Computer Support Forum

Hijacker that Keeps Coming Back

Question: Hijacker that Keeps Coming Back

I have two computers, a Dell laptop and HP desktop, that seem to have the same malware. There is a hijacker in the browsers. It takes you to some ad search engine when you type something in Google. Or bogus spyware remover website if you type "malwarebytes" or "AVG". I have run several anti-viruses and anti-spyware on the computers and the malware keeps coming back. I ran AVG, Avira, Kapirsky rescue disk, Malwarebytes, SuperAntiSpyware, Eset online and regular, and my techie friend ran Combofix. I fixed the Winsocks and checked the Autoruns. When he ran ComboFix it said Combofix found a Boot Sector virus or something like that and a rootkit and rebooted and removed it. Then I fixed the Winsocks and checked the Autoruns. I unchecked strange entries in Autoruns. I reset Internet Explorer a few times. But the hijacker came back within minutes. Combofix can't seem to remove it completely. Should I reformat? I read that a boot sector virus can persist through formatting and that I should throw away the hard drives. This seems a bit much. Should I f-disk? I don't even know if I have an fdisk floppy anymore and these computers don't have floppy drives. I tried to buy an external floppy drive but the guy at the parts store looked at me as if I were from the stone age. He suggested I buy a flash drive. I suppose you could f-disk from a cd? Anyway if anyone could help, I'd really appreciate it.

Relevance 100%
Preferred Solution: Hijacker that Keeps Coming Back

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Hijacker that Keeps Coming Back

Hello, having run ComboFix on your own,we will need to see it's log and a DDS log.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you have.Let me know if that went well.

2 more replies
Relevance 77.9%

HJT for Check up
Ran adaware, ms antispyware beta, can't get to housecall or install wincritical updates.
I have a cd with sp2 which I will try to update.

Logfile of HijackThis v1.99.1
Scan saved at 12:11:35 AM, on 9/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:... Read more

Answer:Web Hijacker keeps coming back

Hi ucurl

Has this system been rebooted since you posted this Hijack log?

If so, please post a new log.
 

1 more replies
Relevance 77.9%

I have some kind of hijacker virus I can't get rid of for good. IE home page always returns to RES://iuucb.dll/index.html#23648 or some other number. I have used spybot, adware away, spykiller, spybuster, norton and trend micro to name a few and each time i think it's gone, it comes back...can anyone help me get this thing off my pc once and for all?
 

Answer:IE hijacker keeps coming back

HI, You may want to go to the following link.
http://forums.spywareinfo.com/index.php?showtopic=12609&st=30

Read the whole post (It is several pages) - it seems that at the end someone actually found a fix.
Also, if this is not the same issue - post a new thread there - they are pros in those issues and will reply shortly.
 

2 more replies
Relevance 77.08%

When I'm browsing the net, a message will sometimes pop up that says "You need a Spyware Scan" or something like that. The first time I encountered this it crashed my computer, and now it seems it's back again. Fortunatly I am smarter and force close the Browser now, but it is still very annoying. I think I have an idea of where it is coming from and I am staying away from that site, but please look at this log and tell me if you see anything.

Logfile of HijackThis v1.99.1
Scan saved at 11:36:19 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mD... Read more

More replies
Relevance 73.8%

windows 2000 pro

I am 45 miles from home and need to get this computere running so please someone help so I can go

go into Hijack this log and delete the hijacker but keeps coming back anyway. Please advise as soon as possible. here is the log

Logfile of HijackThis v1.99.1
Scan saved at 5:36:34 PM, on 6/18/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\keyhook.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\paytime.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\paytime.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\newdial1.exe
C:\WINNT\system32\newdial1.exe
C:\New HJT P... Read more

Answer:Solved: windows 2000 pro- big problem-delete hijacker keeps coming back

9 more replies
Relevance 55.35%

I've been having a a problem with the back left corner hinge since October of last year I poisted to another board about this problem hving been told that this issue would be passed onto support in my region. I'm currious as to weather I'll hear from these people in this lifetime or the next. I enjoy my Laptop and would like to continue using it but as time goes on it keeps seperating more and more and I have to snap it back into place to keep in together. I'm hoping to actually hear back from someone this time that will be able to help me in fixing this issue.

Answer:Back Corner coming from the back left side by the hinge

@jmb1313

 

I have brought your issue to the attention of an appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post personal information (serial numbers and case details).

If you are unfamiliar with how the Forum's private message capability works, you can learn about that here.

Thank you for visiting the HP Support Forum.

1 more replies
Relevance 53.71%

I already posted in How to remove Windows 10 upgrade updates in Windows 7 and 8
In this thread after the starting post from Tookeri other updates that had to be deleted were mentioned. I made a list in post 841
I did not have all these updates on the pc but those that were on it I hid.
Some of them came back and I hid them again.
Now today they are back - with some that I had not seen before.

I made an attachment that shows them and also shows that I hid them again

Will I have to check Windows Update for the rest of my live?????

More replies
Relevance 52.89%

Hello,
I have a problem ,which ive tried to fix serveral times but it keeps coming back.
This virus is located in Systems 32 folder, Pc Cilling 2005 identified it as TROJ_ROOTKIN.N . Ive gone
to safe mode, deleted it, returned to windows and the virus reapeared, wats more it clogs up Pc Cillin, so now under quarantine i have 100+ instances of this virus, and its increasing.
The virus is labelled hpr34k8

Im sure my Hijack Log is fairly clean... -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:53 PM, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin... Read more

Answer:Virus that keeps coming back and back and back, so on

bump, hopefully someone takes notice

19 more replies
Relevance 50.84%

After following he cleaning insturcions,1)CWSchredder2)Spybot and Ad-Aware (with updates)I get the following log. Then, the hijacker:easy-search.biz comes back. Where else should I look?Thanks,BobLogfile of HijackThis v1.98.0Scan saved at 5:11:25 PM, on 7/15/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\PackethSvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\mysql\bin\mysqld-nt.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Compaq\Easy Access Button Support\StartEAK.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXEC:\COMPA... Read more

Answer:Hijacker keeps comming back

@bestleonardDownload the file mwav.exeftp://ftp.microworldsystems.com/download/tools/mwav.exeDecompress it in a permanent folder suchas C:\mwav\Please boot in safe mode of WinXPhttp://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_namThen fix this in HiJackThisO2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)O2 - BHO: - {32D85703-1CC9-4139-B70C-A9ED643F62EA} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {382A286C-39FC-4844-85E7-E15225605757} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {40E7928F-AB3B-4DF2-819B-3D25446C4D2F} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {41BBC94F-2FB1-4AB4-A9EC-EDB6558B6B37} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {471D70D5-5FAB-4C0F-8CD4-AA266AFB3488} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {499561AB-563D-4000-987D-767490D56AD6} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {4CFD64DB-878F-4053-A71A-2D5A647AC17E} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {57D91505-9605-4D75-97F1-A6C1C30149AD} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {5BBCFB06-E404-4162-BFBB-023CF18EB5CE} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {5BF5CEAC-6536-4B4B-88BE-22EC10AFFB02} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {5CA7DDB5-BAEB-418F-BA9D-F90B015F3A99} - C:\WINDOWS\msie32.dll (file missing)O2 - BHO: - {63162440-3AEC-4BA7-8F20-E241877D206A} - C:\WIND... Read more

2 more replies
Relevance 50.43%

Peeps,

My comp has a few issues....In addition to my 16 Bit Subsystem error that pops up on my screen every 4 mins and 40 secs (see my other post in software section) my homepage keeps getting redirected even after Ive run Norton, Spyware, Ad Aware and all the downloads you link in the "basic spyware, virus,..." thread. These programs will detect this Hijacker but as soon as start browsing again I get an alert from Spysweeper that my homepage is trying to get redirected.

