Computer Support Forum

Pretty sure I have some form of malware...

Question: Pretty sure I have some form of malware...

Hey guys, hate to ask for help on my first post, but kinda in a bind here. My computer is running fine from what I can tell, but I was going to do a hijackthis log but it would only load, start the scan, and then crash and seemingly uninstall. I figured this might have been a configuration issue with my computer, so i tried using malwarebytes, runscanner, and rsit. All with the same result. AVG, ccleaner, avira, and avast work fine though, but don't come up with anything.Kinda at a loss here as to what might be causing this...hoping you guys could help.Thanks, WillEDIT: I was able to get a combofix log done thanks to some help on another forum..here's that if it helps.ComboFix 09-09-22.02 - Administrator 09/22/2009 20:22.1.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2736 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\HijackThis.exec:\program files\driverc:\windows\msa.exec:\windows\msb.exeInfected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 ))))))))))))))))))))))))))))))).2009-09-22 22:12 . 2009-09-22 22:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Runscanner.net2009-09-22 22:11 . 2009-09-22 22:12 -------- d-----w- C:\Runscanner2009-09-22 22:10 . 2009-09-22 22:10 -------- d-----w- C:\rsit2009-09-22 21:26 . 2009-09-22 21:29 -------- d-----w- c:\program files\Darkest of Days2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes2009-09-22 21:23 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2009-09-22 21:23 . 2009-09-22 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2009-09-22 21:23 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2009-09-22 19:18 . 2009-09-22 19:18 -------- d-----w- c:\program files\fumble2009-09-22 19:14 . 2009-09-22 22:10 -------- d-----w- c:\program files\Trend Micro2009-09-22 16:26 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys2009-09-22 16:26 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys2009-09-22 16:26 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys2009-09-22 16:26 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr2009-09-22 16:26 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys2009-09-22 16:26 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys2009-09-22 16:26 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys2009-09-22 16:26 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2009-09-22 16:26 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe2009-09-22 16:26 . 2003-03-18 21:20 1060864 ----a-w- c:\windows\system32\MFC71.dll2009-09-22 16:26 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll2009-09-22 16:26 . 2009-09-22 16:26 -------- d-----w- c:\program files\Alwil Software2009-09-22 16:23 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys2009-09-22 16:23 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys2009-09-22 16:23 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys2009-09-22 16:23 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys2009-09-22 16:23 . 2009-09-22 16:23 -------- d-----w- c:\program files\Avira2009-09-22 16:23 . 2009-09-22 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira2009-09-22 16:17 . 2009-09-22 16:17 -------- d-----w- c:\program files\CCleaner2009-09-22 16:08 . 2009-09-22 16:08 105400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2009-09-22 15:55 . 2009-09-22 15:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple2009-09-22 03:48 . 2009-09-22 19:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\SolidWorks2009-09-22 03:37 . 2009-09-22 03:37 -------- d-----w- c:\windows\system32\GroupPolicy2009-09-22 03:37 . 2009-09-22 03:37 -------- d-----w- C:\Solidworks Data2009-09-22 03:31 . 2009-09-22 19:25 0 ----a-r- c:\windows\win32k.sys2009-09-22 03:27 . 2009-09-22 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\EDrawings2009-09-22 03:14 . 2009-09-22 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision2009-09-22 03:11 . 2008-02-11 19:55 586240 ----a-w- c:\windows\system32\drivers\hardlock.sys2009-09-22 03:11 . 2009-09-22 03:11 -------- d-----w- c:\program files\Common Files\Aladdin Shared2009-09-22 03:11 . 2008-03-19 16:30 2558464 ----a-w- c:\windows\system32\hasplms.exe2009-09-22 03:11 . 2008-03-19 16:30 2558464 ----a-w- c:\windows\system32\aksllmtp.exe2009-09-22 03:11 . 2008-03-18 19:09 350720 ----a-w- c:\windows\system32\drivers\aksfridge.sys2009-09-22 03:11 . 2009-09-22 03:11 -------- d-----w- c:\windows\system32\RNBOSENT2009-09-22 03:11 . 1999-07-20 09:38 73216 ----a-w- c:\windows\system32\drivers\SENTINEL.SYS2009-09-22 03:11 . 1999-07-20 09:38 47616 ----a-w- c:\windows\system32\SNTI386.DLL2009-09-22 03:11 . 1999-07-20 09:38 17920 ----a-w- c:\windows\system32\RNBOVDD.DLL2009-09-22 03:10 . 2009-09-23 00:19 -------- d-----w- c:\program files\SolidWorks SolidNetWork License Manager2009-09-22 03:03 . 2009-09-22 03:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\DWGeditor2009-09-22 03:03 . 2009-09-22 03:04 -------- d-----w- c:\program files\DWGeditor2009-09-20 11:02 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll2009-09-20 11:02 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll2009-09-20 06:47 . 2009-09-20 06:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PCHealth2009-09-20 06:45 . 2009-09-20 06:46 -------- d-----w- c:\documents and settings\Administrator\Contacts2009-09-20 06:43 . 2009-09-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WindowsLiveInstaller2009-09-20 06:43 . 2009-09-20 06:44 -------- d-----w- c:\program files\Windows Live2009-09-20 06:43 . 2009-09-20 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller2009-09-19 14:45 . 2009-09-19 14:45 -------- d-----w- c:\program files\RVL Hacker2009-09-16 21:51 . 2009-09-17 11:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS2009-09-14 14:53 . 2009-09-18 03:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LastPass2009-09-13 21:29 . 2009-09-13 21:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\OpenOffice.org2009-09-13 21:02 . 2009-09-13 21:02 -------- d-----w- c:\program files\JRE2009-09-13 21:02 . 2009-09-13 21:02 -------- d-----w- c:\program files\OpenOffice.org 32009-09-13 20:59 . 2009-09-13 20:59 -------- d-----w- c:\program files\Rico Software2009-09-13 20:30 . 2009-09-13 20:30 -------- d-----w- c:\program files\PingPlotter Standard2009-09-10 18:32 . 2009-09-10 18:34 -------- d-----w- c:\program files\Unit Conversion Tool2009-09-10 01:41 . 2009-09-22 21:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll2009-09-10 01:41 . 2009-09-22 21:27 -------- d-----w- c:\program files\OpenAL2009-09-10 01:41 . 2009-09-22 21:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll2009-09-10 01:39 . 2009-09-10 01:39 -------- d-----w- c:\program files\Futuremark2009-09-10 01:11 . 2009-09-10 01:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\NationRed2009-09-10 00:51 . 2009-09-10 00:51 -------- d-----w- c:\windows\system32\Futuremark2009-09-10 00:51 . 2009-09-10 00:51 -------- d-----w- c:\program files\Common Files\Futuremark Shared2009-09-10 00:51 . 2008-09-17 18:14 27672 ----a-r- c:\windows\system32\drivers\Entech.sys2009-09-09 03:19 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll2009-09-01 03:31 . 2009-09-01 03:31 -------- d-----w- c:\program files\FFXiBench32009-08-24 15:13 . 2009-08-24 15:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\NeatImage SL2009-08-24 15:13 . 2009-08-24 15:13 -------- d-----w- c:\program files\Neat Image.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-09-22 21:28 . 2009-07-14 16:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard2009-09-22 21:28 . 2009-07-14 20:41 -------- d-----w- c:\program files\AGEIA Technologies2009-09-22 21:26 . 2009-07-14 16:00 -------- d--h--w- c:\program files\InstallShield Installation Information2009-09-22 20:45 . 2009-07-14 21:33 -------- d-----w- c:\program files\Steam2009-09-22 19:41 . 2009-08-07 12:46 -------- d-----w- c:\program files\SolidWorks2009-09-22 19:39 . 2009-08-07 12:46 -------- d-----w- c:\program files\Common Files\eDrawings20092009-09-22 19:39 . 2009-08-07 12:46 -------- d-----w- c:\program files\Common Files\SolidWorks Shared2009-09-22 16:46 . 2009-07-14 22:12 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2009-09-22 16:46 . 2009-07-14 22:12 189184 ----a-w- c:\windows\system32\PnkBstrB.exe2009-09-22 16:44 . 2009-07-14 20:39 36192 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT2009-09-22 03:14 . 2009-07-15 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet2009-09-13 21:02 . 2009-08-04 00:49 411368 ----a-w- c:\windows\system32\deploytk.dll2009-09-12 08:30 . 2009-09-13 20:30 44 ---h--w- c:\program files\7d737e76.tmp2009-08-29 18:30 . 2009-07-14 21:54 11952 ----a-w- c:\windows\system32\avgrsstx.dll2009-08-29 18:30 . 2009-07-14 21:54 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys2009-08-29 18:30 . 2009-07-14 21:54 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-08-26 14:37 . 2009-08-06 02:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent2009-08-22 06:32 . 2009-08-22 06:32 -------- d-----w- c:\program files\MSBuild2009-08-22 06:32 . 2009-08-22 06:32 -------- d-----w- c:\program files\Reference Assemblies2009-08-07 19:32 . 2009-08-07 19:32 -------- d-----w- c:\program files\MSXML 4.02009-08-06 02:38 . 2009-08-06 02:38 -------- d-----w- c:\program files\uTorrent2009-08-05 09:01 . 2003-03-31 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll2009-08-04 23:12 . 2009-08-04 00:49 -------- d-----w- c:\program files\Java2009-08-04 03:11 . 2009-08-04 03:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore2009-08-04 03:11 . 2009-08-04 03:10 -------- d-----w- c:\program files\AIM62009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\program files\Viewpoint2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL2009-08-04 03:10 . 2009-08-04 03:10 -------- d-----w- c:\program files\Common Files\AOL2009-08-04 02:59 . 2009-08-04 02:58 -------- d-----w- c:\program files\QuickTime2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\program files\Apple Software Update2009-08-04 02:58 . 2009-08-04 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple2009-08-04 00:48 . 2009-08-04 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2009-08-01 05:10 . 2009-08-01 05:10 -------- d-----w- c:\program files\Electronic Arts2009-07-30 03:05 . 2009-07-30 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Wayward Gamers2009-07-27 22:04 . 2009-07-19 22:18 -------- d-----w- c:\program files\FFXIP2009-07-26 23:26 . 2009-07-26 23:26 98304 ----a-w- c:\windows\system32CmdLineExt.dll2009-07-21 17:50 . 2009-07-14 22:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe2009-07-21 00:24 . 2009-07-21 00:24 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys2009-07-20 13:34 . 2009-07-20 13:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll2009-07-19 21:11 . 2009-07-19 21:11 4096 ----a-w- c:\windows\d3dx.dat2009-07-17 19:01 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\atl.dll2009-07-14 22:12 . 2009-07-14 22:12 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys2009-07-14 22:12 . 2009-07-14 22:12 682280 ----a-w- c:\windows\system32\pbsvc.exe2009-07-14 21:54 . 2009-07-14 21:54 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys2009-07-14 16:56 . 2009-07-14 16:56 0 ----a-w- c:\windows\nsreg.dat2009-07-14 16:02 . 2009-07-14 16:02 315392 ----a-w- c:\windows\HideWin.exe2009-07-14 15:46 . 2009-07-14 15:46 21640 ----a-w- c:\windows\system32\emptyregdb.dat2009-07-12 16:21 . 2009-07-14 20:36 233472 ------w- c:\windows\system32\wmpdxm.dll2009-07-03 14:49 . 2009-07-14 21:20 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys2009-07-03 14:49 . 2009-07-23 21:44 15688 ----a-w- c:\windows\system32\lsdelete.exe2009-06-26 16:50 . 2003-03-31 12:00 666624 ----a-w- c:\windows\system32\wininet.dll2009-06-26 16:50 . 2009-07-14 20:36 81920 ------w- c:\windows\system32\ieencode.dll2004-07-22 14:51 . 2004-07-22 14:51 3432656 ----a-w- c:\program files\ManagedDX.CAB2004-07-20 02:58 . 2004-07-20 02:58 1156363 ----a-w- c:\program files\BDANT.cab2004-07-20 02:53 . 2004-07-20 02:53 976020 ----a-w- c:\program files\BDAXP.cab2004-07-09 18:17 . 2004-07-09 18:17 13265040 ----a-w- c:\program files\dxnt.cab2004-07-09 13:13 . 2004-07-09 13:13 15493481 ----a-w- c:\program files\DirectX.cab2004-07-09 13:13 . 2004-07-09 13:13 703080 ----a-w- c:\program files\BDA.cab2004-07-09 08:08 . 2004-07-09 08:08 472576 ----a-w- c:\program files\dxsetup.exe2004-07-09 08:08 . 2004-07-09 08:08 2242560 ----a-w- c:\program files\dsetup32.dll2004-07-09 07:03 . 2004-07-09 07:03 62976 ----a-w- c:\program files\DSETUP.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816][HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}][HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]2009-07-24 13:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816][HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816][HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files\Steam\Steam.exe" [2009-07-14 1217784][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-29 2007832]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-13 149280]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-08-29 18:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\AVG\\AVG8\\avgemc.exe"="c:\\Program Files\\AVG\\AVG8\\avgupd.exe"="c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="c:\\Program Files\\Steam\\steamapps\\glliw\\insurgency\\hl2.exe"="c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="c:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM6\\aim6.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Program Files\\Steam\\steamapps\\common\\nation red demo\\NationRed.exe"="c:\\Program Files\\Steam\\steamapps\\common\\america's army 3\\Binaries\\AA3Game.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\Program Files\\Steam\\steamapps\\common\\baboinvasion_trial\\BaboInvasionTrial.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5353:TCP"= 5353:TCP:Adobe CSI CS4"1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/14/2009 5:20 PM 64160]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/22/2009 12:26 PM 114768]R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/14/2009 5:54 PM 335240]R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/14/2009 5:54 PM 108552]R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/14/2009 11:58 AM 13696]R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/14/2009 10:54 PM 17024]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/22/2009 12:23 PM 108289]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/22/2009 12:26 PM 20560]R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/29/2009 2:30 PM 297752]R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\program files\SolidWorks SolidNetWork License Manager\lmgrd.exe [5/11/2007 1:08 PM 1372160]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2009 11:10 PM 24652]S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/29/2009 2:30 PM 908056]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]S3 AODDriver;AODDriver;c:\program files\AMD\OverDrive\i386\AODDriver.sys [8/4/2008 7:48 AM 6656]S3 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist --> c:\program files\AMD\OverDrive\AODAssist [?]S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [7/14/2009 12:57 PM 12672]S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?].Contents of the 'Scheduled Tasks' folder2009-09-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]..------- Supplementary Scan -------.FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\WeaveCrypto.dllFF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9to7dqw9.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dllFF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-09-22 20:28Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AODService]"ImagePath"="c:\program files\AMD\OverDrive\AODAssist".--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]"Enabled"=dword:00000001[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}"[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(628)c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\nvsvc32.exec:\program files\Alwil Software\Avast4\aswUpdSv.exec:\program files\Alwil Software\Avast4\ashServ.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\AVG\AVG8\avgrsx.exec:\progra~1\AVG\AVG8\avgnsx.exec:\windows\system32\hasplms.exec:\windows\system32\rundll32.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\PnkBstrA.exec:\windows\system32\PnkBstrB.exec:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exec:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe.**************************************************************************.Completion time: 2009-09-23 20:32 - machine was rebootedComboFix-quarantined-files.txt 2009-09-23 00:32Pre-Run: 374,288,011,264 bytes freePost-Run: 374,377,152,512 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn337 --- E O F --- 2009-09-21 00:23

