Computer Support Forum

Vundo Getting Worse

Question: Vundo Getting Worse

I tried everything in my power to get rid of this virus. This the third time I've been infected with this virus. Any help will be appreciated.Logfile of HijackThis v1.99.1Scan saved at 3:55:09 PM, on 5/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16441)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\brsvc01a.exeC:\WINNT\System32\brss01a.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\Explorer.EXEC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINNT\system32\CTsvcCDA.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINNT\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Gateway Utilities\GWInkMonitor.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Scansoft\PaperPort\pptd40nt.exeC:\Program Files\Lexmark 3100 Series\lxbrbmgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINNT\system32\igfxtray.exeC:\WINNT\system32\hkcmd.exeC:\WINNT\system32\igfxpers.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Lexmark 8300 Series\lxcjmon.exeC:\Program Files\Lexmark 8300 Series\ezprint.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exeC:\WINNT\svhost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Lexmark 3100 Series\lxbrbmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exeC:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exeC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exeC:\WINNT\system32\lxcjcoms.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\Program Files\Webroot\Spy Sweeper\SSU.EXEC:\Program Files\Windows Media Player\wmplayer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\Owner\Desktop\HijackThis.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exeO4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Scansoft\PaperPort\pptd40nt.exe"O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Scansoft\PaperPort\IndexSearch.exe"O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXEO4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINNT\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,[email protected] - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"O4 - HKLM\..\Run: [poolsv] "C:\WINNT\poolsv.exe"O4 - HKLM\..\Run: [svhost] "C:\WINNT\svhost.exe"O4 - HKLM\..\Run: [setup] "rundll32.exe" "C:\WINNT\system32\ifjywbnk.dll",realsetO4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quietO4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1O4 - Startup: PowerReg Scheduler.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exeO4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO4 - Global Startup: Personal Coach.lnk = ?O4 - Global Startup: SmartUI.lnk = ?O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htmO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)O11 - Options group: [INTERNATIONAL] International*O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cabO16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://www.pollg.com/central/02030106/ccca...everContent.cabO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cabO16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shiz...pside_web18.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cabO16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.substance.com/save/makeover.cabO16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://ehelp.nelnet.net/netagent/objects/custappx3.CABO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cabO16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_...nx.1.0.0.55.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cabO16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.shizmoo.com/activex/web665.cabO16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} (HttpVoicePlay Class) - http://www.callertunes.com/greeting/CBRT.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163312766968O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cabO16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cabO16 - DPF: {D3E33EA6-92BF-444E-9DF3-E7F879F2006F} (TSRFileManagerXControl Control) - http://www.sims2.thesimsresource.com/TSRIn...ationWizard.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/bejewel...aploader_v6.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocxO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\System32\brsvc01a.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXEO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: lxcj_device - - C:\WINNT\system32\lxcjcoms.exeO23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINNT\SYSTEM32\LxrSG20s.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Relevance 100%
Preferred Solution: Vundo Getting Worse

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Vundo Getting Worse

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Download KillBox,unzip/extract it to your desktop.http://download.bleepingcomputer.com/spyware/KillBox.zipStart up Killbox and place a check in 'Delete on Reboot'.In the 'Full path of file to delete' box,copy and paste:C:\WINNT\svhost.exeThen press the red button with the white cross.It will then provide a window for you to confirm the delete.Next it will ask if you now wish to reboot,select YES.Allow it to reboot.If it does'nt reboot automatically,reboot manually.****************************Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546You are well advised to remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:ViewpointViewpoint ManagerViewpoint Media PlayerThen restart your pc.****************************Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Please post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.****************************Please download Combofix and save to your desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

9 more replies
Relevance 57.4%

So earlier today, my laptop started acting up. My windows updates were disabled, and my desktop changed to a black screen with red letters saying my laptop was infected, with a bunch of extra text. So I ran MBAM and it detected 23 items. Most were removed and I haven't had that black screen occur again. But every time I've run it after that, 3 files always come up:

Trojan Vundo.H - Registry Value (under Other category: Value wuradoreva)
Trojan Vundo.H - Registry Key
Trojan Vundo.H - Registry Key

Every time I run MBAM, these 3 always appear. Even after I've clicked "removed selected."

On top of that, I've also had a problem with google redirecting. :/

Here's the DDS log:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Zach McManus at 19:43:50.26 on Wed 07/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.314 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evx... Read more

Answer:Vundo problem, possibly worse?

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

4 more replies
Relevance 56.99%

Hi, I am in need of some help as this rootkit I have gotten has infected both of my Acer laptops. 1 Acer is a 4 G running windows 7, the other is 6 months older an Acer 3 G running windows 7. when the first laptop started acting up, i could'nt fix it & my husband bought me a brand new one, to replace it. believe it or not the new 4 G Acer got infected from my Webroot internet security CD! that;s the only way i can figure it got in the new one. I sent my 3 G Acer to a PC guy, to have Windows 7 reinstalled, as I had no disk from factory to do so. While it was out being repaired, i started my new laptop, removed McAffe which came with the PC, and tried to install Webroot internet security from a CD. I wondered if it was possible for the infection to be on the CD, (as it had been in the old PC) and asked my PC guy this. He assured me that Webroot and other software companies have fail safes on their programs for this. needless to say, he was WRONG. My 4 G Acer is now showing the same symptoms. Every time I boot my PC my file sharing and network discovery settings have changed! I have to manually go and change them back to no file sharing. whatever infection I have is taking ownership of my files, alot of files are becoming ACCESS DENIED. I tried researching all the symptoms, and so far it seems to be a bad rootkit, maybe a kernel rootkit. my symptoms resemble the terror rootkit or Vundo? From what I've read this infection is so bad it actually creates a clone on you... Read more

More replies
Relevance 56.17%

PLEASE Help Me!
I contracted the trojan.vundo virus and have tried to use pocudures in this forum and others to remove. I have not been successful. I have tried VundoFix, VirtumundoBeGone, Adware, Spybot, and Spysweeper. I have gone into Safe Mode before running and installing these. Spybot said that it clean the virus, but I am still getting the Symatec AntiVirus Notification window that I still have the Trojan.Vundo virus. Symantec recognizes it, but cannot quarrantine or clean it. The virus file location is C:\WINDOWS\system32\vtsqp.dll. I have been using Symantec for several years with no problems, but now it does not automatically load.

On top of all that, by running AdAware and Spybot, I have rendered other desktop icons unusable.

Please help me! I thought I could fix this, but obviously not. I appreciate some expert help. I can follow instructions - I promise. Thanks in advance.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:45 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\C... Read more

Answer:Cant remove Trojan.Vundo, now I've made it worse, HJT log incuded

bump
Update - My desktop is back in business. I deleted the downloaded VundoFix, VirtumundoBeGone and spysweeper. I removed and reinstalled symantec. it found a few things and cleaned two of them. Still running slow and still getting picked up by symantec. 2 could not be cleaned or quarrantined.
- trojan.vundo
- w32.trats!inf

Happy to post new HJT log. I appreciate a response! Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:10 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Sony\VAIO Media... Read more

1 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 42.64%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 37.72%

Deckard's System Scanner v20071014.68Run by korisnik on 2008-05-28 00:31:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2008-05-27 22:32:05 UTC - RP1 - Kontrolna točka sustavaBacked up registry hives.Performed disk cleanup.-- HijackThis (run as korisnik.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 0:32:58, on 28.5.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\WINDOWS\system32\nvsv... Read more

Answer:Infected With Vundo,vundo B,vundo.dll.,virtumonde

Hello dujma and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not cha... Read more

2 more replies
Relevance 36.9%

I have tried to use SUPERAntiSpyware to remove this and each time I remove it and then reboot windows will not start...So I have to start windows from its last good configuration. My norton has also picked it up and tried to fix it doesn't seem to work either. I tried Vundofix as well..it found it and then fixed but still its there. I think there is also alot more going on besides that. My computer is running very slow..the background has changed to a antispyware add and I'm getting tons of popups as well as a rund.dll error message and my homepage has been changed. Thanks for reading hope you can help.Hijackthis log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:39:05 AM, on 4/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec\LiveUpdat... Read more

Answer:Adware.vundo, Adware.vundo-variant/small A, Vundo Trojan..need Help

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Using My Computer, navigate to where you have HijackThis saved. Right-click on the HijackThis.exe file. Select "Rename", call it fluffybunny and press enter. Use fluffybunny.exe from now on.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt in your next reply. Note: It is possible that VundoFix encountered a file it could not remove. VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please include VundoFix.txt, rapport.txt and a new HijackThis log in your next reply.

