondering if anyone can help. posted to the hijackthis forum and was sent to the windows xp forum but they are not able to help any further. i am not able to load windows normally. the screen blacks out every couple of seconds while loading. the harddrive is still going, but the monitor goes black. the only way that i am able to load windows it by pressing the F8 key and selecting the vga mode. while in the vga mode, the resolution is off so the fonts are big. i was going to restore the harddrive but am not able to do so because when i put the cd in and reboot, it does not boot from the cd and just loads windows. not able to load up any other way. here is my log. any help would be greatly appreciated. did the online panda scan and it found a hack program, but was not able to send it because the fonts are so big that i was not able to scroll the page and see the save button. hope that someone would be able to help.



Deckard's System Scanner v20070426.43
Run by anyone on 2007-05-22 at 17:22:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as anyone.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:22:15 PM, on 5/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system... Read more

Answer:badly infected???

bump please, thank you :)

2 more replies
Relevance 52.48%
Question: badly infected

I really need help. I'm using windows xp sp3. My desktop icons are gone and my startup menu is empty. I have a red circle with an x in it near my clock along with a system check icon. A message box opens about 20 times that say windows- delayed write failed. also a box pops up that saysfiles indexing process failed.  I have gone through the malware removal steps as best I could. I am unable to download and open spybot.An error occured while trying to install avast antivirus.installed online armor and 2 things needed attention, exploring startup menu and checking autoruns.My add or remove programs list is empty.cleared cookie with ccleaner.I cannot open superantispyware or malwarebytes.I tried to open javaRa and got runtime error.here are the dds logs:please help. Thanksdds.text.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.11  BrowserJavaVersion: 1.6.0_26Run by HP_Administrator at 14:40:34 on 2011-12-31Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.45 [GMT -5:00].AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.... Read more

Answer:badly infected

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************The log shows that you only have 1.06Gb of free space on your C drive. Windows requires at least 15% (27 Gb) in order to ... Read more

14 more replies
Relevance 52.48%
Question: badly infected

hello i dont know what happened but my computer is running very slow all of a sudden.....so i dled the latest hijackthis and ran it and it said i had so much hijacked domains i should just delete all the O1 files right away and i did here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 03:19, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ipmon.exe
C:\WINDOWS\system32\PhotoLinker.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOW... Read more

Answer:badly infected

Hello again xdragonx,

I'm afraid it's not as simple as just fixing those O1 entries--you're quite infected and this will take a few rounds to clean.

You need to be careful of the sites you visit, files you download, links you click on.

The log you've posted is the beta version of HijackThis and is still under development. Please refer to this thread TrendMicro's HijackThis version2 Beta

Please copy these instructions to Notepad and save to your desktop for reference.

----------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you which I will need in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of you... Read more

18 more replies
Relevance 52.48%
Question: Badly infected

Hi,

So I have been infected for the past two weeks. First of all, I am running XP. When I start up my computer and windows loads, a notification pops up saying, 'error loading cpcp.cpo'. But the main problem I am having is that no matter what program i use, whenever I start to do a system virus or malware scan, the program shuts down about 5-10 seconds after the scan starts. I am able to actually download any antivirus program I want, its just that whenever a scan starts the program shuts down and the next time i try to access the program it says I do not have proper permission to access the program. I am stuck, I have no idea what else I can possibly do. Any help would be greatly appreciated!
Thanks!

Answer:Badly infected

Hello jigglyball.Please run these next. If that error still persists we will get it next.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatic... Read more

1 more replies
Relevance 52.48%
Question: Badly Infected

Hi Forum.

I've been infected with tons of virus. It appears that every page html / htm / asp / php page on my pc has been infected with

Trojan-Clicker.HTML.IFrame.cw

and other files on my pc has been infected with

Worm.Win32.Viking.lw

I just scan with kaspersky it turn up 18 viruses and 1100+ infected objects.

PLEASE HELP
I've just edit my post to attach my kaspersky scan log .
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 15, 2007 5:25:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/12/2007
Kaspersky Anti-Virus database records: 483501

-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 69656
Number of viruses found: 18
Number of infected objects: 1146
Number of suspicious objects: 0
Duration of the scan process: 00:54:17


===============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:52 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WIN... Read more

Answer:Badly Infected

still need help - Please take a look at my kaspersky scan log. Ive attached the log as a txt file. I know you guys are busy. I appreciate your response. Thank you
 

1 more replies
Relevance 52.48%

Hey,

I volunteer with a small non-profit, Mano a Mano International, http://www.manoamano.org/ . They collect medical supplies and send them to Bolivia. They also raise donor funds here in the US to help build clinics, schools, roads, airstrips, and water reservoirs in Bolivia.

