Computer Support Forum

Possible Malware causing network apps to not work

Question: Possible Malware causing network apps to not work

I'm posting my HiJackThis log there hoping someone can help me with what appears to be a network issue. In summary, the issue is after a reboot I can't access any network devices, open IE, open Firefox, etc for 15 minutes (seems to be exactly 15 minutes every time.) Processes start and show as running in Task Manager but they don't open up. Details on what I've tried (including MalwareBytes, SuperAntiSpyware, McAfee Virusscan, chkdks, etc) are posted on this thread: http://forums.techguy.org/web-email/907916-web-browsers-both-ie-8-a.html. Everything works fine in safe mode.

Thanks in advance for any help/advice!
Alec

Here's my HiJackThis log file...

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:16:04 PM, on 3/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Iomega\QuikProtect\QpMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Iomega\QuikProtect\QuikProtect.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/sear
ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.my.yahoo.com/p/2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
127.0.0.1
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE"
/STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search
Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround
Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuiKProtect] C:\Program Files\Iomega\QuikProtect\StartQuikProtect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126
508339056
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9cbcf1d15e414) (gupdate1c9cbcf1d15e414) -
Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. -
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. -
C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. -
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program
Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: QSCopyEngine - Unknown owner - C:\Program
Files\Iomega\QuikProtect\QpMonitor.exe
--
End of file - 8757 bytes

More replies
Relevance 100%
Preferred Solution: Possible Malware causing network apps to not work

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 61.5%

Hi I am having huge problems with my computer and my husbands laptop. They are both infected with the same malware. My lovely hubby downloads a lot of pen drive applications from unverified websites and installed the onto his laptop. While I was out one night he then put them onto my computer, which I use to work from home.

I will just deal with this computer in this thread as I need it for work and as he is in the doghouse, his can wait!

Ok, so around 6 weeks ago I noticed that comodo was not running on startup as it should and neither was AVG. I then started to get internet connection problems and found that it kept timing out. Sometimes a page would load in and others not. I now find that when I type the letters do not always print out. Everything is slow and sluggish. I found that emails that I had supposedly sent were being returned to me in my inbox also.

Before I went away on holiday I scanned with Malwarebytes and found an infection which I removed. I scanned with SuperAntiSpyware and it found Dynamic Desktop but could not removed it. I manually changed the name of the exe file and deleted it and went on holiday. C:\Install.exe trojan was also found and removed.

Now back and still problems, no scanner other than Advanced Spyware Remover is detecting anything now. Advanced Spyware Remover finds:

File Infection Dynamic Desktop c:\windows\winsxs\x86_microsoft-windows-iss-httpredirect_31bf3856ad364e35_6.0.6001_none_3aa9e6f62b23af88\redirect.dll... Read more

Answer:Malware causing many problems and scans would not all work

Everytime I tried to stop a process, it reopened and multiplied... the rogues are:
avgwdsvx.exe - avgrsx.exe - avgnsx.exe and avgcxrvx.exeClick to expand...

These files belong to AVG Internet Security.

You have both AVG and Norton 360 installed. Uninstall one!

Use windows explorer to find and delete:
c:\windows\system32\ssbtsr.exe

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip
 

16 more replies
Relevance 60.68%

Hey what's up,

Thanks for the taking the time to read this. I am helping out my girlfriend who is out of state fix her mother's computer. She is at work so we have not tried getting a log from DDS however I do have a HJT log for your review. This is her systems and the steps I have tried to take so far.

> Ran Spybot and found Fraud.Anitvirus2010 - Spybot couldn't fully remove it which to be expected
> Comodo does not launch when first starting up the computer. We launched this and attempted to scan but it just stalls at 0
> Windows Defender didn't see anything
> Attempted to scan in safemode but Comodo does not scan in safe mode. I sure an execute doesn't start up in safe mode for the program.
> Ran HJT and it's posted below. I couldn't see anything outstanding, but I'm no expert lol
> Ran Malwarebytes on her computer, this log is also posted for your review. Did not remove it btw, because it is prevented it to remove
> Looked at startups and couldn't see anything fishy expect this Winlogon.exe, which may be or might not be the issue after reading so much about it.

So I am having a hard time identifying this rogue malware expect that it's one of the "anti virus" ones. This malware has me stumped and I have removed some tough ones before.

