Computer Support Forum

I think i have vondo or something much worse!

Question: I think i have vondo or something much worse!

Hi. My computer is infected with vundo or virtub one of the two. I have run Malware byte Anti malware and it followed the steps and deleted the infected files. I then reran the program and got 0's for everything. I also ran Avira AntiVir Personal and came up as clean. The problem is that sometimes Avira Guard will tell me it has dected virtub and prompts me to delete it. I just want someone to help me figure out weather my computer is clean of viruses or is it still infected.
Thanks.

Relevance 100%
Preferred Solution: I think i have vondo or something much worse!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: I think i have vondo or something much worse!

Let me check it:Download ESET SysInspectorhttp://www.eset.com/download/sysinspector.php- Start program through the SysInspector.exeThe program will collect information about the situation on your machine.- When "inspector" is ready and log file - generated, select File> Save Log- Confirm their wishChoose to save the file somewhere and then upload on http://4storing.com/ (when you open the page, click on the Great Britain flag to open the page in English), then give me the link.

1 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 47.97%
Question: Help with vondo

My computer appears to have gotten infected with vondo. I used vondofix and I THINK that got rid of it or atleast got rid of most of it, here is my hijack this log

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.korn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} ... Read more

Answer:Help with vondo

O4 - HKLM\..\Run: [acedcd1c] rundll32.exe "C:\WINDOWS\system32\sqdpwkiu.dll",b

I noticed this in the hijack this log.. might be worth noting that I get a error message now upon restarting that says the file module sqdpwkiu.dll couldn't be accessed. Also is it possible for me to still have any of the lesser infections due to vondo? Or should Vondofix have gotten rid of everything?

*Edit*

Looking at my running tasks I now see 'wisecustomcalla3.exe' running.. guess I haven't gotten rid of it.
 

1 more replies
Relevance 47.97%
Question: Vondo

so i believe i have fallen victim to the Vundo virus...
basic description of whats going on...
desktop background is black with a warning sign that says dangerous spyware found and user should run special program
warning security report shows up every five seconds saying my comp is infected and to start spyware cleaners
and iexplorer windows appear to random spyware removers, my documents opens randomly also

i tried to do the read and run me first cleaning procedure but i am completly restricted from just about everything, for instance couldnt open run so i couldnt get to the msconfig, cant get to the control panel so i cant view hidden files (although i believe i already have them on).
I couldn't install SAS because as soon as i hit the installer an error popped up, Spybot would not run, Malwarebytes would install but would not run, combofix would not install, so the mgtools exe ran and i've included all the logs in a zip file

idk if this is important or not but every time i attempted to install a program above a iexplorer window opened, but i dont know where it was taking me because i disconnected the computer from the router

Any help would be much appreciated.
 

Answer:Vondo

Welcome to Major Geeks!

Why are you running this PC with NO PROTECTION? No wonder you are so badly infected!


Please follow the instructions in the below link to see if you have the TDSSserv rootkit problem

TDSSserv Non-Plug & Play Driver Disable
If you did find the TDSSserv driver and disabled it then try running SUPERAntiSpyware, Malwarebytes, and ComboFix scans again and attach the logs if this helps.

Based on your MGlogs.zip file I can see that you have a lot of problems. Some of your Windows system files may even be infected which could be difficult to fix. Do you have a copy of your Windows XP boot CD just incase it is needed.

Now no matter what the results from the above with the TDSSserv driver were, I want you to continue on with the below.

Now download LSP - Fix

Run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the ntdll64.dll file (in the ?Keep? section) to select it.

Then, Select the >> button to move ntdll64.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

If it is already in the Remove section, just click Finish.


Now download a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Please C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis. An... Read more

1 more replies
Relevance 47.97%
Question: No Vondo??

I have bombarded my system with everything I could throw at it to get rid of every hidden bug. I was told I had vondo virus but I ran a vondo buster and it said that I didnt. So, please check it out and let me know what I can try next!! My hjt log is attached.
THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! In advance!!!!!!!!!!!!!!!!!!
Ty

Logfile of HijackThis v1.99.1
Scan saved at 9:41:50 PM, on 11/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\systen32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5746\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak... Read more

More replies
Relevance 47.56%
Question: vondo.h trojan

DDS (Ver_09-12-01.01) - NTFSx86
Run by hpowner at 8:16:22.85 on Sat 12/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.550 [GMT -7:00]

AV: avast! antivirus 4.8.1368 [VPS 091205-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehom... Read more

Answer:vondo.h trojan

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:http://www.bleepingcomputer.com/combofix/how-to-use-combofixAfter running ComboFix, please post the ComboFix log as a reply to this

1 more replies
Relevance 47.56%
Question: Vondo Virus

Hi,

This virus keeps coming back despite a wipe off in safe and real time mode.
I submit my HiJack this below annd by the way Hi there my first post!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:23 PM, on 18/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\ico.exe
C:\Program Files\Lenovo\Productivity Keyboard\Skdaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\Pelmiced.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Family Safety\fssui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\P... Read more

More replies
Relevance 47.56%

Hello - I appreciate any help you guys can give me. My McAfee virus scanner keep reporting the Vundo virus. It deletes the virus, however, it always comes back. My system is definately running slow and pops are frequently occuring. Here are the logs you guys requested in the instructions. Thanks again for any help you guys can give me.


DDS (Ver_09-02-01.01) - NTFSx86
Run by brett.clark at 12:07:24.89 on Sun 03/15/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.543 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\... Read more

Answer:Vondo!grb virus help

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

... Read more

17 more replies
Relevance 46.74%

my sys admin said it might be vondo but im not sure..

I cant browse to windows update or google, gmail etc (guess which mail program I use? ) on IE firefox or Opera anyway Ive ran AVG, spybot and hijack this and here is my log... help??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:31 PM, on 7/28/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows&... Read more

Answer:Vondo? Heres My Hijack This Log

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

2 more replies
Relevance 46.74%

IE is being hihacked with each keystroke to change browser site. Began weeks ago. Have run McAfee, Spybot, Spyhunter, MaxSecure, RegCure, AdAware multiple times (50 or more) without success. Each time McAfee and AdAware are run, the same infections are found indicating the presence of Virtumonde and Vondu, Ad-revolver and numerous cookies (which were already removed) to hijacked sites.Deckard's System Scanner v20071014.68Run by jrusca on 2008-08-02 06:49:05Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.Backed up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-08-02 06:52:00Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\SYSTEM32\services.exeC:\WINDOWS\SYSTEM32\lsass.exeC:\WINDOWS\SYSTEM32\svchost.exeC:\WINDOWS\SYSTEM32\svchost.exeC:\WINDOWS\SYSTEM32\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\SYSTEM32\spoolsv.exeC:\Progra... Read more

Answer:Infected With Virtumonde And Vondo And Maybe Others

Welcome to BC! Please download Combofix to your desktop.Doubleclick combofix.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt.Post this log in your next reply together with a new hijackthislog.

19 more replies
Relevance 46.74%

I believe i'm infected by a vondo virus similar to the guy on this forum. http://support.mozilla.com/tiki-view_forum_thread.php?locale=en-US&comments_parentId=50581&forumId=1 I have a Dell Latitude D420. Intel CPU U2400 1GB of Ram

The problem I am trying to resolve is that previously there was a massive amount of pop ups that would start whenever i loaded I.E. However I was able to successfully resolve this issue and now gmail and the google search both are unable to load. The loading bar jus continues forever showing a blank screen. PLease help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:27:21, on 7/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\Sys... Read more

Answer:VONDO virus i believe can someone please take a look at my HIJACK?

Hello Curbside and welcome to TSG. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Close ALL Internet browsers (very important).
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
Close ALL OTHER PROGRAMS.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
[*]In the Drivers section click on Non-Microsoft.
[*]Under Additional Scans click the checkboxes in front of the following items to selec... Read more

1 more replies
Relevance 46.74%

Hello, I need some help learning how to remove the Vondo and Virtumonde trojan from my laptop. Pop up windows occurs while browsing the internet, slow computer, slow browsing, can not get into my companies internal apps, also have a RUNDLL error upon startup. Says that system32\peluzena.dll has an error or can't find it. I can get on the internet and VPN but that is about it. I have run search n destroy & malware bytes along with my McAfee antivirus and still can not get rid of it. Below is a log from Hijack This as well as malware bytes...Log from Hijack This:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:04:36 PM, on 11/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20900)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exeC:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\WLTRYSVC.EXEC:\WINNT\System32\bcmwltry.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour�... Read more

Answer:Virtumonde & Vondo trojan and not sure what else...