I try to help with the "computer stuff." They have about 8 PC's, all of which seem to be working well except Dan's:
Mfg: lenovo
Model: thinkpad R60
OS: Windows XP Professional Service Pack 3
Antivirus: Trend Micro

It has several problems that I tried to cure with freeware programs: Spybot S&D, ATF Cleaner, SuperAntiSpyware, AD-Aware, Spyware Blaster and MVPS Host file.

After I thought I was done, Outlook 2003 connects and updates, but when a message is opened, only the header shows. The body never fills in. Also IE homepage kept going back to hxxp://mystart.incredimail.com, which I "fixed" with Regedt32 by removing entrys with incredi*, but the Outlook problem got no better. I tried a system restore to Tuesday (and other dates), but keep getting the message: "Restoration Incomplete Your computer cannot be restored to Tuesday February 10, 2009 System Checkpoint No changes have been made to your computer." I tried the restore in safe mode with the same result. I tried to reinstall/fix Outlook 2003 and/or Microsoft Office both from the server and from CD. Always get the message: The installation source is not available...

tetonbob helped me ... Read more

Answer:Badly Infected 2 (too)

Hi,

Please bump. Thanks

9 more replies
Relevance 52.48%

Antivirus system alert Pro pop ups. wont allow me to open any programs on my computer including things that i have found on this site to help get rid of it. it always says that the file is infected. It also opens IE on its own and goes to porn and viagra sites. I have looked all over this site but nothing is working for me. if i could get my own personal help that would be awesome! I run Vista and I would really rather not have to reformat or go without my beloved computer for too much longer. Thank You

Answer:Infected Badly Please Help

Welcome Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser!Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean. RKill by GrinlerLink #1Link #2Link #3Link #4Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.Download Link #1.Save it to your Desktop.Double click the RKill desktop icon.
If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful run.If this does not occur please delete that application and download Link #2.Continue process until the tool runs.If the tool does not run from any of the links tell me about it. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.... Read more

8 more replies
Relevance 52.48%
Question: Badly Infected

ok idk whats wrong with my pc...all i know its that it goes crazy...windows start popping out...my desktop changes by itself...some websites dont open..i mean IE doesnt work im using mozilla...next to where it says the time and date it says VIRUS ALERT!..some window pops out sayin trojan..win32..netbooster...theres a couple more problems to it as well but here my hijackthis logfile reportLogfile of Trend Micro HijackThis v2.0.2Scan saved at 19:50: VIRUS ALERT!, on 03/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Java\j2re1.4.2_14\bin\jusched.exeC:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exeC:\Archivos de programa\Windows Live\Messenger\MsnMsgr.ExeC:\Archivos de programa\Java\j2re1.4.2_14\bin\jucheck.exeC:\Archivos... Read more

Answer:Badly Infected

Hello julivl1,Welcome to Bleeping Computer You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from th... Read more

16 more replies
Relevance 52.48%
Question: Pc Infected Badly

Can anyone help me? I am experiencing a lot of troubles with my pc lately. I can't exactly tell what but i think it's been infected by a malware very badly. sometimes an application crashes/freezes upon starting, while most of the time it crashes while it is in use. When i do a system scan, it results to either my pc restarts itself or I get a blue screen. I also noticed that i can't download a clean file, it says i cant execut it because it is corrupted. i tried downloading a same file from a different unit and used a flash disk to access the file here, i can install it w/o any problems. I can't recall all but here's my HJT log file.. Any help will be much much appreciated as im close to giving up this pc.. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:35:03 PM, on 2/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Common Files ... Read more