21 more replies
Relevance 36.08%

Greetings,I have been struggling for over a week to remove a bad infection of what seems to be multiple viruses, including Virtumonde, Vundo.H, Rootkit TDSServ, MS Juan, and MS Track System. (I had Super Super Anti Spyware 2008, at one point as well).I have read numerous forums, and have followed instructions to run the latest versions of SpyBoy S&D, Adaware, SuperAntiSpyware, MalwareBytes Anti-Spyware, and VundoFix 7.0.6. While I seemed to get the infection(s) against the ropes, it continues to persist and re-populate itself (and others) on my PC.The PC runs slow, I get Firefox pop up windows, and my Internet Explorer 6.0 settings have been dropped to accept all cookies (even when I change them back to default).I was running an older version of Java which I have since uninstalled. I have downloaded and installed the latest version.RSIT / HJT Data Report follows....Please help me!Logfile of random's system information tool 1.05 (written by random/random)Run by Robert at 2008-12-21 23:44:00Microsoft Windows XP Home Edition Service Pack 3System drive C: has 9 GB (25%) free of 38 GBTotal RAM: 511 MB (36% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:44:13 PM, on 12/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\sy... Read more

Answer:Vundo Variants: MS Juan / MS Track System / Vundo.H / Virtumonde / Rootkit TDSServ

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

2 more replies
Relevance 36.08%

Hello, I inherited a computer and installed photo editing software and UN-installed other unneeded software. While surfing for photo editing tutorials I clicked on a link that looked promising and the mayhem started. All kind of popup windows. Warnings that asked me to click to scan the computer, adds etc. Now my google searches are all re-dirrected. Avg and superantispyware found these: Trojan Horse Crypt.mxcTrojan Horse SHeur2Vundo/Varient-SenoritaVundo -{Fixed}Avg and superantispyware reported these as quarantined but after reboot another one is found again.I disconnected the internet wire and all is calm but I expect the mayhem to start again when the internet is hooked back up. I hope you are able to help and do appreciate your time. And I hope I did my homework and that these are the files you need.Thank you in advance.DDS (Ver_09-12-01.01) - NTFSx86 Run by Dur at 15:31:27.67 on Tue 01/26/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2714 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost -k DcomLaunchsvchost.exeC:\Windows\System32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Windows\system32\s... Read more

Answer:Trojan Horse Crypt.mxc and SHeur2, Vundo/Varient-Senorita, Vundo -{Fixed}

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 36.08%

I have Vista32 and managed to aquire some malware that is causing massive ammounts of popups and general mayhem when i try to remove it.
The malware found is Vundo.gen!R & Vundo.gen!H.

I have partially managed to clean the system however now i also get a rundll error.... c:\windows\system32\ssqNDvts.dll

Syware doctor doesnt find anything however Defender keeps on finding and trying to clean the file which caused my browser to completely crash everytime it was loaded so i had to use vista system restore to get it all working again, unfortunately the last known good restore point also has the malware on it so i just keep going round in circles.

If someone could please offer me a solution it would be much appreciated.

My Hijack this log looks like this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:16, on 26/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\SYSTEM32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\... Read more

More replies
Relevance 36.08%

Please help!!!!

I have got the vundo!generic and Vundo.YF virus detected by ETrust Antivirus software that I have on my laptop. Now even though the antivirus is deleting the files on regular basis but the virus is still not gone.

I went through other forums and I am sure that this is the right place where I can get help. Advertisement pop up keep coming every now and then. Please help me get rid of it.

I installed HijackThis and please find below the log for the same.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:12 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\N... Read more

Answer:Solved: Please help to remove win32?vundo!generic and vundo.YF virus

11 more replies
Relevance 36.08%

Hi.. I'm having problems with multiple virus/malware infections. My computer is running very slow at times and im limited as to what I can do at times also. For example, yesterday I couldn't click on any programs on my start list until I restarted my computer. I've uploaded the attach.txt file as well as my most recent log file from Malwarebyte's antimalware and hijack this. Thank you very much for your help... please let me know if there is anymore info needed from me. Take care -ShawnDDS (Version 1.1.0) - NTFSx86 Run by Home at 19:51:21.19 on Sun 01/04/2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uStart Page = hxxp://www.aol.com/?src=aimuURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dlluURLSearchHooks: H - No FilemURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllmWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\wmsdkns.exe,BHO: {0a935262-9b91-4352-9c18-d679a63c682b} - c:\windows\system32\yatumeva.dllBHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dllBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dllBHO: Google To... Read more

Answer:Multiple virus help needed - vundo.h, vundo, trojan.agent

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall

6 more replies
Relevance 36.08%

Hello.

I have started a new thread as my problems have changed. My previous thread was called "Bad Image Messages & Spybot Change Requests" of which I did not receive any response.

Problems: I was running anti-virus software Ad-Aware, Spybot, Malwarebytes, and F-Secure. I was continuously having Spybot popup and ask about registry changes which seemed suspicious. I uninstalled Ad-Aware and Spybot and am now only running Malwarebytes and F-Secure. I am working with Windows XP professional operating system.

I have run malwarebytes many times to remove trojans and after it finishes its scan, it will detect between 12-18 trojans. After using the program to remove them and restart the computer, an additional scan reveils they are still there. Additionally, after "removing" the trojans with Malwarebytes, my F-Secure pops up saying there is a "FakeAlert" and asks to quarentine it.

My main complains are popups (in both firefox and internet explorer) and the computer is running VERY slow. The bad image messages at startup have only reappeared once.

Trojans: (found by Malwarebytes) Vundo, Agent, BHO, Vundo.H

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:03 PM, on 5/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\... Read more

Answer:Trojans: Vundo, BHO, Agent, Vundo.H HTLog Included! new thread

12 more replies
Relevance 35.67%

Hi My system is ifected with spyware ,windows xp,sp2Intially i was unable to search google and yahoo then i installed auperantispyware,then Mcafee after i restated after installing both ,the desktop items and task bar disappeared,then i installed the malware anti bytes ,then i gor desktop and icons back but i got an error dll is missing,when i restated again i didnt get error,but pops increasedi have installed superantispyware,Malware antibytes,hijackthisPlease find the logsSUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 06/18/2008 at 07:37 PMApplication Version : 4.15.1000Core Rules Database Version : 3483Trace Rules Database Version: 1474Scan type : Complete ScanTotal Scan Time : 00:31:29Memory items scanned : 466Memory threats detected : 1Registry items scanned : 6572Registry threats detected : 6File items scanned : 19162File threats detected : 34Adware.Vundo Variant/ResidentC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLC:\WINDOWS\SYSTEM32\NNNOOGGH.DLLTrojan.Vundo-Variant/Small-GENHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32HKCR\CLSID\{EB58EE0E-D98D-489D-9178-926A85F0633A}\InprocServer32#ThreadingModelAdware.Tracking CookieC:\Documents and Settings\kiran\Cookies\k... Read more

Answer:Please Help Infected With Adware.vundo Rel/variant And Trojon.vundo

Hello newmember123 and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addi... Read more

10 more replies
Relevance 35.67%

Hi everyone, this is my first post, thanks for reading.My new HP laptop runs Windows XP 32 bit. I have repeatedly contracted virtumonde and vundo in the past 6 months, and in past episodes I have used the factory-system restore CD to reset my hard drive and system settings, thereby erasing the virus.But earlier this week, I ended up with Vundo again. I have used Avira, Spybot, and Malwarebytes, but as I've learned through experience, they delete instances of vundo, but do not remove the root cause. Malwarebytes pulls up 7 files on each run, each named Trojan.Vundo.H or Trojan.Vundo.BOH or Trojan.VundoThis episode seems to be more complicated than earlier occasions. After performing a full restore, and before reloading software onto my machine, I plugged in my external hard drive - then Vundo infected my system again. It is completely impossible for me to reformat my external hard drive, as I have legally binding and career crucial documents on the external hard drive. I have run those programs on the external hard drive as well, and it does discover Malware files.If it might help, I have a mac computer as well, so if there is any way to run an antivirus program from the mac to clean the external hard drive, I can do that.Any help you can offer would be astoundingly appreciated. Best, BillWith the external unplugged, I just ran HijackThis, pasted below.I also ran Malwarebytes, and have pasted that log below as wellHIJACK THISLogfile of Trend Micro HijackThis v2.0.2Scan saved a... Read more

Answer:Vundo (Trojan.vundo.h) on XP and external hard dive

Hello.Re-run scan with MalwareBytes Anti-MalwareYour MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.Post back with a new DDS logs as well.With Regards,Extremeboy

3 more replies
Relevance 35.67%

Hey guys. So recently I've been getting pop ups from my Norton 360 notifying me that there was a Trojan Vundo trying to access my computer and I kept trying to block it and it was successful but I keep getting annoying pop ups when I never had this before.

This is a brand new computer that I've had for maybe a month now. I've only started having problems this week after I re-downloaded Open Office.

I tried running the Vundo Fix but it couldn't find any infected files so I ran Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:20 PM, on 10/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Commo... Read more

Answer:Trojan Vundo Vista - Vundo Fix didn't find anything

I'm gonna run Norton 360 and then re-run Hijack This and see what I can come up with and then I'll re update you guys.
 

1 more replies
Relevance 35.67%

Ever since I returned home from break, I have this program that runs on startup that says "Security Warning: Your computer may be infected with harmful or unwanted software!" And whenever I run VundoFix, it does not find ljjiifc.dll, when i googled the .dll a bunch of german sites came up talking about how to get rid of it, however i don't speak German >.> After running VundoFix, it searches fine, cleanes just fine, but then the files come back. Randomly I get popups, firefox gets an 0x0xxxxxxxxx error every time i close it and my sound driver often has an error and closes, so that I don't have sound until i restart. Please help me! This is ruining my school work and leisure fun!