I use Windows Xp

Heres what iVe done:

Booted in Safe mode,
ran the scans in safe mode
disabled system restore
looked for the Network Security Service problem

The only thing I havent done is run Hijackthis

I know this topic is probably the most popular/ posted topic here and Ive read other posts but It seems the other posters are all ending up posting Hijackthis logs.

Any ideas?

Thanks in advance for any replies
 

Answer:CWS_NS3 Hijacker keeps comming back...

How do you know it is CWS_NS3? What program told you that?

And as far as I know, I think this means you have the HomeSearchAssitant aka HSA aka Only the Best hijack. Did you look to see if you have the symptoms indicated in When all else fails - try Generic Solution to HSA (Only the Best) hijack? If you have those symptoms, you should run that procedure.
 

7 more replies
Relevance 49.2%

Here is my dilemna:

I've run Kazaabegone, CWShredder, Spybot and Adware with new updates and reboots in between. I've run Hijack This and removed what I knew to be suspicious files in safe mode. But one:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

keeps reappearing on the HJT log after rebooting. I know I'm missing something; just don't know what.

Here is the entire log:

Logfile of HijackThis v1.97.7
Scan saved at 8:04:28 PM, on 2/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\EarthLink 5.0\Con... Read more

Answer:New.net keeps coming back

6 more replies
Relevance 49.2%

Oh God help me... these anti-spyware pop ups keeps popping up and i always run a check on ad-aware 6 and Spybot once i see it. But once i connect to the net and open a site, it all comes back again n i haf to scan it all over again.... help please this is real miserable...

Thank you.

Answer:It just keeps coming back...

try manually removing, on www.doxdesk.com there are listings for spyware/parasites.

you could also go to run > msconfig and deselect any programs starting up that you dont recoginse.

also try going to http://www.symantec.com/homecomputing/
at the bottom is a link to a free online virus check, you may have one that persistantly downloads spyware.

and finally ensure you have a firewall and if you have one make sure its up to date. www.download.com has a free copy of zonealarm, thats a good one

6 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

16 more replies
Relevance 49.2%
Question: Keeps Coming Back

Can someone please help me with this problem? All my AV programs detect a virus running in my system, but whenver I have it removed, it keeps coming back How can I stop this???


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:13 AM, on 8/25/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\csrcs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.... Read more

Answer:Keeps Coming Back

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

2 more replies
Relevance 49.2%

Hi everyone,

i had this fake FBI Virus on a laptop couple days ago, it would not let the windows to boot, not even in safe mode. i got it to clean with kaspersky boot disc, and also scanned it with avg, malwarebytes, avast. send it back to customer, same night he called me saying avast kept picking up something but was not able to remove it! so i picked it up again the next day, scanned with avg & malwarebytes seemed to be cleaned up again, nothing was picking up any viruses. but guess what? this morning i have a text from a custoemr, saying he was locked up out of screen and he was able to get into it, but now avg is picking up something again!!! i asked him if he uses usb drive or external or anything but he said he did not use any of those! PLEASE HELP WITH REMOVAL OF THIS!!!!

Answer:It keeps coming back!!!!

Hello sapikest,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Before we start, please note:

Please be advised that this free service is typically for home users. We'll help you out this time, but in the future if you are unable to clean a machine via standard methods, then either backup the client's data and rein... Read more

2 more replies
Relevance 49.2%
Question: keeps coming back

I keep running scans and it cleans the computer sometimes. I will encounter xp antispyware 2009 and 2008 telling me that my computer is infected. It posts a permanent box on my desktop saying infected and keeps popping up at bottom right by time clock saying infected. I will run anti malwarebytes and it will clean it only if i do quick scan. But then i will run full scan and it freezes so i know it is still infected. And sure enough a few days later it is all back. Please help. I also run cc cleaner and norton but norton freezes too. I have also tried in safemode but still freezes. Thanks Any and all help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:21 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Inte... Read more

Answer:keeps coming back

bump
 

2 more replies
Relevance 49.2%

I have a PC i believe is infected.
i have run Combofix, it appears to find something and reboot but i am unable to tell by the log what it found.
i think it is still infected because if i run CF again, it says it needs to reboot to continue.
 ComboFix.txt   29.88KB
  5 downloads
 ComboFix2.txt   30.15KB
  3 downloads
 ComboFix3.txt   26.11KB
  2 downloads
 ComboFix4.txt   29.75KB
  3 downloads

Answer:it keeps coming back

Hello cgtrott, I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate. Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were ha... Read more

2 more replies
Relevance 49.2%

I am trying to clean out a co-worker's computer. I have restored to over a month ago and continue to find malware during scans. Any help appreciaded. Have not yet restarted to fully remove. Do I need to kill some files will killbox prior to the restart? Thanks, Jeff

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/31/2010 2:19:22 PM
mbam-log-2010-03-31 (14-19-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 231065
Time elapsed: 1 hour(s), 11 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2658977195-169558386-357108580-1000\$RR7NTAN.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Wi... Read more

Answer:ave.exe keeps coming back

Windows restarted for updates while sleeping last night. Running malwarebytes again. Final rid of Hijackthis entries
O20 - AppInit_DLLs: C:\ProgramData\nuvanifi\nuvanifi.dll
2658977195-169558386-357108580-1000

Malwarebytes came out clean as well as a full McAfee virus scan. Hijackthis log appears clean too. With persistance I think I have this cleaned finally. I have both a dds scan and gmer report but don't really know what to look for. I can post these if someone has time to review them. I ran both prior to the windows update restart. Also updated and ran spywareblaster. Pop ups and redirects are gone too.

Partial log of items cleaned.
3/31/2010 2:19:22 PM
mbam-log-2010-03-31 (14-19-22).txt

Folders Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2658977195-169558386-357108580-1000\$RR7NTAN.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Windows\System32\co... Read more

1 more replies
Relevance 49.2%

Hey everyone this is the first time I have posted anything but i am having some serious problems. I let my brother borrow my laptop and when i got it back it was infected bad.
I have pc-cillin, Malwarebytes, and SuperAnti-Spyware.
SuperAnti-Spyware seems to clean everything after i scan and reboot but there are two things that keep coming back on the next re-boot.
1. Pc-cillin keeps giving me a waring telling me to close the browser when its not open with the web address of 110/rjsa/select.php?a=6707a0a cd82d9318fa98c6ee396eed8e61fcf4200553e0c95d8b1d81bbda3c1b&b=1001&c=1
2. There is a sys32 file that gets deleted and always comes back on reboot its MoIXWA40.dll
Pc-Cillin tells me this is a trojan.bho and says its will delete on reboot.
please help me this is so frustrating it slows everything down sooo slow.
 

Answer:Pop-Ups keep coming back

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 49.2%

windows securty 7 keeps coming bak after doing all the steps
 

Answer:it keeps coming back

Please attach the logs from both SUPERantispyware and MalwareBytes. Also run the below and attach the log.

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run
 

11 more replies
Relevance 49.2%

This is my second attempt at help. I failed my first time and after reading the preparation guide here I am. I tried fixing it myself and loading MBAM and it says I have an infected regestry value, (Trojan.Agent) When I run the MBAM it says my computer must reboot to fix. It does, but then I have the same infection. I am confused, frustrated, and not really sure now what I am doing. Thankfully there are those here that can help...I am humbled.

Here is my DDS.txt
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 16:10:46.34 on Tue 03/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.186 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINNT ... Read more

Answer:Not sure what I have...but it keeps coming back

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 49.2%

Can't seem to get rid of the trusted zones, option is disabled in internet tools. I've run spybot, adware and avast but they still show.