Answer:Pc Infected Badly

Hello jepoy1026,Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

72 more replies
Relevance 52.48%

I really need to get rid of all this malicious infections:I was infected by a trojan where my desktop was hijacked, my firefox browser sometimes would sometimes go to a different page while on google, and I can not go to safe mode, or system restore my system back. I ran the malware bytes program, and I selected to delete the files, and even though I rebooted, and even deleted the infected files from the quarantine area, I want to make sure they are really gone.One thing I still notice is that my timezone is setting in military time now. How can I change that, and I'm get safe mode working again.Here is my log:Malwarebytes' Anti-Malware 1.41Database version: 2907Windows 5.1.2600 Service Pack 2New logScan type: Quick ScanTime elapsed: 55 minute(s), 12 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 3Registry Data Items Infected: 6Folders Infected: 0Files Infected: 10Memory Processes Infected:C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> No action taken.C:\WINDOWS\msb.exe (Trojan.Agent) -> No action taken.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> No action taken.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run&... Read more

Answer:Have been infected badly. Really need help.

Anyone? I really need to get rid of this.

2 more replies
Relevance 52.48%

Hi, I have windows xp sp3.  I have IE8 and was using MSN to connect to internet through dial up.  I then changed to Juno.  I believe this is when I started having problems like "this program cannot display the webpage" and when trying to go to msinfo32, i get "not a valid win32 application.  First malicious infection, approx 1 year ago, then 2 months then a week ago.  I immediately activiated the malicious software removal tool from Microsoft and had Microsoft Security Essentials in place.  I removed 136 infections.  I have continued removing for the past week until I found you.  I have several programs blocked through Online Armour-how can I know if ok to let them back in?I read the page before removing malware by evil fantasy - and here I am.  I don't know if I am still infected, but when I try to go to certain sites as stated above, I get the "This program cannot display the webpage", and when I try to open msinfo32.Code: [Select]SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2010 at 01:14 AM

Application Version : 4.41.1000

Core Rules Database Version : 5278
Trace Rules Database Version: 3090

Scan type       : Complete Scan
Total Scan Time : 00:35:14

Memory items scanned      : 417
Memory threats detected   : 0
Registry items scanned    : 5108
Registr... Read more

Answer:once badly infected-not sure what now

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.Exit out of MessengerDisable then delete the two files that were put on the desktop.====================================Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there)R0 - HKCU\Software\Microsoft\Internet Explo... Read more

14 more replies
Relevance 52.48%

here is the log
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by jol at 18:02:28 on 2014-07-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1033.18.8157.6523 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe... Read more

Answer:I think im badly infected

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542630 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 52.48%
Question: Pc Badly Infected

Hitrying ro fix a PC for a friend with XP in Spanish, they keep getting browser pop-ups with ads.So far what I did was run Symantec Antivirus, Spybot and AVG anti spyware run the 3 of them while on safe mode.Spybot finds zlob.downloader.vdt but cannot remove even if setup to run at next windows start-up or on safe mode.Below is the log from Hijackthis.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:19:03, on 08/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Archivos de programa\Ahead\InCD\InCDsrv.exeC:\WINDOWS\Explorer.EXEC:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exeC:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Archivos de programa\Symantec AntiVirus\DefWatch.exeC:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\svchost.exeC:\Archivos de programa\Symantec AntiVi... Read more

Answer:Pc Badly Infected

Hello nava2007 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not ... Read more

1 more replies
Relevance 52.48%
Question: Badly Infected

Please help me with this pc.
 

Answer:Badly Infected

Welcome to Major Geeks!

You did not follow any of the instructions for using ComboFix. First it needs to be save on your Desktop. Then it needs to be renamed to cf.exe. And then you needed to run it using the Run box command as given in the READ ME (which was "%userprofile%\desktop\cf.exe" /killall ) Please make sure you follow instructions properly. Move ComboFix.exe to your Desktop now and then rename it to cf.exe.

However all that being said, I don't understand the title of your post because I'm not seeing any malware issues. Just some out of date Sun Java versions that you should have updated in step 1 of the READ ME. What malware problems are you having and why do you say "badly infected"?
 

3 more replies
Relevance 52.07%

My Dell Inspiron 4150 (Windows XP) is badly infected. I ran several virus programs like AOL Virus Protection, VundoFix, and nothing has cleaned it out. Popups for "virus protection" programs keep coming up and taking over my computer! Please help! Thanks very much for any assistance. Here is a copy of my Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 11:09:29 PM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common

Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common

Files\AOL\1143588527\ee\services\sscFirewallPlugin\ver1_

10_3_1\aolavupd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mcafee.com\personal

firewall\MPFService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\sy... Read more

Answer:Badly infected computer!