Hopefully this helps a little. Thanks for your input in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:37 PM, on 1/9/2010
Platform: ... Read more

More replies
Relevance 58.22%

My son's virus protection was out of date so I decided to install Microsoft Security Essentials (MSE) to handle virus protection. I run MSE on other machines without issue. He does a lot of gaming on his machine and I was astounded by the amount of junk he has installed. I attempted to uninstall Norton and it appeared to complete but hung at 100% complete. I downloaded a Norton removal tool and it ran without issue. Then I installed MSE. After the install, it attempted the download the latest virus definitions and immediately hung. I rebooted and when it came back up, I could not start MSE. It loaded, but told me it could not start because the service was not installed. I uninstalled and installed again. This time, it downloaded the updates, started a scan and the computer hung. I started in Safe mode, but couldn't get it started. I then disconnected the web cam and the network cable and rebooted again. This time, it started up and MSE came up without issue. I ran a quick virus scan without issue. I then connected the network cable and the system immediately hung. I rebooted with the cable connected and it hung during startup.Following the guidance on posting, I ran the DDS program without issue. When I went to run the RootRepeal program, I got a blue screen saying Windows was shutting down because of a page read error in a non-page area. I tried running RootRepeal again, and it got to where I press the "Scan" button then the program hung. ... Read more

Answer:Potential Malware causing system crashes when network cable is present

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

20 more replies
Relevance 57.81%

Hello,I just went through an extensive, whole week Trojan Virus fix.  Now the factory installed apps for 8.1 do not work at all.  Calculator only works in the (I WILL REPEAT THIS AGAIN "Windows 7 "type" application.  I cannot access PC Settings.  When I click on it, the program looks like it's opening and then leaves a grey box on my task bar in Windows 7. Only right click close.  Windows 8.1 Search is the only one that works... which is odd.Do you have a solution for this? Thank you,Soldbylinz[recovering disk space, attachment deleted by admin]

Answer:Windows 8.1 Malware & Virus finally removed!! Now Metro Apps Don't Work. Help!

Seriously.  Will someone help me?

8 more replies
Relevance 57.4%

I installed many apps locker they all work fine but I can still access apps from the all apps list.

Answer:My apps locker work fine but apps can be accessed from the all apps list, how can I prevent this?

Yes. There is no such thing as a real app locker app in Windows Phones. This is because third party apps are not allowed to interact or interfere with other third party apps due to Windows Phone Sandboxing technology.
If the developer was careful with his app, he or she would have indicated the limitations of the "app locker" he created in the app description. Otherwise, if there is no such disclaimer about the limitations of the app in the app description, the user is encouraged to report the app to Microsoft as a fraudulent or misleading app.

2 more replies
Relevance 56.99%

OK, so as I was typing my original entry I was confounded that I was able to use Chrome and not IE or Firefox.

As it turns out, upgrading from Vista 64 to Ultimate 7, I was running the x86 version of IE and it wouldn't access the internet.

I manually navigated to c:\program files\internet explorer and WAS able to launch IE8.

I'm still not able to run firefox - it launches, but I'm not able to access any websites.

AGAIN, since I'm running Ultimate 7
IE8 (64bit) and Chrome are able to work. yea
IE8 (x86) and Firefox do not
That leads to my question, other programs are not able to access the internet - I assume because they are 32 bit versions.

For instance, I'm trying to a launch World of Warcraft and it returns an error when trying to sign in
"Can't create socket"

So i'm trying to figure out what my options and next steps are?
Is there a 32bit compatibility mode? not even sure that is a valid question

How do I get my 32bit apps to access the network/internet when running Ultimate 7.

I do hope that people with "can't connect to internet in ie8" issues - realize they may be running a 32bit version when they need the 64bit.

Thanks in advance!

Answer:network issues-64bit apps work, 32bit can't access net

In I.E. 32 bit, go to tools | internet options | connections tab.

Hit lan settings box and take away all checked boxes and hit ok. Restart I.E. and check.

You can do similar for FF (remove proxy server) if the above worked for I.E.

1 more replies
Relevance 52.07%

Hi,

As the post title suggests, I am having trouble with the modern apps and connectivity. It feels like half my computer will connect to the internet, and the other half won't. Desktop apps like Chrome, Steam, Outlook, iTunes etc. all connect to the internet fine, but any of the Windows apps like Xbox, Store and (most frustratingly) Settings will not connect.

In my network and sharing centre in the control panel it says 'You are not connected to any networks' - but in the system tray, and in the settings app it shows me as connected to my home wi-fi. I am on a desktop, and using a USB wireless adapter. I don't think the adapter is the problem as I have tried it on another desktop in our house on Windows 10 and it worked fine. Curiously also, when I click 'Adapter settings' in the control panel, it shows the wifi connection.