Logfile of HijackThis v1.99.0
Scan saved at 10:18:03 AM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.... Read more

Answer:they keep coming back!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Right click on this link http://www.greyknight17.com/spy/De... Read more

3 more replies
Relevance 49.2%

I have done everything to get rid of my recent popups including runings spybot, adaware, microsoft Antispyware, Norton and Pandascan both in regular mode and safe mode. THey keep on finding stuff, but after restarting, they still come back. I have also empties the TEMP folder and cookies and temporary Internet files. I have included a HIJACK this log, hopefully someone can help. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 6:34:55 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe... Read more

Answer:HJT Log because they keep coming back

16 more replies
Relevance 49.2%

I have a problem with pop-up ads that keep on appearing randomly on my computer. I tried using adaware which picked up a lot of them, but they keep coming back later.

Hijack this log (Created with Hijack-this Analyzer)

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Fil... Read more

Answer:Pop-Ups that keep coming back

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

4 more replies
Relevance 49.2%

hi, i hope somebody can help me. I'm running windows 95 b with internet explorer 5.5 and I keep getting "Error loading C:\WINDOWS\TEMP\se.dll". when I run IE, avg detects trojan horse startpage 16.bd and my start page is now advertising called "about: blank" I've deleted se.dll but it just keeps coming back. I'd appreciate any suggestions. thanx!
 

Answer:se.dll keeps coming back!

it sounds like you got hijacked. this should have been posted on the spyware specific board. follow the instructions on this link below.

http://forums.majorgeeks.com/showthread.php?t=35407 <--
Sticky: READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

g/l - sos
 

1 more replies
Relevance 49.2%

Greetings everyone I need some help.

First off... I have followed all the proceedures listed on the READ ME thread that is asked and I STILL AM HAVING ISSUES.

I have Ad-Aware SE and with the VX add.

I have HiJackThis v1.99 and have followed the steps on that thread as well.

Here is the problem:

I run Ad-Aware everytime I log on, and even in safe mode. It finds beween 8 and 60 items. Mostly Malware and DataMiners. Then once I fix those I rescan and it comes up clean. However, I am still getting pop-ups, I have EnhanceMySearch, and when I log off and log back in... and re-run Ad-Aware I still have 8-60 items that show up and the same problem persists.

Can anyone help and point me in the right direction? It is a major annoyance. THANKS TO EVERYONE IN ADVANCE!!
 

Answer:It all just keeps coming back

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

11 more replies
Relevance 49.2%

Everytime I run webroots spysweeper It finds a cws threat. I don't understand why it keeps popping up, even after I tell spysweeper to remove it. Someone want to help me....

Logfile of HijackThis v1.99.1
Scan saved at 7:44:30 PM, on 10/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\programfiles\Spy Sweeper\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32kui.exe
D:\programfiles\Spy Sweeper\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\programfiles\MicrosoftAntivirus\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
D:\programfiles\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\programfiles\MicrosoftAntivirus\gcasDtServ.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
D:\programfiles\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.... Read more

Answer:CWS keeps coming back

8 more replies
Relevance 49.2%

I uses Vundofix, ad-aware, spybot, xoft, avg, House call, Microtrend, Don't know what to do next? here is my infoLogfile of HijackThis v1.99.1Scan saved at 1:48:37 PM, on 3/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\NavNT\rtvscan.exeC:\Program Files\Norton Utilities\NPROTECT.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\BearShare\BearShare.exeC:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.htmlO4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\... Read more

Answer:Pop Up's Keep Coming Back

Hello Mhenry, Welcome to BleepingComputer!My name is Nick and I will be checking over your log.Let's get started.You will want to print or save these instructions.Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.If Look2Me-Destroyer does not reopen automatically, reboot and try again.I highly suggest you get rid of BearShare. It is a P2P program which is usually the cause for malware.Read here for more information on clean and infected File Sharing Programs.Click Start> Control Panel > Add/Remove Programs and remove:BearSharePlease note any other programs that you dont recognize in that list in your next responseReboot your computer once more.Please go HERE to run Panda's ActiveScanOn... Read more

1 more replies
Relevance 49.2%
Question: Keeps coming back!

I thought I wiped it off already but it's back AGAIN! And my SpyBot S&D is missing all sorts of components so it's not working right and it's the only one that has found any. The Microsoft one found one and deleted it but SpyBot found 16 but only deleted 2 before running into problems. EliteBar is back also. Help again!
 

Answer:Keeps coming back!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

3 more replies
Relevance 49.2%

I've run Ad-awareSE, Trend Micro's housecall, and McAfee. I've also run Ad-aware while in safemode yet I still keep getting these popups and McAfee keeps telling me that " The file C:\\WINDOWS\system32\winupdt.exe was infected by the Downloader-LG trojan and has been deleted to complete the cleaning process. Its' says it repeatedly then stops then a few hours later it'll come back. Here is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 6:07:30 PM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wkogyo.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:... Read more

Answer:They just keep coming back...

16 more replies
Relevance 49.2%
Question: Keeps coming back

Ok guys not sure what I keep missing but the 020 line keeps coming back and changing it name.

I have ran CWS, ewido, Killbox ( and delete after reboot) VirtumundoBegone
Logfile of HijackThis v1.99.1
Scan saved at 11:25:30 AM, on 1/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hijack This\TrojanHunter 4.2\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDae... Read more

Answer:Keeps coming back

10 more replies
Relevance 49.2%

Hello
For many years a succeeded in keeping my computers safe - then, not even a month ago, something surfaced. A Virut thing after I visited an insecure site.
If this can help, a few days before I had for the first time in my pc life installed a downloader program called Flashget-
Well I tried at first to clean up with Spybot and Spyware Doctor (who had not by the way intercepted the hostile item). But the machine had still a strange behaviour so I downloaded some Linux based Rescue CD .iso files (Kaspersky, BitDefender, WebDoctor), burned the CDs and went on scanning without Windows. Those found a wealth of infections by Trojans as well as by the Virut thing, so I kept cleaning and cleaning (desinfecting and/or deleting that is) until nothing more was found.
I then restarted Windows, uninstalled Flashget and installed Avast antivirus. Unfortunately when using my browser I started to get redirected to a "stolnik.net" whatever search I did. Plus Avast began to show infections spreading in the system by a "W32.Vitro" virus. So I tried again with the rescue CDs - Kaspersky found a couple issues but nothing else - and Avast still claiming I have the W32.Vitro everywhere.
At this point I used the VirutCF removal tool by Norton, but to no avail - there is no Virut infection in the machine.
I was beginning to get nervous so I downloaded the Combofix tool, disabled all and every anti-virus and -spyware - as requested - and tried to start Combofix: nothing happens... Read more

Answer:They keep coming back

If you truley have Virut the only real alternative is to do a complete wipe and reinstall. See boopme's post here:http://www.bleepingcomputer.com/forums/ind...t&p=1260380That will help you determine if you have virut, and if you do, what you need to do.

13 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Three threads are not needed for the same problem.
 

2 more replies
Relevance 49.2%

I can't get rid of this crap - I've ran everything on here that people say. I have SAV installed and up to date, I have SpywareGuard installed, I have ran HJT, I've ran Ewido software, nothing can get rid of this - Everytime I clean everything while in Safe mode and reboot, Spywareguard immediately starts popups saying a BHO has been added (suchs as C:\WINDOWS\system32\wvuvspq.dll) - I click remove BHO, and it comes back over and over...

Someone please help - this has totally destroyed my computer...
 

Answer:Someone please help - These BHO's keep coming back!!