Hi and welcome

The Hijack This log is hard to read.
Please rescan with Hijack This.
When the log opens in Notepad, go to Format and select Wordwrap.
Then copy and paste the log here.
 

3 more replies
Relevance 52.07%

Hey guys, could you please help me??Whenever my laptop is connected to the internet. 20 billion advertisements pop up out of nowhere.Here is a Hijack This logfile I just saved. Please let me know what we can do to fix my laptop guys. Thank you.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:35:32 PM, on 11/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\bgsvcgen.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Nero... Read more

Answer:My Computer Is Infected Badly! Please Help!

Welcome to the BleepingComputer HijackThis Logs and Analysis forum yammanaim My name is Richie and i'll be helping you to fix your problems.First of all you've no virus protection installed.Please download/install Avira AntiVir PersonalEdition Classic[Free]: http://www.free-av.com/Perform a full scan with Avira and allow it to delete everything it detects.Restart your pc when you've done.After restart,open Avira Antivirus and select "Reports".Then double click the report from the full scan you have just completed. Click the "Report File" button,then copy and paste the report into your next reply.Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed in 2006,read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present,then restart your pc:ViewpointViewpoint ManagerViewpoint Media PlayerIf you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK:"%userprofile%\desktop\combofix.exe" /killallCombofix.exe will start,please ... Read more

1 more replies
Relevance 52.07%

Hi

I have been having dramas with my laptop and now I really need help to remove the issues causing me major problems. I have AVG anti virus protection installed and when running a scan was being told that I have an infection called Trojan horse hider:MPR

The browser I use is firefox and for some time now I was getting messages telling me that "firefox was trying to be tricked into doing an unsecure update please contact my service provider".

I also get an error message everytime I start my computer saying "There was a problem starting C:\Users\Client\AppData\Local\Temp\utple.dll the specified module could not be found"

When I run a scan using AVG it tells me that the problem is located in the Documents folder. I ran scans on each individual file within this folder and none of them came up as having infections.

I then ran a scan on the client folder on my desktop and it came up with the following 2 infections:

Object name : C:\Users\Client\AppData\Local\jbuetdom\rhmthdtr.exe
Object Threat name : Trojan horse SHeur4.ACMP
Object Type : File
SDK Type : Core
Results : Infected
Object name : C:\Users\Client\0.7897592794586422.exe
Object Treat name : C:\Trojan horse SHeur4
Object Type : File
SDK Type : Core
Results : Infected

I have read through the initial steps that you require me to follow but am unable to do certain tasks as I cant download files to my laptop. I also ran a scan on my external hard drive using AVG and am b... Read more

Answer:Have a badly infected laptop need help!

Hi LindsayH,


Quote:




I also ran a scan on my external hard drive using AVG and am being told that it also has issues




What is AVG reporting on that external drive? What location(s) contain infection and what infection is it seeing?

Use another computer to download the tools needed, then transfer them to your laptop to run them. I'll have a better idea of what's going on once you post the logs. :)

19 more replies
Relevance 52.07%

Hello there! My name is Chris and I need a lot of help with removing viruses. Before we get started, and to make things easier, I'll paste my computer information below:

OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8139 Mb
Graphics Card: Radeon (TM) HD 7470M, 1024 Mb
Hard Drives: C: Total - 690371 MB, Free - 430754 MB; D: Total - 20768 MB, Free - 2208 MB; E: Total - 4054 MB, Free - 1092 MB;
Motherboard: Hewlett-Packard, 17F9
Antivirus: ThreatTrack Security VIPRE, Updated and Enabled

I figured anyone helping me may want or need that sort of information. Now I read the first post about backing up information, but I'm actually so badly infected that I can't back up anything, nor do I have any resources to back anything into. I can't even create a restore point. With that aside, any of my documents, photos, music, and emails aren't important to begin with.

Now then, I downloaded VIPRE a few months ago, but that was after the infected files were already on my computer. Whenever I try to delete one by using the "securely delete" option that VIPRE gives me, it doesn't work, as usual. I ran a free version scan with SpyHunter 4 and it found a whopping 98 viruses, which I'll list below now.