Hello Mike, Sorry for the delay. We have many logs backed up. C:\WINNT\system32\yajumano.dll (Trojan.Vundo.H) -> No action taken.c:\WINNT\system32\fudoneze.dll (Trojan.Agent) -> No action taken. Your malwarebytes reports shows you did not quarentine everthing it found. Please update Malwarebytes' Anti-Malware , and it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly. If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

2 more replies
Relevance 46.74%

Does ANYONE know how to get rid of these two bad guys? I'm attaching my hijack log file to see if anyone can locate the problem. I have McAfee as my base protection and it keeps telling me this virus exists. I can't believe McAfee cannot remove this. Somebody help!

Logfile of HijackThis v1.99.1
Scan saved at 12:26:40 AM, on 11/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Intel\Wireless\Bin\... Read more

Answer:Solved: Zapchast and Vondo

16 more replies
Relevance 46.74%

I ran a macafee scan but I dont think it got rid of everything.

Here is the HJT log I appreciate any help you could provide.

Thanks,

Matt

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:30:55 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\winrss.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program ... Read more

Answer:Solved: hjt log trojan vondo maybe others

13 more replies
Relevance 46.74%

Ok, I'm pretty sure it's vundo trojan that I am infected with, I ran every anti virus removal and its still there. I ran combofix and it did nothing it just stayed on the "It'll take 10 min." screen all night.Nothing I do will remove this threat. This is the Hijackthis Logs.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:16:19 AM, on 11/25/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v7.00 (7.00.6002.18005)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\RocketDock\RocketDock.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Xfire\Xfire.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Steam\Steam.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM&#... Read more

Answer:Vondo Trojan Infected

Hello shell1992Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by... Read more

17 more replies
Relevance 46.33%

OK, I am losing my mind here and am just so frustrated. I have run every program imaginable to get rid of the "trojan vondo" virus (as per norton antivirus) and NOTHING seems to work. There might be additional viruses too. Pop-ups just keep appearing and my system is operating so slow it is impossible to work with. My computer is my livelihood so this is just lost productivity here. I have a hijackthis log file for my system and was wondering if somebody might be able to help me out.

Log File:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:00 PM, on 09/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system... Read more

Answer:Vondo Trojan Ruining my computer! HELP!

9 more replies
Relevance 46.33%

Hello from Alaska!
I've been using the directions in your forum to remove the vondo.h virus and am still not able to get it out of my system. I've spent 2 days on it now and I really need your professional help!!

I've run these scans:
Ccleaner
Malwarebytes
McAffee (POS that is!)
Spyware doctor
SUPER Antispyware
Spybot

I've turned off my "Restore" function, but it turns itself back on.

What am I doing wrong? What step am I missing? :cry

Please help this not-so-geeky girl!!!

THANKS!
Gj
 

Answer:Major Geek~~Vondo.h virus!

Here is my latest scan:

Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 5.1.2600 Service Pack 3

4/16/2009 4:17:16 PM
mbam-log-2009-04-16 (16-17-16).txt

Scan type: Quick Scan
Objects scanned: 97155
Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8298e759-287f-40db-90c3-b964bf4abc80} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ziitlyvx (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8298e759-287f-40db-90c3-b964bf4abc80} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\jesbbzr.dll (Trojan.Vundo.H) -> Delete on reboot.
 

5 more replies
Relevance 46.33%

I've been infected for about a day, I've run the vondo removal tool and spybot and trend micro and ad-aware and my symantic antivirus, and I think I've gotten...most of it? But I want to be sure! If no one minds, anyway! Symptoms are the cmd.exe popping up when I reboot (but I think I got that), turning off my auto-update for windows, launching IE (I generally use firefox) to give me a popup, and general system slowdown/crashes (sometimes my task bar and start menu just vanish, or sometimes explorer crashes and I have to manually reboot. I can't run dss.exe, it crashes when it tries to backup the registry, but I have the log file from hijack this, so here it is!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:02:52 PM, on 6/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcs... Read more

Answer:Fighting With Virtumonde, Vondo And Ieantivirus

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

10 more replies
Relevance 46.33%

Hi, I got this nesty virus I think. I was trying to bettle this all day and no or maybe some luck. I think i need to remove only one more file the efeeb.dll but it continuesly is telling me that is being used by a different program and I can not delete it. The spy-ware does not want to delete it too. Some of them do not even recognise it a tread. HELP. when i was using SpyNoMore it detect the file when when I tell it to delete it. I tells me that the system needs to be restarted and when I say ok. The comp goes it the blue screen and never restarts.Help. I am attacking teh hijackthis report for those of you who know the computer better them me. can you plese help. Thanks

Answer:Efeeb.dll, Vondo Trojan Virus,help

Hi Kitsa2000

Can you take a hijackthis log and post it back here in your next reply?

1 more replies
Relevance 46.33%

Hi, I recently did a complete 'nuke' of my system and everything seemed to be working well except that I couldnt do automatic updates and I seemed to be getting some strange and unwanted windows opening. I did some research and understood that I had 2 problems - 1) the dreaded WinXP reinstall that leaves some files out. I think I have fixed that after a few days of reading and trying the several fixes (many of which didnt fix), AND 2) the more dreaded Vondo virus that keeps multiplying regardless of what I try.
I have tried:
AVG free (both normal and safemode)
Adaware
Spybot
CCleaner
Malware
All of which have done some good and after running them I am 'clean', then the next time I try again "just to be sure" sure enough there are some more viruses. I even ran some of them with Restore turned off.

So now, I have run HijackThis. I am not sure what else to do, I understand I load it onto this website and an 'angel' will help me with a solution. If that is so, I thank you very much and hope that there is a solution to this problem.

Regards

Logfile of HijackThis v1.99.1
Scan saved at 2:01:58 a.m., on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\... Read more

More replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 45.92%

I got to the safe mode part... problem is I have profiles on PC with sp2.
All I got was black screen of safe mode.
No desktops...nada.
To be more precise..
I tried my profile, Darkness,
Administrator...still blackness
Any input?
 

Answer:Solved: Vondo fix/safe mode with profiles

16 more replies
Relevance 45.92%

Tried unsuccesfully to remove some of the infected files with no success. Removed downloader,websearch,viewpoint etc... The machine is much better but still unusable. I have hijack logs and other logs a MBAM log has a concise list. Please if could please give me some advice Thanks!
t_h_arner yahoo.com

Answer:Vondo,BHO.h,Trojan and Rootkit.Agent Infection please help

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

13 more replies
Relevance 45.92%

I need help cleaning this last bit of Vondo up. I went through and did the removal tool and for the most part it worked great,... but there is still a little bit left behind that the tool couldn't delete. Here is a copy of my latest HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 11:12:12 PM, on 1/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WIN... Read more

Answer:Vondo/Virtumonde Cleanup after removal tool

Hello a_quint, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

You do still have a trace of Vundo. I als... Read more

19 more replies
Relevance 45.92%

Ran MacfeeRan SpybotRan SpysweaperRan StingerRan HijackthisSat , sunday found Virtumode . Cleaned with Viturmodebegone machine seamed to be running ok . Machine restarted early sunday am to install Windows Update. Monday , machine booted up went into Spybot boot check mode , could not open 58 files , stayed on Blue screen never went away in couple hours I was forced hard boot After reboot I stopped scan disk and started windows. After couple of times with Firefox , I got pages opening in IE over and over.Few minutes later Macfee alert Vondo.gen.k Trojan found and blocked This happened several times over the night same message.So I started all over againThen Ran Spysweeper again it found that Virtumode again and quarantine the file Ran Virtumodebgone.exe from Macfee nothing found see trace belowMachine is infected again over and over I cant get rid of this stuff , I thought it was gone after yesterday but its back againand now I get the Vundo problemCurrently I have firewall locked down because its has Automatic IE openings jacking to sites while using Firefox. I left the machine on all night with firewall locked and Virus Scan running , it found 2 files Vondo.gen and one C:/windows system32/xxxxxx something .dll was not able to delete, requested me to restart and re run Virus scan I noticed this file name in prosesses before , I am at work now and forgot to write the file name down but I am sure its one of the ones in t he Hijack trace ) could be kpnkqi.dll or klgrbd.dll ... Read more

Answer:Virtumode and Vondo Keep Coming back after cleaning

Hello somdcelt and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Do not change any settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the report file loaded in it.Click the Format menu and make sure... Read more

2 more replies
Relevance 45.51%

antivirus disabled, firewall and connection disabled, browser doesn't work (crhome, firefox, explorer, opera). i removed everything that malwerbytes and spyware terminator found and i enabled task menager again. the startup is slow and the windows toolbar is without object.


DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL

Run by DANIELA at 9.16.15,71 on 06/02/2011

Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_21

Microsoft? Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3069.2521 [GMT 1:00]

AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\DANIELA\Desktop... Read more

Answer:rouge personal antispy- worm- trojan-vondo....and others

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.We need to create a New FULL OTL ReportPlease download OTL from here if you have not done so already:
Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the button.Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedAfter downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconne... Read more

3 more replies
Relevance 42.64%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 39.36%

In early December, my computer sustained virus attack. In a naive panic I purchased removers, and cleaners, none of which worked. The folks were good enough to refund, once they saw I had Norton installed. Norton did quarantine 5 or so but wasn't able to do anything with Swobohuxewot.dll. I googled "dll" and came up with REGCURE, which I bought. It did speed up things but left the infected file. I deleted it and promptly lost the printer. Meanwhile, I came across you guys and spent some time just reading posts. On Thursday, REGCURE pulled periodic scan and afterwards there was the file back and the printer works now. However, the notification window is in loop and continually displays a new total at the rate of 1/sec or so. Rebooting did not make it go away. I suspect Vundo is still lurking about, but the system is running fine with only an infrequent ad showing up. Am I in trouble? The looping screen is annoying.
 

Answer:Notification of Vondo in " loop"

14 more replies
Relevance 34.44%
Question: bad to worse

Now I'm getting a little spooked.First it was just some irritating re-directs from Google searchers.Then multiple windows began propagating, sometimes blaring music, voices, phone sounds.Then, trying to work my way through the instructions in the preparation guide, I discovered that attempting to run the gmer.exe crashed me, locked up the processor, prevented me to restarting, the whole thing.Now, my touchpad has stopped responding. I uninstalled and restarted to replace the driver, but no effect. I am having to use a USB mouse, which works OK, but has not improved the touchpad.What's next?!Just curious. A question, for those of you who have experience with this forum--how long does it usually take to get help? Should I assume that all topics are addressed eventually, as folks find time? If I have failed to supply some bit of information, or violated some etiquette, I'd rather know, make my amends and start over that wait on the sidelines longer than necessary.Or should I just throw this piece-of-crap netbook out the window and get a real machine?

Answer:bad to worse

Hello pfosinger,It's hard to say how long it will take for a topic to get picked up. I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 300 unanswered topics, the oldest dated Aug. 26, 2010 at 5:14 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30 2010 at 10:00 pm using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange ... Read more

2 more replies
Relevance 34.44%
Question: from bad to worse

please help-got a new laptop trying to use the wi fi.there is no wireless connection icon any where.maybe there no driver,im guessing. do i need to use the disc that came with my router.my other laptop works fine.maybe i need to use another keycode,i dont know please help.thanks

Answer:from bad to worse

I think you're already running a thread on this: click herePlease don't double-post.

1 more replies
Relevance 34.44%
Question: Bad to worse

I posted a previous problem in regards to my computer shutting down at random and suspect virus. It seems things have gone from bad to worse in rapid time. I have lost internet connection, I open a program "regedit" and it closes, same with "msconfig" I cannot boot in safe mode. Suddenly all that was in my "connections" are completely gone, that folder is now blank. I know in the past I have tested your patience here but am throwing myself at your mercy once more. Sorry if this should have been posted with my previous question but I am unsure as to how protocol is.

btw forgot to give the basics.
Winxp
Medion computer.
should be current on updates.
again tia.
 

More replies
Relevance 34.44%
Question: It could be worse

I come to this forum and read all the time in search of knowledge . With the reading and help of the fine people here I have fixed many problems . Some posts I have read complain about a program taking a minute to start up . Some complain about a slow boot up . Well when I said it could be worse I found one that couldn't be . Uncle brought his PC out to me to see iffin I could make it work for him . HP Pailion with 128 ram and XP Home . Hooked it up to my monitor and turned it on . One hour and 15 minutes later I could finally do something . First thing I attempted to do was run defrag . It took 15 minutes for the menue to work enough to let me click on defrag and another 29 minutes to open defrag . Now I have it open and click on derag to run , 7 hours later it finished . Pc Was still slow . A bit better but not much . Started to empty temp folders . One temp folder took 15 minutes to empty . Emptied all the temp folders and the history then deleated some programs . Only deleted 3 small programs but with them and the temp folders I regained 17 gigs of hard drive . Did another defrag and this time it went much faster . Then I started on malware and viruses . Did the ususal scans I learned from here and took a bunch of them out . Got to the point that the PC was healthy again . Took out the 128 megs of ram and replaced it with 512 which is the max for this HP . Now it is running very smooth and probably as fast as it ever will . So when you think you are running slow do t... Read more

More replies
Relevance 34.44%

Hi,

I just wanted to start by saying a very big thankyou to all of you that help people on this forum. It is very generous of you and it is appreciated.

I have been infected by this fake security application that says "Windows Security has found critical process activity on your system". It keeps redirecting our web searches. In safe mode I have ran malware bytes, super anti spyware and created a hijack this log all before finding this forum. Both these scans found problems initially however upon following the instructions of this forum no more were found. I tightened up my zonealarm resetting it to default and searching programs that try to run as they popped up, mshta.exe was one of the programs.

I have followed the instruction on this web site to the best of my knowledge and i will attach the logs of the various scans. All scans went well except for the combo fix scan that ran through to stage 50, flashed a page suggesting it was deleting files and then restarted my computer. I repeated it with the same result.

I now have a message that says "SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe." whenever i start my computer and it takes a long time before all the applications are loaded and ready to be accessed. It seems to run faster if the internet is turned off?

I am posting this from another computer.


Here are the logs - Thankyou for yo... Read more

Answer:Please Help, its getting worse

I am not seeing much in the way of malware on your system. Let's do this and see where you are after:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present --Unless you set this.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present --Unless you set this.Click to expand...

After clicking Fix, exit HJT.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Ta... Read more

5 more replies
Relevance 34.44%

Sorry to be such a bother but this problem is driving me bonkers!
Every turn develops into a new drama-here's the situation so far-

(1.) When I go to click on a program (any program) my computer either immediately or soon afterwards pops up a window that says "program error-process has already been exited-has generated errors and will be closed by windows. You will need to restart the program. An error log is being created." Of course restarting the process only sends me in circles-the same thing continues to happen-sometimes, obviously, I'm able to start the program but usually during the course of operation the "program error" window pops up and it's back to musical chairs again!
My system is, O/S Windows 2000 Pro, P4-1.6GHz 400MHz/P4FAN (P4-1600AR), Motherboard-D850MVL -MB Intel D850MV w/LAN, Rambus 256MB (2).

(2.) Now if I didn't already have enough problems I've apparently been infected with the Fortnight.E virus-it gets worse, in turn, I infected my ex-wife with the virus via an email (well, I'm sure you can imagine my situation-it would be better to have my nipples dipped in honey and dangled over a pool of hungry piranhas-she's pissed! Of course, the fact that the virus installed porno weblinks into her favorite file made matters even more unbearable-you'd think she was a nun or something! At any rate,
I have run a Panda On-Line AV-Scan-several Norton AV scans-SpyBot, Ad-Aware and SpySweeper-nothing works!
... Read more

Answer:Sos....from Bad 2 Worse!