Closing duplicate thread. Please continue to reply here: http://forums.techguy.org/malware-removal-hijackthis-logs/648572-please-help-my-hijackthis-log.html
 

1 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disabled Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Thread closed, please do not post duplicates!
Continue here: http://forums.techguy.org/security/460316-e2g-keeps-coming-back.html
 

1 more replies
Relevance 49.2%

I am having trouble getting rid of this BHO object.Everytime I manage to remove the dll and the BHO registry entry it comes back under a different name.I have run Spybot, AdAware and Trend Micro AV.Any help would be appreciated.Logfile of HijackThis v1.99.1Scan saved at 3:17:14 PM, on 04/16/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeC:\WINDOWS\TEMP\EWE594.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files ... Read more

Answer:Bho Keeps Coming Back

Hello EBurritt, I am SifuMike and I will be helping you. Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the programAVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.1. After download, double click on the file to launch the... Read more

11 more replies
Relevance 49.2%

2 nights ago i was surfing the next and i starting getting reports such as :

Windows has detected spyware infection!
It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you
Click here to protect your computer from spyware!

and

Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to pervent any unathorised access
to your files! Click here to download spyware remover ...

i started getting a lot of popups trying to send me to a site calling cookingluck (f3.cookingluck.com, f5.cookingluck.com, f7.cookingluck.com,
f9.cookingluck.com) i close them before they can finish loading.

Now i didnt do the smartest thing and i downloaded one of the "anti-spyware" things they told me too. "system-defender". well thats about when everything went from bad to worse, shell.dll was giving me hell, wowfax.dll was messing up. The control panel icon also disapeared and anything i tried to do with the system it wouldnt let me..pretty much telling me i didnt have administrative privliges.

So i came on this site and saw the self help page and was looking it over and saw the the "SmitFraud and It's Variants Removal Instructions" section fit my problem to a T, so i followed the steps exactly as they are written. I also got rid of the system defender. When i rebooted into norma... Read more

Answer:It just keeps coming back.....

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix
When the tool is finished, it will produce a report for you.
Please post C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

12 more replies
Relevance 49.2%

Hello, after removing numerous malwares, str.sys keep coming back even though i removed it several times.Here's the log, thanks for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:19 PM, on 7/16/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\Utilities\KeNotify.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Symantec AntiVirus\DoScan.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program... Read more

Answer:Str.sys keep coming back, help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 49.2%

Hot bar I am told is a parasite.That is its a freeby thats seems frindly but in reality is sucking all your secrets.So last night I deleted all trace of it from the system by norton and by Regedit.Tonight it back......What sort of mallet this this need ?

Answer:hot bar keeps a coming back

Please post a HJT log click hereYou may need to post in in two halves because of the 800 word limit.Please double space it by adding a blank line after each line so that it is legible with the site's formatting.

4 more replies
Relevance 49.2%
Question: Back coming off?

My Lumia 640 is quite new and the back plastic panel writing logo is coming off the Microsoft logo has come off and some letters are coming away?
Is this normal?

More replies
Relevance 49.2%

okay, so yesterday i cleaned my pc with "malwarebytes anti-malware and there were like 11 viruses. then i scanned after t, none, so i get up this morning and scan my pc because everything is going SO SLOW! and now i got 10 viruses. can anyone please help? yesterday i had like 2 injections, 2 clickers, 2 malware.packs, and like 6 agents.
heres my log for yesterday: http://pastebin.com/panEZfVS
and heres todays: http://rhymingcolors.pastebin.com/G7gJ51nr
please help. 5 of those kinds ive never seen before :/ please comment below
 

Answer:they keep coming back >:(

8 more replies
Relevance 48.79%

I ran Pest patrol & it found WinPup32. I delete it & it doesn't show up on the next scan, but as soon as I reboot it reappears. It shows up in HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\pup. I ran hijack this & here's what the log says. Can anyone help me figure out how to get rid of this thing for good? How does it keep appearing after its been deleted? thanks in advance.

Logfile of HijackThis v1.97.7
Scan saved at 4:50:58 PM, on 5/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\3COM_DMI\3CDMINIC.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\TUN\COMMON\ESLCBCST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\DMI\BIN\DELLDMI.EXE
C:\PROGRAM FILES\MS HARDWARE\POINT32.EXE
C:\PROGRAM FILES\NORTON\ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON\ANTIVIRUS\POPROXY.EXE
C:\WINDOWS\SYSTEM\MSWHEEL.EXE
C:\WINDOWS\SYSTEM\PIKMCTRL.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\DMI\BIN\MONITOR.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\DMI\BIN\NIC.EXE
C:\DMI\BIN\COO.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SEIKO\SLPCAP.EXE
C:\DMI\BIN\DNAR.EXE
C:\DMI\BI... Read more

Answer:WinPup32 just keeps coming back

7 more replies
Relevance 48.79%

My IE browser keeps spawning new pages to annoying sites.
Serch & Destroy (all updated) keeps finding:
hotsearchbar.com
C:\windows\system32\red_kas21.ico
C:\windows\system32\mp3red51aads1.ico
C:\windows\system32\greenmovie2313asaadsasfad.ico
C:\windows\system32\dice21.ico

It does get rid of these items, but as soon as I open IE, they all come back.

I have run Ad-Aware full system scan several times. Also have run "VX2 Cleaner".

Have cleaned all hard drives, log files, caches, cookies, histories, defragged & checkdisked.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Progr... Read more

Answer:hotsearchbar keeps coming back. Please Help

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Reboot into Safe Mode by hitting the F8 key until menu shows up. In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU... Read more

5 more replies
Relevance 48.79%

I've run into a relentless little piece of malware called AdAntiHS which I have not been able to get rid of in a friend's computer. There's barely any information on it from credible sources online. It digs its claws into the startup programs on Windows (running Windows 7) and won't let go. Not sure what kind of damage it's doing either.
 
I've disabled it from startup using msconfig, manually deleted it, and even ran MalwareBytes from a USB using Hiren's BootCD and removed it. But after restarting the computer it shows back up at C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup. I've also deleted keys in the registry associated with AdAntiHS but to no avail upon restarting the computer. 
 
I noticed that upon deleting AdAntiHS from startup, a commonstartup file is created at C:\Windows\pss. I deleted that too. There is a registry key of appcompatCache which I understand is more like a reference or history of programs that have executed on the computer. Those are the only registry keys I have not deleted that make mention of AdAntiHS.
 
So far, I installed BitDefender on the computer which manages to catch AdAntiHS everytime on startup, but even though I choose to delete the quarantined item, it comes back again on restart. So at best, I quarantine it on startup but I want to be able to permanently get rid of it.
 
Has anyone else encountered this piece of malware and been able to wipe it from their system?
 
Thanks in advance fo... Read more

More replies
Relevance 48.79%

Hi all.Ive got broadbandand useing xp pro. Ive set so I can use faxing. Everything is as it should br ie correct windows open in fax wizard but when I try to send a fax to a remote fax unit it pops out of my fax and not at the remote fax.Any body got an answer Thanks MAGGX

Answer:FAXS COMING BACK TO MYSELF

The simple answer is that you can't use fax wizard to send faxes via broadband. Fax is analogue, broadband uses digital technology. You will need to retain your dial up modem for fax transmissio, There is software available to sent faxes via the web but I understand this can be a costly option as it is usually by subscription.

10 more replies
Relevance 48.79%

Seems to be some kind of browser hijacker/adware?
 
It came down with some free dvd converter software. I am always super careful and untick all the extras that usually get installed but somehow it got through anyway.
 
It has taken on several different guises, some more obtrusive than others, but always ad based. The worst would cover any website visited in ads preventing internet use.
Currently it is 'ads by couponing' which is over-riding google search results.
 
I've tried malwarebytes, adwcleaner, tdsskiller and hitmanpro. usually hitman pro will find a bunch or results and remove them but as soon as i restart the pc or re-open Chrome it is back.
I've removed all extensions from Chrome (there used to be an ad extension that would show but now it is completely empty). I've also reset chrome to factory defaults (as well as IE although I don't use it).
there is nothing in the uninstall program list that I am suss about,
 
Any help gratefully appreciated!
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-07-2015
Ran by stuart (administrator) on DESKTOP (01-08-2015 17:39:21)
Running from C:\Users\stuart\Downloads
Loaded Profiles: stuart (Available Profiles: stuart)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-reco... Read more

Answer:Ads by couponing. Tried everything and keeps coming back.