Relevance 100%
Preferred Solution: Pretty sure I have some form of malware...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Pretty sure I have some form of malware...

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

1 more replies
Relevance 52.89%

I really hope there is help for me. For the last 6 days I have been having a problem with my Internet Explorer. I have Windows XP Home and browse with IE 7.

The Problem: My Browser constantly freezes and ends up in a "Not Responding" situation. I think it has been getting increasingly worse over the last 6 days. Nothing particular has to be done for it to get to this frozen state. It can be on any site at any time.

In order to get out of the situation, I can try incessantly clicking the red x to close the problematic window which sometimes does and sometimes does not work. Or I can run Windows Task Manager and end the process from there (which by the way also states that the program is not responding).

Usually, while that is happening on one window of explorer, I can open up an additional browser and search there ok until the problem strikes there as well.

In addition, I have not been able to d/l through my torrent client all of the sudden today whereas, yesterday I had no problem and I have not made any settings changes.

I hope that is enough info. I very much thank you for any help you can provide.
 

Answer:I'm pretty sure it's Malware....

Here is the last of the 4 logs that need attaching.

Thanks again for your help, I eagerly await your response.

Achoriim
 

13 more replies
Relevance 52.89%

Hey,I am currently running AVG Anti-Virus (free one) and i discovered the other day that something isnt permitting me from running the scan.I was instantly certain that it was a virus/trojan/malware. Im also having weird problems as well such as strange redirections from hyperlinks e.g. clicking on a link from google to youtube.com but arriving at the myspace.com login page. ??I managed to fix AVG (which i thought) by re-installing it via safe mode. I then did another scan which was interrupted by stating that i had infected rootkits located at C:\Windows\win32k.sys:1andC:\Windows\win32k.sys:2Ive read up on a similar issue at http://www.bleepingcomputer.com/forums/t/254289/infected-with-active-rootkit-win32ksys-1-and-2-no-signed/ however i seem to get lost as i follow it along.Some assistance on this would be great,Thanks very much.Sect7

Answer:Pretty sure i have a malware...

Welcome to BC sect7.The rootkit you are infected with requires advanced programs/removal methods. This type of help can only be found in our advanced malware forum.Please follow this guide from step (6). Post a DDS log to the HJT/Malware forum and a Team member will be along to help you as soon as possible.

3 more replies
Relevance 52.89%

It seems to be getting progressively worse so I thought I better ask here for help. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:03:19 AM, on 1/18/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\TQ\command.exeC:\WINDOWS\System32\lshuwbdb.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\PnkBstrA.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\System32\RUNDLL32.EXEC:\Program Files\Java\jre1.5.0_12\bin\jusched.exeC:\Program Files\Java\jre1.5.0_12\bin\jusched .exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\Program F... Read more

Answer:Think I've Got Some Pretty Serious Malware

Hello Mushroomhead and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.You have some serious infections there. One of the infection also replaces the legit files with infected which will cause some programs not to work. We can try fixing this, but you will probably have to also uninstall and re-install some of your programs after we clean the computer.PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATERPlease follow the steps below exactly in the order they are written:Step #1Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will... Read more

8 more replies
Relevance 52.89%
Question: Pretty bad malware

Alright so its been a couple of days since some stuff has rendered my pc pretty much useless. I think I got it from downloading stuff from a not so good site. Anyways, once it started up i couldn't do anything. I know I had antimalware doctor and I think I had malware doctor. I think I might even have more crap I just can't tell. So far I've been able to run the pc in safe mode and have done some mbam scans from there. I finally got the internet to work and have been able to open applications in normal mode. Before when it first started I couldn't run anything in normal mode. I couldn't even do ctr+alt+del wihout it exiting out in a few miliseconds. Now I got most of it gone, I did a scan with AVG and that really helped. I also have done a couple more scans with mbam and i don't know if thats even working anymore. The thing is I'm still getting some random pop-ups and some internet pages will just direct me to other sites (a lot of the times its stopzilla.com). Also on startup, I get a notification saying wjurt.dll couldn't load or something like that and the title is RUNDLL. I still got a lot of problems I really need help with.

Forgot to mention I'm running windows xp.

Answer:Pretty bad malware

Hello and welcome ...Do these now and let me know how it is.. Please post back the logs,Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not re... Read more

9 more replies
Relevance 52.89%

I am running a home built computer Window 7 Professional 64 bit with 2 HDD (One for storage and one for the OS). About a month ago, my omputer pretty much freaked out and wouldn't load. Ran a few hardware tests, determined that it was either a virus or one of my HDD dying. Took it in to a shop, sure enough the storage HDD is failing. So I plugged the OS HDD back in and have been using it since until I replace the storage drive. 
 
However, for the past 2 weeks, several of my programs have not been running. When I try to run them, I get the error message: 
 
"The Specified Path does not Exist.
Check the Path and try again."
 
Thinking it was an issue with the shortcut, I went directly to the program's file location. Upon trying to open the program directly, I got the same error message. 
 
Only specific programs that deal with the computer are effected. CCleaner, msconfig, cmd, etc. all bring up the error message. Other programs such as VLC, Adobe Acrobat, Web browsers, etc. all open and run as normal. 
 
In addition, any attempt to install any program is met with this error message:
 
"ShellExecueEX Failed; Code 3
The system cannot find the path specified."
 
When I run the computer in safe mode however, all programs operate without problems, and I am able to make installations.
 
Scans with Malwarebytes, Avast, TDSSKiller, and Combofix have all come up clean.
 
I am looking for some advise.

Answer:Pretty sure this is malware

HiCombofix is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helperSince you have run Combofix without Supervision ..------------------------Please follow the instructions in ==>This Guide<== starting at Step 6.  If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==  Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 52.89%

Hi.
I got this wallpaper that was unremovable, and it said something like, warning you have spyware infected on our computer. so i searched this up on google,

what i did in safe mode was
Run Smitrem
Scan with Ewido
clean with CCleaner

after i restarted again in normal mode. Now my wallpaper is white, and it still will not go away. My real wallpaper shows up only at startup/shutdown.
I tried resetting my desktop settings, but going to display, desktop, customize desktop, and web. There is something there called Desktop uninstall that will not go away even when i keep deleting it.
I think my computer functions normally otherwise... But i want to get rid of this problem, as soon as possible.
can any one help please?
Thanks.

Answer:I'm Pretty Sure I Have Malware. Help!

Im not sure if you have read this already but:You can Start Here. Please be sure to follow all instructions otherwise it will only impair our ability to help you.

6 more replies
Relevance 52.89%

My computer was working beautifully. Two days ago I noticed that the computer took twice as long to start up, and there was a black screen with mouse control after welcome screen that lasts for maybe 10 seconds. The internet loaded more slowly, and one game that I own (borderlands) is lagging quite horribly, while all of my other games are working perfectly. It seems like I contracted a virus. I scanned with Antivir and Malwarebytes, both of which found things, but the problem was not solved.