I've tried updating the drivers for the wireless adapter, both through the Windows update and adapter website but to no avail (and as I mentioned, it seems the adapter works fine elsewhere). I've updated manually to the latest Windows 10 Pro build, i've done a DNS flush, I've tried disabling firewalls and anti-virus, I've tried disabling startup apps, I've done a clean install of Windows 10 and still am unable to fix the issue.

If anyone has any ideas that might help that would be great. I'm happy to provide any more information if people need it.

Thanks very much.

Answer:Modern apps not connecting to internet, desktop apps work fine.

Is your DNS client service running on your system .

To resolve this problem, follow these steps:
Click Start, click Run, type services.msc, and then click OK.In the list of services, click DNS Client.Make sure that the Status column displays Started and that the Startup Type column displays Automatic.If the service is not set to Started or if the startup type for the DNS Client service is not set to Automatic, follow these steps:
Right-click DNS Client, and then click Properties.In the DNS Client Properties dialog box, click the General tab, and then click Automatic in the Startup type list.Click Start, click Apply, and then click OK.

1 more replies
Relevance 52.07%

Hi,

As the post title suggests, I am having trouble with the modern apps and connectivity. It feels like half my computer will connect to the internet, and the other half won't. Desktop apps like Chrome, Steam, Outlook, iTunes etc. all connect to the internet fine, but any of the Windows apps like Xbox, Store and (most frustratingly) Settings will not connect.

In my network and sharing centre in the control panel it says 'You are not connected to any networks' - but in the system tray, and in the settings app it shows me as connected to my home wi-fi. I am on a desktop, and using a USB wireless adapter. I don't think the adapter is the problem as I have tried it on another desktop in our house on Windows 10 and it worked fine. Curiously also, when I click 'Adapter settings' in the control panel, it shows the wifi connection.

I've tried updating the drivers for the wireless adapter, both through the Windows update and adapter website but to no avail (and as I mentioned, it seems the adapter works fine elsewhere). I've updated manually to the latest Windows 10 Pro build, i've done a DNS flush, I've tried disabling firewalls and anti-virus, I've tried disabling startup apps, I've done a clean install of Windows 10 and still am unable to fix the issue.

If anyone has any ideas that might help that would be great. I'm happy to provide any more information if people need it.

Thanks very much.

Answer:Modern apps not connecting to internet, desktop apps work fine.

Is your DNS client service running on your system .

To resolve this problem, follow these steps:
Click Start, click Run, type services.msc, and then click OK.In the list of services, click DNS Client.Make sure that the Status column displays Started and that the Startup Type column displays Automatic.If the service is not set to Started or if the startup type for the DNS Client service is not set to Automatic, follow these steps:
Right-click DNS Client, and then click Properties.In the DNS Client Properties dialog box, click the General tab, and then click Automatic in the Startup type list.Click Start, click Apply, and then click OK.

0 more replies
Relevance 51.66%

When I set default storage space to SD card, the apps doesn't get installed, and same is the case when the apps are moved from phone to SD card in Lumia 535.
Checked for OS updates, but is of no use.
Any solution, please help out

Answer:Why the apps doesn't work when the apps are moved to SD card in lumia 535?

Did you make a soft reset? Just press volume down + power button for 10 seconds and it will reboot.
Another option you have is install the apps manually, via .xap files
If anything else fails maybe a hard reset is needed but that would erase everything in your phone.

2 more replies
Relevance 50.84%

*Just to clarify, I don't have internet access, I also reset everything (hosts file, flushed dns, release and renewed CHCP, etc... with a program called "netadapter repair all in one" that is on the bleeping computer site*

So we had some malware on the work computer, it was "dns" something. I think it was DNS unlocker but I'm not 100% sure. I removed it with malwarebytes & adwcleaner and it now recognizes that its connected via ethernet cable, but it says unrecognized network. Its a Windows 7 PC and it worked fine before and other Windows 7 PCs work fine.
I believe it has to do with the sonicwall or something else. We have a cable modem/router (2 in 1), a big switch, and a sonicwall. I tried restarting all of them, but that didn't help. So I bypassed the sonicwall and it works, but now that computer doesn't see the network printer!
So basically I would be ok with bypassing the sonicwall as long as I can get the network printer to be recognized, but its not and when I open an explorer window and click on "network" on the left, the other computer that is connected through the sonicwall doesn't show up so I can access the shared printer (the printer is connected via USB to the other computer for now temporarily so 1 computer can use it).
I would prefer to do things correctly and have it work with the sonicwall, but I'm not sure how, any ideas?