Hello uncle henry I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

3 more replies
Relevance 48.79%

Hey, so i've gotten this malware and i know what program caused it but i deleted it and have no clue now, sorry :/ But the main issue is, as i said i cleaned it with Adwcleaner and it finds it and removes it (I'm certain that's it but when i restart chrome it "re-installs" itself. Also I've used FRST but i don't know how useful it will be as i'm puzzled whether it worked or not Now enough from the cryptic talk.

it's under
C:\Users\my user\Appdata\local\google\chrome\user data\default\secure preferences
inside the file (opened with notepad++)
this is the culprit:
plnkhmnoajbfccclonaeepohggeolcih (more details in uploaded logs)
Also, over time due to the popups it also installs some random tinytask thing + uk.ask.com or whatever search provider (also in logs)
Now, as i mentioned above i've checked installed programs and services and found nothing out of the place. I have no clue how the hell should i go about fixing this as its a nasty malware that doesnt wanna get removed. The only sites i found relating to this issue are spanish and the forums even with translate didnt help much so i'm here to ask for some help! Thanks for anything in advance
 

Answer:Malware keeps coming back

Hello,

Your FRST report is empty and you are missing Addition.txt report.
 

9 more replies
Relevance 48.79%

Hi all.Ive got broadbandand useing xp pro. Ive set so I can use faxing. Everything is as it should br ie correct windows open in fax wizard but when I try to send a fax to a remote fax unit it pops out of my fax and not at the remote fax.Any body got an answer Thanks MAGGX

Answer:FAXS COMING BACK TO MYSELF

i have never tried faxing with xp myself but this click here may help you a bit maybe.

5 more replies
Relevance 48.79%

Hi,
My laptop is infected with some virus: Trojan.Addicker, PWS.VIP, W32.Looked.J (spyware doctor) and KillSec Zlob. Downloader (spybot S&D)...... I found some strange files running on taskmanager: Logo1_.exe, SMSS.exe, svhost32.exe, mh2.exe......... My norton antivirus doesn't detect anything. I tried to deleted them but everytime i restarted, I still found them. Then, I found this forum, did step by step according to the thread: BEFORE POSTING HJT Log . This time I successfully deleted most of them but I still had to log in Safe mode to deleted Logo1_.exe, svhost32 manually. after rebooting, I didn't see Logo1_.exe and svhost32.exe anymore but when I opened an *exe file ( Hijackthis.exe), spyware doctor detected Logo1_.exe again . Then,I scanned my laptop with spybot,norton. They doesn't detect anything but spyware doctor still detects Common Components for Trojans . I don't know what to do anymore, please help me.
Here's my HJT:

Logfile of HijackThis v1.99.1
Scan saved at 22:20:30, on 17/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program F... Read more

Answer:Logo1_.exe keeps coming back

Please help me!!! over the last few hours, each time i click on *.exe files, the zlob.downloader virus and logo1_.exe appear. I tried to delete them but they keep coming back again :( B-U-M-P

19 more replies
Relevance 48.79%

This file keeps coming back after i delete it. It's located in C:\WINDOWS\system32\drivers. It is a .sys file and keeps showing up in my adware/spyware scans. The name of this file is dhlcrlc.sys.

I have tried googling this file, but no results have turned up. My computer ( XP home edition sp3 ) has recently been infected by malware. I've tried removing it, but things like redirected pages in google keep coming up. I don't know if it's the dhlcrlc.sys that is causing this.

I'm new to this so sorry if I haven't gave enough information, I just want this problem gone >.>

Answer:This file keeps coming back

Hello it may be rootkit and hiding in a sytem file. Let's please run 2 scns.Clear out some junk files first.TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Fini... Read more

9 more replies
Relevance 48.79%

Everytime I reboot my computer, Downloader keeps coming back.

http://www.symantec.com/security_res...101518-4323-99

I have followed the removal instructions here, and no virus scan is detecting any infected files in safe mode. System restore is disabled until I figure this thing out.

When I check my logs in Norton Antivirus it says one file was automatically deleted, and one file was repaired.

This is the text for the repaired file:

Source: Manual Scanner
Risk category: Virus
Click for more information about this risk : Downloader
Action taken: Repaired
Description: Affected areas:
1 Additional areas:
Unknown - Deleted

It bothers me because I dont know what it is repairing, and I would like to delete that file as well.

All virus scans, spyware scans, everything comes back clean. Then I reboot, open a browser and wham, the file is detected and deleted again.

Here is my HijackThis file.


Logfile of HijackThis v1.99.1
Scan saved at 4:57:34 AM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EX... Read more

Answer:Downloader keeps coming back

So, Norton's not telling you exactly what it's repairing, or where whatever it's repairing is located?

Is Norton subscription up to date?

Let's run this small tool and see what we can see.....
Download combofix from one of these locations:http://www.techsupportforum.com/sectools/combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

1 more replies
Relevance 48.79%

Ok i'v been fixin my computer for 2 weeks and 3 days now and I will not reinstall my wondows untill I fix it

I ran NOrton anti virus 2004 in safe mode
I also ran it in diagnostic startup
I have updated virus definitions
After norton got done 1 file could not be deleted so I delete it manually
Then I ran hijackthis and I fixed all aboutblank
trust me I fixed all the bad things
Then I ran SWSHREDDER and it found Searchx which it deleted
Then I ran spybot search and destroy 1.3
Adaware with updated definitons
and Spysweeper
Only Spybot which I ran second found Webdialer and could not delete it
so I deleted it manually
then I went into registry into all possible IE files under
software/michrosoft/ie/main and deleted all the files that had anything to do with Searchx (after working on it for 2 weeks I know exactlly what is what)

Then I ran everything over again and everything returned nothing
means my computer is clear

so I go online and I type blahblah.con since I figured that when I go to a not existing page the god damned pop up comes back
oh before this I changed all my default serach pages to google.com
and guess what it came back


NO N00b advice please I tried everything that is noobish
I also noticed that the dll file in windows/system32 that is causing this trouble once found by norton anti virus cannot be deleted until restart and by that time it makes a copy of it self under some dumb name like (so far it was called this)
noob.dll
cnn.dll
clan.... Read more

Answer:Searchx keeps coming back WTF am I TO DO?

Two weeks and three days, I would have used Fdisk by then.
Sometimes is best to toss in the towel, or in this case, the floppy!
or CD if 2k or xp.
 

10 more replies
Relevance 48.79%

Hello. I need some help. My parents' computer is running Windows XP and has persistent alerts from AVG saying that multiple threats are detected. It removes them and a little while later they are back again. The file c:\tdlcmd.dll keeps showing up. svchost shows as an infected process sometimes. I ran a Malwarebytes scan and it detected 20 threats, removed them, then the next day they were back again. AVG also identifies these threats as Trojan Horses in the Vundo family. Nothing seems to be able to permanently remove this virus. After some research on forums it seems that the only thing that works is when someone who is very skilled reads a logfile (usually OTL, Combofix, or Hijackthis) and gives the OP instructions specific to the infected machine. I really wish I knew enough about this process to do it myself, but as it is, I need help. I've read the forum rules so I'm posting a Hijackthis log that I ran on my parents' computer via TightVNC. Thank you in advance for your assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:32 AM, on 1/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\... Read more

Answer:tdlcmd.dll keeps coming back

bump
 

1 more replies
Relevance 48.79%

I've had problems with the MediaPipe/Plus pop up coming back after removing it for a few weeks now. It started out as a file that was downloaded in the background while on some web site. Since then I've used add/remove programs, add/remove and removed it on startup on regsupremepro, ewido, ccleaner, blbeta to see if it showed up any hidden files, and spybot search & destroy. Now I keep getting a pop up that is telling me my 3 day trial is up and wants me to pay and I seen the files on the computer again. I haven't tried the aproposfix, kill bot, or clean up yet. Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:09:08 PM, on 12/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Pro... Read more

Answer:MediaPipe pop up keeps coming back.