Rogue.Windows Web Shield (1 infection)
- [RV] {Rogue.Windows Web Shield} LowRickFile Types

Trojan.Poweliks (3 i... Read more

Answer:Badly Infected - Need Help Removing

I also forgot to mention that I'd like to avoid completely erasing my computer and starting over from scratch, if possible.
 

2 more replies
Relevance 52.07%

sorry i'm slow but i have to use my pc to send every thing. unable to use any malware programs even in safe mode, cant get on the internet, i have to copy everthing from my good pc to the infected laptop with a usb stick..thank you for your help,---Regards gunner.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Owner at 8:44:58 on 2012-04-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1760 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Page =
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHo... Read more

Answer:badly infected laptop

Greetings gunner1 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you!===================================================Ground Rules:First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
When you post your reply, do not use the but... Read more

more replies
Relevance 52.07%

Hi,
My computer has been running very slow and from time to time IE will pop up by itself and load up some random web sites...
I know I am infected but unsure how to get rid of it.
I have tried adware and norton antivirus...no luck.
Plz help, thanks in advance!

here's the log files:
Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:00, on 2007-9-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WIN... Read more

Answer:Plz help, computer infected badly...

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO:  - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\amld\.dll (file missing)
O3 - Toolbar: O?A?O?3x - {45CEDCCF-21BD-474C-B691-8CF787647E68} - C:\WINDOWS\system32\kvtffkqggvw.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Global Startup: Windows Update SP11.lnk = C:\Program Files\Common Files\xp11update.exe
O4 - Global Startup: A?A?O???I.lnk = ?
O9 - Extra button: OxE1?I? - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: OxE1?I? - {DE607142-AC19-422e-869A-9D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1009/aliedit.cab
O21 - SSODL: fvxp - {0D4D8E44-9BD3-49D2-8097-B12F8A9A8533} - (no file)
O21 - SSODL: (no name) - {12311512-2C1D-44b2-A044-872AD2AD5A61} - (no file)
O21 - SSODL: sshn - {12311512-2C1D-44b2-A044-872AD2AD5A61} - (no file)

Ignore any prompts for a reboot


---------------


1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's r... Read more

3 more replies
Relevance 52.07%

Hi guys,I've posted here before and I couldnt find my old post so I'll just resubmit a new one. Anyways, my computer is totally going slow. First my Internet Explorer started doing random pop ups like "You have a virus ..we are doing a virus scan..." "Your the 100,000 ..Click here to claim Prize" and it would steal the advertisings of websites with things like "Your computer is infected badly with a fake virus scan" Then my Mozilla got a virus on it so now I've been using Avant Browser but prefer to go back to normal. My computer also has been going really slow. You guys asked last time for my Combofix and Hijack this logs so here they are: I appreciate all the help.ComboFix 08-05-12.1 - Zabi 2008-05-14 1:03:28.5 - NTFSx86Running from: C:\Documents and Settings\Zabi\Desktop\ComboFix2150.exe * Created a new restore point * Resident AV is activeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime\qttask .exeC:\Program Files\QuickTime... Read more

Answer:Computer Infected Badly

Any ideas whast wrong??

3 more replies
Relevance 52.07%

Hi, i posted a thread in another part of this forum concerning some problems i had with CPU usage/maxed out RAM and jittering audio.
i posted a hijack this log and was told my system was badly infected.

here is a link to the thread:

http://forums.techguy.org/windows-nt-2000-xp/827089-cpu-problem-distorted-audio.html

if someone could help me get my system back to normal again i would very much appreciate it.

here is the log from hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:03, on 6/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\V... Read more

Answer:badly infected system. HELP!

bump please
 

2 more replies
Relevance 52.07%

I need help! I have a Windows 64 bit computer I have been getting redirected with google search for over a month I hve been afflicted with the fbi moey pack virus and security shield virus I got rid of the viruses however I am still constantly being redirected and the computer is running so slow Please help!

Answer:Badly infected computer.....Need Help!