Since I run a 64bit OS I did not use GMER.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Zack at 12:52:25 on 2011-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6786 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k Lo... Read more

Answer:Pretty certain I have malware.

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and... Read more

2 more replies
Relevance 52.48%

I was Browsing the forums on DGEMU.com and it popped up and installed itselfi used smitfraudfix and that got rid of BS 2.0 and some other stuff but my system is still performing sluggishlyand im getting a lot of ad pop ups. Also csrss.exe starts up using 100% Cpu and keeps restarting itself once terminatedmy specs are as followsK7MNF-64 motherboardnForce 2 chipset512mb DDR ram 64shared on VidcardAMD Sempron 3000+ CPU 2.0Ghznvidia integrated Geforce 4 MX Gpuhere is log.... any help would be greatly appreciatedLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:18:54 AM, on 10/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\WINDOWS\system32\RunDLL32.exeC:\WINDOWS\system32\dwwin.exeC:\Progr... Read more

Answer:Infected With Some Pretty Bad Malware

Hello Xenoghost,

Welcome to Bleeping Computer

This is a terrible mess. Add to that you don't have an AntiVirus, no kind of protection software, and there are more bad entries than good in that log. The safest and surest course for you here would be to reformat and reinstall your OS. At this point, even if we tried to clean it I could not promise a safe and undamaged computer.

Regards,
tea

10 more replies
Relevance 52.48%

Hello! I think that my computer is infected with a virus. More in particular a malware virus I think. I get the google redirects in firefox and when I open Internet Explorer it starts opening more windows and going to different random sites and when I open my task manager it shows iexplorer.exe 3 different times, two in the owner username and then one in the system username. I have Norton anti-virus but it is outdated and I don't have money to update it. I recently installed avast but it didn't really detect what I was looking for. It only made things worse pretty much. Now I have a.exe, b.exe, and c.exe running in task manager and they pop up randomly under the system username. I uninstalled avast but the .exe's are still there and I have to end process to make them go away. If I don't end the process my main screen when you log in, everything disappears. The bar at the bottom of the screen and all my desktop icons. The only thing I can do is do ctrl-alt-delete to bring up the task manger and I have to restart my computer. I also tried to install malwarebytes but it had gotten halfway through the downloading process and then ended up quitting. I have a dds log, a hijackthis log and the attached log but the rootrepeal would freeze while trying to initialize so I'm not sure what happened there. I'm not sure what else to write but if you need any more information I will be happy to give it to you. I have windows xp home edition 5.1. On an hp pavilion a320n. I will provide ... Read more

Answer:I'm not sure what I'm affected with but I'm pretty sure it's Malware.

wow just checked all other new posts and they seem to get a reply within a day or that day it's been over a week and i had over 200 views but no kind of answer or help well thanks anyways bc.com.

17 more replies
Relevance 52.48%

I keep getting error messages that say that Windows Explorer is shutting down.  This happens when I am moving or opening files and programs.  Sometimes it seems to be random; other times a specific file or program will cause the error repeatedly.  When I am on the internet, Internet Explorer will randomly shut down.  Sometimes it restarts itself, other times it gives me a message telling me that it shut down to protect my computer.  I can download, but am completely unable to install new programs--I get an error message telling me to clear my internet cache and download again (which I have already done--twice).  I have Avira antivirus, and have run several scans, which came back clean.  It hasn't been updated in about three weeks because the updates won't work.  I have tried everything I can think of.  System restore fails, even in safe mode.  I could not find anything suspicious in add/remove programs and I have cleaned my hard drive using CCleaner.  I am unable to follow the steps that are suggested because I can't install new programs.  Just for information's sake, I am running Windows Vista, and this has been happening for about a day or two now.  Any help you can provide would be greatly appreciated, as I really do not want to have to wipe my hard drive! 

Answer:Pretty sure I got hold of some malware

Hi, Please download OTL  to your Desktop. (If you already have it downloaded, then just follow the instructions below).Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Under the Custom Scan box paste this in%systemroot%\*. /mp /s%systemroot%\system32\*.dll /lockedfiles%systemroot%\system32\*.exe /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\system32\drivers\*.sys /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\system32\*.sys%systemroot%\system32\drivers\*.dll%systemroot%\system32\drivers\*.ini%systemroot%\system32\drivers\*.exe%SYSTEMDRIVE%\*.*%PROGRAMFILES%\*.%appdata%\*.*netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysdisk.sysnvstor32.sysahcix86s.sysnvrd32.syssymmpi.sysadp3132.sysmv61xx.sysusbstor.sys/md5stopCREATERESTOREPOINTHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->... Read more

13 more replies
Relevance 52.48%

Okay, I have to say, I'm not a total computer newbie, but this time I'm completely stumped.

One day, I found out my AVG.exe and Spybot S&D exe files (along with several other stuff, like motherboard programs) were just missing. I heard the hard-drive spinning, but I wasn't doing anything too intensive, so I opened up my processes and saw this one process that was a bunch of numbers, so I ended that and the hard-drive stopped spinning. Lucky I caught that fast, because I think that was deleting some of my stuff. From there on I knew something was wrong. First, I downloaded the latest AVG definitions tried rebooting into safe-mode, but when I did this, once I picked safe-mode from the start-up menu (via F8 on reboot), after it loaded some files, it would just restart. So I started trying to install various anti-virus programs, but they all failed:

AVG - I got an error saying I couldn't install it because of a missing exe file or something.
Kaspersky - It says I don't have admin rights.
Spybot - The exe file gets deleted the moment it's installed.

The funny thing is, I'm the only account on my XP, and it's the admin account. One thing I have been noticing lately is that when my screensaver runs, I get logged out. This didn't happen before. I also now have to click on my account to enter windows on a startup, which also never happened before. It would usually just go into windows using my account, but when I had to click on my account to... Read more

Answer:I Got Infected With A Pretty Serious Malware

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.comWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion... Read more

1 more replies
Relevance 52.48%

First I'd like to apologize because I know you guys have to be getting sick of these. Major geeks seems to be the only place in the know about this doozy.

Anyway, everytime I open an IE window, I get a notice from AVG that I have the trojan downloader.agent.9.bf. None of my spyware scanners will finish running either. I have the latest Spybot, Ad-Aware, AVG and I tried the Trend Micro and it froze up too. I'm a complete idiot when it comes to computers, so please keep that in mind. I haven't ran HJT yet because I don't really know how to use it and the sticky said not to run it until told to do so.

I have an HP with ME if that matters.

Should I go ahead and run HJT and follow the sticky to start with or do I need to do something different.

Thanks.
 

Answer:I need help for about:blank malware pretty please.

To help us to best help you, please follow the steps below closely and in the order given and do not skip anything. If you have any difficulty, please post back letting us know what steps you have completed, what you found while doing the scans if anything along with details about any problems you may have encountered in completing the steps. The more details you can provide the better. Don't be afraid to ask for additional help if you don't understand something!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Pos... Read more

37 more replies
Relevance 52.48%

I have the exact same problem as this:
So, my kid comes to me and says, "Dad, help. I was online and suddenly popups started appearing saying the computer is infected with two viruses, and it's running a scan." Lickety-split I'm in the office and sure enough "Malware Protection" is on the screen apparently running a scan. The problem is, I never loaded it onto my computer. That's for another day though...

The result is that I get continually rotating notification balloons in the bottom right hand corner of the screen that tell me, "File (such and such)
is infected by W2/Blaster.worm. Please activate Malware Protection to protect your computer." Being careful not to start any executable files or enter any personal information, I moved forward to see what activating it entailed. And of course it wants my personal information.

I cannot turn it off. I cannot uninstall it. It won't allow me to open the Task Manager. And here comes the worst part: it won't let me connect to the internet through either FireFox or Internet Explorer. So I'm sending this from a different computer.

Additionally, there is a larger popup saying, "FIREWALL WARNING. Hidden file transfer to remote host has been detected." It then recommends you block the transfer and asks you to choose to Block or Allow. Allow simply closes the popup for a little while. Block brings you again to a screen that asks you to activate the program.

Essentially, I ... Read more

Answer:Pretty sure i got the Malware Virus

Hello and welcome.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you ... Read more

20 more replies
Relevance 52.48%

Well to make a long story short, I downloaded a file containing many virus files onto my Hp Pavilion DV6000 Notebook with Windows Xp Media Center. I used the Trend Micro Online Scanner and It found 4 Trojan files, also other infections were found using the preparation guide programs, and were said to be removed. The problem the computer has is that certain programs will not install, and whenevr I try to use Internet Explorer i get an error message saying it needs to be closed. Also certain windows come up blank, such as Norton Antivirus and Trend, and when I open aol i can only see my mail and buddy list, the browser is blank. Here is my Highjack LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:21:08 PM, on 8/27/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Prog... Read more

Answer:Infected With Malware...im Pretty Sure

So is system clean now or not, because I am thinking about reformating my computer? Sry for the double post

6 more replies
Relevance 51.66%

I have a company-issued Dell Latitude D620 with XP professional. My internet explorer is being changed at random to various sites (some a little risque); I am being bombarded with warning balloons - "Fatal Error! Unhandled Exception: Invalid operation. The instruction at "0x66f7d450" referenced memory at "0x00000d0"...", warning balloons that say my PC has been infected with the [email protected], Spyware.Cyberlog.X, a generic "System Alert: Malware threats", [email protected], a "system performance monitor: Warning (system performance slowed down by: 47%...), PSW.x-VIR trojan, Trojan.winfixer, [email protected], [email protected], Adware.vundo variant, downloader-new juan/vm, and possibly others.

Probably the most annoying is that little "thunk" sound the PC makes when you try to do something that it doesn't like (that's happening quite frequently for no apparent reason).

Here's the HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:20:07 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\System32\WLTRYSVC.E... Read more

Answer:Viruses, malware, IE - not a pretty picture

bump
 

1 more replies
Relevance 51.66%

my problem is that my internet explorer sometimes open pop up?s, withoutt me being there. im sure it?s a virus but my anti virus (microsoft security essentials) says theres nothing wrong after the virus scan. sometimes it?s about that i won in a lottery, poker, or it says page doesnt found and the name of the site is "javascript:expandCollapse('infoBlockID', true);" anyone know what there is wrong? and how i fix it? thanx

Answer:Hey:) Please Help me I Dont Know If This Is Malware/Spyware But Im Pretty Sure

Hello and Welcome to TSF

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please follow the steps here then post back with the required logs.

Thanks

2 more replies
Relevance 51.66%

Hi folks, new to this forum.
The first symptoms were that my computer was running incredibly slow followed by a mcafee real time virus scan that continually shut off. This in turn was followed by annoying "redirects" in IE8 and Chrome. Attempts to run tools like Rkill, Stinger, Malwarebytes or McAfee scans all failed. Either they run for a brief period of time then shut down, or the applications are modified so I get the "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them." even when running in safe mode.

Am running XP Home Edition Version 2002 SP3.

At this point I am without a firewall or effective virus protection on this machine.