6 more replies
Relevance 34.44%

Hi,
I made a post about my windows 7 explorer crashing, it seem to only happen when I move files from my internal to my external hard drive. it was still happening, nothing i tried fixed it.but NOW its gotten worse. Its crashing on a loop...every single second.this happens as SOON as I SIGN ON...in seconds it crashing and looping
and I cannot do a thing but use my internet...I get a message that tells me my program
fences (stardock program) has detected that there is problem with 7, and it disables itself, Then windows7 explorer crashes. sends info. then restarts...If I start a video or a program before it closes (which is seconds) then it will run. I have been up for HOURS trying to get this solved. I have NO clue what is going on. I ran Anti-Spyware free edition, found 8 harmful things, had them deleted. I also ran my microsoft essentials...BEFORE that..and it Finds nothing...it NEVER does. but anti does...that confuses me.

SO what is going on? what do I do? PLEASE anyone, I am computer illiterate...
I have windows 7 (genuine)
32bit home premium.
I was tryng to get the rest of the info. but I can't as the explorer is completely locked up as I type this...please help I am so frustrated, I want to make Bill Gates come fix my computer lol...who has his number!?
ASLO! After it crashes and re-opens it keeps bringing up the c drive file location library? every single time, so now i have a list of these file locations open...also I JUST get a message saying that my firewall is... Read more

Answer:Oh no its worse! Help!

Can you get into Safe mode instead? If so, does it happen in safe mode?
Safe Mode

EdiT:--------------------------------------
Do you have a system restore point you can revert to?
http://www.sevenforums.com/tutorials/700-system-restore.html

Oops sorry just read last line of your post.

9 more replies
Relevance 34.44%

Hey all.
I am loaded with popups. I went through all my prelim scans, booted safe mode, all that jazz. I didn't notice anything for about three minutes, then it all came back. If anything, they just seem to be getting worse. Anyway, here's my log, thank you much for your time.

Logfile of HijackThis v1.97.7
Scan saved at 11:43:05 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mllcrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C... Read more

Answer:Keeps getting worse.

Hi
You will need to get rid of the Peper Trojan first so run the PeperFix from my list..

After that
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [W7ABA] c:\documents and settings\... Read more

5 more replies
Relevance 34.44%

Hello, I never write posts to ask questions when it comes computers, but this time I saw myself having to do so.
I have had many problems recently, and it just got to the point where stuff just doesnt work anymore.
I upgraded to Win 10 about 10 days after its launch. I loved it. I had that often problem everyone had but I could solve it.
About 20 days ago, everything worked greatly. Then, I don't remember what exactly happened, but all of a sudden I couldn't access the Groove Music App. Then I realized I couldnt open any other Windows built in apps, not even store worked. However, Edge and apps like calendar for some reason do work. So in an attempt to repair this, I messed up the Appdata folders's permissions. I had recently installed this context menu button when I right clicked, that let me take ownership of a folder, so I took the ownership "administrators."
Then, the hidden items check box in the View Tab on Explorer suddenly unchecked itself when I checked it. I looked up online and there it said it had to do with the Administrator account, but hell, I am the admin account on my PC, so this just didnt make sense. Then I read a simple reboot would help, so I rebooted and it was fixed.
This is where I mention my recent installs. Around the time, I installed this now piece of software on my pc, and this software was Bit defender Total Security. I had replaced my previous antivirus, Avast Internet Security, with this. Now, I highly doubt this program contributed to this in ... Read more

Answer:Help! My pc is getting worse

That last part went wrong somehow, here are the links:
click here
href
10-windowsstore/store-not-opening-in-windows-10-this-app-cant-open/c0de1565-9c33-4604-a1cd-b4ce18b72117?page=2&auth=1
10-windowsstore/windows-10-app-store-will-not-run-cannt-add-a-user/682d6bd8-39ae-4ee4-b0fc-c19027b44552?rtAction=1444233209744&auth=1
storeandappswontopenreregistering/
1-windowsstore/windows-store-app-not-opening-in-windows-81/9882357f-ae86-4e4d-ba37-209aa960063c

7 more replies
Relevance 34.44%

Just a curiosity question. I found an old AMD K6 chip in a scrap computer.
I would like to know if it is better/faster than my "Cyrix Instead" with MMX?
Both I think are 266's and socket 7.......

It's for my first PC that is now used for solitaire and surfing the net...

And what steps, if any, should I do to swap them, if the K-6 turns out better?
 

Answer:Better/Worse? Two old CPU's for old PC..

10 more replies
Relevance 34.44%

Hi, I have been using PC tools for the last couple of years with no bother. However, when I wanted to put it on my laptop I lost the ability to access the internet. They told me (eventuallY) to reboot using my windows XP home edition disc. having done that I was initially able to access the internet, but I could not open links or download any thing, and now explorer won't open at all, I just get error reporting. Things have gone from bad to worse and I need some help.Thanks

Answer:going from bad to worse

sorry - spyware doctor

2 more replies
Relevance 34.44%

Ok my computer has been progressivly getting worse becuase before i wasnt able to enter my control panel becuase explorer would just crash. And now i started up my computer and restarted a couple of times and i cannot see my tool bar(the one with the start button) and my cousin is bringing my xp disk christmas.. what can i do in the meantime? oh and when i click my windows key it doesnt do anything.

Answer:it just got worse...

looks like a virus to me
what antivirus program are you using? and is it up to date?

9 more replies
Relevance 34.44%
Question: It's worse

my computer has been acting up for awhile running really slow, but now it's started this trick of adjusting the screen every little bit. It either moves up or down. It changes the sizes of the window as well. Then i noticed down at the bottom in the task bar, a button appears for just a second with a little icon in it. Then it disappears before i can do anything. Now, my email has started bouncing and i can't get outlook express to connect. Also, i was kicked off yahoo messenger and then all i could get was page cannot be displayed on even my home page. Here is my HJT log. I would appreciate your help.

Demi

Logfile of HijackThis v1.99.1
Scan saved at 1:01:23 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Dig... Read more

Answer:It's worse

6 more replies
Relevance 34.44%
Question: Getting worse

I followed your advise to rid my computer of a BHO and virus (red circle w/white X in system tray). Now my computer takes 20 minutes to boot, asks what mode to load in, (safe, normal, MS-DOS, etc), and only loads in 640 x 480 video. I've also lost the printer driver.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:56 PM, on 12/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant ... Read more

Answer:Getting worse

hi, welcome to TSG.
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php
Download A2

http://www.emsisoft.com/en/software/free/

update A2 and run a full scan.
*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* run cleanup

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Ex... Read more

1 more replies
Relevance 34.44%

my topic is here http://www.bleepingcomputer.com/forums/t/134217/virus-and-rootkits/ and it has been a couple days since a reply, and i was told not to reply again until i get a reply from someone to help me. but my computer is now losing the whole task bar whenever i close anything...i can bring up the task manager and see everything there, and i can ALT+TAB between programs and they will come up, but when i press the windows button will not bring up the start menu. the HJT log is in that other topic. thank you for looking

Answer:I Think My Pc Is Getting Worse

Hi dizz15,I know it's frustrating, but please be patient. It may take a while to get a response, because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

1 more replies
Relevance 34.44%

Hi. I hate to be a nooge, but I posted a problem I had a week ago with a single search term being redirected in Google -- only that one search term was redirected. That much has stayed constant -- I've been using Google all week and only that one search term is redirected. My post has dropped down to page 12 and I think it's pretty much off the grid by now.Tonight I tried to run Hostsman to update my Hosts file and Avast! immediately put up the Warning notice that:12/2/2009 11:40:42 PM SYSTEM 2016 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\HostsMan\hm.exe" file.I quarantined the file, but now I'm very concerned. When it was just the one redirect it was interesting, but this has me a bit panicked.I've copied last week's post here.Can anyone help?EDIT: Okay, it looks like Avast! may be reporting false positives right now with virus database 091203-0, the one I'm using right now, according to what I read in the various forums. I'll keep a good thought, anyway.But my redirect problem IS still there, and I'd like to get to the bottom of it, if anyone can help. Thanks!Hello again -- I was here with a severe problem about a year ago. It took several weeks, and a lot of help, but I got cleaned.I also learned a few things. I have since installed the NoScript and Cookie Whitelist addons to Firefox, I installed the free version of ZoneAlarm, and I installed a Hosts file manage... Read more

More replies
Relevance 34.44%

I've been trying to fix this computer for several days now, and it keeps getting worse instead of better

I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.