Some things I noticed or tried:
1. The computer that does wor... Read more

Answer:Removed some malware off work computer. Now it doesn't connect to the network correctly.

Had a similar one before. From memory try manually resetting the TCP/IP stack.
 

17 more replies
Relevance 50.43%

Ok, so this is the wierdest problem I have EVER seen, and I have seen alot of crazy computer problems.

I have a latop (Fujitsu Lifebook N3010) that has been a loyal machine for over three years. As its warrenty is up I decided to finally open it up and do some cleaning since the fan grills were pretty filthy. While there I also cleaned up the CPU and installed some nice artic silver which lowered my temps quite a bit (not to mention the noise level finally).

Fast forward a month of flawless performance and while I am playing a game my screen starts to litterly jitter, with pixels being randomly adjusted about, seemingly the jitters all start on a edge, so if I have a rectangle showing, its the endges that get blurred while the middle stays relatively normal, except for text which also goes crazy.

At first me and a friend figured the video card was the problem. Opened up the system, isntalled a better cooling system, but low and behold nothing was helping it. Some testing showed that not only did the jittering not effect performance, but that when I used a CPU burn in program I could actually make it stop. Some how fully loading my CPU removed the jitters, of course this made game performance awful and so its not really a good solution.

A google search found a thread with another person having the same problem with a CPU almost identical to mine (2.66Ghz P4 instead of my 2.8Ghz P4). Turns out when he swapped procs, no more jittering, and later he found a hair... Read more

Answer:CPU causing jittering in 3d apps.

Welcome to MajorGeeks! And dang, that is a strange problem. Let us know how it goes with the CPU swap.

E
 

3 more replies
Relevance 50.02%

Howdy all,

I seem to be having a rather odd and extremely annoying issue on my new Win7 RC install. Note that in my description below, I will mention the use of certain torrent clients. I am in no way looking for help using these clients or torrents or file sharing in general though, as per the forum rules.

Certain apps that connect to the internet will cause my connection to drop *immediately*, and without a notification appearing. As long as any of these apps stay open, the connection will keep dropping as soon as it gets back (in other words -- every 10 seconds or so). In practice, this obviously means that the apps that trigger this behaviour are unusable. Getting the connection back to normal is achieved by closing the app that triggered this, and soft resetting the router. Other than this, my connection is rock solid. Many other applications that connect to the internet work perfectly fine.

At first, this happened with uTorrent -- on a fresh Win7 install, with a fresh, clean, uTorrent install without any torrents loaded. Naturally, I tried tweaking the settings, disabling or lowering everything that could possible interfere, but to no avail. I then went on to try several other torrent apps, all with the same behaviour. Opera's built-in torrent handling appeared to work fine, however, but is insufficient for me. Finally, it appeared that ABC did not have any trouble and has been running fine for a few days. Phew, problem solved.

Not. I just installed Windows Liv... Read more

More replies
Relevance 49.61%

Hi

I am a complete newbie so apologies if this is in the wrong place. I have cleaned up some malware / trojans using spyware doctor and malawarebytes. i also have AVG on system. However, a malware or malware clean up has left Flash not working. When i go to install it again a message pops up that if you trust the site click here. At this point the page freezes and I have to shut down IE8. I have windows XP.

I have very limited computer knowledge but should be able to follow any instructions! Any help gratefully received.

Many thanks

Answer:malware/malware clean-up causing adobe to fail and cannot re-install

Since you posted here, let's make sure you're not still infectedUpdate mbam and run a FULL scanPlease post the results-----------------------Then runATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperl... Read more

1 more replies
Relevance 49.61%

I'm at my wit's end with this problem. I've scoured the net trying to find a solution to no avail.
I'll try to be as specific as possible regarding information about this thou the instalation is in swedish so some terms might not be correctly translated...

The computer in question is a HP550 laptop running Vista Basic 32-bit. The owner could not tell me when or how the problem started but he suspects it's his gf's 10 year old kid done something he shouldn't.