Any assistance would be greatly appreciated.
Rich

Answer:Pretty sure I am infected with some rootkit malware

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

1 more replies
Relevance 51.25%

I think I may have a sneaky pest here on my computer, it does not seem to be running quite the same, kinda hard to explain, but if I click on a program on my desktop I notice that other icons will quickly flash, occasionally I will get a blue screen of death (it has happened 5 times in the past week) this is after I finally renewed my McAfee subscription after it had lapsed for about 5 months, but I would occasionally run Malware Bytes to clean up any PUP's. So with those subtle things I thin I have an issue. To recap....notice other Icons flash when clicking on other desktop icons, new blue screen issues this past week, also I ran highjackthis and I am unable to generate a log even when I followed directions to correct the problem. I will try to copy the results or if someone could tell me how to do screen shots I could try to post the highjackthis info that way. and here is the operating system info. Please Help

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3029 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1290 Mb
Hard Drives: C: Total - 223434 MB, Free - 33770 MB; D: Total - 14999 MB, Free - 9501 MB;
Motherboard: Dell Inc., 0D176M
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled
 

Answer:Please Help Im pretty sure I have a sneaky malware/spyware/trojan/ something.

13 more replies
Relevance 51.25%

I have a virus that will not let my HTML pages load directly, moves and retitles files after deletion, and has random audio run at random times. It has something to do with the following files: Generic Rootkit.d!rootkit and generic.dx
I have run McAfee and Spybot to no avail; they delete, and the virus replicates. I do not want to run Combofix until someone advises me, so can you Help Pretty Please?
Hijack This Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:12 PM, on 3/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat... Read more

More replies
Relevance 51.25%

Okay to first start off, I noticed problems when I downloaded something called "Daum PotPlayer" this download was supposed to be some sort of korean software that was supposed to be used for a stream. I unistalled it immediately when i saw that someone said to not download that because it was bad/virus.

I started to notice that I couldn't update my antivirus which is AVAST. I also noticed that when i tried to download a simple file that should be like a minute download it says that it takes over 7 hours which I know isn't right.

I also noticed that it is to laggy for me to play youtube videos or even watch a stream. I can browse fine with no redirections, it takes longer than it used to fully load a page.

Please help me and I will be forever be in debt to you.

Answer:I'm pretty sure my computer is infected with some sort of malware, might be something else.

IM SOOOOO SORRY.

i think it was just my internet, or something not very sure. I restarted my labtop and everything was fine.

Sorry for wasting your time guys and girls. Much respect to all the people who help people with their problems you guys are saints! <3

2 more replies
Relevance 51.25%

O.K. guys, I am posting this log here as directed. Please Help.2007-09-06,01:15:17

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Scheduled Tasks
Windows Security Update Check
API HOOK
Hidden Process
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<RGSC><C:\Program Files\Games\Rockstar Games Social Club\RGSCLauncher.exe /silent> [(Verified)"Take-Two Interactive Software, Inc."]
<braviax><C:\WINDOWS\system32\braviax.exe> []
<Protection System><"C:\Program Files\Protection System\psystem.exe"... Read more

Answer:You are infected with a pretty nasty piece of malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 51.25%

My Itunes failed first. When I couldnt open anything music related I started running the malware programs I have. I was able to update spybot but I knew I had a problem when I couldnt start the scan, pc blinked out restarted with the start up repair running. It's been a no go ever since.

I will however get the manufacturers diagnostics to make sure it's not the hard drive, but after that little fiasco Im sure it's malware or something related.

Any ideas how I can get my registry back. I have 1.5TB hard drive partitioned. Lots of programs installed and for the life of me I cannot locate the drive that contains my back up image.
 

Answer:Corrupt Registry Windows 7 Pretty sure its malware

I apologize my system specs are outdated. but now I cant remember what I put in this thing. I think its a quad core 8gb ram originally vista installed windows 7 professional or ultimate. Gosh I hate not remembering!
 

2 more replies
Relevance 50.43%

Hi guys, I'd like to help clean up unused programs and malware, super slow .  I will be unable (she is unwilling) to take Mcafee off -she unfortunately decided to buy it for a year. Can someone run me through and help clean up? I ran adwcleaner but have not yet followed through, hope someone can help me this evening, i'm pretty quick if needed. Thanks!

Answer:Visiting my Aunt, pretty sure she's got some malware and i'm leaving tomorrow

If I understand you, you have scanned with AdwCleaner but haven't chose to click on the Clean button...if so, rerun and do that.
Post its log per instructions.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now... Read more

35 more replies
Relevance 50.43%

I had a ton of pop ups, error msgs, etc, so I ran all the antispyware/malwarevirus scans I have (adaware pro, spybot, avg), and after everything was taken care of, I restarted and my explorer (desktop, taskbar, clock) wwouldn't work... And when I started my browser, it would close after 2-3 seconds. I have been opening everything with the taskbar for over a week now. I tried a clean install of xp on my other hard drive, and then had no usb, audio or video drivers. The browser and explorer worked at first, but then later, the browser would give a "needs to close, sorry for the inconvenience" error msg and close. Keep in mind, the old hard drive was not plugged in when I did the clean install...so i'm not really sure what happened there. Today I downloaded firefox, and that has been working so far, no shutting down at all. Anyway, any help would be appreciated.

Jessica
Logfile of HijackThis v1.99.1
Scan saved at 11:43:18 PM, on 5/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C... Read more

Answer:Pretty much dead computer after spyware/malware removal (HJT log inc)

11 more replies
Relevance 49.61%

My computer is running slow and I'm pretty sure I have an infection of some kind but I'm not sure what it is.
 
Here are the logs

Answer:Computer running slow, internet search changed, pretty sure it's malware

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Scan with TDSS-KillerPlease read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.zip and extract to your desktopExecute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicio... Read more

11 more replies
Relevance 49.61%

Hello!

I really do need help! I'm a college student and I have term papers due this week...my computer was working just fine. All of a sudden AVG started popping up with threat alerts. Every time I would go to the folder and try to delete the supposedly infected file, a new file would pop up instantly. Then that is when the Blue Screen of Death started occurring and after that every time I would open Mozilla or Google Chrome to look up what could be wrong with my laptop, it would redirect me to another website. I am a female and while in no way am I suggesting that women are not tech savy, I for one am not. However, being a student I do need technology to earn my degree so I need help please.

THIS IS THE HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:22:49 PM, on 3/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe... Read more

More replies
Relevance 47.15%

New PC: Built 31/01/2015
New Windows 8.1 Install
No Internet access yet
Believe it has picked up some malware from my external hardrive.
When I run exes I get this error "Windows cannot "C:\Users\Michael\Desktop\rkill.exe" find make sure you typed the name correctly then try again?"
Managed to get rkill to run in safe mode, here are the results.
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 02/01/2015 08:55:03 AM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 ... Read more

Answer:Seem to have some form of Malware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

1 more replies
Relevance 47.15%

I keep seeing these three folders pop up in the AppData folder:
 
EmieBrowserModeList
EmieSiteList
EmieUserList
 
When I delete them they reappear when I reboot.  I ran Malwarebytes and McAfee and they both came back clean. I did some research and it recommended I post in a malware removal forum. Is this something you can help me with?
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE-ACER on 24-01-2015 02:12:30
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucatio... Read more

Answer:I think I have some form of malware.

Hey, What's with the Addition Log?

19 more replies
Relevance 46.74%

GMER & Combofix blue screens of deaths (yes i know realized i should not have done this)

TDSS finds nothing.

Computer runs fairly well, but randomly crashes sometimes. Avira finds a trojan daily in the system restore (not sure how to safely remove this)

any help would be great. Thank you.

Answer:Some form of malware/ seems undetectable

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue. Don't worry about the GMER log.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 46.74%

First of all Im running a dell computer with Windows XP Service Pack 3 installed on it.

Of late, whenever I try to run the computer in normal mode it crashes or freezes up and goes to a blue screen error message which says something along the lines of DRIVER_IRQL_NOT_LESS_OR_EQUAL. Currently I am running my computer in Safe Mode with Networking. I didn't install any new hardware or software prior to this error message, so I have no idea what is causing it. (Could it be malware?)

I also think that my computer is infected with something. I have done multiple scans using windows defender yet it doesn't come up with any viruses. Normally in the past Spybot Search & Destory has been most effective in removing malware, but whenever I right click the Spybot Search & Destroy icon in the system tray and select RUN nothing happens.
I don't know if I have malware that is blocking the program from opening.

In the past, I had malware called AntiSpyCheck installed on the system, which I thought I completely removed with SS&D. This appears not to be the case, as the other day SS&D came up with a Registry change warning, and the path of the program that was altering the registry was C:\\Program Files\ASpyC\.

My system started having problems shortly after the download of a Torrent from TPB. I use the BitTorrent client, and prior to the torrent that I downloaded the system was running perfectly fine.

Here is a Hijack This log:

Logfile of HijackThis v1.99.1... Read more

Answer:I've been infected by some form of malware.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies
Relevance 46.74%

I appear to have the typical redirect virus, although this one appears to be very subtle. I can use google search with no problems, and I am redirected only occasionally to websites such as "askthecrew.net" and some search engine called "sour". Nonetheless, I am being redirected by something and want it gone for obvious security reasons. Mostly hits me on Tumblr.com, but I'm fairly sure that's just because I'm on there often.

I have windows 7 64 bit, and have attempted to use malwarebytes, Microsoft sec. essentials, AVG, and Ad-Aware. None have been successful.
I'll post logs of whatever you want, just tell me.

Thanks for whatever help you guys can provide.

Answer:Some form of Redirect Malware

Hello diesmiley and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Admin... Read more

19 more replies
Relevance 46.33%

hi my avast and mbam have been picking up a trojan.clicker.fms aswell as win32:malwaregen on avast 
i've located the hidden folder where it is coming from as well any ideas?
i also have logs from the 2 programs for scans.
 
http://i.gyazo.com/41d74805b9a9ec6cb7040ce8ff690cfe.png link to what it shows

Answer:my pc is infected with some form of malware but i'm not sure how to remove

Hello anthm8 and Welcome.
 
The IP that you suspect as being a problem, is actually a Weather Wiget on your desktop.
 
If you are concerned about it, please follow these directions..........
 
First -Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
List content of Hosts
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy and Paste the result. (result.txt)
 
 
Next -
Download Screen317 Security Check  and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document. Note 1:: If any security program requests permission to access the Internet, allow it to do (it is 100% safe)NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
 
Next :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button (only once)
AdwCleaner will begin...be patient as t... Read more

6 more replies
Relevance 46.33%

Hello,

I have recently tried using a oldlatop that was given to me. The first sign of problems, was the laptop unbootable boot volume. I manage to use the recovery option in a xp installtion disk to fix it. Once i boot into the system, the computer was very very sluggish. Startup would take extremly long time. At first i merely attributed this to the bloatware and crappy processor. Then I installed various antispyware and antiviruses programs. Lo and behold,avast caught about 30 malware objects with a boot scan. Malwarebytes caught an additional 3. Superantispyware caught another 3 infections. Lastly Avira caught 2 infections. At this rate. I know that there are still malware on my laptop, which may be regenerating itself, or be stealthed. Anyway if you want these logs, feel free to ask. Thank so much for reading this and here is my hijack this log at the bottom of this post.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:07 PM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:... Read more

Answer:Severe infestation of various form of malware

6 more replies
Relevance 46.33%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 46.33%

Hey Bleeping Computer,

I am running Windows 7 Home Premium, 64bit.
Someone logged into a few of my game accounts last night while I was sleeping which in turn got my accounts locked. The games were World of Warcraft, Guild Wars 2 and Star Wars: The Old Republic. I received emails stating that unauthorized persons logged into all 3 accounts. And each account has a different Email and Password. I am not sure if they logged into any of my other emails or anything since I haven't received any warnings from anyone.