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

1 more replies
Relevance 52.07%

Logfile of HijackThis v1.99.1Scan saved at 10:58:09 AM, on 7/31/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exeC:\WINDOWS\system32\ZoneLabs\minilog.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\Updater.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exeC:\WINDOWS\System32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exe... Read more

Answer:Hjt Log - Badly Infected - Pls Advise

I couldn't get a reply on the board and so I started reading on MajorGeeks and elsewhere to figure out what to do. I deleted the things that the article on Major Geeks cited as always bad.I also used the TrendMicro Housecall application. I cleaned all that it found inspite of its warning that important data could be lost.I figured out from the HJT logs that I needed to run the lspfix -(the malware was smart enough to entirely block the www.cexx.org url but I found another source for it.) Once I ran it I could access the internet again.Since the infection kept reinstalling itself and seemed uncleanable - so I assumed VX2 and ran the tools (adaware plug in and double checked with dllcompare)Now I seem to be clean but things are ahem... less than back to normal. As I mentioned above, IE takes about 10 minutes from the time that I click the quickstart icon to the time when the window appears. I'm running firefox with no trouble. I want to repair windows but I am completely blocked. When I run sfc.exe the shell flashes and then disappears. When I run sfc.exe from safemode the run item completely disappears after the first attempt. I have set the machine to boot from the CD in the bios, but then it always boots from the harddisk. Also, my networking is screwed up. There used to be a couple of little computer monitors on an icon. I could mouseover this icon to see my current connection speed. This icon is gone. I am definitely connected though. I had a l... Read more

3 more replies
Relevance 52.07%

I can't open certain files like malwarebytes and when I surf on google I get directed to different pages (I have to copy the link and paste it on the address bar in order for me to get to where I need to go). I tried reinstalling malwarebytes but it won't let me uninstall it. I really don't want to go through the painful process of reformatting. Any help would be much appreciated. Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:50 AM, on 6/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\... Read more

Answer:Help! Badly infected computer. :(

Dang...
 

1 more replies
Relevance 52.07%

My sister's messed up our main desktop and she doesn't know what shes downloaded. I can't run ANY applications on the computer.

Here's the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 19:27:58, on 30/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ntlworld.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,... Read more

Answer:Help Computer is Badly Infected

bump
 

3 more replies
Relevance 52.07%

My computer is running slow to the point when it can't keep up with my keystrokes. It have two pop up that happen every time you click on a new link or change to a new web page. I will give the partial address that appears on the pop ups. 1#-http://89.188.16.28/dot.gif, #2-http://sagipsul.com. Both have too many numbers and symbols after the initial address I have given. Also, the computer will freeze up immediately after I click on my login icon for windows. I will get the hour glass symbol forever and it won't allow me to do anything. Finally, I get a rundll32.exe application error every other time the computer runs. Thank you for your time and help.DDS (Ver_09-01-07.01) - NTFSx86 Run by Jason at 22:07:20.59 on Sun 01/11/2009Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.505 [GMT -5:00]AV: AVG Internet Security *On-access scanning enabled* (Updated)FW: AVG Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32 ... Read more

Answer:S.O.S Please Help. Computer Infected Badly

Hi, and Welcome to BleepingComputer My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following: I will be working on your Malware issues, this may or may not solve other issues you have with your machine. The fixes are specific to your problem and should only be used for the issues on this machine. Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear. It's often worth reading through the instructions before starting to follow them to amek sure you understand everything you have to do. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry. Please reply to this thread. Do not start a new topic.Please download GooredFix and save it to your Desktop. Double-click GooredFix.exe on your Desktop to run it.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system... Read more

10 more replies
Relevance 52.07%

hello and thanks for your help in advance. The wife clicked something this morning and now im hijacked! There are alot of items in the hjt log that werent there before. just wanted a expert opinion before i delete anything. and what has infected me? thanks so much!

Paul

Logfile of HijackThis v1.98.2
Scan saved at 1:22:31 PM, on 10/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sunbelt Software\iHateSpam\siService.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siSpamFilterEngine.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Sunbelt Software\iHateSpam\siMailProxyServer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:... Read more

Answer:Infected badly! HJT log for review. please help!

Please do this. Click here http://forums.techguy.org/attachment.php?attachmentid=38105 to download getservice.zip and unzip it to your desktop. Open the Getservice folder and click on the getservice.bat file. A notepad will open up with a long list of services. Please save that notepad file and attach it to your next reply to this thread. It will be easier to attach it rather than copy and paste because it will be too long to paste in one post.

After you post the getservice list, it is very important that you do not restart your computer or attempt to do anything to remove this until I have posted the removal directions because the files and the entries in HJT will change and we will have to start all over again. It would be best that you do nothing at all with the computer until you get the directions.
 