Then why are you posting this log? Your wasteing our time here...as you have started 3 threads and have yet to completed one of them. Please follow the advice given to you in that thread and post your next logs in that same thread.

1 more replies
Relevance 48.79%

I have a Dell Dimension 8400 Pentium 4 3.0 GHz with 3GB of RAM running WXP Pro sp3. I have uninstalled mIRC twice. The first time I thought I had solved the problem. The problem (a sound stuttering problem that sounds like a key is stuck) came back, so I looked for every other cause, and then discovered that mIRC was back. I booted into safe mode and uninstalled it again using jv 16 power tools 2009. When I restarted, it was back again. Now I'm thinking it must be some type of malware. If someone can help, I will post log files. Thanks in advance.
 

Answer:mIRC keeps coming back

I am stuck. I really think it is some kind of malware. I don't know what else can reinstall itself. Anyone?
 

1 more replies
Relevance 48.79%

Hopefully I've included enough information and made this topic correctly...
 
Basically I had an issue where my microphone would mute itself, figured it was a virus, and ran malwarebytes. It found stuff, removed it, and everything worked fine... for about a few hours. A few hours later the same thing occurred, ran malwarebytes again and found the same thing: "dnsl64.exe" detected, along with other things that it appears to be downloading. No matter how many times I remove it it seems to come back, and googling dnsl64.exe popped up no results that I could find and then each scan (after a few hours) pops up a bunch of junk, even if I leave the computer idle. It also downloaded something that appeared to change my browser homepage to "search.snapdo.c*m" if that helps diagnose anything.
 
I've attached the MWB and FRST logs, hopefully they help diagnose what the problem is! Thank you in advance for any help, would really appreciate getting rid of this nasty thing.

More replies
Relevance 48.79%

Hello--I keep running my Spyware Doctor, and every day I get a warning that I have tdlcmd.dll in my Windows/system32 file, and every day I delete it, and then the next day it's back. There's obviously something else going on here that I'm missing. Thanks very much for any help you can give me!!

Here's my Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:10 PM, on 12/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program F... Read more

More replies
Relevance 48.79%

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Michael at 19:00:59.98 on Sun 09/06/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.765.240 [GMT -7:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\vds.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\ag... Read more

Answer:virus keeps coming back help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 48.79%

I accidentally installed trovi and after spending hours trying to remove it I think its mostly gone, hoever every time I run a scan it still shows up as a threat even though I can no longer see it in my browser. I've followed the guide and have no idea where to go from here so and help would be greatly appreciated.
 

Answer:Trovi Keeps Coming Back!

Hello,
Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Do not paste the logs in your posts, attachments make my work easier. There is a Upload a File button which you can use to attach your reports. Attach all reports.
Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you l... Read more

16 more replies
Relevance 48.79%

don't know how to remove trojan,keeps coming even after reformatting the c:drive and d:drive.

Answer:troj_downadjob.A keeps coming back

If you formatted the drive, it didn't come back.. you keep going to a place on the internet somewhere where this virus hangs out. Either way, go to download.com and download the program called Spybot - Search and Destroy, it will find it and kill it. From there, go into your internet history and see where the virus came from.

2 more replies
Relevance 48.79%

hi, I have spyware files that come back every time I boot. The name is: IGetNet. Spybot and BPS get rid of them, but after I boot up again, they come back. Is there any other way I can delete them permantly? Thank you for any help.
 

Answer:spyware keeps coming back

look for any thing in your add/remove that says IGN and uninstall it.
 

6 more replies
Relevance 48.79%

I posted last week about Cool Web returning over and overagain. I managed to get rid of it, for a while. My son used my computer for something and somehow got LYCOS loaded. Very big pain to get rid of. Now Cool Web keeps returning, and I haven't been able to get rid of iot. CW Shredder removes it, ad aware removes it and Spy Bot removes it, but it comes back. I ran a scal this morning and cleaned evrything up, then ran another Hijack this and I'm pretty sure it's back. Could someone take a look please.
Logfile of HijackThis v1.97.7
Scan saved at 9:56:24 AM, on 4/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\... Read more

Answer:COOL WEB Keeps coming back

12 more replies
Relevance 48.79%

About two weeks ago I got a google redirect virus which I was able to get rid of with the TDSS Killer. Then a week ago a icon in the bottom right of the screen shows up and then I start getting those fake virus warning messages which I avoid clicking. The next thing I know the internet won't work and I can't run any spyware removal programs. I tried using system restore but it would come back up again after a few minutes. I was able to use another computer to look up information. I booted up into safe mode and checked the lan settings but we have DSL so I don't know if that is why nothing was listed. I made sure all boxes were unchecked for the proxy settings but the internet still didn't work. I downloaded and installed RKill with a usb device with the name iexplorer.exe but whenever I try running it I get the blue screen of death. Didn't matter which mode I was in. Since that didn't work I boot back up into safe mode. I ran HJT and looked for any files listed on different sites but found none that were the same. I even go and try to manually find the files (hidden files shown) but no luck. Next I run an updated Malwarebytes and it doesn't find anything other than tracking cookies. The next things I ran was my CCleaner, Spy Doctor, and Hitman Pro. None of them found anything other than cookies. At that point I'm running out of ideas. Finally I downloaded SuperAntiSpyware and that finds 3 trojans. I remove them and boot up into normal mode and didn't have any signs of the vir... Read more

Answer:Antivirus.net keeps coming back.

Here is my HJT log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:26:58 PM, on 2/14/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Greg\Pictures\Dani\TDSSKiller\hjackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Intern... Read more

12 more replies
Relevance 48.79%

I have the malware/adware tojans that keep coming back. I have ran Malwarebytes-anti malware program, spybot, and avg which I just downloaded. See my hijackthis log below.

Thanks for looking and any help you can give. Lori

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no na... Read more

Answer:Viruses that keep coming back!

I have also noticed that I can not complete my downloads.....I have had to download on a different computer and save to a flash drive in order to get any program.
 

1 more replies
Relevance 48.79%

Hello,

I've been trying now for 3 days to remove this (and other) trojans, etc. from my system and although it can be detected and allegedly removed using Spybot or Malwarebytes' Anti-Malware, it reappears each time my computer is rebooted. I'm running XP.

I'm starting to have problems with my passwords...don't know if it's related, but some of my online billing sites are suddenly not accepting my passwords and also Outlook is asking for a pw for my email and when I enter it, it's not accepted. HMMMMMmmmmm....

Any help will be tremedously appreciated. I need to get my taxes done!

Here is my HJT log from today:

~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:21 PM, on 4/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\W... Read more

Answer:Vundo.H keeps coming back

I see that you're advertising STOPZilla. I've been reading that it's malware. What gives?
 

2 more replies
Relevance 48.79%

Hey guys, i have a thinkpad r61 from Nov 07. recently i started to get blue screens quite often. two days ago it died completely. nothing happened when i pushed the power butter. totally blacked out. once in a while, i could hear some beeps. has anyone encountered the same problem? despertate for help. Thanks a lot! damon

Answer:R61 Broke down and not coming back

if it is beeping it's telling you what is wrong here is a link to beep codes page 42 hardware maintenance manual http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles_pdf/42x3547_04.pdfMessage Edited by GMAC-R60 on 07-27-2009 09:53 PM





_______________________________Thinkpad R61 7733-1GUThinkpad X61T 7762-54UThinkpad X60T 6363-4GU_______________________________Did a member help you today? Thank them with a Kudo!If a post answers your question, please mark it as an "Accepted Solution"!Regards,GMAC

6 more replies
Relevance 48.79%

I have had this trojan virus for weeks now, i have done everything possible to get rid of it. i have googled like crazy, ran avg, avast, kaspersky, spybot, spydoctor, and many more. done in safe mode as well as normal.
i am so close to reformatting, but i really don't want to. can someone please help.

most of them seem to be system32 files, and weird .dll files.

symptoms include: lagging of computer. random IE pages will load, when i do not use IE i use firefox mozilla. and randomly avg free will pop up and say trojan found. and the trojan will automatically turn off my avg free or firewall and i am forced to turn them back on myself.


if more information is needed, let me know.


here is my DDS log.