My computer has been running well, but for the past week or so my browsers have been a little slower than usual. I use Mozilla mostly, but I tested IE as well and it was slow too. Also, every 20 minutes or so, my desktop icons refresh, and if I'm on a webpage, it does the same. I'm not sure how to word it exactly, it doesn't actually "Refresh as in F5" but it (blips)or reloads if that makes any sense.
When I woke up and found out my accounts were logged into from elsewhere, I immediately ran an Avast(Free) full scan, followed by a boot scan and the results came up clean. I then ran Spybot S&D, and again, the results came up clean. After that I ran Malwarebytes(Pro) and they came up clean as well. Then I ran all 3 in safe mode but got the same clean results.

I generally keep my computer pretty well maintained since I play a lot of games. Which includes defragging every night before I shut it off, running Avast and Spybot once... Read more

More replies
Relevance 45.92%

Hello.

Im new here, I have been looking for information about 2 applications called "Home Cloud" and "Form1".
When I go to my Alt+TAB menu I can see these applications there, but I cant acces them.
Also in my Task Manager I can see both applications.
I dont know why there are running and how work these applications.
It could be something normal but since im a noob in this things I cant tell if they are not a malware or not.

Can anyone explain me what are these applications for and why their are in my PC?
Can I remove it both or they are some kind of essentials for my PC?

I got a capture of my Alt+TAB menu:
Selected one is Home Cloud, the one on the rigth is Form1.

Regards and thanks.
 

Answer:Home Cloud + Form 1, Malware? Virus?

I'm moving this to appropriate forum.
 

1 more replies
Relevance 45.92%

When I first fire up my computer, the following message pops up as Windows starts:

Microsoft Networking
The following error occurred while loading protocol number 0.
Error 38: The computer name you specified is already in use on the network. To specify a different name, double-click the Network icon in Control Panel.

I'm sure others have experienced this. I am not on a network, and this has happened for the last couple of days. I am running 98SE (I know...way past time to upgrade.) My Hijack log follows. I appreciate any help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:18:41 AM, on 1/9/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ajc.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO... Read more

Answer:Error message - Is this some form of malware at work?

hi there,

Did you run this scan from safe mode as there isn't much in the log?

I don't see anything in your log, have you gort an anti virus programme? if not download anti vir from below?
Anti-vir

http://www.free-av.com/
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!

Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710

you have spysweeper, update it and runn ascan from that post it's log if it finds anything?
go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again
With CWshredder close all browsers and programmes and select the FIX button.
All tools can be downloaded at the link below and found on that page!

. Trend micro CWShredder
. SpyBot search and destroy
. AdAware SE personal
http://www.majorgeeks.com/downloads31.html

*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destin... Read more

3 more replies
Relevance 45.92%

Help still needed very badly,After finally eliminating AV Security Suite I still have problems with the computer Freezing, Hanging when opening normal programs, Extreme Scrolling problems, Removing programs, Getting online and a lot of other headaches that didn't exist before. I have enclosed both DDS Logs and the GMER or ark.txt as it was instructed. I couldn't get my WinZip program to rezip the file for posting, it froze. I hope they are the correct log files. I also really hope they will allow someone to help me get my computer working again. Thanks to all again. Sincerely,TQUADDDS (Ver_09-02-01.01) - NTFSx86 Run by TOM at 16:13:50.85 on Sat 02/21/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT -6:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\system32\nvsvc32.... Read more

Answer:Malware Removal Request Form Per Instructed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.92%

Our system seemed to act strangely beginning in early March. We use ZoneAlarm firewall and it seemed to auotmatically lock on occasion upon log-in, requiring a manual "un-lock" before the internet could be used. I was suspicious there was something trying to get in or out that ZoneAlarm was "catching" and locking the firewall.

To try to detect the problem, I downloaded the latest version of "MalwareBytes" and ran a scan. It found a few issues and I chose to quarantine a few of them, but not all as some looked legitimate to me.

Upon re-booting the next time, everything went bad. A pop-up came up with the windows installer and then it said it was trying to install HPPhotosmartEssential. The system became very sluggish and the hard drive was constantly being accessed. After numerous "Cancels" to the install, it finally stopped trying to install. However, the hard drive continued to be accessed non-stop and the system was very slow. I became very concerned something was going on in the background so I shut the system down.

I tried to re-boot in safe mode and it would not boot, it either hung or gave a disk error suggesting c:\windows\system32\wbem was corrupt or unreadable and chkdsk should be run. I immediately felt I needed to do a system restore back a couple of weeks to clear off the issues. Upon trying to run the restore I received a message that the application failed to start because framedyn.dll was not found and that re-... Read more

More replies
Relevance 45.51%

I have inadvertently allowed a malware that creates infinite popups and has hijacked my web browser. I am continuously redirected to their website offering to sell me a virus protection program.My son directed me to open in 'safe' mode and contact BleepingComputer. He thinks you can help someone as old as I am!I would appreciate any assistance, I have tried to follow your guide to complete the scans, etc. before posting for help.Thanks,Lynne

Answer:Malware in the form of popups claiming a virus infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

6 more replies
Relevance 45.51%

Ok, I'm a graphic artist, and use my computer for my work, but other than that, i'm pretty much "out of the loop" on terms, virus names etc...

so a short while ago i switched from firefox, to google chrome. to see what it was like. and while i love the browser, i seem to have acquired some form of virus or malware while using it.

does anybody have any idea firstly, how to get rid of it? because every time Avast says it's been deleted, i'll get a message about 10 minutes later saying "it's back loser" (not those words exactly, but i feel my machine is mocking me...)

and secondly, whether chrome actually has massive security risks? or if it's just coincidence that i've gotten this stuff while using it.

here is the HJT log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:53:40, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program File... Read more

More replies
Relevance 45.51%

When using google links,I keep being redirected to other sites. Have tried using McAfee, ad-aware and malwarebytes to resolve the issue but to date this hasn't helped.

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 14:00:41 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3063.1559 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&#... Read more

Answer:infected with some form of malware that causes google links to redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 45.51%

OK I've followed all the steps in the 5-step process. Here's the problem, when I'm typing or even just scrolling in the current window of IE it will de-highlight and become inactive. Sort of like what happens when you get a pop-up but I'm not seeing the pop-ups. Here are my logs. First Active Scan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-29 16:51:17
PROTECTIONS: 1
MALWARE: 76
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 10.1.0.394 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================... Read more

Answer:[SOLVED] Current window keeps de-activating...some form or spy/malware?

Welcome to TSF.

I don't recommend using file sharing programs like Limewire as they can contribute to malware infections.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {1530C3A4-CA76-4F11-B091-C3B77565A91B} - C:\Program Files\ComPlus Applications\fojeru66225.dll
O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - C:\Program Files\QdrDrive\QdrDrive16.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "... Read more

7 more replies
Relevance 45.51%

 

by Dan Goodin
Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers.
The "isolated heap for DOM objects" made its debut with last week's Patch Tuesday. Just as airbags lower the chance of critical injuries in automobile accidents, the new IE protection is designed to significantly lessen the damage attackers can do when exploiting so-called use-after-free flaws in the browser code. As the name suggests, use-after-free bugs are the result of code errors that reference computer memory objects after they have already been purged, or freed, from the operating system heap. Attackers can exploit them by refilling the improperly freed space with malicious code that logs passwords, makes computers part of a botnet, or carries out other nefarious behavior.
Source

More replies
Relevance 43.05%

I have been in and out of frozen mode for weeks. I have read some threads here and have downloaded and pasted the HJT file. I did see this file originally but now can't find it on my computer ( xlibgf1254.dll ). My computer will freeze in the middle of doing something and won't "unfreeze" for about two minutes. It keeps doing this over and over and it's driving me insane. I have McAfee on my computer, I have scanned using the latest subscription version of Spy Sweeper, Spy Doctor, etc. Yes they do catch cookies, etc, but the problem returns continuously. Anyway, here is the HJT file...your help is TREMENDOUSLY appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 7:56:45 PM, on 4/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Dell AIO... Read more

Answer:Pretty Pretty Please Helpppppp !!

11 more replies
Relevance 41.82%

I sent to look at my Sent Items tonight and to my surprise I saw another email apparently sent yesterday that I definitely didn't send.

I was astonished to find this as I have just upgraded to Vista in the last 2 days and have sent minimal emails.

The subject is "Form posted from Microsoft Internet Explorer." & is sent to a Hotmail account. The attachment is a POSTDATA.ATT. When I look at this file in txt format it has info such as one of my email addresses, my website & description - as if I had filled out a web form & pressed Submit.

Now, thinking about it, shouldn't IE let you know that it is about to send data?

One strange thing is that the email is dated yesterday evening in the Sent list, but when I open the email to view it, it will always have the current date & time - seemingly from the Windows clock.

I am thinking that either

1) this is due to a bug in the new IE & yesterday I visited a website which submitted data via email without my knowledge or

2) this email is an old email that I Imported from backed up email (PST format) from a form I ACTUALLY sent that Internet Mail has redated - maybe something went

Sorry for the long post but I'm just wary, hope it makes sense! I was liking Windows Vista so far!
 

Answer:Sent Items: Form posted from Microsoft Internet Explorer. - I didnt submit any form!

I have moved this to vista forum as I believe it is more likely to be a vista live mail issue
 

3 more replies
Relevance 41.82%

Hi All,

Noob first-time poster I'm afraid!

I'm new to Access 2007 (but have used 2003 & 2000 reasonably extensively).

I'm building an App and have created all the necessary tables, as well as creating the relationships in the Database Tools area (which I know are correct - I'm a SQL Server DBA in my day job)!

Anyway, it's an almost text book example of an employers and employees database; one employer having many employees (employerID is the foreign key on the employee table).

I have created an employer form (using the wizard) which is fine, but then when I add a button to open the employee form (selecting 'Open the form and find specific records', matching employerID on the Employer table with EmployerID on the Employee table) it doesnt work. Instead, I get a popup box asking me for the EmployerID! Even if I manually enter the correct employerID when the popup box appears it actually displays all records, so I'm sure that the problem is more fundamental (and therefore, probably my fault)!

I'm hoping that I've just overlooked something REALLY stupid, but would apprecaite any suggestions!

Cheers,
Ian.
 

Answer:Access 2007 Form Button Wizard - Form does not open with the correct records

I have seen this kind of problem with Access 2007 VBA code which does not work when it dod in 2000-2003.
It can be a Syntax problem which you may be able to get around, if not you can get around the problem bby using a Criteria in the Query that supplies the Employee Form.
Although I would have thought it would be better design wise to have the Employees as a Subform or Tabbed Subform on your Employer Mainform.
I do not have Access 2007, only 2003 so I can't help with the VBA, but you could post the code anyway.

Did you use a Wizard to create the Employee Form, if so check the Record Source SQL it may be preventing your EmployerID from working.
 