Logfile of HijackThis v1.99.1
Scan saved at 1:16:58 PM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0... Read more

Answer:VundoFix removes vundo, but the vundo reappears...ljjiifc.dll

I just noticed something else, in Firefox or Internet Explorer, if I'm viewing anything with audio, the audio will be barely audible. I have 5.1 speakers and I have to put the audio at 3x the norm to barely hear what is playing...not sure if that has anything at all to do with the Trojans but figured I would mention that.

13 more replies
Relevance 35.67%

Hi all at BleepingCounter,I have recently got infected with several nasty virus / worms and trojans from my school computers. I have since went to reformat my notebook along with my external hard disk (HDD).But when I did a virus scan with AVG, I found several infections, whereby I immediately google the possible solution to getting rid of these pesky troubles.From the SUPER Anti Spyware thorough scan, I have been infected with the Adware. tracking cookie and Adware. Vundo Varient/Rel. I have tried to delete it several times, but it refused to be deleted with SAS.Then I found this website offering great solutions, so I immediately downloaded the Malwarebyte's Anti-Malware which showed that the vendors were Trojan Vundo, Trojan Agent and Malware trace from the quick scan.And I also saved the logfile of the Trend Micro scan..My operating system is Windows XP, it was downgraded from Windows Vista Business. And I currently have AVG 7.5, Avast! Home Edition 4.0, SAS AND Malwarbyte's Anti-Malware.I am really quite new and ignorant of these viruses and programs, but I am doing whatever I can on my part to save my notebook and I hope that you guys might be able to save my notebook too, it is at present only 3 days old before I received all these nasty viruses!So I copied and pasted the Hijack file file below... And then I also copied and pasted the log from after I clicked removed selected during the Malwarebyte's scan..Am I being paranoid or do I have more viruses?Logfile of... Read more

Answer:Infected With Trojan.vundo / Adware Vundo Varient/rel

Hello Jacintha and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

10 more replies
Relevance 34.85%

I have Vundo & Vundo.H on my computer, I need help trying to get rid of it ASAP. Here is my hijack this log.

My AVG antivirus keeps telling me I have something called Adware Generic 3.AGIU or something like that in a file called C:\windows\system32\sqwgys.dll and when I did a scan with malwarebytes that same file came up with it being Vundo.H.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:56 PM, on 12/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHe... Read more

More replies
Relevance 34.85%

Hello, I read your rules and tried running everything you said. I removed viewpoint media player myself and installed the ie spyad.txt file as described. Pandascan and Deckard however wouldn't work for me. Panda's site wasn't responding and dss.exe crashes when it tries to clean my temporary files. I made sure nothing else was running when running DSS as well. As for the updates, unless they're critical to removing this virus, I can't even download them in a timely manner to keep up with you as I'm on 56k. Enough rambling, I ran your Vundo removal tool and it DID remove the Vundo virus, but I still have random popups in Firefox linking back to adult sites. It's not creating the IDKFA file it was before since I ran your Vundo tool, only popups are left. Sorry for rambling so much, here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:55 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Co... Read more

Answer:[SOLVED] Another Vundo Infection, Vundo.N variant

Just wanted to be sure you've intentionally marked this as solved.

If you still need help, or just want to be sure....

To run DSS, do this:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Please run Deckard's System Scanner once again, this time using these instructions (this assumes dss.exe is on your desktop):

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config UnTick Temp Cleanup on the left side, UnTick Event Logs on the right side.

Click Scan!

When finished, it shall produce a log for you. Post that log in your next reply.

2 more replies
Relevance 34.85%

I am running XP sp3 on a Fujitsu 1610 laptop. Some of McAfee logs show many of the trademark dll's that I have read are specific to vundo (alternating connosonants and vowels); these also have the same modified date of around 24 July 2009.

McAfee now won't scan manually (comes up with an error message). I downloaded the McAfee virtual technician, and that won't run at all once I installed it. (no error messages, just an hourglass for a few seconds). Just checking again, McAfee wont start at all (although task manager shows McShield running).

Adaware at first found some of the bits and pieces, but now finds nothing, or asks to run again in safe mode, which vundo has apparently blocked somehow (if i try a safemode boot, it just reboots the whole machine again). I made the mistake of trying to force a safemode boot in msconfig, and was only able to get out of that fix by an external boot disk and editing the file.

Right now, msconfig.exe is chewing up about 90% of the cpu cycles.

I do have hijackthis and Malwarebytes loaded.

If someone could direct me to a process to get rid of this, I would much appreciate it!

Terry

Answer:Vundo: McAffe now won't scan, Vundo fix doesn't fix

Download this file and save it to your desktop:http://download.bleepingcomputer.com/grinler/rkill.scrDouble-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

11 more replies
Relevance 34.85%

I just noticed today that I was getting strange popups on sites where their are none such as facebook and youtube. I scanned with Malawarebytes and it found a couple trojans. It restarted to delete them and on restart I got a RUNDLL error about the file that was just deleted and then a barrage of Avira warnings about the same DLL. When ever I try to delete it it just comes back.Thank you in advance,NecoLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:25:25 PM, on 11/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\IntelDH\CCU\AlertService.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHo... Read more

Answer:Vundo.H and Vundo infection / Random Popups

Hello Neco,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Do not attach your log, as that makes it hard to read. **********************Your MBAM log shows "No action taken". This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile. Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply. Do not attach your log, as that makes it hard to read.**********************Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt
Do not attach your logs, as that makes it hard to read.

2 more replies
Relevance 34.85%

Hallo there,as you can see from the topic i have three trojans in my pc which i can't remove. I folowed the "Preparation Guide For Use Before Posting A Hijackthis Log" and i'm posting the log file.Any help appreciated!!!!Dimitris********************************************************************************Logfile of HijackThis v1.99.1Scan saved at 2:19:19 PM, on 5/4/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\lkcitdl.exeC:\WINDOWS\System32\lkads.exeC:\WINDOWS\System32\lktsrv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Fil... Read more

Answer:Infected With Vundo Dlm 13, Vundo Gen, Crypt Xpack Gen

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Dim Download SDFix and save it to your desktop.http://downloads.andymanchesta.com/RemovalTools/SDFix.zipPlease then reboot your computer into Safe Mode by doing the following :* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode, right click the SDFix.zip folder and choose Extract All,* Open the extracted folder and double click RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.****************************Please download Combofix and save to the desktop:http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exeNote: It is important that it is saved directly to your desktop C... Read more

9 more replies
Relevance 34.85%

Hello Team,
I have been affected witn vundo virus. When i start IE, a pop always appears to scan my laptop for free. I am running spybot and TeaTimer displays warning about BHO is being added, but if i denied that change it is again gives me warning that someting is being added with the same registry key. When i open and see the spy-bot's BHO section it is showing that registry entry as mllmj.dll for that regirstry key entry. Follwing is HIJackThis Log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:51 AM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Pr... Read more

Answer:Help me removing vundo and vundo.generic maleware

Hello shahankitb, and welcome to TSF.

My apologies for the delay. We're all volunteers, and we've been swamped.
We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/comb...o-use-combofixWhen the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
-screen317

16 more replies
Relevance 34.85%

Hello,
My computer has been experiencing a number of problems over the past few days. McAfee Virus Scan has identified: Generic.dx, Vundo.gen.m, and Vundo.gen.k Trojans. Spybot is constantly detecting registry changes. The browsers were taken over at one point (i.e., popups, home page changes, etc). And on boot up I get a screen that comes up and tell me that I have “disk error” and “press any button to continue”- it always boots though and I am not sure of the real purpose of the screen. I have ran just about everything, but with little logic behind it (just hoping that I would be lucky resolving the problem): Spybot (running since before problems), Spyware Blaster (running since before problems), MCAfee(running since before problems), Ad-Aware, SuperAntiSpyware, etc… and although things are better, Virus Scan still catches a random file, still operating slowly, Spybot still identifies random problems, and the weird disk error screen came back. Clearly I need the help of some real experts, and I would greatly appreciate any help from those on this board. Below are the most recent HJT and ComboFix logs.
Thanks,
Tim


HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:25 PM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
... Read more

Answer:In need of help- Generic.dx, Vundo.gen.m, and Vundo.gen.k based problems (and more?)

Ok so no help I guess...
 

2 more replies
Relevance 34.85%

Hi,

I'm running Windows XP on a netbook. As of yesterday, Symatec Endpoint Protection detected the Trojan.Vundo/Suspicious.Vundo viruses in almost all my system files. Sometimes, Symatec manages to clean one or two files, but it's detected 100+ that have been infected. I've tried System Restore but it wouldn't revert back to a previous state. I don't believe that this is the work of the virus, because I've tried using System Restore about 6-7 months ago with no luck. I've tried using VundoFixer to fix it but it did not detect anything.

The DDS, attach.txt and ark.txt are below/attached.