DDS (Ver_09-05-14.01) - FAT32x86
Run by Cody Crulz at 15:57:28.18 on Wed 20/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.235 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spy Emergency *enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {FDFE477F-8FE7-4B17-A05C-9D1F9EB603CB}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\... Read more

Answer:Trojan keeps coming back!!!

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

... Read more

8 more replies
Relevance 48.79%

I have a few virus programs on my computer and I run the scan and it finds them and I remove them, but they keep coming back. I have used Malwarebytes and it doesn't work.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 18:11:27.17 on Sat 05/09/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_10

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [prnet] "c:\windows\system32\prnet.tmp"
uRun: [Diagnostic Manager] c:\docume~1\owner\locals~1\temp\75746154.exe
uRun: [autochk] rundll32.exe c:\docume~1\owner\protect.dll,_IWMPEvents@16
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igf... Read more

Answer:Viruses keep coming back

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.


Mark

12 more replies
Relevance 48.79%

Running Malwarebyte's Anti-Malware and i get the same results everyday. I also get redirected when using google. My Malwarebytes results are:

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

5/11/2009 6:25:05 PM
mbam-log-2009-05-11 (18-25-05).txt

Scan type: Quick Scan
Objects scanned: 134478
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\roger.spiller\protect.dll (Worm.Autorun) ->... Read more

Answer:Virus Keeps coming back

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 48.79%

Keep getting repeditive detections of adware.quadrogram files, I have tried many programs to remove, but they can not get all of it out and it replicates. Have worked on this for two days - can someone help me please.
lharrell1

Logfile of HijackThis v1.97.7
Scan saved at 10:29:56 AM, on 4/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Minuteman\SentryII\SentryII.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\DATAVA~1\VVAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\TCAUDIAG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\docume... Read more

Answer:[Solved] help - it keeps coming back

16 more replies
Relevance 48.79%

On Startup there is a program, spyware i guess, that is called jzppenc.exe in the process manager. All it does is create an ad on the homepage and a popup to come up when ever i go on IE. I just end in the the process manager and it doesnt come back till next startup. Whenever i take it out of the startup it comes back, same with deleting it from the regestry startup. Anyone hear of it or know what to do. I also cannot find it in C:\ where it says it is.

Answer:Jzppenc.exe? Keeps coming back!!!

It could be hidden. Run Microsoft antispyware and spysweeper. See if that helps.

9 more replies
Relevance 48.79%

So my computer got a virus from a game that I tried downloading. Avast! did a boot scan and got rid of it, but a day or two later, I got messages from Chrome that said I had a virus again, but of course those are usually scams. I did another scan, just to be safe, and Avast! found two items, got rid of them, and ran another boot scan, just to be safe.

Next day, I figured it had to be from Chrome because of the fact that I attempted to download the game from Chrome and was getting odd popups and such but IE wasn't doing that. So I deleted it. My friend suggested downloading Malwarebytes so I did that as well. It found two more Trojans and so did Avast! after a full system scan. Got rid of those as well and found they were gone afterwards.

I can't tell if my computer is infected again but earlier Malwarebytes apparently blocked a couple malicious websites, and since Avast! usually did that when the virus would come back, I ran another scan and found one thing, a YouTubeAdBlocker, I don't know if I wanted to get rid of that because an AdBlocker sounds like something I would want to keep and I heard that sometimes, Malwarebytes finds things that aren't really dangerous, but idk I am not an expert. I tried not to worry about it after that but I just want to be safe.

I am running two full system scans as we speak with Malwarebytes and Avast! to see if they will find anything that way since quick scans didn't find anything (except the AdBlocker again) and... Read more

Answer:Virus that keeps coming back?

Hi,
In order to help you, we need reports generated on your system. Please follow this topic and attach requested reports: http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 48.79%

My virus software detects probable twenty times a day the hookerdll.dll trojan. I have the most current anti virus updates and it will not detect what is generating this. I have looked in my registry for any evidence of a "message.exe or OLE ", and there is none. I have no idea why this keeps coming back with or wothout my system restore on or off. Any help would be welcome.
Thanx
 

Answer:Hookerdll.dll keeps coming back - help

10 more replies
Relevance 48.79%

Hi all,

Looking for a little help here. I have removed a virus now with ESET and malwarebytes and it keeps coming back. See the log below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Carrie Ann at 19:38:56 on 2012-04-03
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3963.1965 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe ... Read more

Answer:Virus Keeps coming Back

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
Click Save log, and save it to your desktop.
Click Exit.
Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Change parameters' then under 'Additional options' tick both boxes > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then ... Read more

10 more replies
Relevance 48.79%

I am trying to clean this computer and the infection keeps comming back. I have taken the hard drive out and scanned it with Panda Scan in another computer, ran supperantispyware and cleaned all files that if found. When I plug the computer back in AVG keeps finding this file in the sys32 folder. I checked the host file, i have cleaned all temp folders, I can't even run malwarebytes, or supperantispyware on the computer once it is on.
This is the file that comes back everytime I remove it using another computer.

D:\Windows\System32\UACclsxavmiqi.dll
clean hijack report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:32 AM, on 8/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sfbay.craigslist.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.c... Read more

More replies
Relevance 48.79%

i recently have been getting more popups, and they have been saying "brought to you by 180 search assistant" i have ran numerous different types of spyware scan and they have deleted spyware but it keeps coming back. Also i have been getting trojan horses that keep coming back also.
im on xp home edition
thanx
 

Answer:spyware keeps coming back!! :(

8 more replies
Relevance 48.79%

Hi. I have spent most of the past week trying to rid my computer of spyware and adware. Apparently DH clicked on something he shouldn't have, and opened the door to lots of unwelcome guests. I have Spybot now, and pop-ups are fewer, but not gone. Still can't get rid of new toolbar just for searches. I have tweaked the registry some, following various advice on forums found by searching Google. I have WinTasks Pro. Here is my new Hijack This log. I see many more BHOs than I would have thought, since my activity. Apparently they regenerate on their own!

Logfile of HijackThis v1.98.2
Scan saved at 6:40:11 PM, on 10/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\lssr... Read more

Answer:incredifind, pop-ups keep coming back

13 more replies
Relevance 48.79%

I get this every night have put it in virus vault in AVG, turned off system restore ran Malwarebytes and removed it and it has come back 3 nights in a row.. This is what reads in vault, Trojan horse Download.Generic9.YHX Path: WINDOWS\system32\sshnas.dll. Ran hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 10:05:35 PM, on 12/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Suzanne Wells\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Progra... Read more

More replies
Relevance 48.79%

Hi!

I keep getting something called "Websiteviewer" constantly coming up. I've tried Ad-aware and Spybot in safe mode with no results.

Here is my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 8:10:57 PM, on 2/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\clfmon.exe
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\i... Read more

Answer:Websiteviewer keeps coming back!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

The Temp folders should be cleaned out periodically as inst... Read more

3 more replies
Relevance 48.79%

Hi,
I cannot seem to completely clean this IE hijacker from my system.
I have Windows XP and I am running HijackThis 1.98.2 to scan and fix.

I delete entries such as:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\Profiles\sid\LOCALS~1\Temp\sp.html
I get on the web again afterwards, and this spyware is back.