1 more replies
Relevance 41.82%

Hi all

I have a simple Access (2003) db which has a single form view with a subform. The main form is a record based upon a physical case file the subform only details actions past and future, a sort of event log.

I also have a continuous form which displays all upcoming actions sorted by date on all cases for a particular user so they can see just how busy they are likely to be for a particular period. What I would like to do is have an on click() property for the detail of the continuous form so that it opens the main form filtered by the record in the continuous form that was clicked. User can then update or add new events for that case before closing form and returning to the continuous form

Hope this makes sense
 

Answer:MS access open single form filtered by selected record in continuous form

coasterman, welcome to the Forum.
It makes perfect sense.
If you add a Command Button to the Continuous Form and after selecting the mainform select the "Open the Form and find specific data to display". This will give you the code that you need to add to your On Click or On Double Click property or of course leave the button and use that.
 

2 more replies
Relevance 41.82%

Hi all. I do have another post going but do not want to cram so many questions in one post. (Hope that this is an acceptable practice )Anyway, my Sony desktop crashed the other day. I had a new Hard Drive installed and recovery disks were used. PC is good to go. Trying to tweek it back to the way I am used to having it.QUESTION:I had a form filler program called ROBOFORM on this PC before it crashed. I had MANY years of passwords and stuff saved there.When I brought this PC to the Geek Squad at Best Buy the other day to see if the PC could be repaired, I was told the hard drive went. They were, however, able to make a disk with my ROBOFORM passwords. I can not get the disc to open the list of passwords. It asks me where I want to open the and give me a list of choices. (Paint, notepad, adobe etc.) None of them will run/open the files so I can see them.This was a program that I paid for. How can I make the disc start to fill my forms again when I am at certain sites? (Gee, hope I am making sense)I just realized I never downloaded the ROBOFORM program onto this pc.  Does that have anything to do with the disc not opening??If I go and download ROBOFORM, how does it know who I am. How will it know about the disc full of passwords? How do they recognize each other?HELP PLEASE..........My Passwords are VERY important to me.Thanks!!

Answer:ROBO FORM / Form Filler - Help Needed Opening/Running a Disc

Yes. I know the website but what do I do? Will they know my info or do I need to pay again. I am lost.(Sorry)Dee

6 more replies
Relevance 41.82%

Hello,
thanks for taking a look at this thread, any help will be greatly appreciated by a complete Noob.

I've been given a LOT of help by members of this Forum (especially OBP) with a DB I'm making as a first look at any type of IT product, and I'm very grateful, so thank you all.

Recently, I was advised to take a look at the "Tabbed" style of "MainForm" instead of the "Switchboard" style I originally used. I must say, I really like the tabbed style much more than the switchboard but I've hit one hurdle that I can't seem to overcome.

In the Switchboard style, I was able to set a form to load in either DATA ENTRY = YES or DATA ENTRY = NO mode depending on which sub-switchboard the user selected. For example, I had a ENTER NEW sub-switchboard that all forms would open in DATA ENTRY = YES mode & I had another EDIT EXISTING sub-switchboard that all forms would open in DATA ENTRY = NO mode.

However, with the new tabbed style, I cannot set the form load type for separate tabbs, it will only accept the LAST type as the GLOBAL type. Example, on the ENTER NEW tab, I set the form to load as DATA ENTRY = YES & sets the form to open in DATA ENTRY = YES on both tabs, then I go to the EDIT EXISTING tab & set the same form to DATA ENTRY = NO & it sets the form to open in both tabs in DATA ENTRY = NO mode.

So, my question is:
Can I set the same form to load differently on different tabs on the same MainForm?
If so, w... Read more

Answer:Solved: MS Access - Tabbed MainForm - How to make a form open a form in multiple mode

I would just copy the Subform, so you have version 1 for data entry with the Data Entry set to "Yes" and version 2 set to "No".
The only thing you need to do then is to Requery the Editing form each time you make an entry in the data entry form.
Although I prefer to just have an Edit form with a "New Record" button for the data entry.
 

2 more replies
Relevance 41.82%

My multi item form isn't letting me add new records, only update and delete current ones.

My guess it that this is because the form is based on a multi-table query. That's fine, I can make a new form specifically for adding new records, but I'd like to be able to salvage this form if possible. Is there any way to either force this form to accept new records in the bottom row, or is there any way to get rid of the "add record" bottom row completely so it's not misleading users into thinking they can add records here?

Thanks in advance.
 

Answer:Solved: Access 2007 - multi item form (continuous form) trouble adding records

16 more replies
Relevance 41.82%

I have a form Third party Invoice.I need to calculate taxes for GST like as it done for Purchase order,sales order.
so please help me how to calculate taxes for my customized form  ????

More replies
Relevance 41.82%

Hello

I have a subform which on its own - works beautifully but fails under the mainform. I use a main form to select the record that the end user wants to update. Upon update event on main form, the sub form opens, presenting fields for possible updating. The Sub Form also present 2 buttons - Save & Close or Cancel and Close (Undo). When the main form opens, the code set AllowClose as False. When the sub form is opened as a result of the update on the mainform, the issue is the Close command /code gets canceled. (Error 2501). I have tried: 1. setting AllowClose (true and False) on both forms, 2. only the main form and 3. only the subform. None of these 3 configurations resolves the issue. Also, I tried moving the buttons to the mainform instead of the sub form but that failed as well.

The application has a dozen forms and all of them utilize AllowClose functionality so the end user MUST use the buttons on the forms to force background queries (updates, deletes, perform calculations, recalc control totals etc). This is the first time I have tried to use Allow Close on a subform with buttons.

XP and Access 2007

KEY ELEMENTS OF THE CODE:

Private AllowClose As Boolean

Private Sub Form_Load()
AllowClose = False
End Sub

Private Sub Form_Unload(Cancel As Integer)
Cancel = Not AllowClose
End Sub

Private Sub SaveChangeandCloseForm_Click()
AllowClose = True
DoCmd.Close

Private Sub CancelAddingNewRecord_Click()
If Me.Dirty Then
Me.Undo
End If
If Not Me.NewRecord Then
En... Read more

Answer:Action Canceled - Using AllowClose on Form and Sub Form - Access 2007

Why not just use a listbox to display the records based on the selection on the main form? I don't think you can actually close a sub-form on a main form since it is tied to the main form.
 

2 more replies
Relevance 41.82%

I have a database which ultimately will have a couple of thousand records. The primary table has 30+ fields. I have lots of queries and connected reports to show various subsets of the data needed from the table. However, there are times when what is needed is all fields for a specific subset. Because the records sought often need to be filtered by several criteria, I've found the "Filter by Form" option to work well. I have a button on the main dashboard marked "Find Record" that automatically opens a search form in the "Filter by Form" mode. This allows me to enter information into as many controls as necessary, and returns exactly the right records after clicking on "Toggle Filters" on the ribbon. The problem is that ultimately I need to make this "Access-free". The goal is to create an application from the database without ribbons. I've created a button to run the filter, and another one to print the results, but when the search form is open in the "Filter by Form" mode, it greys out the buttons. I understand that there is a GotFocus command or something similar. Can anyone help with specifics, both the syntax of the command and where the command needs to be typed? Thanks a bunch...I look forward to your reply.
 

More replies
Relevance 41.82%

Morning Guys.

I am having a problem with Access 2007. I am not good with code, so would like to resolve this without using code if possible?

I have a form "A" that I have created. I want to be able to select a row on form "A" press a button and it will open a form "B" based on the selected record in form "A".

I have had a look at the button wizard, and it lets you have the option, but when you go through the wizard, it gives you an empty box on the left and a box on the right showing all the fields in the form "A". Nothing to relate to?

Any ideas?

Thanks
AJ
 

More replies
Relevance 41.82%

Hi All,

I need some help to figure out how to do a project.
i was given a sample tax form from the government that i have to re-create in electronic format. I have to build the form to match their specifications exactly. I've tried to do it in MS Word 2003 using a table, but the when i try to ensure that the tables cells are the same size as that on the paper - the tables keeps either changing the dimensions of the cell or changing the dimensions of other table cells.

the major thing is to ensure that the form i build matched that paper sample exactly - for example i cannot be off by even a millimetre.

In addition to that, my company has extracted the tax data for its 400-500 employees into an Excel Spreadsheet. I have to use the excel spreadsheet to make the "form" i created fillable.

The previos analyst used ms word 2003 and created the form using the drawing menu and text boxes and then mail merged the info in the excel sheet to the word doc.

can someone suggest an easier to do this? i wold be grateful for any help i can get.

Regards,
Ariane
 

Answer:Create Electronic Form to match sample paper form

Ariane,
Welcome to TSG

If I got your meaning correctly, then yes, ther's an easier way.
I'm almost sure that you can create the form in Excel, though setting the exact sizes and positions could be difficult.
I'm absolutely sure that you can create the form in Powerpoint, and with this latter, setting the exact sizes and positions should be much more simple.
Automatically filling the Powerpoint form is also possible.

If you only need to print out the filled forms, or create PDF-s, this Powerpoint-Excel duo might be good for you.
If you need to do further calculations with the filled forms, then I strongly recommend to stick with Excel.

I'm also curious what others can say.
 

2 more replies
Relevance 41.41%

I have this small database I am converting from A97 toA2010. I created a new A2010 db and pulled over objects I needed. Everything is tested out and working fine.
I also added a drop down box to the main switchboard toselect a "user". Its purposeis so the filter through all the records and pull up only the list of drawing #for that specific drafter.
So I have a table called tblSign_In which has UID autonumber, and the employees name. Thiswill be the user names for the drop down of the Main Switchboard.

I have a table called SHEET LIST that list all the data Ineed to display. This will end upholding tens of thousands of records of information about drawing. I added to this table a field called theLogInID field (UID) to link back to the tblSign_IN, and the correct number andcombination.
I also have a query called qrySHEET LIST which selectsall SHEET TABLE and inner joins to thetblSign_IN to pull the Employee Name linking on a LogInID field.

What I was trying to do is filter SHEET LIST form (my outputform) by the user selected on the MAIN SWITCH form in the drop down box Icalled cboSignInEmployeeName.
For example:
Sheet List (tbl) might contain information like: Sheet# 22a6; description Dryer; buildhours:12; drafter #4.

qrySHEET LIST (also my ouptut data) is pulling all theabove, but replace 4 with actual drafter’s name, John Smith.
To filter, I have two methods:
The query is my record source for my form SHEET LIST, so Iadded

WHERE (((tblSIGN_IN.[Employee Name... Read more

Answer:Filtering a form using selection of a combo box on a another form (user ID)

13 more replies
Relevance 41.41%

Here is what I'm trying to do.

For lists Equipment in drop down box.
Whatever equipment that is select, the equipment type field needs to be updated from a table.

Is there a way to get a value from SQL statement?

SQL = "SELECT [Equipment Type] FROM OrderDetails Where " _
& " Equipment = '" & Me.Equipment & "'"
[Forms]![OrderDetails]![Equipment Type] = SQL
 

Answer:Help with access form (insert table value into form field)

Mhouser, if you are trying to "display" a value related to the Combo selection you can have thta value as an extra column in the combo and refer to it with simple VBA.
You should not populate a Field's actual value with that from the combo as that is duplication.
Can you tell me which one you are trying to do?
 