------------------------

DDS (Ver_09-10-26.01) - NTFSx86
Run by Cindy at 22:11:06.82 on Wed 10/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.217 [GMT -2.5:30]

AV: avast! antivirus 4.8.1356 [VPS 091028-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files&#... Read more

Answer:Trojan.Vundo/Suspicious.Vundo Virus

Hello paperstarsWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked b... Read more

11 more replies
Relevance 34.85%

My windows xp machine has a virus. It was running very slow. I ran combofix and it now runs much better, but my symantic still finds a few hundred vundo and vundo.b trojans. It cleans and quarentines them fine, but i'd likr to erradicate the root cause. Any help would be greatly appreciated.Thanks very much.Here is my dss log and dss extra log:Deckard's System Scanner v20071014.68Run by Louie on 2008-05-01 17:30:55Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --12: 2008-05-01 22:31:04 UTC - RP12 - Deckard's System Scanner Restore Point11: 2008-04-30 21:32:57 UTC - RP11 - System Checkpoint10: 2008-04-29 20:32:57 UTC - RP10 - System Checkpoint9: 2008-04-28 20:05:26 UTC - RP9 - System Checkpoint8: 2008-04-27 19:05:17 UTC - RP8 - System Checkpoint-- First Restore Point -- 1: 2008-04-23 02:32:31 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Louie.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:31:37 PM, on 5/1/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WI... Read more

Answer:Widows Xp Something Repeatedly Installs Vundo And Vundo.b

Hello Comicbook and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complet... Read more

5 more replies
Relevance 34.85%

Over the past few weeks I keep getting a recurring Antivirus Pro 2010 infection. I've "cleaned" it with Malwarebytes, AdAware, and SpyBot. It keeps coming back! I subsequently ran StopZilla and was alerted to the additional infections of Vundo.A1, Vundo.A2, and PWS.ABD. I didn't want to purchase StopZilla to clean it due to my unsuccessful attempts with 3 other scanners, but it was interesting that the Vundo and PWS.ABD had not been founds with the former scanners and only StopZilla. I have run ComboFix and HijackThis logs and have attached them in the event you may find them useful. Thanks in advance for your assistance.

Answer:Antivirus Pro 2010, Vundo.A1, Vundo.A2, PWS.ABD Infection!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 34.85%

Hello. For the past week I have been getting constant notifications that I'm infected with the Vundo trojan virus. I booted into safe mode, ran scans, and deleted parts of it (once the scan was over it would tell me to reboot so that it could delete the rest on boot up, but it hasn't every time) but it keeps coming back. I've read up a little on vundo and found that it is a registry virus but I have no idea what that means. I use AVG Free 8.5, SUPERAntiSpyware, and Malwarebytes' Anti-Malware but even with using these it still comes back. So could I please have a little help with getting this thing off of my computor once and for all?

Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 5:23:40 PM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\Viewpoin... Read more

More replies
Relevance 34.44%

I've been trying to fix this computer for several days now, and it keeps getting worse instead of better

I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.

I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa

Here is my HJT log, let me know what if anything else will help.

Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program... Read more

Answer:It's Getting Worse....

I downloaded the newer version of HJT...new log file is:

Logfile of HijackThis v1.99.0
Scan saved at 12:13:41 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system... Read more

3 more replies
Relevance 34.44%

I have a virus on my computer in which my Windows Defender warning pops up every few minutes I remove it and it keeps coming back. I am also getting lots of internet pop-up ads. Please help before I throw my lap top out of my window. I ran hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:47 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Softw... Read more

Answer:Please help! It's getting worse

it is:
browser modifier: win32/fotomoto
 

2 more replies
Relevance 34.44%

Hello, I never write posts to ask questions when it comes computers, but this time I saw myself having to do so.
I have had many problems recently, and it just got to the point where stuff just doesnt work anymore.
I upgraded to Win 10 about 10 days after its launch. I loved it. I had that often problem everyone had but I could solve it.
About 20 days ago, everything worked greatly. Then, I don't remember what exactly happened, but all of a sudden I couldn't access the Groove Music App. Then I realized I couldnt open any other Windows built in apps, not even store worked. However, Edge and apps like calendar for some reason do work. So in an attempt to repair this, I messed up the Appdata folders's permissions. I had recently installed this context menu button when I right clicked, that let me take ownership of a folder, so I took the ownership "administrators."
Then, the hidden items check box in the View Tab on Explorer suddenly unchecked itself when I checked it. I looked up online and there it said it had to do with the Administrator account, but hell, I am the admin account on my PC, so this just didnt make sense. Then I read a simple reboot would help, so I rebooted and it was fixed.
This is where I mention my recent installs. Around the time, I installed this now piece of software on my pc, and this software was Bit defender Total Security. I had replaced my previous antivirus, Avast Internet Security, with this. Now, I highly doubt this program contributed to this in ... Read more

Answer:Help! My pc is getting worse

That last part went wrong somehow, here are the links:
click here
href
10-windowsstore/store-not-opening-in-windows-10-this-app-cant-open/c0de1565-9c33-4604-a1cd-b4ce18b72117?page=2&auth=1
10-windowsstore/windows-10-app-store-will-not-run-cannt-add-a-user/682d6bd8-39ae-4ee4-b0fc-c19027b44552?rtAction=1444233209744&auth=1
storeandappswontopenreregistering/
1-windowsstore/windows-store-app-not-opening-in-windows-81/9882357f-ae86-4e4d-ba37-209aa960063c

7 more replies
Relevance 34.44%
Question: It could be worse

I come to this forum and read all the time in search of knowledge . With the reading and help of the fine people here I have fixed many problems . Some posts I have read complain about a program taking a minute to start up . Some complain about a slow boot up . Well when I said it could be worse I found one that couldn't be . Uncle brought his PC out to me to see iffin I could make it work for him . HP Pailion with 128 ram and XP Home . Hooked it up to my monitor and turned it on . One hour and 15 minutes later I could finally do something . First thing I attempted to do was run defrag . It took 15 minutes for the menue to work enough to let me click on defrag and another 29 minutes to open defrag . Now I have it open and click on derag to run , 7 hours later it finished . Pc Was still slow . A bit better but not much . Started to empty temp folders . One temp folder took 15 minutes to empty . Emptied all the temp folders and the history then deleated some programs . Only deleted 3 small programs but with them and the temp folders I regained 17 gigs of hard drive . Did another defrag and this time it went much faster . Then I started on malware and viruses . Did the ususal scans I learned from here and took a bunch of them out . Got to the point that the PC was healthy again . Took out the 128 megs of ram and replaced it with 512 which is the max for this HP . Now it is running very smooth and probably as fast as it ever will . So when you think you are running slow do t... Read more

More replies
Relevance 34.44%
Question: Bad to worse

I posted a previous problem in regards to my computer shutting down at random and suspect virus. It seems things have gone from bad to worse in rapid time. I have lost internet connection, I open a program "regedit" and it closes, same with "msconfig" I cannot boot in safe mode. Suddenly all that was in my "connections" are completely gone, that folder is now blank. I know in the past I have tested your patience here but am throwing myself at your mercy once more. Sorry if this should have been posted with my previous question but I am unsure as to how protocol is.

btw forgot to give the basics.
Winxp
Medion computer.
should be current on updates.
again tia.
 

More replies
Relevance 34.44%

I have been workin on this for several days now and I am at my wits end. I am attaching my Bitdefender log and an HJT log. I have followed all of the instructions in the "Before Posting" page. And should tell you the following. My Add/Remove programs hasn't worked in years so when necessary I use the free trials downloadable from various places.
When I try and run Microsoft Windows Defender it says I need to perform an upgrade, and will not open.
I tried running Pandascan this morning and waited for over two hours and it never did complete downloading.
As I mentioned, I am at my wits end and believe it's time for some help.
Thanks
 

Answer:The more I try the worse it gets! I need Help!

Welcome to Majorgeeks!

You did not attach your HJT log. Make sure you follow all instructions in step 7 properly and then attach your HJT log.

You should look at your Bitdefender log (change the .txt to .html and then double click on it and you can see it in your browser) You need to delete those items it is pointing out in your email.

Is your copy of Windows licensed to you and has it been activated with Microsoft?

What happens when you try to use Add/Remove programs? Be specific.
 

9 more replies
Relevance 34.44%

Hi,
I made a post about my windows 7 explorer crashing, it seem to only happen when I move files from my internal to my external hard drive. it was still happening, nothing i tried fixed it.but NOW its gotten worse. Its crashing on a loop...every single second.this happens as SOON as I SIGN ON...in seconds it crashing and looping
and I cannot do a thing but use my internet...I get a message that tells me my program
fences (stardock program) has detected that there is problem with 7, and it disables itself, Then windows7 explorer crashes. sends info. then restarts...If I start a video or a program before it closes (which is seconds) then it will run. I have been up for HOURS trying to get this solved. I have NO clue what is going on. I ran Anti-Spyware free edition, found 8 harmful things, had them deleted. I also ran my microsoft essentials...BEFORE that..and it Finds nothing...it NEVER does. but anti does...that confuses me.

SO what is going on? what do I do? PLEASE anyone, I am computer illiterate...
I have windows 7 (genuine)
32bit home premium.
I was tryng to get the rest of the info. but I can't as the explorer is completely locked up as I type this...please help I am so frustrated, I want to make Bill Gates come fix my computer lol...who has his number!?
ASLO! After it crashes and re-opens it keeps bringing up the c drive file location library? every single time, so now i have a list of these file locations open...also I JUST get a message saying that my firewall is... Read more

Answer:Oh no its worse! Help!

Can you get into Safe mode instead? If so, does it happen in safe mode?
Safe Mode

EdiT:--------------------------------------
Do you have a system restore point you can revert to?
http://www.sevenforums.com/tutorials/700-system-restore.html

Oops sorry just read last line of your post.