I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa

Here is my HJT log, let me know what if anything else will help.

Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program... Read more

Answer:It's Getting Worse....

I downloaded the newer version of HJT...new log file is:

Logfile of HijackThis v1.99.0
Scan saved at 12:13:41 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system... Read more

3 more replies
Relevance 34.44%
Question: Bad to Worse

Friends,

It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

If I reload XP, will all my data still be there?

Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

thanks, GearHead.
 

Answer:Bad to Worse

Hi GearHead,

Check out this link and try the removal tool from Symantec.

READ ME: Virtumundo Problems/Resolution Threads

Should that fail, I would suggest following the steps here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Best luck
PP
 

2 more replies
Relevance 34.44%

I tried to run a payment on a website and the submit button did nothing but make the cursor blink which it still is.  I looked under inspect Element and there was a JS file that downloaded.  I looked at it and it looked fishy.  I tried to run the normal cleaning techniques (ADW Cleaner, JRT, RKiill etc) and they all returned a messagge. "the service cannot accept control messages at this time "
 
It is slowly getting worse by the minute so I am not sure that this will even get to someone in tim,e cause I know u guys are backed up but if possible I dont know what to do I tried to use msconfig.exe , and the search functions to get safe mode to work but I just get either nothing happening or the same message.  I am afraid that if I turn off the computer to shift into safe mode that it will loack up..  Any helop would be appreciated.

Answer:I have something bad going on and ts getting worse byt the second

Sorry, but it seems that your pc is infected with a virus or malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.Please follow this Preparation Guide, post in a new topic and include a link to this thread.Let me know if all went well.

3 more replies
Relevance 34.44%
Question: Gotten Worse...

I know i posted about it a couple days ago with my computer going down the pooper. Well it was running real smooth untill recently. i had lots of disk drive space open now today it says i have 55.6GB of free space now i have a total of 74.5. I have been running virus protectors and spyware programs but its not working and there are icons showing up on my desktop that i cannot get rid of.... Do i have to re install windows or something? Sorry to ask again but i need help. Also i forgot to mention in my add remove programs there is a new program called search plug in and also micromedia flash player which im unfimiliar with and they are the biggest files in there.
 

Answer:Gotten Worse...

Please don't start a new thread for the same issue

If you are not getting any responses bump the original back to the top by simply posting to it...

here's the oiriginal... http://forums.techguy.org/t313054.html

closing this one

buck
 

1 more replies
Relevance 34.44%

dear all, any softwares that can fix this...

3 men go into a hotel for the night. The clerk informs them that it's $30 for the room, so they each take out a $10 bill to pay for the room. So far they paid $30, correct? You with me so far? Good.

A few moment after the men went up to the room, the manager reminds the clerk that there was a special promotion that night, and that the room was only $25. So the clerk gives the bell boy five dollars to bring back to the men. On his way up to the room, the bell boy says. "Hey, I'm not stupid, I'll give each of the man a dollar back and keep two for myself, $5 right, 30-5=25.

Well, since the bell boy gave each man a dollar back, that means each man only paid $9, correct?

Well, the last time I checked, 9x3=27, plus the 2 that the bell boy took makes 29, what happened to the other dollar??????

[This message has been edited by kokaik (edited 07-03-2000).]
 

Answer:the more you think, the worse it gets

7 more replies
Relevance 34.44%

i now cannot access my e-mail since doing an update every time i click on the e-mail icon nothing happens its just blank, nutty norm again

Answer:its seems to get worse

What email icon?????????????

3 more replies
Relevance 34.44%

I have been workin on this for several days now and I am at my wits end. I am attaching my Bitdefender log and an HJT log. I have followed all of the instructions in the "Before Posting" page. And should tell you the following. My Add/Remove programs hasn't worked in years so when necessary I use the free trials downloadable from various places.
When I try and run Microsoft Windows Defender it says I need to perform an upgrade, and will not open.
I tried running Pandascan this morning and waited for over two hours and it never did complete downloading.
As I mentioned, I am at my wits end and believe it's time for some help.
Thanks
 

Answer:The more I try the worse it gets! I need Help!

Welcome to Majorgeeks!

You did not attach your HJT log. Make sure you follow all instructions in step 7 properly and then attach your HJT log.

You should look at your Bitdefender log (change the .txt to .html and then double click on it and you can see it in your browser) You need to delete those items it is pointing out in your email.

Is your copy of Windows licensed to you and has it been activated with Microsoft?

What happens when you try to use Add/Remove programs? Be specific.
 

9 more replies
Relevance 34.44%
Question: From Bad to Worse

Hello to all the experts here at Bleeping Computers.

I was in the process of following your steps from the "Preparation Guide" when my computer decided to crash big time.
Initially I had my homepage hijacked by something called start.search.us. That by itself didn't seem to be a big deal. I was proceeding through the steps and made it to step 8 (Create a GMER Log). Approximately 5 minutes into the scan my entire screen went all screwy. It looked like the GMER scan program filled the screen and scrambled itself.

Now my computer won't work at all. After a restart, the computer locks up on the black screen with the green progress bar (Microsoft Corp underneath). I tried a safe mode reboot but it stops loading at the following line of text, "Windows\System32\Drivers\avgidshx.sys" This was the same line of text that was being scanned during the GMER scan.

After another restart (so many I lost count) my computer reads the following, "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:...." Several options are listed but even after inserting the original operating disc to repair, I can't get past the green progress bar thing.

Help!!! I'm moments away from turning this laptop into a very unaerodynamic flying brick.

(I'm typing this on my wife's Macbook, in case anyone was wondering how I could post)

More replies
Relevance 34.44%

I just finished a download that had some pretty nasty side effects. I am getting a pop up saying "It is recommended to update you antispyware protection to prevent data loss. Please install the most up-to-date antispyware for you" then an ok button. This isn't the only one, there are about 2 or 3 that seem random, none of which seem encouraging at all. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:46 PM, on 1/26/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20935)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\explorer.exeC:\Program Files\Unlocker\Un... Read more

Answer:pop ups and probably worse

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all.I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it i... Read more

18 more replies
Relevance 34.44%

I have a virus on my computer in which my Windows Defender warning pops up every few minutes I remove it and it keeps coming back. I am also getting lots of internet pop-up ads. Please help before I throw my lap top out of my window. I ran hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:47 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Softw... Read more

Answer:Please help! It's getting worse

it is:
browser modifier: win32/fotomoto
 

2 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

9 more replies
Relevance 34.44%

Like all AOL software, I'm wondering if the new AIM version is worse than the previous. Has anyone tried it yet?

It seems to have a lot of the features that AIM mods have introduced. I use DeadAIM myself, and have loved it for years. I tend to like things minimal. I've tried GAIM and Trillian, but I only use AIM, and GAIM messes up direct connections and profiles. I've tried AIMutation (sp?) and didn't like it much either.

What do you guys think?
 

Answer:AIM 6: worse because it's new?

i like it, but alot of people don't.
you just have to tweak it to the way you want it.
 

3 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

0 more replies
Relevance 34.44%

Is a 635 slower than a 640? Is the camera worse? Is there less internal memory? What are the differences?

Answer:How much worse is a 635 than a 640?

Here's the differences compared to the 640...
The 635...
...has half the RAM, which meant Facebook and Messenger refused to run in my case on W10M, multitasking is less smooth and whatnot. But it works for the basics.
HOWEVER, there are some 635's that have 1 GB of RAM, matching the 640.
...is not supported currently so you won't be getting Windows 10 Mobile easily, although some 635's have indeed been getting it with little effort oddly enough.
...has an inferior, lower-resolution 5 MP camera with no LED flash. (the 640 has a flash and an 8 MP shooter)
...is smaller than the 640.
...does not have a proximity sensor.
...does not have double-tap to wake or Glance.
...has a smaller and lower-resolution display.
...has a smaller battery.
Although the 635 and 640 share the same Snapdragon 400 processor and 8 GB of storage + microSD.
The 640 is the better all-around phone but I your needs are very basic and the 635 is significantly cheaper then the 635 may make sense.