1 more replies
Relevance 52.07%

Hello my office PC is Win 98, P-III. Most of our office works involves working with MS-word and doing miscellaneous secretariat work. For the last one month, I am facing some very serious troubles working with MS-Word on my computer. As and when I create a MS-word file and save it, one more copy of it gets created automatically in the folder. Like thisAs you can see one copy if Dim and another is normal. Then after creating the file for the first time, whenever I reopen this file inside the MS-word, the file open with some strange illegible characters. Here is a screenshot : The peculiar thing is that whenever I open the same file through Window Explorer (i.e. by opening the relevant folder and double clicking on the file icon), the file opens normally :Here is the same file when opens through the explorerSince my official duties requires working on MS-word throughout the day, the inability to open the files through inside the MS-word itself and every time opening it through explorer is seriously affecting my work. The another problem is copying this files to another computer. When I copy some of my word files in a floppy and transfer them to another computer, these files automatically get deleted on the new computer. As a result, I am not able to transfer my word files to a new computer which is also a very serious problem. Kindly help me what should I do ?RegardsNannu

Answer:Ms-word Is Infected Badly. Pl. Help

Hello, I am still waiting for a reply. The problem is seriously affecting my productivity.

Please help if possible.

Thanks

Nannu

4 more replies
Relevance 52.07%

I'm working on a friend's Windows XP computer that has, at the very least, a Security Tool infection.  I've successfully cleaned a couple of other computers, but this one has me stymied.  Because Security Tool is intercepting the commands, I can't install mbam or HJT on it. I can't get it to go into safe mode. I tried booting it to an Fsecure boot cd and to UBCD, but it hangs - just get a black screen and all drive activity stops if I press a key during bootup. (If I don't press a key with a CD in, it boots to XP.)  I've tested the cds on other computers and they work fine.  Any ideas how to get around this?

Answer:Badly infected computer

Hello nottheoneyouknow and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Quoteit boots to XPWhat does this mean? Are you able to boot and access the internet? Are you sure that the F-Secure CD is burned properly. It's an ISO image and must be burned with an ISO burner.Please don't take these questions the wrong way. I'm just trying to get all the information I need to help you.

11 more replies
Relevance 52.07%

Hi all,
These are the problems i am experiencing as best as i can describe them.
From what i can see my internet is running at usually less than 1/4 of its normal speed though this occassionally alternates to full speed or down to 1/10. The problem was fixed slightly after running trendmicro housecall, after this speed went back and also some other things on the computer started functioning again such as being able to copy and paste. From previous scans i would come up with 5 pieces of spyware from using trendmicro scan though even though it supposedly removed them they would still reappear in consequent scans. Recently it has begun to freeze while scanning for spyware. Presently scanning with Ad-Aware will post its results after this. Also speed is back down to 1/4 normal speed i also have a log file from hijack this and will attatch it to my post. Sorry if this wasnt overly descriptive and i hope it can help you in diagnosing and aiding me.

Answer:Badly Infected I Assume

Here is the log file created by the Ad-Aware scan, found 17 infections, all fell under the privacy tab one MRU the rest were cookies etc, i also cleaned out the temp net files.

3 more replies
Relevance 52.07%

So, my first post was in the Am I infected, and I got referred : http://www.bleepingcomputer.com/forums/t/284756/internet-security-2010/My laptop, since I had the final problem on my first topic, seems to have sorted out one or two things but I want to be sure that it's better, and system restore had to take place so I'm not sure if some of the logs from my previous post will have changed.The GMER log, from the last post, is :GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-01-08 12:19:28Windows 6.0.6001 Service Pack 1Running: x5fivd7i.exe; Driver: C:\Users\Chloe\AppData\Local\Temp\kwlcqpog.sys---- Kernel code sections - GMER 1.0.15 ----.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x80795024]---- User code sections - GMER 1.0.15 ----.text C:\Windows\system32\svchost.exe[600] ole32.dll!CoCreateInstance 767DE188 5 Bytes JMP 00A1000A ---- User IAT/EAT - GMER 1.0.15 ----IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A988B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73AD98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)IAT C:\Windows\Explorer.EXE[1116] @ C:\Windows\Explorer.EXE [gdiplus.dll!Gdip... Read more