Does anyone know to fix this completely?
Thanks
Sid
 

Answer:oz.msie.tv keeps coming back

16 more replies
Relevance 48.79%

I keep scanning and finding the same spyware and adware. Every way i try to remove it, even manually finding it and trying to kill the process and deleting it, it comes back. I really dont want to have to format, but it might come to that. here is a list of the things detected by spybot s&d. : adrevolver, blackcore, casalemedia, errorsafe, mediaplex, reliablestats, smitfraud-c.toolbar888, virtumonde(which says is the the system memory and wont leave until i run a boot scan, but that doesnt help), winsoftware.winantiviruspro2006, and zedo. Also, my flashdrive with all my last resort utility programs wont open from explorer. Yesterday just the U3 part wouldnt run, now the entire drive wont light up when inserted.Here is a hijack this log. I noticed the highlighted portion is for virtumonde.Logfile of HijackThis v1.99.1Scan saved at 4:32:12 PM, on 6/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Softwa... Read more

Answer:10 Different Ad/spywares! They Keep Coming Back

sorry i couldnt find the highlighted portion when i switched to the old hijack.

4 more replies
Relevance 48.79%

hi again i have a virus as above ive run the trend update an fix as im useing pccillin but this stupid virus keeps comeing back any ideas??????thx DW

Answer:troj_revop.a keeps coming back

^

10 more replies
Relevance 48.79%

Windows Malware Removal keeps removing two trojans everytime i start up.
They are Win/32/Tibs.IU and WinNT/Alureon.c

Also, when searching for stuff on google a lot of time links wil take me to pop-ups instead of the actual site.

I have attached my Hijackthis.
 

Answer:Tojans keep coming back

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 48.79%

Logfile of HijackThis v1.98.2
Scan saved at 1:23:38 PM, on 12/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Messen... Read more

Answer:It keeps coming back!what am i doing wrong

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top).

3 more replies
Relevance 48.79%

So I've seen the other post with tdlwsp.dll but somewhere along the lines of fixing it I always see something that says script was created for this specific user so i don't follow the instructions that are given. On my computer avast detects tdlwsp.dll every so often and I delete it every time but it keeps coming back. I already ran malwarebytes,avast, and a windows defender scan but it doesnt pick anything up. Oh and tdllwsp.dll always shows up at C:\Windows\System32\tdlwsp.dll.
 

Answer:tdlwsp.dll keeps coming back

16 more replies
Relevance 48.79%

hey guys, i have no idea whats causing this but winupdates.exe keeps coming back!
it prompts me every once in awhile saying that the program wants access to my computer and i simply click 'deny' everytime.
but today a friend of mine used my computer and clicked 'allow', and i swear its been popping up 10x as often now and im starting to get worried!

any help is greatly appreciated!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:43 PM, on 10/7/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updatev0.1.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Fil... Read more

Answer:winupdates.exe keeps coming back!

16 more replies
Relevance 48.79%

Ok..this is my log with mysearchnow removed from it...it wont go away.as soon as i turn my computer on and opened one email i had it...i dont understand how!
Logfile of HijackThis v1.98.2
Scan saved at 12:47:22, on 30/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Symantec S... Read more

Answer:mysearchnow keeps coming back

You were being helped here: http://forums.techguy.org/showthread.php?t=290383

You should continue with the same thread.
 

1 more replies
Relevance 48.79%

I found a few suspicious files one day while i was clearing up files around in my hd. backupuser.exe_backupuser.exemydocuments.scrrecycled.scrwinzip.pifphoto.scrc:\windows\appatch\lsass.exec:\windows\appatch\crss.exec:\windows\appatch\smss.exec:\recycled.scrand a registry valuemachine\software\microsoft\windows NT\CurrentVersion\WinLogon\Userinit: Userinit.exe,C:\WINDOWS\AppPatch\smss.exe,C:\WINDOWS\AppPatch\lsass.exePrior to posting this thread I have attempted to remove such files + registery value but some of the files and the registry value keep coming back after each reboot. Namely,c:\windows\appatch\lsass.exec:\windows\appatch\crss.exec:\windows\appatch\smss.exec:\recycled.scrAfter exhausting all my options I have come to seek help in this forums.Hope I made the right choice Anyway,I have followed as per instructions from this post http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/but recieved an error regarding the step involving root repeal. Don't know if it affects the scan but just gonna highlight the error.Error - Invalid PE image foundAlrighty then, here comes the big wall of textDDS (Ver_09-10-26.01) - NTFSx86 Run by User at 14:27:22.70 on Thu 11/05/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2248 [GMT 8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D... Read more

Answer:Infection that keeps coming back

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

9 more replies
Relevance 48.79%

I am running windows xp home edition. My virus software is pcguard from virgin active.At first pcguard find 50 viruses and deleted them but I would run the scan again it would find the same 50 viruses.Disabling the system restore function cut them down to 13 viruses. I have now run a viruse scan in safe mode and I have found six viruses. Worm.win32.autorun.aam,
worm.win32.autorun.dej
backdoor.win32.small.czo
backdoor.win32.small.eiu
trojan.bat.runner.s
w32/backdoor2.emeb
The software says it has deleted them but after I scan straight away they are detected again.I hope if someone can help me get rid of the viruses in safe mode it will cure the viruses in normal mode.
I would appreciate any help anyone can give me
 

More replies
Relevance 48.79%

Ok, so I scanned my computer with Avast and had some Trojan?s and avast got a lot of them out, although my Firefox Process runs at 100% after about 2 minutes of using the app. So I assume I have some sort of a virus, I scanned my comp with Malwarebytes and it found some and deleted then but other malware viruses keeps coming back. I also did spybot S&D it found cookies, online Bitdefender found IRC-Worm and some other generic Trj's it deleted them, it seems avast did not detect some that Betdefender did, RemoverIT Pro v4 detected lots and could not remove some(list is below), I have Vista 64bit so : RootRepeal screend didn't work. I did what the instructions told me to do and this is where I?m at. What I do most of the time when I have a virus that does not want to go away is I try safe mood scans or boot time scans, i do not have avast pro anymore so i can't do a boo time scan. Safe mood scan detected some of the following below
Avast
Sign of "JS:Downloader-FT [Trj]
Sign of "Win32:Malware-gen
Sign of "HTML:Framer-inf [Trj]
Sign of "Win32:VB-LLP [Trj]
Sign of "Win32:VB-LLP [Trj]
Sign of "JS:FakeAV-AX [Trj]"
Sign of "HTML:IFrame-CJ [Trj]"

These where sign's of the trj or malware, it seems to keep coming back so i can't find the main file infecting my pc. Also these things have got into my windows files.

Usually what i would do at this point would be to back up and reinstall windows, although i have an extra TB hard driv... Read more

Answer:malware and Trj's keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.

First Location
Second Location
Third Location

Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this repor... Read more

7 more replies
Relevance 48.79%

Here's my log. I've tried Spybot, Spyhunter, Norton Anti-virus. I've tried deleting folders I KNOW to be junk, ended processes one by one in hopes of finding the culprit of my laptop's slowness. Also, google and yahoo are doing this funny thing where the first 20 links at the top of the page come before any search results. Is this also not supposed to happen?

Logfile of HijackThis v1.98.0
Scan saved at 7:51:47 PM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TDispVol.exe
C:\documents and settings\lil\local settings\temp\Aiso.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program Files\Enigma Software Group\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lil\Applicati... Read more

Answer:*sigh* i keep trying, but they keep coming back

Hi chibilil

Welcome to TSF

this is going to take a little bit to sort out i just wanted to let you know someone is looking at it

Lobos

uninstall through your control panel add/remove programs reboot after each one

these two are causing your main problems
BearShare
KAZAA

P2P Networking
SpyHunter
EnigmaPopupStop
TV Media
--------------------------------------------------------------------------
Post another log please

Lobos

3 more replies