2 more replies
Relevance 34.44%

 Can anyone help??? It all started when I installed a new game (well new for my old PC) the other day, when ever I tried to load it, once it got past the intro video it just returned to the desktop, most of the time, it did occasionally work. So I went to look on the web for advice and was told to update my sound and video drivers. My PC is an old PII 350 with windows 98. I went to ATI and downloaded what it said was the latest driver for my card, now when the game does play the colours are all wrong and blocky (I have also updated direct X above the one the game needs). So I tried a sligthly older driver, which was even worse, so I put the newer one back on. To add to this the company who made my sound card (Aureal) have gone out of business, so don't give drivers now. I have found on another page what was supposed to the the latest driver they did release, but when I load the diagnostic tool on my computer (some sort of direct X thing) when I test the sound, it says there is a fault there too. It seems that what ever I try to do, the thing just gets worse, I am starting to think about getting another PC, but when it works, it does everything I need. Does anyone have and advice how I should try and fix all this? Thanks James

Answer:It just keeps getting worse

Did you simply overwrite the videocard drivers? If yes, you may wish to thoroughly clean your computer by uninstalling them and running a program such Advanced System Optimizer V2 or Advanced Uninstaller Pro 2004 There is also a useful tool that removes drivers for you.. I'll get back to you on that once I recall the name. Even though your soundcard manufacturer has gone out of business, use Google to search for drivers. There is quite a high chance of still finding them.As for DirectX, see to it that you have the latest version from Mirosoft.Buying a new PC will not solve your problems. It is not the PC's fault, it is the users fault. Your problems will just start anew if you donot know what you're doing.

1 more replies
Relevance 34.44%
Question: Bad to Worse.

Hi all,  So not only does the Control Panel on my T520's nVidia card fail to work, but safe mode doesn't either. It gets stuck in a reboot loop for memory reasons. Using last known boot configuration I can get it to boot normally but the networking cards/drivers don't work. They are detected in Windows 7 but ipconfig only gives the Tunneling adapters.  Any ideas? Or should I just send it in for servicing?













Solved!

Go to Solution.

Answer:Bad to Worse.

Hi kingofthering
 
If you need to use the machine temporary or to ensure your Nvidia GPU is defect, you could change the graphics settings in the BIOS to Integrated Graphics.
 
If you are not technical savvy or / and wish to save the hassle, it's probably good to send it in for servicing.
Have a nice day!
Peter
W520 (4284-A99)
Does someone?s post help you? Give them kudos as a reward, as they will do better to improve | Mark it as solved if the solution works for you, so it could be reference for others in the future
=====================================
Sound Enthusiast and Enhancement (Post comments, share mixes, etc.)
http://forums.lenovo.com/t5/General-Discussion/Dol?by-Home-Theater-v4-for-most-Lenovo-Laptops/td-p/6...
http://forums.lenovo.com/t5/IdeaPad-Slate-Tablets/?IdeaPad-Tablet-Sound-Enhancement-Thread/td-p/7150

9 more replies
Relevance 34.44%

new note pad mesgwhen I boot up.
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

I get this on start up and firefox is giving me an error

Well, this is embarrassing.

Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page
Can any one help me out?

Thank you so much
 

More replies
Relevance 34.03%

Hi Folks,

I somehow got nailed with Virtumonde two weeks ago and have been fighting with it ever since. Having tried everything I've been able to find on the web (short of attacking things in HJT), I've finally admitted defeat. I noticed some great postings here, so thought I'd ask for some help from the experts at Geeks. I've followed all of the steps in the READ & RUN ME FIRST sticky already, but have managed to end up worse off somehow. That's not a shot at the process, but typical of my last two weeks fighting this thing.

After finishing step 7 last night, I shut down. When I tried to boot into normal mode today, I am now getting a popup window with a title bar of RUNDLL and the message "Error loading C:\WINDOWS\system32\yekrmujm.dll. The specified file could not be found." When I click the OK button on that box, it pretty much causes the system to either grind to a halt or hang (can't tell which- the mouse moves, but nothing came back after an hour, and I can't get task manager to come up).

I can still get into safe mode OK, so I'm trying step 5 again in desperate hope it will at least let me boot into normal mode (it's my work laptop, so I'm a little unproductive right now...).

I've attached all the logs from yesterday's efforts and would greatly appreciate any help with getting back into normal mode, and even better, getting rid of Virtumonde. I was unable to get a log from Co... Read more

Answer:Virtumonde- From bad to worse

And the rest of the logs...

And I forgot to mention that I followed the additional step for Virtumonde and ran Vundofix, so that log is attached as well.
 

9 more replies
Relevance 34.03%

Hello, thank you for taking the time to view this. For some reason some links don't work on my home computer but do at my school. I tried them in both FireFox and IE, and nothing worked.

Links like:

Grinler's HiJackThis Tutorial

Said: "Not Found

The requested URL /forums/HijackThis_Tutorial_How_to_use_HijackThis_to_remov e_Browser_Hijackers_and_Spyware-tut42.html was not found on this server."

But they work perfectly at my school, or at my friends house. I'm starting to think its Mal-Ware vs. a problem with my browsers.

But I have the best of the best (pretty much every program Geek to Go admin's and staff has recommended) Anti Mal-Ware applications, and have been scanning non stop all day, and yesterday. Some have detected 1 or 2 problems, others have not, but nothing is better. I think things are getting worse, because now things are slowing down a lot, and programs are taking longer to open up.....and such.

So here is a HiJackThis Log:


Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.


Help me please this is pissing me off
 

Answer:Serious Problems getting worse

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy - only for Windows XP, 2K, & NT users
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can o... Read more

49 more replies
Relevance 34.03%

When I ask for Dos Prompt, the machine shuts down. A friend was given a Dell "Dimension E520" running XP Pro, desktop computer by his boss. Their business was replacing some older machines and giving the old machines to some of the employees. My friend has a very old CAD program called Anvil. It is a Dos program. It fits on a floppy disc. He has been using Anvil for many years an would be lost without it. He asked me to look at the machine to see if I could figure out why his Anvil program will not work. When he tries to run the executable, the machine shuts down. I thought perhaps the executable was corrupt. After a few hours of trying to make it work, I thought maybe if I started with a Dos prompt, I could get the executable to run properly. That's when I discovered that the machine will not provide a Dos prompt. The request causes the machine to shut down. I am at a loss. Can someone offer some help with this? In the "safe mode" the dos program works fine.

Thanks for looking,

Roger

More replies
Relevance 34.03%

About 6 months ago I was infected w Trojan/Vundo and the BC gang helped me get back on my feet. I ran ComboFix, use Ad-Aware, AVG, Malwarebytes, Spybot, Spyware Blaster.

I enjoyed 6 worry-free months and now I'm stuck again. Windows will not complete loading--freezes. I tried to use my windows recovery in safe mode and clicking "next" prompts no further action after I've chosen a previous date. I have done a HJT log in safe mode only.

Symptoms when windows was working still:

Google results were links to other ad sites.
IE would not allow me to go to BC.com and other helpful forums but would allow me to go to youtube, google, yahoo, etc.
Updating Ad-Aware, Spybot, and AVG was not allowed.
Malwarebytes would no longer load (would show to load in the Task Manager but nothing further.)

So I feel frustrated because I can't use any malware/virus programs to clean. And I can't load windows in anything but safe mode.

Any advice would be extremely appreciated. Thank you in advance!!

Answer:Seems Worse than 6 months ago

Hi and welcome back. I am sending you a private message with instructions. Please follow those first and then run malwarebytes according to these instructions.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. -- MBAM may make changes to your registry a... Read more

12 more replies
Relevance 34.03%

I have a series of problems. When booting up, a bright green light rises from bottom of the normally black Windows boot-up screen. Also, I am no longer able to prompt Safe Mode when I hit F8 during the start up. My screen is blurry (to the point that I can barely read text) and flickers. CPU is VERY slow (typing seems to make it slower). I have Symantec Antivirus and Spyware Doctor, but I don't believe either is working properly. Please help.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Tom H at 8:09:49.23 on Wed 03/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.298 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMg... Read more

Answer:Possible virtumonde or worse

Hello.Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that w... Read more

3 more replies
Relevance 34.03%
Question: Trojan and worse?