When I start the computer I get 4 notifications of apps stopped running: iTunes, Panda AV, Panda AV Console and DVD Check. The one thing all crashes has in common is Faulty Module: MSVCR80.dll
Other apps like IE, Explorer and other programs crashes shortly after being started, sometimes they don't start at all, and again it's faulty Module: MSVCR80.dll (sometimes it's .dll_unloaded)

Here's an example of a crash report:

Program: Iface.exe
Version: 11.9.9.1
Program Time stamp: 00000000
Faulty Module: MSVCR80.dll_unloaded
Module version: 0.0.0.0
Module timestamp: 4a594c79
Exception code: c0000005
Exception (can't translate) : 71432e41

And another:

Program: iTunes.exe
Version: 9.1.0.79
Program time stamp: 4bac65a0
Faulty module: MSVCR80.dll
Module version: 8.0.50727.4053
Module time stamp: 4a594c79
Exception code: c0000005
Exception... : 00046436

I have narrowed it down to have something to do with Visual Studio Libraries or something similar. So far I have tried the following:

Ran Wind... Read more

Answer:MSVCR80.dll causing crash in multiple apps

Find a good copy of that file online and then place it in Windows\System32 and also in the same folder as each of the .exe that are crashing.

Scan the system with Malwarebytes.

Ask if you can uninstall the Panda and replace it with MSE. Definitely do so if able. Use the cleaner found here for Panda.

http://www.sevenforums.com/tutorials...nstallers.html

6 more replies
Relevance 49.61%

Hi all. New here. Been lurking for a while, though.

Each time I start my computer I get two apps that I want started with Win 7 asking for UAC permission to continue. It's just a little annoying. How can I stop this?

I've been using Win 7 through builds 7000, 7048, 7057, 7077, etc. I've just lived with this annoyance for months. It's not a big deal, just tired of it.

Apps:
eVGA Precision V1.7.0
Everest Ultimate 5.0

Win 7, Build 7100, 64 bit.

Thanks!

Answer:Two apps causing small problem on each boot.

Go to Control Panel User Accounts Turn off UAC and reboot

2 more replies
Relevance 49.61%

I got a notification that some apps I have are delaying my start up time. It seems like 25 seconds is too slow for MS. Strange thing is that none of the apps were MS apps. So I went into settings and stopped all but two MS aps from running in the background.

More replies
Relevance 48.79%

I think the title explains pretty well, but when I press the middle mouse button (Press, not scroll.) it shuts down whatever is up, including taking me to the Standby/Shutdown/Restart option. I have a USB LapMate optical mouse and I run a homebuilt PC on Windows XP. Help?
 

Answer:Mouse wheel causing PC to shut down apps and windows

Did you install drivers for the mouse? They sometimes stupidly auto set the button to close app. It'll often appear in the icon bar thingy at the bottom and usually looks like a mouse.

Open the full bar and mouse over each until you find the icon. Failing that, try mouse properties in the control panel.
 

4 more replies
Relevance 48.79%

Every time I used Google Chrome after a few minutes my computer would freeze up and the I would get a non-stop beep. I uninstalled Chrome and tried using Firefox. This worked slightly better though Firefox would keep crashing and then after a while would exhibit the same behavior, worked for a couple minutes and then freeze/non-stop beep of death. I finally ran Hijackthis and took out everything that looked unfamiliar and ran Malwarebytes Anti-Malware. Found two questionable items and one item Malware.Trace. Removed these things, but no luck, still after a couple minutes and then freeze / beep. At one point it even happened to me while I was trying to upated Anti-Malware. There doesn't seem to be any exact amount of time or browsing, sometimes it happens within 12 seconds sometimes I get five minutes. Has anyone had a problem like this before? I'd really like to not have to reformat. HELP!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:51:21 PM, on 12/28/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spo... Read more

Answer:Internet related apps causing computer to crash

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 48.79%

Currently running EMET 5.2.5546.19547 an upgrade to 5.5 is in the pipeline.
I have a screensaver provided by a vendor .scr - when i execute this screensaver i get DEP mitigations like below.
<CANT INSERT IMAGE BECAUSE: Body text cannot contain images or links until we are able to verify your account.>
The apps do not terminate but there is a cascade of notifications across the screen, this is a legit screensaver and I dont believe contains malicious code. I cant run any sysinternal tools as its a screensaver and I cant get focus on the Sysinternals windows
etc when it is running.

Sample from EventVwr
EMET detected DEP mitigation and will close the application: WINWORD.EXE

DEP check failed:
  Application     : C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE
  User Name     : <redacted>\<redacted>
  Session ID     : 1
  PID         : 0x3B2C (15148)
  TID         : 0x19C0 (6592)
  Module     : saver1.dll
  Mod Base     : 0x04940000
  Mod Address     : 0x04953001
  Mem Address     : 0x04953001

More replies
Relevance 48.38%

We are currently experiencing an issue very similar to this one here: https://answers.microsoft.com/en-us/windows/forum/windows_7-update/kb3197868-seems-to-break-office-2010-on-32-bit/33ae38aa-52bd-4961-beb3-ddd41a582fb6
After installing the Monthly Security Rollup's our 32bit computers are unable to open applications such as Internet Explorer and Office 2013. Luckily we use a test group for these updates and have not had wide spread issue. That being said, I am unable to
push out the needed security updates as efficiently as I would like considering the issue. 
I cant seem to find too many others who are having a similar issue. I posted a reply on the above mentioned thread and was asked to post here instead. 
Any suggestions on what to do to fix this issue? 