Answer:referred, badly infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Relevance 52.07%

An XP computer has Norton, and Norton is one of many programs on the computer that is infected. A scan reveals over 12000 infected files, but cannot clean them. In other words, Norton is a useless, gutted shell. Burning AVG and MBAM to a disc as tool.exe and toolb.exe and praying that none of the viruses are exe blockers or self-destructors. If comp. viruses were human viruses, this thing would get tossed in a biohazard barrel by guys in hazmat suits. Anyway, do you guys have any more advice? Sincerely, a guy who wonders how a comp. can get that many friggin' viruses and still run.PS: for those of you people who still insist on using norton after seeing how helpless it is, poke around in the files some and you'll find a one-year temp license code that gives you the full thing.

Answer:Badly infected computer.

If the machine's as badly infected as you say, then FDisking, formatting and starting-over may be the best solution..."Channeling the spirit of jboy..."

5 more replies
Relevance 52.07%

the malware in my computer is spreading fast.can't even update my kaspersky antivirus anymore.I attached the log file after i scan with comboFix.hopefully some one here can help me out.ComboFix 09-01-16.03 - ming ann 2009-01-18 11:35:54.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.495.136 [GMT 8:00]Running from: c:\documents and settings\ming ann\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\ming ann\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)FW: Kaspersky Anti-Virus *disabled* * Created a new restore point.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).D:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 ))))))))))))))))))))))))))))))).2009-01-17 22:52 . 2009-01-18 11:21 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2009-01-17 22:52 . 2008-06-10 21:22 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys2009-01-17 22:52 . 2008-06-02 15:19 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys2009-01-17 22:52 . 2008-06-02 15:19 42,376 --a------ c:\windows\system32\drivers\ikfilesec.sys2009-01-17 22:52 . 2008-06-02 15:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys2009-01-17 22:51 . 20... Read more

Answer:badly infected,any solution?

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed.

1 more replies
Relevance 52.07%

Hello everyone!

I've been having some problems with my computer lately, and, as I have suspected, it's badly infected. I've noticed that my laptop has been working slower than usually, especially my browser - Google Chrome. I decided to run AdwCleaner, but couldn't. Then I have sought help here, at BleepingComputer. I was asked to run some scanning/removal tools (many threats were found, and some of them were deleted), but I couldn't run all of them. For example, I couldn't run SUPERAntiSpyware and ESET Online Scanner properly.

You can find all the previous logs here http://www.bleepingcomputer.com/forums/topic480793.html

I have read the Prep Guide, and, unfortunately, DDS didn't run properly either. No logs were created, because the program is stuck at about 80% of the scan. It says it should run about 3 minutes, but I didn't get any logs within the hour, those 80% were still there. I have to say that DDS gets to that 80% in about 3 seconds, and then it's stuck forever

This was really discouraging, because I had hoped this would make it easier for you to help me. Now I really don't know what to do. I hope you will still be able to help me. Thank you in advance.

Answer:Computer is badly infected

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the ca... Read more

33 more replies
Relevance 52.07%

Logfile of HijackThis v1.99.1
Scan saved at 4:10:12 PM, on 8/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\IPTS32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAM FILES\HARDWARE PRODUCT\MOUSE\AMOUMAIN.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YBRWICON.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\IPMON32.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\YAHOO!\YOP\YOP.EXE
C:\WINDOWS\SYSTEM\ADDWK.EXE
C:\WINDOWS\SYSTEM\HOOKDUMP.EXE
C:\PROGRAM FILES\SBC\CONNECTION MANAGER\CMANAGER.EXE
C:\PROGRAM FILES\CASIO\PHOTO LOADER\PLAUTO.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\BROADJUMP\CORRECTCONNECT ENGINE\CCD.EXE
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\PROGRAM FILES\EFFICIENT NETWORKS\ENTERNET 300\APP\ENTERNET.EXE
C:\... Read more

Answer:Win 98, HJT Log, badly infected, any suggestions?

16 more replies
Relevance 52.07%

Just got other computer....Can hardly type without freezing and lagging.  Avast is reporting things like crazy...Can't just reinstall 900mhz cpu256 ramLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:05:42 PM, on 3/22/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\update\update.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.comO2 - BHO: Adobe PDF Reader L... Read more

Answer:Badly infected computer...

mbam

10 more replies