I discovered I had a problem when I couldn't keep "Show hidden files and folders" active in Folder Options. I re-download Avast AV and ran a scan and found some bad stuff. For the past 24 hours I've been reading info on the Web and trying to fix things on my own, but I need help, please. Thanks very much in advance!
Here's my DDS log and my attach.txt is attached.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Kiko at 4:08:53.71 on Wed 02/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.339 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090210-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAn... Read more

Answer:Trojan and worse?

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixDownload Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER.zip to your desktop from any of the links below:LINK1, LINK2Right click on GMER.zip and select "Extract All".Close all other open p... Read more

14 more replies
Relevance 34.03%

Hello and thank you in advance.

My mother-in-law's lap top has a sudden problem.

Window's XP

Computer boots up, and log in screen appears. There are two account login options: Nana & Nicole (granddaughter). Click on either one, it say loading personal preferences, then logs off, back to log in screen.

Sound familiar to any one?

Thanks!!

Jeff

Answer:Mother-In-Law's lap top (what could be worse/)

have you tried logging in the admin acount pressing Ctrl Alt Del twice and if you cant go in there try booting in safe mode

2 more replies
Relevance 34.03%

I think I overheated the CPU in my laptop. I'm not entirely sure it's the CPU, though. Everything points to it according to my knowledge but I found this interesting...

Maybe it's worse...

Possibly the CPU is fine and just being used heavily because a different part is shot? Look at the virtual and hardware memory.

Need pro help. Thanks guys =)
 

Answer:CPU ruined or worse?

What is the problem that you are having?
 

3 more replies
Relevance 34.03%

My wife was on pintrest this morning and an alarm went off and a pop up came up saying our IP server was hacked and something about drivers, to call a phone # for Microsoft support. she called gave over control to the computer to the women on the phone. My wife was informed we had 2000 threats that we should take it to a Microsoft store where they will send it out for 400 $ or she can fix it on line for 2oo$. How bad of trouble am I in ? Thanks John
 

Answer:Help I maybe hacked or worse

16 more replies
Relevance 34.03%
Question: Bsod got worse

Hello, my laptop is not turning on after this error. I used to see this error almost every other day. I thought it's nothing serious.. I even don't see any battery light (on laptop) when I connect it with the charger. I really don't understand what's the main problem.. I bought the laptop 9months ago. I can't say if I need to change the battery. It's aspire v17 nitro. One last thing I want to add is I'm having this error after upgrading to Windows 10 from Windows 8.1. Please someone help me

Answer:Bsod got worse

Hi Zarminaehsan,

This sounds like a bug due to the upgrade.
I suggest to perform a clean install and let me know how it goes.
Windows 10 - Clean Install - Windows 10 Forums

1 more replies
Relevance 34.03%

DDS (Ver_09-12-01.01)Microsoft Windows XP ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 18/06/2009 4:43:21 AMSystem Uptime: 12/02/2009 10:09:40 PM (7034 hours ago)Motherboard: MSI | | MS-7374Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+ | CPU 1 | 2700/200mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 466 GiB total, 375.161 GiB free.==== Disabled Device Manager Items ================= System Restore Points ===================RP100: 04/09/2009 3:12:42 AM - System CheckpointROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/12/03 00:04Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: 1394BUS.SYSImage Path: C:WINDOWSsystem32DRIVERS1394BUS.SYSAddress: 0xB80C8000 Size: 57344 File Visible: - Signed: -Status: -Name: Aavmker4.SYSImage Path: C:WINDOWSSystem32DriversAavmker4.SYSAddress: 0xB8340000 Size: 19072 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xB7F79000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: DriverACPI_HALAddress: 0x804D7000 Size: 2150400 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:WINDOWSSystem32driversafd.sysAddress: 0xB43BE000 Size: 138496 File Visible: - Signed: -Status: -Name: AmdK8.sysImage Path: C:WINDOWSsystem32DRIVERSAmdK8.sysAddress: 0xB7745000 Size: 57344 File Visible: - Sign... Read more

Answer:help ive tried everything and i think im making it worse!!!!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 34.03%

Doesn't do anything when I press some links unless I reload a page and try again, when scrolling on image heavy sites, the screen blanks out and then a portion of the page (website title or corner of an image) multiply across the screen before edge closes or reloads the page, also in general just closes itself whenever, and the keyboard is slow to open or do anything. I Haven't downloaded anything and always clearing cache and data, it still seems to happen more over time.
Running build .164 on mobile if that's any help.

Answer:Edge is worse than IE

Im on same Build as you do. And Lumia 640 LTE, i had no issues with the Edge browser, and Edge is my Favourite tho. What is your Lumia Model?

8 more replies
Relevance 34.03%

Old, OLD Sony Viao.. been a great workhorse...Problems started with it not booting into XP unless it rested overnight! (Just like me I guess) Real problem is that I need this machine badly to teach classes.
I uploaded all the new drivers on Sony site.
. As long as I use it in the morning it boots.. EXCEPT now the keys are producing errors. Not all, just some.
One forum mentioned problems with bad memory. I have sent for a Memtest disk.. hope that will help confirm.. If so, its a doable fix.
Sony doesn't seem to have a keyboard driver .. I updated drivers for Processor, and Bios.
Any other suggestions??
I don't want to buy a old XP laptop but that may be my only choice.
 

Answer:Many problems, getting worse..

11 more replies
Relevance 34.03%

ok....i give up LOL
 

Answer:Problems are getting worse = new log

oh and also, the nortons "clean sweep/smart sweep log" picked up this
=
File 'C:\HP\KBD\PS2.DLL' added.
=======
and a lot more things, but the log is way to long to add here. Is the PS2 ok?
 

3 more replies
Relevance 34.03%

Ok so anyone who uses GMX knows that it's often down or bugged in some way or another, but this one just ices the cake:
And since GMX has zero tech support,

Tried saving it, logging out and back in and re-sending.

Recomposed it also to no avail.

What can I do?

Didn't want to change mail provider but I've had so many incidents with them now I'm really considering it. Anybody know any good ones (dont say gmail, my name has already been taken)

Answer:GMX mail is getting worse.

Solved,

Clearing my cookies and restarting my browser resloved this.

1 more replies
Relevance 34.03%

Ok bear with me as I try to explain this.

-There was a power outage in my area and my computer restarted. After restarting it would hang at the Windows loading screen with the blue bar, and it would stay like that forever.

-I went into safe mode which works fine and tried a system restore to an earlier date, and still wouldn't load.

-Went back into safe mode and it said Restoration Complete. Ran msconfig to do a diagnostic boot...still no luck.

-Ran chkdsk /r using Recovery Console, said it fixed the errors but still hangs at the same screen. Ran Samsung HD utility and detected ECC errors.

-Tried to do a Repair Windows installation using an original Windows cd, so it was SP1 when I had SP2. I tried a Windows XP Pro SP2 cd but there was no repair option so I went to my original, which was Home.

-Through the install there was a few errors such as COM+, directdb.dll, inetcomm.dll,msoe.dll and wab32.dll. I clicked okay with all of them and installation completed fine.

-After restarting, loading would be REALLY slow, and actually wouldn't go past the wallpaper. I checked task manager and explorer.exe isn't even there.

-Went into safe mode, which was super slow as well, and same thing with the no icons. Ran safe mode with Command prompt and opened system restore, only to find no restore points.


I am now at a loss as to what I should do.
Any help guys?

Thanks

Answer:problem that keeps getting worse

Got my hands on a Sp3 Windows Home cd, and got it to the Installing files screen where it shows a Do you wish to install this non verified SoundMAX HD audio driver, and it freezes.

This is TERRIBLE.