More replies
Relevance 48.38%

Seems like one of these two has infected my comp. Was getting bogus antivrus pop ups as well as being redirected when googling how to remove j8rpltrobq. It also changed proxy settings in ie and safari browser no longer works. also having problems running rootrepeal. Please help! Many thanks.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Beth at 17:23:55.42 on Thu 12/24/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.957 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\sv... Read more

Answer:renos.jm and a startup j8rpltrobq causing problems with browsers and other apps

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may ta... Read more

6 more replies
Relevance 48.38%

I have a hdmi switcher from monoprice that I use to switch input between my pc and my ps3. I have a dell 2407 monitor.

I just recently upgraded to win 7 from vista, but I noticed something. when I switch to ps3 and back to pc via the switcher, my app windows get re-sized, as if the resolution changed and changed back.

For example, firefox and my AIM buddy list would shift to the left and get re-sized.

This didn't happen in vista, all my programs stayed in place.

Anyone know how to fix this? I have the monitor drivers installed

thx

Answer:Win7 causing apps to resize/shift when switching inputs

bumpppppppp

2 more replies
Relevance 48.38%

Hej, i have an annoying issue, both with x32 & x64 : If i launch the actual apps* before i launch chrome, asian language shows fine, however if i launch them after chrome, some of those language won't show normally, there will be something like ㅁㅁㅁㅁ instead of them. This happens with few different apps but also with windows explorer sometimes (?) so i'd really like to undestand why, maybe there's just something to turn on/off?

Answer:Google Chrome causing annoying unicode character bug to some apps

Made a mistake : This should be in the APPLICATIONS section, please move it

1 more replies
Relevance 48.38%

So. 2 hours ago, everything is hunky dory. I click on the internet, type netflix, click a movie, and it plays. I could even click on steam and it would boot up just fine.


Idk what happened but everything seems to be out of whack. This image will show you the errors I get on startup after I tried restarting my computer in an attempt to fix it. http://i.imgur.com/hjEONT9.jpg


Basically, I'll run firefox, the vprotect error will come up, and when visiting netflix for the first time after the error occured, netflix all of a sudden needs to be made an exception in order to be visited. This goes with every website I had not yet been to before the errors occurred.


Netflix specifically doesn't function at all. I'll click a movie, the blue dots will load, and then for just a split second the 'Whoops, something went wrong' screen flashes but instantly goes to black and nothing else happens.


Steam will not boot up any longer.


How can I get rid of these errors? I've tried pretty much everything I could find that worked for other people getting the Vprotect error but it doesn't seem to work. I suppose I need something catered to my specific problem. If you need any additional information feel free to ask, I'll be checking this thread every few minutes. Thanks.

Answer:Vprotect error causing apps to crash. (Firefox, Steam etc)

Vprotect is part of avg usually a toolbar try disabling it

7 more replies
Relevance 48.38%

 
A trojan that's currently doing the rounds in Japan is using Windows itself to try to defeat security software on infected machines.
Trend Micro reports that the BKDR_VAWTRAK malware, which steals credentials used for online banking at some Japanese banks, is using a Windows feature called Software Restriction Policies (SRP) to prevent infected systems from running a wide range of security programs, including anti-virus software from Microsoft, Symantec, and Intel. A total of 53 different programs are blocked by the malware.

http://arstechnica.com/security/2014/06/banking-malware-using-windows-itself-to-block-anti-malware-apps/

Answer:Banking malware using Windows to block anti-malware apps

TrendLabs: Windows Security Feature Abused, Blocks Security SoftwareEdit: Your Trend Micro link initially did not work for me so I reposted it for the benefit of others. Checking a second time the page finally opened.