9 more replies
Relevance 34.44%

Sorry to be such a bother but this problem is driving me bonkers!
Every turn develops into a new drama-here's the situation so far-

(1.) When I go to click on a program (any program) my computer either immediately or soon afterwards pops up a window that says "program error-process has already been exited-has generated errors and will be closed by windows. You will need to restart the program. An error log is being created." Of course restarting the process only sends me in circles-the same thing continues to happen-sometimes, obviously, I'm able to start the program but usually during the course of operation the "program error" window pops up and it's back to musical chairs again!
My system is, O/S Windows 2000 Pro, P4-1.6GHz 400MHz/P4FAN (P4-1600AR), Motherboard-D850MVL -MB Intel D850MV w/LAN, Rambus 256MB (2).

(2.) Now if I didn't already have enough problems I've apparently been infected with the Fortnight.E virus-it gets worse, in turn, I infected my ex-wife with the virus via an email (well, I'm sure you can imagine my situation-it would be better to have my nipples dipped in honey and dangled over a pool of hungry piranhas-she's pissed! Of course, the fact that the virus installed porno weblinks into her favorite file made matters even more unbearable-you'd think she was a nun or something! At any rate,
I have run a Panda On-Line AV-Scan-several Norton AV scans-SpyBot, Ad-Aware and SpySweeper-nothing works!
... Read more

Answer:Sos....from Bad 2 Worse!

6 more replies
Relevance 34.44%

 Can anyone help??? It all started when I installed a new game (well new for my old PC) the other day, when ever I tried to load it, once it got past the intro video it just returned to the desktop, most of the time, it did occasionally work. So I went to look on the web for advice and was told to update my sound and video drivers. My PC is an old PII 350 with windows 98. I went to ATI and downloaded what it said was the latest driver for my card, now when the game does play the colours are all wrong and blocky (I have also updated direct X above the one the game needs). So I tried a sligthly older driver, which was even worse, so I put the newer one back on. To add to this the company who made my sound card (Aureal) have gone out of business, so don't give drivers now. I have found on another page what was supposed to the the latest driver they did release, but when I load the diagnostic tool on my computer (some sort of direct X thing) when I test the sound, it says there is a fault there too. It seems that what ever I try to do, the thing just gets worse, I am starting to think about getting another PC, but when it works, it does everything I need. Does anyone have and advice how I should try and fix all this? Thanks James

Answer:It just keeps getting worse

Did you simply overwrite the videocard drivers? If yes, you may wish to thoroughly clean your computer by uninstalling them and running a program such Advanced System Optimizer V2 or Advanced Uninstaller Pro 2004 There is also a useful tool that removes drivers for you.. I'll get back to you on that once I recall the name. Even though your soundcard manufacturer has gone out of business, use Google to search for drivers. There is quite a high chance of still finding them.As for DirectX, see to it that you have the latest version from Mirosoft.Buying a new PC will not solve your problems. It is not the PC's fault, it is the users fault. Your problems will just start anew if you donot know what you're doing.

1 more replies
Relevance 34.44%

dear all, any softwares that can fix this...

3 men go into a hotel for the night. The clerk informs them that it's $30 for the room, so they each take out a $10 bill to pay for the room. So far they paid $30, correct? You with me so far? Good.

A few moment after the men went up to the room, the manager reminds the clerk that there was a special promotion that night, and that the room was only $25. So the clerk gives the bell boy five dollars to bring back to the men. On his way up to the room, the bell boy says. "Hey, I'm not stupid, I'll give each of the man a dollar back and keep two for myself, $5 right, 30-5=25.

Well, since the bell boy gave each man a dollar back, that means each man only paid $9, correct?

Well, the last time I checked, 9x3=27, plus the 2 that the bell boy took makes 29, what happened to the other dollar??????

[This message has been edited by kokaik (edited 07-03-2000).]
 

Answer:the more you think, the worse it gets

7 more replies
Relevance 34.44%
Question: Bad to Worse

Friends,

It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

If I reload XP, will all my data still be there?

Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

thanks, GearHead.
 

Answer:Bad to Worse

Hi GearHead,

Check out this link and try the removal tool from Symantec.

READ ME: Virtumundo Problems/Resolution Threads

Should that fail, I would suggest following the steps here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Best luck
PP
 

2 more replies
Relevance 34.44%

Is a 635 slower than a 640? Is the camera worse? Is there less internal memory? What are the differences?

Answer:How much worse is a 635 than a 640?

Here's the differences compared to the 640...
The 635...
...has half the RAM, which meant Facebook and Messenger refused to run in my case on W10M, multitasking is less smooth and whatnot. But it works for the basics.
HOWEVER, there are some 635's that have 1 GB of RAM, matching the 640.
...is not supported currently so you won't be getting Windows 10 Mobile easily, although some 635's have indeed been getting it with little effort oddly enough.
...has an inferior, lower-resolution 5 MP camera with no LED flash. (the 640 has a flash and an 8 MP shooter)
...is smaller than the 640.
...does not have a proximity sensor.
...does not have double-tap to wake or Glance.
...has a smaller and lower-resolution display.
...has a smaller battery.
Although the 635 and 640 share the same Snapdragon 400 processor and 8 GB of storage + microSD.
The 640 is the better all-around phone but I your needs are very basic and the 635 is significantly cheaper then the 635 may make sense.

2 more replies
Relevance 34.44%

Hey all.
I am loaded with popups. I went through all my prelim scans, booted safe mode, all that jazz. I didn't notice anything for about three minutes, then it all came back. If anything, they just seem to be getting worse. Anyway, here's my log, thank you much for your time.

Logfile of HijackThis v1.97.7
Scan saved at 11:43:05 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mllcrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C... Read more

Answer:Keeps getting worse.

Hi
You will need to get rid of the Peper Trojan first so run the PeperFix from my list..

After that
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [W7ABA] c:\documents and settings\... Read more

5 more replies
Relevance 34.44%
Question: Gotten Worse...

I know i posted about it a couple days ago with my computer going down the pooper. Well it was running real smooth untill recently. i had lots of disk drive space open now today it says i have 55.6GB of free space now i have a total of 74.5. I have been running virus protectors and spyware programs but its not working and there are icons showing up on my desktop that i cannot get rid of.... Do i have to re install windows or something? Sorry to ask again but i need help. Also i forgot to mention in my add remove programs there is a new program called search plug in and also micromedia flash player which im unfimiliar with and they are the biggest files in there.
 

Answer:Gotten Worse...

Please don't start a new thread for the same issue

If you are not getting any responses bump the original back to the top by simply posting to it...

here's the oiriginal... http://forums.techguy.org/t313054.html

closing this one

buck
 

1 more replies
Relevance 34.44%
Question: Bad to Worse.

Hi all,  So not only does the Control Panel on my T520's nVidia card fail to work, but safe mode doesn't either. It gets stuck in a reboot loop for memory reasons. Using last known boot configuration I can get it to boot normally but the networking cards/drivers don't work. They are detected in Windows 7 but ipconfig only gives the Tunneling adapters.  Any ideas? Or should I just send it in for servicing?













Solved!

Go to Solution.

Answer:Bad to Worse.

Hi kingofthering
 
If you need to use the machine temporary or to ensure your Nvidia GPU is defect, you could change the graphics settings in the BIOS to Integrated Graphics.
 
If you are not technical savvy or / and wish to save the hassle, it's probably good to send it in for servicing.
Have a nice day!
Peter
W520 (4284-A99)
Does someone?s post help you? Give them kudos as a reward, as they will do better to improve | Mark it as solved if the solution works for you, so it could be reference for others in the future
=====================================
Sound Enthusiast and Enhancement (Post comments, share mixes, etc.)
http://forums.lenovo.com/t5/General-Discussion/Dol?by-Home-Theater-v4-for-most-Lenovo-Laptops/td-p/6...
http://forums.lenovo.com/t5/IdeaPad-Slate-Tablets/?IdeaPad-Tablet-Sound-Enhancement-Thread/td-p/7150

9 more replies
Relevance 34.44%
Question: from bad to worse

please help-got a new laptop trying to use the wi fi.there is no wireless connection icon any where.maybe there no driver,im guessing. do i need to use the disc that came with my router.my other laptop works fine.maybe i need to use another keycode,i dont know please help.thanks

Answer:from bad to worse

I think you're already running a thread on this: click herePlease don't double-post.