4 more replies
Relevance 34.03%

Hi,

I'm experiancing some very strange behaviour with my Asus V9280S-TVP and WINXP. If I load up a game or any software that's in any way graphics heavy my system performance decreases steadily, strange patterns start appearing on buttons and lables, textures become distorted and discolored, and then a drop out to desktop with an error message stating that "Windows has recovered from a device failure, blah blah". Screen resolution is set to something very low and color depth looks like 8bit or lower color. Shortly after the displaying of this message the system becomes unresponsive and I must power down(not much of a recovery). This problem takes a variety of differant time to manifest itself depending on the game. If I restart the system immediatly as the POST screen ticks over I can see out of place characters and similar graphics error to my ingame ones. However if I wait a few minutes before restart this does not occur and system starts up fine and runs fine untill I decide to try out another game or even 3dsmax. I've pretty much tried every driver there is for the card and found the vast majority of them actually decreased the performance of the card even further than the performance with the inbox driver (v31.40).I suspect overheating but I'm not sure if these problems are symptoms of overheating. I have considered redoing all the thermal connections to headsink with new thermal paste, but I've decided to put it off untill I get an opinion as the heatsink ... Read more

Answer:Overheating or Worse

have it being doing that before as well?

or u have just installed the card?

try newest version of forceware
2: if still doesnt works, some transistors might be faulty.

2 more replies
Relevance 34.03%

Sorry if this is too long...Starting Problem:
xp Home has been slowing down for about 6 months. IE pages would close line by line, and there was always a slight sound delay. Thought I could help myself - Here's what Ive done and the results ( all suggested by forums):
1. Downloaded Drivermax to update drivers. Before I could finish updating I lost my Wintv2000. Had to start undoing to get it back. I know this screwed up other stuff too.
2. Did all windows updates. This gave me the res:\\ieframe.dll error. Could not access my connected internet. After so much fiddling and changing settings, I decided to do a system restore.
3. Did a system restore ( after learning thru all this that it wasnt even turned on!?!) On reboot it said it "could not load personal profile" , so I lost all saved data. Undid the restore back to where I was.
4. Now the error changed to res:\\ieframe.dll\dnserrordiagoff. Started undoing the windows updates til I found it - for me it was KB960714. Now I dont know which updates to do.
5. Lost Google toolbar during this. Twice it asked to repair, but it still does not work.
6. Ran CCleaner ( ok - shoot me now). Did do a backup. Cleaned everyting except tv entries. Im sure this has mucked this further, yes?

NEW PROBLEMS
monitor goes black after random periods of time. On reboot it does chkdsk. Computer still slow. Systray icons load in different order every day.

7. Started at your READ ME OR YOU DIE page. Yes, I have ... Read more

Answer:Everything I do makes it worse!

Welcome to Major Geeks!

Actually none of this really sounds like malware problems. Yes you could have malware, but the problems you are mentioned do not sound like malware. Sounds like you problems within your Windows OS.

Attach the logs requested in the READ & RUN ME. Yes ComboFix too. Check to see if MBAM made a log. If not, just skip it for now.
 

11 more replies
Relevance 34.03%

Hello.

I need your help guys. I have some kind of virus on my computer and i cant delete it. I cant run any program and a cant run " RUN m first pograms all i do virus desabeles the program. Right now i am running my computer in safe mode, and trying to turn on the Search and Destroy program but once i do it it tell me "Error Invalid floating point operation". Whats seems now i can only run SUPERAnitSpyware... Milware bites is messed up too. Whan i press scan it scans my computer and once scan is finnished i pre3ss delete all selected and it sends my computer to lala land. ( different colors start to pop out and then blue screen of death ). Whan i start my pc windows is not starting explorer.exe. Just to let u know this happend in 2 days. Things like "AntiVirus 2009, and all the things from that category showed up before this happend, tried to delete them, but nothing was a succes.

Please help me and sorry for my english.
 

Answer:!Please HELP... fast before something worse happens

This might help.... Malwarebytes worked.... here is the log from that
 

13 more replies
Relevance 34.03%

My desktop has slowed down substantially and occasionally freezes all apps. Even after checking for malware and running a registry cleaner, nothing appears to be a problem.

Anything further to suggest?


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A4-3420 APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 2
RAM: 7666 Mb
Graphics Card: AMD Radeon HD 6410D Graphics, 512 Mb
Hard Drives: C: Total - 936682 MB, Free - 794298 MB; D: Total - 17083 MB, Free - 2095 MB; F: Total - 1907599 MB, Free - 733989 MB; I: Total - 3815413 MB, Free - 1578731 MB;
Motherboard: PEGATRON CORPORATION, 2ACF
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

Answer:Sluggishness & Worse

Motherboard: PEGATRON CORPORATION, 2ACF

Hard Drives: C: Total - 936682 MB, Free - 794298 MB; D: Total - 17083 MB, Free - 2095 MB; F: Total - 1907599 MB, Free - 733989 MB; I: Total - 3815413 MB, Free - 1578731 MB;Click to expand...

You appear to have a HP/Compaq brand desktop and appear to have 2 TB and 4 TB external hard drives connected to it.

What's the model name and model number of that desktop?

---------------------------------------------------------

Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.
(Note: There may be several seconds delay before the progress bar appears, so be patient.)

Click the "Report" button.

When the log appears, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

---------------------------------------------------------
 

3 more replies
Relevance 34.03%

Hello everyone,

This is probably the very 1st time i have ever needed assistance this badly with malware removal...My spyware doctor picks up that i have a trojan called Trojan.Spambot, the file that it is in is called Rpcrt3.Dll, it is found in all of my Sv_chost prossesses as well, i have done safe mode, tried disabling everything that is Sv_chost related and i still cant delete this file...To my understanding what the trojan does is take up bandwidth and send spam e-mails....so the is not really a way for me to live with it, as i have tried, i would greatly appreciate any useful feedback...Thank you

Answer:Worse Trojan I Have Had

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.) If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.comWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An... Read more

6 more replies
Relevance 34.03%

Happy New Year

I was deleting some of my start up list and it all went very well until I turned on my computer this morning. Goes through the normal routine when it gets to the final desktop screen the screen stays blank although the computer carries on whirring away. I think I may have disabled an nvidia process.

I have reasoned that I need to start in safe mode and enable the process. The trouble is that no matter how much I press F8 nothing happens and the boot up goes ahead as normal.

Can anyone explain how to get my pc up in safe mode?
 

Answer:A F8 worse than death

Some machines use a different key. On my machine, it's F11, so try each one. You'll eventually find the one you need. A little bit of work but not excessive.
Welcome to Major Geeks.
 

5 more replies
Relevance 34.03%

Hello!

Running windows XP.

Had Google redirects, ran SuperAnti Spyware, found vundo but couldn't clean. Ran MAM same results. Now today several new problems. SAS and MAM show no infections but I suspect otherwise. My McAfee icon vanishes when I hover over it. I can't access this website (bleepingcomputer) on the infected computer. On startup, the screen looks fine then goes blank for a second then reappears with anti-spyware icons gone. Except for the volume control, the lower left toolbar is empty. I tried to install the hijackthis version you have elsewhere on this site but the computer won't install it.

Your help is much appreciated.

Answer:Infected and getting worse

Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)Now put a check next to Complete scan to scan all local disks and removable media.In the top menu, click Settings > Change settings... Read more

8 more replies
Relevance 34.03%
Question: Worse than Crabs

Bismillahir Rahman ir Rahim

I can't get rid of this adware. i purchased mcafee, i've run adaware in safe mode with this and that and still the popups and desktop links and toolbar installs return. here is my hijackthis log -- HOWEVER i am getting several error messages when i start scanning, included below:

An unexpected error has occurred at procedure:
modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #62 - Input past end of file

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred - scanning
* How you can reproduce the error - um, scan again
* A complete HijackThis scan log, if possible -- see below

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.0

This message has been copied to your clipboard.

An unexpected error has occurred at procedure:
modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=run)
Error #55 - File already open

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.0

This message has been copied to your clipboard.

An unexpected error has occurred at procedure: modMain_CheckNetscapeMozilla()
Error #55 - File already open

Please email me at [email protected], reportin... Read more

Answer:Worse than Crabs

Why is this "worse than crabs"?
What are crabs worth?
Sorry, had to ask.....Have you done a trace back to the source?
Do you have a firewall? And, does it have logs and dates?
 

2 more replies
Relevance 34.03%

http://www.bleepingcomputer.com/forums/topic400223.html

My problem with the computer just gets worse. The browser gets redirected. I can't load IE. The computer is running very slow. Any help would be appreciated.

More replies