3 more replies
Relevance 47.97%

So basically this whole time I thought it was my internet and my router, but apparently it wasn't. Whats peculiar is, my mac systems are picking up the internet but my windows aren't. However, the status on my windows is connected but not really transferring any 'bytes.' Anyway, I later tested out that Internet Explorer (64-bit) version works. (I primarily use Firefox) I tried the Internet Explorer (32-bit edition), it does not connect, and when I close it, the computer detects an error in closing, same exact errors applies with my other 32-bit applications I use daily like: Miranda IM, utorrent, Firefox...My computer is not completely unstable, and after trying all this, I can come to the conclusion that it's not an internet problem (since 64-bit ie works and when i directly connect my ethernet cable from my modem, only the 64-bit edition works, none of the others like stated above.)

I really think it has to do with something in my operating system, Microsoft Windows Vista Enterprise (64-bit Edition). I've restarted several times, same problem persists.

Time to reformat?

Your help is greatly appreciated, I can add more details if you'd like, it's just, I'm so dependent on these apps, I'd really like to get to the bottom of this issue.
 

Answer:Suddenly, only 64-bit applications work on 64-bit OS, 32-bit apps closes/doesn't work

Same exact thing happened to me. To my knowledge there isnt a straightforward fix or none that I could find. I just imaged my drive with a backup.

I think one of the updates messed things up but I cannot confirm that. I messed with the TCP settings and some other fixes but could not fix it.

If you figure it out please post back with your results.

Good Luck!
 

5 more replies
Relevance 47.97%

Have there been any 3rd Party apps which are broke by Vista? / Dont work so well?

The only thing I can truly find is the Nvidia Control Panel is busted. Everything else I use seems to work just fine.

What about for you?
 

Answer:What 3rd Party Apps dont work/work correctly in Vista?

What's wrong with the Nvidia control panel? Aside from not showing up in the system tray, it seems to work fine for me.
 

4 more replies
Relevance 47.56%

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

Answer:Infected w/Malware that doesn't let you run anti-malware apps etc.

16 more replies
Relevance 47.56%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 47.56%

Win32.Dropper-Gen : MSPublisher and other apps causing virus alerts, other random behaviour ? Can't remove trojan.WindowsXP.SP3Hi,I hope you can help! I have run out of ideas, or confidence to do anything more.We normally have Avast, SpyBot and Comodo Firewall/Defence+ running monitoring internet, disk r/w operations etc. I think SpyBot also monitors registry changes. Unfortunately, the week before, we had to have a new motherboard and the computer shop had to uninstall Comodo Firewall/Defence+ as it interfered with their updating of the drivers. I didn't get round to installing it again Last weekend my 13 year-old, but Internet savvy, daughter was looking for pictures for her homework. She was using Firefox to search and MS Publisher to store copied and pasted images (searching for ?amazing water fountains?). She clicked on one image in Google and suddenly the Avast rocket went up saying that there was a virus. She quit the browser tab page that was still loading. The screen locked up with a program image which looked like Internet Explorer, but wasn't. And we couldn't close it, or bring up a Task Manager in front ? the window had no border or close buttons and it remained on top of everything. The only thing to do was to do a forced shut-down ? turn the PC off at the wall. Wisely, she did nothing else apart from to come running to us to report the bad news.Turning the PC on again and logging into that account brought up this locking screen ag... Read more

Answer:Win32.Dropper-Gen : MSPublisher and other apps causing virus alerts, other random behaviour

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

21 more replies
Relevance 47.56%

I can only connect to the network using 64 bit applications on Window 7 Pro SP1.

The problem occured after installing the latest version of iTunes (may or may not be related). I uninstalled iTunes with no change. IE 32 bit crashes after opening. Firefox opens but gives Server Not Found error. I cannot connect webservers on the local network with Firefox either. Filezilla will not connect to local or remote servers. VNC will not connect to local servers - IE 64 works fine and command line tools like ftp and telnet to internal and external sites works fine - this is not a DNS, Firewall, or Routing issue.

Same results in Safe Mode
sfc /scannow runs clean.

I reset the winsock, uninstalled all my network adapters, including the drivers and resinstalled them. Rebooted multiple times.

Unfortunately I just discoved that System Restore was not enabled so I can't roll back.

I doubt this is malware related as I have multiple levels of defense (postini, SpyShelter, Symantec Endpoint) and outside of iTunes have not downloaded or installed anything or even visited unusual websites. I'm about to do a deep scan that will probably take a few hours just to play it safe.

Please! Does anyone have any suggestions? I see plenty of posts about similar issues but either they never get resoved without a rebuild or the winsock reset works.

Thanks!

Answer:32 bit apps cannot connect to network. 64 bit apps can.

More info:

VNC gives the error: "Unable to initialise Winsock2" while Putty: "Unable to initialise winsock"

Netsh int ip reset reset.txt hit responds:





Quote:
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.