1 more replies
Relevance 34.44%

I just finished a download that had some pretty nasty side effects. I am getting a pop up saying "It is recommended to update you antispyware protection to prevent data loss. Please install the most up-to-date antispyware for you" then an ok button. This isn't the only one, there are about 2 or 3 that seem random, none of which seem encouraging at all. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:46 PM, on 1/26/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20935)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\explorer.exeC:\Program Files\Unlocker\Un... Read more

Answer:pop ups and probably worse

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all.I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it i... Read more

18 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

9 more replies
Relevance 34.44%

Hi. I hate to be a nooge, but I posted a problem I had a week ago with a single search term being redirected in Google -- only that one search term was redirected. That much has stayed constant -- I've been using Google all week and only that one search term is redirected. My post has dropped down to page 12 and I think it's pretty much off the grid by now.Tonight I tried to run Hostsman to update my Hosts file and Avast! immediately put up the Warning notice that:12/2/2009 11:40:42 PM SYSTEM 2016 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\HostsMan\hm.exe" file.I quarantined the file, but now I'm very concerned. When it was just the one redirect it was interesting, but this has me a bit panicked.I've copied last week's post here.Can anyone help?EDIT: Okay, it looks like Avast! may be reporting false positives right now with virus database 091203-0, the one I'm using right now, according to what I read in the various forums. I'll keep a good thought, anyway.But my redirect problem IS still there, and I'd like to get to the bottom of it, if anyone can help. Thanks!Hello again -- I was here with a severe problem about a year ago. It took several weeks, and a lot of help, but I got cleaned.I also learned a few things. I have since installed the NoScript and Cookie Whitelist addons to Firefox, I installed the free version of ZoneAlarm, and I installed a Hosts file manage... Read more

More replies
Relevance 34.44%

Hi,

I just wanted to start by saying a very big thankyou to all of you that help people on this forum. It is very generous of you and it is appreciated.

I have been infected by this fake security application that says "Windows Security has found critical process activity on your system". It keeps redirecting our web searches. In safe mode I have ran malware bytes, super anti spyware and created a hijack this log all before finding this forum. Both these scans found problems initially however upon following the instructions of this forum no more were found. I tightened up my zonealarm resetting it to default and searching programs that try to run as they popped up, mshta.exe was one of the programs.

I have followed the instruction on this web site to the best of my knowledge and i will attach the logs of the various scans. All scans went well except for the combo fix scan that ran through to stage 50, flashed a page suggesting it was deleting files and then restarted my computer. I repeated it with the same result.

I now have a message that says "SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe." whenever i start my computer and it takes a long time before all the applications are loaded and ready to be accessed. It seems to run faster if the internet is turned off?

I am posting this from another computer.


Here are the logs - Thankyou for yo... Read more

Answer:Please Help, its getting worse

I am not seeing much in the way of malware on your system. Let's do this and see where you are after:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present --Unless you set this.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present --Unless you set this.Click to expand...

After clicking Fix, exit HJT.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Ta... Read more

5 more replies
Relevance 34.44%
Question: Getting worse

I followed your advise to rid my computer of a BHO and virus (red circle w/white X in system tray). Now my computer takes 20 minutes to boot, asks what mode to load in, (safe, normal, MS-DOS, etc), and only loads in 640 x 480 video. I've also lost the printer driver.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:56 PM, on 12/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant ... Read more

Answer:Getting worse

hi, welcome to TSG.
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php
Download A2

http://www.emsisoft.com/en/software/free/

update A2 and run a full scan.
*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* run cleanup

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Ex... Read more

1 more replies
Relevance 34.44%

Just a curiosity question. I found an old AMD K6 chip in a scrap computer.
I would like to know if it is better/faster than my "Cyrix Instead" with MMX?
Both I think are 266's and socket 7.......

It's for my first PC that is now used for solitaire and surfing the net...

And what steps, if any, should I do to swap them, if the K-6 turns out better?
 

Answer:Better/Worse? Two old CPU's for old PC..

10 more replies
Relevance 34.44%
Question: From Bad to Worse

Hello to all the experts here at Bleeping Computers.

I was in the process of following your steps from the "Preparation Guide" when my computer decided to crash big time.
Initially I had my homepage hijacked by something called start.search.us. That by itself didn't seem to be a big deal. I was proceeding through the steps and made it to step 8 (Create a GMER Log). Approximately 5 minutes into the scan my entire screen went all screwy. It looked like the GMER scan program filled the screen and scrambled itself.

Now my computer won't work at all. After a restart, the computer locks up on the black screen with the green progress bar (Microsoft Corp underneath). I tried a safe mode reboot but it stops loading at the following line of text, "Windows\System32\Drivers\avgidshx.sys" This was the same line of text that was being scanned during the GMER scan.

After another restart (so many I lost count) my computer reads the following, "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:...." Several options are listed but even after inserting the original operating disc to repair, I can't get past the green progress bar thing.

Help!!! I'm moments away from turning this laptop into a very unaerodynamic flying brick.

(I'm typing this on my wife's Macbook, in case anyone was wondering how I could post)

More replies
Relevance 34.44%

I tried to run a payment on a website and the submit button did nothing but make the cursor blink which it still is.  I looked under inspect Element and there was a JS file that downloaded.  I looked at it and it looked fishy.  I tried to run the normal cleaning techniques (ADW Cleaner, JRT, RKiill etc) and they all returned a messagge. "the service cannot accept control messages at this time "
 
It is slowly getting worse by the minute so I am not sure that this will even get to someone in tim,e cause I know u guys are backed up but if possible I dont know what to do I tried to use msconfig.exe , and the search functions to get safe mode to work but I just get either nothing happening or the same message.  I am afraid that if I turn off the computer to shift into safe mode that it will loack up..  Any helop would be appreciated.

Answer:I have something bad going on and ts getting worse byt the second

Sorry, but it seems that your pc is infected with a virus or malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.Please follow this Preparation Guide, post in a new topic and include a link to this thread.Let me know if all went well.

3 more replies
Relevance 34.44%

i now cannot access my e-mail since doing an update every time i click on the e-mail icon nothing happens its just blank, nutty norm again

Answer:its seems to get worse

What email icon?????????????

3 more replies
Relevance 34.44%
Question: bad to worse

Now I'm getting a little spooked.First it was just some irritating re-directs from Google searchers.Then multiple windows began propagating, sometimes blaring music, voices, phone sounds.Then, trying to work my way through the instructions in the preparation guide, I discovered that attempting to run the gmer.exe crashed me, locked up the processor, prevented me to restarting, the whole thing.Now, my touchpad has stopped responding. I uninstalled and restarted to replace the driver, but no effect. I am having to use a USB mouse, which works OK, but has not improved the touchpad.What's next?!Just curious. A question, for those of you who have experience with this forum--how long does it usually take to get help? Should I assume that all topics are addressed eventually, as folks find time? If I have failed to supply some bit of information, or violated some etiquette, I'd rather know, make my amends and start over that wait on the sidelines longer than necessary.Or should I just throw this piece-of-crap netbook out the window and get a real machine?

Answer:bad to worse

Hello pfosinger,It's hard to say how long it will take for a topic to get picked up. I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 300 unanswered topics, the oldest dated Aug. 26, 2010 at 5:14 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30 2010 at 10:00 pm using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange ... Read more

2 more replies
Relevance 34.44%

Hi, I have been using PC tools for the last couple of years with no bother. However, when I wanted to put it on my laptop I lost the ability to access the internet. They told me (eventuallY) to reboot using my windows XP home edition disc. having done that I was initially able to access the internet, but I could not open links or download any thing, and now explorer won't open at all, I just get error reporting. Things have gone from bad to worse and I need some help.Thanks

Answer:going from bad to worse

sorry - spyware doctor

2 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

0 more replies
Relevance 34.44%

my topic is here http://www.bleepingcomputer.com/forums/t/134217/virus-and-rootkits/ and it has been a couple days since a reply, and i was told not to reply again until i get a reply from someone to help me. but my computer is now losing the whole task bar whenever i close anything...i can bring up the task manager and see everything there, and i can ALT+TAB between programs and they will come up, but when i press the windows button will not bring up the start menu. the HJT log is in that other topic. thank you for looking

Answer:I Think My Pc Is Getting Worse

Hi dizz15,I know it's frustrating, but please be patient. It may take a while to get a response, because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

1 more replies
Relevance 34.44%

Like all AOL software, I'm wondering if the new AIM version is worse than the previous. Has anyone tried it yet?

It seems to have a lot of the features that AIM mods have introduced. I use DeadAIM myself, and have loved it for years. I tend to like things minimal. I've tried GAIM and Trillian, but I only use AIM, and GAIM messes up direct connections and profiles. I've tried AIMutation (sp?) and didn't like it much either.

What do you guys think?
 

Answer:AIM 6: worse because it's new?

i like it, but alot of people don't.
you just have to tweak it to the way you want it.
 

3 more replies
Relevance 34.44%

Ok my computer has been progressivly getting worse becuase before i wasnt able to enter my control panel becuase explorer would just crash. And now i started up my computer and restarted a couple of times and i cannot see my tool bar(the one with the start button) and my cousin is bringing my xp disk christmas.. what can i do in the meantime? oh and when i click my windows key it doesnt do anything.

Answer:it just got worse...

looks like a virus to me
what antivirus program are you using? and is it up to date?

9 more replies
Relevance 34.44%
Question: It's worse

my computer has been acting up for awhile running really slow, but now it's started this trick of adjusting the screen every little bit. It either moves up or down. It changes the sizes of the window as well. Then i noticed down at the bottom in the task bar, a button appears for just a second with a little icon in it. Then it disappears before i can do anything. Now, my email has started bouncing and i can't get outlook express to connect. Also, i was kicked off yahoo messenger and then all i could get was page cannot be displayed on even my home page. Here is my HJT log. I would appreciate your help.

Demi

Logfile of HijackThis v1.99.1
Scan saved at 1:01:23 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Dig... Read more

Answer:It's worse

6 more replies
Relevance 34.44%

new note pad mesgwhen I boot up.
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

I get this on start up and firefox is giving me an error

Well, this is embarrassing.

Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page
Can any one help me out?

Thank you so much
 

More replies
Relevance 34.03%

Kept trying to power up the computer-see latest posts:   http://www.computerhope.com/forum/index.php/topic,87693.0.htmlAll of a sudden the motherboard started to power up, and the chip that reads "Nividia nForce" next to the graphics card started to smoke.  Shut down the system.Not good. 

Answer:Ouch---When bad goes to worse

The good news is we have a new suspect!  Sorry about the vid card.

4 more replies
Relevance 34.03%

I have recently assembled a new system and it was working fine until a week ago i noticed that sometimes when i am not at the system it had restarted and now its getting worse. It turns off and turns back on with a very little gap sometimes hours sometimes just after i turn it back on after the shutdown (it turns off immediately without any warning or shutting down screen). When it turns off, the pcs power turns back on like as if it restarts but nothing would happen, even after holding the power button to force shutdown and then turn back on it wont start but twice or so it loaded up till the boot menue i guess but thwn it would go blank. i would have to cut the power and turn the power back on so that it turns on. It happens when i watch video and even when i play games also while the pc is idling. Few days ago before it was this worse when i was using my system, a bluescreen appeared and it said critical process died or something like that..
My system spec is:
Asus Z170 pro gaming
Intel core i7 6700 3.4GHz
Power supply Cooler master 600w
Asus GTX960 2GB black
Kingston HX426C15FB Hyperx 8gb x2
Cpu cooler fan cooler master 120v

Answer:pc keeps turning off and getting worse

Run Bluescreen view
post the results back on this page.
Its possibly a bad driver
1]: [click here

10 more replies
Relevance 34.03%

Well this all happened after I accidentally clicked a "you have won a million dollars" pop up in the middle of a site. Every minute now my computer is getting worse and worse, Half of my desktop is filled with random programs now and more just keep coming. I've tried symantec antivirus, spybot S&D, and adaware, and nothing is working. I have been keeping up on windows updates as well so I can't imagine how things have gotten so screwed up in fifteen minutes. As a last resort I ran hijackthis and saved the log. Hopefully someone here can help me. Adaware will delete 220 objects then ill run it immediately after and 300 objects will be infected. I have no idea what's going on and I'm about to scream. Here's the log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\qpexgy.exe
C:\PROGRA~1... Read more

Answer:I've tried EVerything and my computer is only getting worse.

16 more replies
Relevance 34.03%

My desktop has slowed down substantially and occasionally freezes all apps. Even after checking for malware and running a registry cleaner, nothing appears to be a problem.

Anything further to suggest?


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A4-3420 APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 2
RAM: 7666 Mb
Graphics Card: AMD Radeon HD 6410D Graphics, 512 Mb
Hard Drives: C: Total - 936682 MB, Free - 794298 MB; D: Total - 17083 MB, Free - 2095 MB; F: Total - 1907599 MB, Free - 733989 MB; I: Total - 3815413 MB, Free - 1578731 MB;
Motherboard: PEGATRON CORPORATION, 2ACF
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

Answer:Sluggishness & Worse

Motherboard: PEGATRON CORPORATION, 2ACF

Hard Drives: C: Total - 936682 MB, Free - 794298 MB; D: Total - 17083 MB, Free - 2095 MB; F: Total - 1907599 MB, Free - 733989 MB; I: Total - 3815413 MB, Free - 1578731 MB;Click to expand...

You appear to have a HP/Compaq brand desktop and appear to have 2 TB and 4 TB external hard drives connected to it.

What's the model name and model number of that desktop?

---------------------------------------------------------

Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.
(Note: There may be several seconds delay before the progress bar appears, so be patient.)

Click the "Report" button.

When the log appears, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

---------------------------------------------------------
 

3 more replies
Relevance 34.03%

Hello everyone,

This is probably the very 1st time i have ever needed assistance this badly with malware removal...My spyware doctor picks up that i have a trojan called Trojan.Spambot, the file that it is in is called Rpcrt3.Dll, it is found in all of my Sv_chost prossesses as well, i have done safe mode, tried disabling everything that is Sv_chost related and i still cant delete this file...To my understanding what the trojan does is take up bandwidth and send spam e-mails....so the is not really a way for me to live with it, as i have tried, i would greatly appreciate any useful feedback...Thank you

Answer:Worse Trojan I Have Had

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.) If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.comWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An... Read more

6 more replies
Relevance 34.03%

ok....i give up LOL
 

Answer:Problems are getting worse = new log

oh and also, the nortons "clean sweep/smart sweep log" picked up this
=
File 'C:\HP\KBD\PS2.DLL' added.
=======
and a lot more things, but the log is way to long to add here. Is the PS2 ok?
 

3 more replies
Relevance 34.03%

What brought me here is a problem reinstalling my adobe CS1 - I had problems with acrobat and had to uninstall the entire suite.  I was unable to reinstall...it got just so far and then just 'hung'.  I spoke the the Dell cust. svc person who insisted I had to reinstall windows (which is a last resort).  I thought I may have an intruder on my computer so I followed all the directions or what to do BEFORE I post my question...all the downloads, scans and logs.  I am currenly running windows xp professional on a dell laptop.  I am posting my logs and hope someone can HELP ME!! [recovering space - attachment deleted by admin]

Answer:do I have a virus ...or worse?

Open Hijackthis and select Do a system scan only.Place a check mark next to the following entries: (if there)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)Important: Close all windows except for Hijackthis and then click Fix checked.Exit Hijackthis.I don't see anything malicious, have you tried to do any repairs to windows?Here are a few methods to try.Do you have an XP CD?If so, place it in your CD ROM drive and follow the instructions below:Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)Let this run undisturbed until the window with the blue  progress bar goes awaySFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.----------1. Download IEFix.zip and run it.2. Click the Apply button.3. You'll be prompted for the Operating System CD or the Service Pack Files location.4. Once finished Restart Windows. If you�... Read more

1 more replies
Relevance 34.03%

Old, OLD Sony Viao.. been a great workhorse...Problems started with it not booting into XP unless it rested overnight! (Just like me I guess) Real problem is that I need this machine badly to teach classes.
I uploaded all the new drivers on Sony site.
. As long as I use it in the morning it boots.. EXCEPT now the keys are producing errors. Not all, just some.
One forum mentioned problems with bad memory. I have sent for a Memtest disk.. hope that will help confirm.. If so, its a doable fix.
Sony doesn't seem to have a keyboard driver .. I updated drivers for Processor, and Bios.
Any other suggestions??
I don't want to buy a old XP laptop but that may be my only choice.
 

Answer:Many problems, getting worse..

11 more replies
Relevance 34.03%

Please help!!!! My computer has been encountering various issues, the most severe has been the uninstalling of all installed printers. The issue first occured when we were not able to print using our photo printer, shortly after the photo editor application would be force closed everytime the "Print" button was clicked. Now all printers have been uninstalled without our doing. McAfee occassionally finds PrcViewer but cannot fully delete it.

Last scan came up with three detections (the two cookies were automatically deleted):
Cookie-Advertising
Cookie-Insightexpres
PrcViewer
HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:42 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGR... Read more

More replies
Relevance 34.03%

Hi. My computer is infected with vundo or virtub one of the two. I have run Malware byte Anti malware and it followed the steps and deleted the infected files. I then reran the program and got 0's for everything. I also ran Avira AntiVir Personal and came up as clean. The problem is that sometimes Avira Guard will tell me it has dected virtub and prompts me to delete it. I just want someone to help me figure out weather my computer is clean of viruses or is it still infected.
Thanks.

Answer:I think i have vondo or something much worse!

Let me check it:Download ESET SysInspectorhttp://www.eset.com/download/sysinspector.php- Start program through the SysInspector.exeThe program will collect information about the situation on your machine.- When "inspector" is ready and log file - generated, select File> Save Log- Confirm their wishChoose to save the file somewhere and then upload on http://4storing.com/ (when you open the page, click on the Great Britain flag to open the page in English), then give me the link.

1 more replies
Relevance 34.03%

Is it just me or do they make hotmail worse every time they update it?
If you have unread emails, filter the inbox to view the unread emails. Select an email off the list and up it comes, a second later hotmail suddenly realises that the email is now "read" and navigates you back to the list sans the email. If you didn't manage to actually read the email in the 1 second you were given then it's tough.

Grrrrr!!

Answer:Hotmail keeps getting worse?

Doesn't do this to me when I go there. I find the hotmail interface loads much quicker then it did! I'm usin IE8.

7 more replies
Relevance 34.03%

Help. Internet explorer keeps freezing on me and when it does, I can't shut down iexplore.exe in the processes. I have a feeling this part of a larger problem since I've had a lot of problems with Vista Home Premiere since I bought this PC a few months ago.
I've run virus scans with both AVG and PC Tools. And scanned for malware with Adaware. (my windows defender will not update.) I just installed hijack this and when I run it, I get 2 error screens before the log.

The first error reads "For some reason your system denied access to the hosts file. If any highjacked domains are in this file, Highjack this may NOT be able to fix this"

The second error reads "An unexpected error has occurred at procedure:ModMain_CheckOther1Item()Error#75-path/file access error

Then I get my log file. Also, I don't know if it is related but I tried to download and install Mozilla Firefox yesterday and I kept receiving an error message saying it could not install.