3 more replies
Relevance 41.41%

I am a new user to Access 2010. My operation system is Window 7.
I have created a data base with two tables. The first table contains a list of students and their personal information. The second table contains student subjects and has many subject records with a relationship to the student record. The relationship key is the student id.

I have created a form that populates with the student information and contains a subform that populates with that students subjects. All of this works great for existing students. I can edit the student information and and new subject records.

Now here is my problem. I would like to create a form that preceeds my current form. The user would input a student number and click search button. If that student number exists on the student data base then the form that I created should open populated with the student data and their subjects and allow the user to update it. If the student number does not exist, then I would like that same form (or a form with the same layout) to open and the only data populated is the student number that was input on the search form. The user should be able to input all of the student data and course information and hit a save button that would insert the records into the correct database tables.

I have tried many methods to create the intitial search form that would open the correct version of the student form without any progress. Could someone provide me with the macro that would open that correct form, or set t... Read more

Answer:Access query to open Add form or Edit Form

needaccesshelp, welcome to the Forum.
First a couple of points, you do not need to "save" the record, access does so automatically. Also when creating a New record the subform should be automatically populated with the Student Number, this is controlled by the master child links.

The combo you need is a Find combo which can be created using the combo wizard, that combo can have it's Not In List Property set to yes, which can then be used to trigger adding the student that to the table and then to the form (and combo).
 

1 more replies
Relevance 41.41%

Can someone please help. I'm I can't seem to figure out how to keep an imported Excel file open to my users once I lock the Word form that I imported to. I need for my users to be able to be able to fill out the form as wellas open that Excel file if they need to. Any help would be greatly apreciated.
 

More replies
Relevance 40.59%

Hi all. I have different table for each type of inventory that we have. I would like to design one master form that would ask what type of inventory that the user would like to enter. Depending upon what the user selects, it will change the fields to the categories in the pertaining table. Is this possible?
 

Answer:using a form field to select display of a form

12 more replies
Relevance 40.59%

Ok guys, I can give a really easy example of this problem I'm having right here on the message board. If I place my cursor in between these two words (this) (that) and then click on a smiley, it SHOULD insert the smiley face in between them. I'll do it now.

See how it put it at the very end of the line? When I'm finished typing this whole thing, I'll try to insert a confused smiley here ( ) .

The same happens for ANY auto-insert stuff, whether it be the hyperlink or the quotes button, anything here. Its annoying . Anyone know how to fix this? No matter where my cursor is, it always inserts the auto-text into the end of the post.
 

Answer:Firefox - Form auto-insert always at the end of form

I imagine it's a quirk of the javascript in VBull. IE has added a lot of nonstandard code that makes editing windows more robust, and I expect that's what VBull is using. If so, there is no workaround.
 

1 more replies
Relevance 40.59%

I inherited this Excel document and have been asked to modify it so that when a selection is made from a drop down list a Form pops up for them to enter the reason. I put this code into Private Sub Worksheet_Change(ByVal Target As Range)

If Len(Trim(Range("$H$" & Target.Row).Value)) = False Then
Exit Sub
Else
If Len(Trim(Range("$H$" & Target.Row).Value)) <> "" Then
ProcessReasonForm.Show vbModeless
End If
End If

Which worked fine on three machines that I tested it on locally. However in the 2 remote location there it was tested it the Form would pop upwhen ever any changes were made to the spreadsheet. I need the form to only come up when a selection from the dropdown list in column H is made. As no personal data is in it I'll post a copy with this. To view code use "amber". Any ideas would be great as I'm lost as to why it's happening out there but I cant recreate it.

Thanks
WT
 

Answer:Solved: Form call is causing the Form to pop up everywhere!

File is attached. Code to unlock code is amber.
 

2 more replies
Relevance 40.59%

Hi all.
I have a form word document that looks ok when viewed but when printed there are the words "formdropdown' in areasthat should contain names, addreses, etc.
Running XP Pro.
The form works ok when printed from other pcs.
Having the same prob with other forms.

Please help.

Thanks

Thee

Answer:Word Form Doc Printing Crap Instead Of Form.

?

3 more replies
Relevance 40.59%

Unable to convert Word form to Excel form. Tried screenshot of Word form, pasted to Excel sheet and filled-up by text but the text itself always mis-arrange.Kindly help me please...

Answer:Convert Word form to Excel form

Rather my cherry picking and copying a few how to... suggest you follow the results here:http://tinyurl.com/zxfccfrIt's a google list found using:convert excel document to wordas the search term...

2 more replies
Relevance 40.59%

I have my form sending to my e-mail so it prints out my data line by line. Can anyone give me some pointers on how to get this data into a nice form that can easily be read.

E-mail from From Looks like this.

jnum=12345
jtitle=blah
fname=nick
mi=d
lname=johnson
ssn=1234
[email protected]
oname=
address=123321
 

Answer:Form to E-mail back to a Viewable Form

6 more replies
Relevance 40.59%

Actually, it makes sense because it's in the middle of the form where the cursor is sitting and the user will first enter their data. But first they need to read the instructions at the top of the form.

Is there a way to set it to load the page scrolled to the top rather than to the middle where the data is to be entered?

Thanks, Peter
 

More replies
Relevance 38.95%

Hello all,

I am creating a school database, and I'm having trouble with the register students part.
i have the form for new course, and the form for new student. so how do i create a button on the course form so that when i click add new student, the new student forms pops up and is linked to that course.
thanks again!
 

More replies
Relevance 38.95%

I am new to Outlook forms so my apologies in advance for the silly question. I bought a book to support me with my outlook 2007 and found that you can do forms. I have created a form and saved this in my personal folder. when I send this it looks ok, when this is received all the form content has gone and a normal email shows up at the receiver's end. I cannot find anywhere why this does not work. I delete the cache file but that did not work. Any help really appreciates, Kind regards, JBS
 

Answer:Not form content when form is received

If its a HTML form and you're settings are set to send Text only then that is why.
You need to be sending HTML formatted email which might I add is frowned upon by many email providers.
Plenty big businesses won't accept HTML email for security reasons. text only.
 

3 more replies
Relevance 38.95%

I have a 256 meg mp3 player can anyone sudjest a program where i can convert the songs from cds to mp3 form , i foiund some but it can only convert 5 song from each cd. ( IT NEEDS TO BE FREE ) THANKS!!!!!!!
 

Answer:problem converting cda form to mp3 form

perhaps a trial version like this? http://www.audiotool.net/
 

14 more replies
Relevance 38.95%

In access, I have a field that connect to a popup form for selection and after selecting the data required, the data did not print in the field. How can I have the data in the popup form to be printed in the field.
 

Answer:Transfer data from a form to another form

aattas, welcome to the Forum.
Can you explain a bit more about what you are trying to do and why you are using a pop up form?
 

3 more replies
Relevance 38.95%

Hi! I got this problem!

I have 2 forms. A main form and an extended form. I want to pass data from a field in the extended form to main form and save it in the main table. So the field's name in the extended form is: txtBDiluentLot, the name of the main form: BondSparF and the name of the extended form is BondDiluentF. I have written a code:

Private Sub StängKnappen_Click()
Me.Refresh
If IsNull(txtBDiluentLot) Then
'do nothing
Else
Forms![BondSparF form].Form.[BondDiluentF].Form.txtBDiluentLot = Me.BDiluentID
Forms![BondSparF form].Form.[BondDiluentF].Form.txtBDiluentLot.Me.SetFocus

End If

DoCmd.Close

End Sub

.... But when I run it it says: Run-time error: 2450

Microsoft Access cannot find the referenced form "BondSparF form".

Why I can't run it???

Thanks a lot!
 

More replies
Relevance 38.95%

Hey I am still having trouble taking info from a form to a printable page. Now I want to take the simple add it up form that I have and transfer all the items they add up and the total to a printable page. Are cookies the way to go. Should I set a cookie and retrieve it, and how do I set a cookie to the javascript that calculates my total?

Here is my add up form.<FORM NAME="MyForm">
P>Size<SELECT NAME="size" SIZE="1" ONCHANGE="totalPrice()">
OPTION VALUE="0" SELECTED="SELECTED">-- Select --/OPTION><OPTION
VALUE="2400">4' x 4'</OPTION><OPTION VALUE="3550">4' x 6'/OPTION><OPTION VALUE="4125">4' x 8'</OPTION><OPTION VALUE-"4700">6' x 6'</OPTION>
OPTION VALUE="6300">8' x 8'</OPTION><OPTION VALUE="7900">8' x 12'</OPTION></SELECT>
/P>
P>Ceiling Height-(at least 8'?)<SELECT NAME="ceiling" SIZE="1" ONCHANGE="totalPrice()">
OPTION VALUE="0" SELECTED="SELECTED">-- Select --/OPTION><OPTION
VALUE="0">Yes</OPTION><OPTION VALUE="0">No</OPTION></SELECT>
/P>
P>Door Hinge <SELECT NAME="hinge" SIZE="1" ONCHANGE="totalPrice()">
OPTION VALUE="0" SELECTED=... Read more

Answer:Its me again Can you set a cookie to any type of form, ie: add it up form

7 more replies
Relevance 38.95%

This ought to be pretty simple to do. I have a small table that contains contact information for a number of businesses: name, address, etc. I have an “ID” field that is an auto number and is the PK. I have created another table that contains the business name, date of a donation and a memo field to hold the donation info (since it’s stuff instead of money.) In the second table, “ID” field is also an auto number and is PK. I have related the tables with a one to many: theoretically one business with many possible dates/donations which is the basic premise. I created a main form to input the business data and created a sub-form for the donation data based on their respective tables. Each business will be unique but a business may give multiple donations, say one each month or more – whatever.

I can’t get it to work. I’ve got that big, honkin’ Access 2000 Developer’s Handbook but am still getting up to speed using it…. but I’ll keep looking until I hear from someone!

Thanks.
 

Answer:Access 2000 Form/Sub-form

9 more replies
Relevance 38.54%

I want to create a form in a sort inbox style so i ahve a list of records at the top in a datasheet and then by clicking on the list the details should show up in colunmar view below.

Sound simple its not.

I can get it to work the other way round by having a datasheet subform in my main form but thats not much use.

What i need to do is to somehow reverse how the form subform relationship works.

Any ideas?
 

Answer:Access: Form with subform datasheet. Selecting record on datasheet shows in form.

12 more replies
Relevance 37.72%

Hello I found an answer to this question but it was specific to his form. I have several Excel Logs (Tables) that contain information that is also entered into a separate form. Some forms are in excel and some are in word. I would like to hit a button that transfers a row of data to the form so i only have t enter data once. The forms will have additional information that will be entered. The forms are saved as a specific file type and are also printed so the answer that i found on this site may work but it puts the data into a different spread sheet in the same workbook and i need to send the data to a new workbook and in one case to a word doc. Can someone help me out. I have attached a couple examples of what i currently do.