Here is the log file from Highjack this:

Logfile of HijackThis v1.99.1
Scan saved at 1:58:25 AM, on 2/21/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.... Read more

More replies
Relevance 34.03%

Hi,
I have a customer who has a Compaq 7151wma which is running a problem plagued version of Windows ME.

My customer has the “Windows XP version 2000 Upgrade” and I am thinking of either upgrading or repartitioning the hard drive, formatting and doing a new install.

I am relatively new at computers although I have upgraded a few computers to Windows 98SE and am somewhat familiar with partitioning and formatting.

I am currently doing computer repair for a living in a small town in Mexico. This customer is very well connected socially and my reputation is riding on this project going smoothly.

First when the box says “upgrade” I assume it means I can do a fresh install on a clean hard drive not just run over the existing OS, is this correct?

Second I know this was one of the first versions of XP to come out, is it worth using? Are there better versions out now that make it wiser to buy the new version rather than go through XX MB of upgrades?

Is there any proprietary software on the Compaq 7151 wma that will prevent me from having a successful install if I were to format the hard drive?

I have used the Windows XP upgrade advisor and it reports this.......

HARDWARE THAT IS INCOMPATIBLE OR MAY NEED ADDITIONAL FILES-

Hard disk controllers - USB Optical storage Device (not currently present)
USB to ATAPI Adapter (not currently present)

Network Adapters - Wan Miniport (ATW)

WDM Modem Enumerator - Intel 537 Data Fax V.90 Modem

SOFTWAR... Read more

Answer:Bad Win ME to worse WinXP?

well you should probably ask the guy whether he wants it formatted or not but you should probbably uninstall ME, then install XP because Win ME has a lot of bugs
about 2 hours before i posted this i installed a backup of XP (from upgrade CD) and it only required me to put in the 98 CD for the time it needed to verify that i have an existing operating system, from there i had to replace "C:\Windows\System32\hal.dll" (copying from the Backup XP)
if you really prefer not having ME first just run the upgrade and it should prompt you for a Windows CD of previous Version

as for the errors they may or may not cause faults when you actually install XP but Drivers can always be a big issue with XP

9 more replies
Relevance 34.03%

I have a Toshiba Satalite laptop (from around 2001) running Windows XP Pro. I bought it 2nd hand. About a month ago, we came down with a few viruses because my Windows Live One Care subscription ran out so I was naked for awhile...a friend bought Webroot, after installing program...within a couple of minutes every thing was back to good. Within 2 weeks, Total Security was making more of a mess than ever. So much so that I uninstalled Webroot and figured I would go with CA security suite only for it to load with errors, therefore it wouldn't do anything...Now it will let me connect to the internet but if I try to access my e-mail it says access denied. I am wondering if I am going to have to erase my hard drive (which might br harder than anything I've thought about doing. I have another computer that I am using for now but it's very slow! Can I download anything, put it oin a disk and run it on my laptop to clean it up? I don't know how to go about erasing/ (re/formatting). I have a disk that I made that says back-up from 2007. Would that have all numbers/files neccesary as I didn't get an original disk. I also found a 'registration number' file...Any and all help will be greatly absorbed.   

Answer:2nd time is far worse!!!

do you have your xp install disk and cd key?if not do not reformatdo you have anything important on it?did you try malware bytes super anti malware?also try avria and or AVGp.s. i am tring to use free soultions()

14 more replies
Relevance 34.03%

Got a PC here that the lights on the MOBO come on, when you hit the power button, it clicks like it should, the green light comes on, but when you release the button, it goes back off. Initially I thought this was a PSU problem, but now I'm thinking maybe the power switch itself.

Answer:PSU, switch, or worse

Check the front panel header, to make sure the power switch wire is connected properly.

2 more replies
Relevance 34.03%

I posted two days ago but had no replies, so I'm back. (I value the expertise on this forum!) Our system is getting slower and I'm blocked from deleting temp files/cookies, among many other issues. Could someone please look at my fresh HijackThis log and advise me? Thank you!

Logfile of HijackThis v1.98.2
Scan saved at 11:57:04 AM, on 9/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\CCPXYSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\HPZTSB09.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\M... Read more

Answer:It's getting worse - fresh HJT log. Please help!

10 more replies
Relevance 34.03%

Hi,

I'm experiancing some very strange behaviour with my Asus V9280S-TVP and WINXP. If I load up a game or any software that's in any way graphics heavy my system performance decreases steadily, strange patterns start appearing on buttons and lables, textures become distorted and discolored, and then a drop out to desktop with an error message stating that "Windows has recovered from a device failure, blah blah". Screen resolution is set to something very low and color depth looks like 8bit or lower color. Shortly after the displaying of this message the system becomes unresponsive and I must power down(not much of a recovery). This problem takes a variety of differant time to manifest itself depending on the game. If I restart the system immediatly as the POST screen ticks over I can see out of place characters and similar graphics error to my ingame ones. However if I wait a few minutes before restart this does not occur and system starts up fine and runs fine untill I decide to try out another game or even 3dsmax. I've pretty much tried every driver there is for the card and found the vast majority of them actually decreased the performance of the card even further than the performance with the inbox driver (v31.40).I suspect overheating but I'm not sure if these problems are symptoms of overheating. I have considered redoing all the thermal connections to headsink with new thermal paste, but I've decided to put it off untill I get an opinion as the heatsink ... Read more

Answer:Overheating or Worse

have it being doing that before as well?

or u have just installed the card?

try newest version of forceware
2: if still doesnt works, some transistors might be faulty.

2 more replies
Relevance 34.03%

I did a scan with Aol spyscanner and it found Coolwebsearch and AdminMagic 1.0 any idea what this is cause i ran CWS Shredder it didn't find any Coolwebsearch.I also ran ad aware and it only find cookies
Logfile of HijackThis v1.99.0
Scan saved at 12:59:31 PM, on 2/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Sy... Read more

Answer:I may have spyware or worse

6 more replies
Relevance 34.03%

You may remember my post not that long ago about my having a trojan horse, well after getting help to clean it up everything was running prefect for about 3 days and now it has come back and it is now worse than what it was before I hope I can stay connected longer than 2 mins
 

Answer:Its back & worse than ever

9 more replies
Relevance 34.03%

I have a friends computer that won't allow the internet browser to function properly and won't play youtube videos. I noticed the following in the task manager: (refer to screenshot060, screenchot090). In which the things that look a little fishy like csrss.exe I try to close them and it comes back as access denied. When I restart the computer it says "Unable to set hook?" with an Nvidia header.  Any help will be much appreciated!![recovering disk space, attachment deleted by admin]

Answer:Virus or something worse?

Sorry I ran out of room on the OP. Also sorry for the size I would use an image host but the virus(s) won't allow it.[recovering disk space, attachment deleted by admin]

14 more replies
Relevance 34.03%

I have two PS3s in my house and a few months ago, they started to lag and disconnect altogether when we played at the same time. I thought it was the router, a Netgear, so we bought a new one, a Linksys. It was still lagging, so we decided to upgrade from TWC's Road Runner Lite to Road Runner Turbo. Of course the upgrade meant I had to upgrade all services and am now paying $60 extra. It didn't get better, instead, it's getting worse by the day. There is NO way to play the PS3s together now, it lags too bad and will disconnect quickly after. We called the router support and their advice didn't work. We bypassed the wireless aspect of the PS3s and plugged the ethernet cables directly into the router and it still lagged. So it has to be something with the ISP or the modem.

Now if I play the PS3 with the ethernet cable directly from the PS3 into the modem, which is the only way it won't lag, it dies after a few minutes and the modem doesn't send signals. That means my digital phone won't work and my Internet won't work. I unplug it and wait, blah, blah, blah. The only way I can get it to work is if I unplug the MAIN cable from the splitter, which means no cable TV and plug it directly into the modem. That doesn't even solve it, it STILL LAGS! It never lagged before a few months ago, we had two PS3s online wireless and we never had a problem. I called my ISP, Time Warner Cable, and they can't speak English and only say to unplug ... Read more

Answer:Lag, worse lag and disconnects

6 more replies
Relevance 34.03%
Question: Worse than Crabs

Bismillahir Rahman ir Rahim

I can't get rid of this adware. i purchased mcafee, i've run adaware in safe mode with this and that and still the popups and desktop links and toolbar installs return. here is my hijackthis log -- HOWEVER i am getting several error messages when i start scanning, included below:

An unexpected error has occurred at procedure:
modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #62 - Input past end of file

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred - scanning
* How you can reproduce the error - um, scan again
* A complete HijackThis scan log, if possible -- see below

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.0

This message has been copied to your clipboard.

An unexpected error has occurred at procedure:
modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=run)
Error #55 - File already open

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.0

This message has been copied to your clipboard.

An unexpected error has occurred at procedure: modMain_CheckNetscapeMozilla()
Error #55 - File already open

Please email me at [email protected], reportin... Read more

Answer:Worse than Crabs

Why is this "worse than crabs"?
What are crabs worth?
Sorry, had to ask.....Have you done a trace back to the source?
Do you have a firewall? And, does it have logs and dates?
 

2 more replies