Thanks for the help
 

Answer:Solved: Populate Excel Form and Word Form from Excel Table

16 more replies
Relevance 36.9%

I am using Windows 2003 with Access 2003. I have a main form that uses fields from a table that I would call the Master table, and this form has several tab pages in it. In this form the 2nd tabbed page uses a subform which displays data from a different table (I call it the Job Number table). I have linked these two tables with a one to many relationship. One of the fields in the Job Number table is named "Contract Amount". So each job record in the Job Number table tracks a separate Contract Amount value, but it is linked to the Master table through the one to many relationship. My goal is to sum all of the the Contract Amount values for each linked Master record and display that amount on my 1st tab.

I have created a subform that uses a sumquery which sums the Contract Amounts from the Job Number table. I tested the subform and the sum feature against the live data, and it does perform correctly. I then added that subform into my main form on the first tabbed page along with other fields on the same tab page. These other fields come from the Master table. In the Data Entry view, I can see a box where the subform should display, but the data doesn't display. What can I do to force the subform to display data along side the other fields from the Master Table?

Thanks in advance for your help.
 

Answer:Display subform in a main form with other fields from main form

6 more replies
Relevance 36.08%

I have a database and I need to set up a form in it where you select from a combo box and enter data in a text box, run a query from that data and then in the subform have the data from the query displayed and then have checkboxes and such that could edit the data in the original table. I havent dealt with subforms so im not sure how to set it up exactly. Any ideas?

thanks

This is all in access
 

Answer:creating a form and sub form

9 more replies
Relevance 36.08%

I have copied all the data in D drive from c drive as a back up and now i want to formate my PC(laptop) due to virus, so I need to form a new drive to copy every thing and formate each drive, please help me to form a new drive, as I am not that computer techic, thank you.

Answer:how do I form a new drive on my PC as to form

You don't have to create a new drive. You reinstall on the C:\ partition. However, I would copy that data again to an external drive, just in case something goes wrong.How do you know when a politician is lying? His mouth is moving.

2 more replies
Relevance 36.08%

Does anyone know of a way to convert a MS Word form to a PDF form? I have a few forms that were made in Word, but I need to be able to distribute them as a fillable PDF form.. I'm using the full version of Acrobate 6.0. If there's a way to do this without having to buy a thrid party plug-in, let me know (I'm too strapped for cash right now to buy a solution).
 

Answer:MS Word Form to PDF Form

Download and install OpenOffice
open the word file,
File > Open
then
File > export as PDF

then
Start > Control Panel > Add/Remove Programs > Uninstall Microsoft Office

your done
 

3 more replies
Relevance 35.26%

Hi
I have just installed Outlook 2002 on a Windows 7 Professional OS. I exported the Email Messages from WLM to Outlook. All went well until I opened any of the Outlook shortcuts, Inbox, Sent Items, etc. When I click on any of these, I get the pop-up: "The custom form could not be opened. Outlook will use an Outlook form instead. The object could not be found". I have installed the 2.0 Hot Fix for Outlook and deleted FRMCACHE.DAT from the FORMS folder. I sure would appreciate some help with this.
The computer I'm working with is a Dell Latitude E5500. Intel Core 2 Duo, CPU 2.40 GHz., RAM 2.0 GB, 32 bit, 150 GB hard drive.

Thanks

Answer:The custom form could not be opened. Outlook will use an outlook form

Outlook 2002 is now an old program. As far as I know it is no longer supported by MS, so would be prone to virus infections etc.
From what I have seen when searching the web Outlook 2002 is not really compatible with Window 7 & is prone to all sorts of problems.
You can do a web search by typing Outlook 2002 & Windows 7 & follow the results.
You should stick to your WLM program, uninstall Outlook 2002, then purchase if necessary a much later version of Outlook.

1 more replies
Relevance 34.85%

DELETE PLEASE
 

Answer:Help me with DNS PRETTY PLEASE?

...the same way you update any other DNS entry on a Win2k box. DNS knows not of windows - just make sure you have a forward lookup (your A record) a reverse lookup (PTR) and if it's not a mail server, an MX record.
 

1 more replies
Relevance 34.85%

I have spent days and days going through all the very useful suggestions on this forum, but I haven't found even one converter program which will do this AT A RESOLUTION OF 220 X 176. As I am also fighting the MP4 player at the same time, I am one frustrated potential viewer. Can anyone suggest something. Will happily pay for it as long as it WORKS

Answer:flv to asf or even avi to asf - pretty please?

kimtrncI think I have some software at home that may be what you are looking for, am about to finish a night shift will look when I go home and get up, if I am right I will post another reply when I come back to work tonight.

6 more replies
Relevance 34.85%

OK I have Windows 8, and am using Windows Live Mail which I down loaded from day one.

Question:: How do I put an avatar and signature on bottom of my e-mail so it is always there automatically?

I have never done this before, but noticed some people do have it.

Answer:How to pretty it up

Click on File->Options->Email, You'll get the screen below, click on signatures tab.

11 more replies
Relevance 34.85%

ok i would have done the old school "READ ME" downloads and scans 1st but cant find them on the site anymore......i have spybot and it hasnt found any majors, i put it in safe mode and half way through the scan the lappy switched off??? so spybot didnt complete.

this is a new comp i have not long bought :/

when i turn on the comp there are 5 options, it never goes straight to windows, these options are as follows....

1. ubuntu, with linux 2.6 35-22-generic
2. ubuntu, with linux 2.6 35-22-generic recovery mode
3. memory test (memtest86+,serial console 115200)
4. windows vista (loader)(on/dev/sdb1)
5. windows vista (loader)(on/dev/sdb2)

-this is a vista home premium
-its VERY slow for a lappy with 100gig (been upgraded)
-it trys but cant install most windows updates, says "updates wernt configured correctly, reverting changes bla bla bla
-i cant turn on windows defender at all
-windows security essentials cant update (i downloaded this myself after uninstalling avast
-i cant put a damn thing on the desktop, i have to go through the start menu for anything!

am choking on malawarebytes......is not free anymore!

is there someone who can help me with this heap of dribble or at least send me the link to "READ ME"........please?

and a HUGE thankyou in advance -o
 

Answer:need help pretty please?

falcon1 said:





ok i would have done the old school "READ ME" downloads and scans 1st but cant find them on the site anymoreClick to expand...

They are in the same place they have always been and listed on every single page in the Malware Forum since it s still a sticky thread.


READ & RUN ME FIRST. Malware Removal Guide


Spybot is has not been in the READ & RUN ME for years.

And you are incorrect, Malwarebytes is still free.
 

7 more replies
Relevance 34.85%

Hi EveryoneGood morning my first post so please go easy with me, anyway my computer recently got the mother of all infections via Antivirus XP 2008 it has been a complete nightmare could anyone please help and stop me from going insane just when I thought I solved the issue the blinky green text has appeared again and my desktop is slightly pixelly but at least I've got my sound back even if it is being drowned by the noise of my system (fan issue?). Please find my log that I have generated using HijackthisLogfile of Trend Micro HijackThis v2.0.2Scan saved at 06:21:03, on 28/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32&#... Read more

Answer:I Really Need Help (pretty Plz)

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator privileges when using.Close all applications and windows.Double-click on dss.exe to run it and follow the prompts.If your anti-virus or firewall complains, please allow this script to run as it is not
malicious.When the scan is complete, two text files will open in Notepad:main.txt <- this one will be maximizedextra.txt <- this one will be minimizedIf not, they both can be found in the C:\Deckard\System Scanner folder.Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do ... Read more

2 more replies
Relevance 34.85%

I believe I am infected. Please help,here are my recent scans.

Inline logs attached!

And hijack this:

Thanks for looking & helping!
Kelli
 

Answer:Pretty Please Help!!!!!

Do not copy and paste logs into your post; always include then as attachments.

You have HijackThis installed incorrectly. Please install HijackThis to C:\HJT.

After you have reinstalled Hijackthis, scan with HijackThis and fix the following:



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://*.boingdragon.com
O15 - Trusted Zone: http://www.classmates.com
O15 - Trusted Zone: http://dsc.discovery.com
O15 - Trusted Zone: http://offers.e-centives.com
O15 - Trusted Zone: http://www.hgtv.com
O15 - Trusted Zone: http://survey.otxresearch.com
O15 - Trusted Zone: http://www.reunion.com
O15 - Trusted Zone: http://esampler.tns-global.comClick to expand...

I see that you have Ewido Security Suite installed, udate the definitions and run Ewido according to this thread: Running Ewido Security Suite

Post the Ewido log along with a fresh HijackThis log once you have completed the above.
 

5 more replies
Relevance 34.85%
Question: Pretty Please!!!!

Hi experts! A virus scan found that I had a problem with LinkRepair...I did a scan with Spybot S&D, let it fix what it found, then set it to scan on system startup....but nothing seems to stop bad stuff from coming back...Can someone please take a look at my HJ This file, and let me know what you think? Thanks!

Logfile of HijackThis v1.99.0
Scan saved at 9:13:28 PM, on 3/9/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SA3DSRV.EXE
C:\COMPAQ\ACCESS\ENCOMPASS\MONITOR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\SXGDSENU.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\CPQPSCP.EXE
C:\E-WHEELMOUSE\WH_EXEC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\REGPROT\REGPROT.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\LXSUPMON.EXE
C:\PROGRAM FILES\MSGTAG\MSGTAG.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DESKTOP\PROGRAMS\HIJACKTHIS_1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Softwar... Read more

Answer:Pretty Please!!!!

Bump....
 

3 more replies
Relevance 34.85%

Well yay for me, over two years clean of virus and spyware and this comes from nowhere to haunt me.

I've already download l2mfix and hijackthis. I've done a lot of reading and I think I have the proper logs, but I'm not an expert in spyware removal. I try to stay as secure as possible instead of fighting the stuff. Any help would be greatly appreciated.
 

Answer:Pretty sure I have VX2.. yay.

Did you run L2MeFix as written here: Look2Me VX2 Removal

You can post attach the logs from it, but do not post any HJT logs without following standard cleaning steps and the procedures for using HJT. These procedures are given below.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

.
 

28 more replies
Relevance 34.85%

Two days ago I started having trouble with my connection slowing way down. I ran all the standard stuff: Spybot, Adaware, AVGfree, CCLeaner. My speed now seems fine, but I still can't connect to any of my email accounts. The login page loads up fine, but when I enter my info no data seems to transfer and the connection times out. This happens with Hotmail, Yahoo, and an email account through school. That same day I installed Daemon Tools lite and Dosbox. I have fully gone through the cleaning process detailed in the sticky here and the problem persists. I'm posting all of the requested logs except for AVG spyware because for some reason I couldn't save the log, but all it found was tracking cookies. Thanks!
 

Answer:Tried pretty much everything

Welcome to Major Geeks!





xenophone said:





That same day I installed Daemon Tools lite and Dosbox.Click to expand...

Actually you install alot lot more at that time. Apparently you were running without any protection and installed all your current protection software after this happend.


Your logs do not show any malware. In fact you show a lot fewer processes/programs running than most people. You issues may not be malware but we will run another scan just to be on the safe side.
But first let's get your Sun Java updated.

Uninstall the below old versions of software:
Java(TM) 6 Update 2

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run this procedure and attach the log: Running GMER to detect rootkits
I doubt it will find anything of interest.

You may need to check to make sure you are not blocking anything in a firewall, in Ad-Aware, in your AntiVirus....etc. Also try another browser. Also see what happens in safe boot mode.
 

8 more replies