BUT there is no reset.txt created in the directory I run it from (c:\temp), even if I sepecify a path for the log file... This seems curious.

The virus scan is still running (clean so far).

2 more replies
Relevance 46.74%

I have checked everywhere online, and I haven't found a single explanation for this.

I have 3 user accounts.

1. Administrator
2. initial user
3. new user

So the initial user is the one you are forced to create when first setting up Windows 8.1. It's a local user meaning that I set it up without signing into a MSA.

In both the Administrator and the initial user, all the WinRT apps/tiles work. Like the weather will show up and everything.
WITNESS:

Whether I change the Initial User to Standard or Administrator, everything still works fine. Of course, the Administrator can't open WinRT apps which is standard and normal. And the initial user can't use apps without signing into MSA. But it all still works perfectly fine.


The problem is with the new user. The new user is meant to be in Administrator mode because it's my main account. But whether I set it up as Standard or Administrator, it's the same thing. None of my WinRT apps work.
WITNESS:
Even when I sign into my MSA with the new user, it's still the same thing. It synchronizes to my OneDrive online. It recognizes that I'm completely signed in online. Yet it's still the exact same thing with the WinRT apps. None of them work. Even when I try to open up the Windows Store. It just continues to try to open, but doesn't go all the way through. So whether I'm signed into my MSA for the third user or not, it still gives the same problem.

I ran Windows Update, and it worked perfectly. Everything is up to date.

Answer:Windows Apps don't work for one user, but work for others.

I created a 4th account using an MSA instead of creating it as a local account. And it still has the same problem as the third account. Like I said, whether the account is created with an MSA or if an account was created as a local user, and signed into a MSA. It's the same extremely frustrating problem. I can't do anything like this.

11 more replies
Relevance 45.1%

I'm computer knowledgeable but not an expert.This is my first post because this is a problem I cannot lick by myself. My son's computer has malware that is constantly allowing pop-up ads. Running msconfig shows three suspicious programs peroruvo, gahejeyu, and wotuzapi. Restarting the machine after unchecking each item result with all of them being reinstalled and running again.
The computer is a Pentium 4, Windows XP Service Pack 3 and 3.25 GB Ram. I've run my purchased copy of AVG Anti Virus 8.5, Adaware and Spybot Search and Destroy. None have worked.
Any help would be appreciated.
GSquare
DDS Log

DDS (Ver_09-03-16.01) - NTFSx86
Run by Computer User at 23:45:09.90 on Sun 04/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2577 [GMT -4:00]

AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunes... Read more

Answer:Malware causing Pop-Ups

Hello GSquare,Welcome to Bleeping Computer.Sorry for delayed response. Forums have been really busy. My name is fireman4it and I will be helping you with your Malware problem.As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.I will be analyzing your log. I will get back to you with instructions after it is approved.

12 more replies
Relevance 45.1%

I was browsing Google Image Search last night and I went to some website and all of a sudden I started getting pop ups, which I never get. The thing is, I was browsing on firefox, and pop ups started coming up from firefox AND internet exporer (although internet explorer wasnt even running). I ran CCleaner, Lavasoft Ad Aware, AVG Antivirus and Trend Micro, and all it found were a few tracking cookies. No worms, viruses, or anything of that sort. YET, Im still getting popups. Im afraid for my computer and businesses safety. Any recommendations on other scans I can do or what might be the problem here? I have my firefox pop up blocker on but one thing that does keep happening is my setting that says "Open windows in new tabs" keeps switching by itself to "Open windows in a new browser". HELP PLEASE! Thanks so much in advance.

Rachel
http://samplesite.info
 

Answer:Malware causing many pop ups out of nowhere? HELP!

Welcome to Major Geeks!



miadesigner said:





ran CCleaner, Lavasoft Ad Aware, AVG Antivirus and Trend Micro,Click to expand...

If you have multiple antivirus programs installed ( AVG and Trend Micro) you must uninstall one of them immediately and then reboot before doing the below.

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the proble... Read more

1 more replies
Relevance 45.1%

Hi! i have a Toshiba 5205 laptop running Windows XP that is having problems. I have recently installed SP2, but it has not completely fixed the problem. I have no idea if these things are related. I also have a Hijack This log.

First - my laptop sounds at times like a plane is taking off....i assume this is a fan problem, but am uncertain if it is linked to my other problems. I always have my laptop propped on a "cooling pad" to help circulation.

Second - about 2 weeks ago, I started having problems running Java. Applets would load, but then i can't press any buttons, even to exit the screen. I have to pull up another screen and then go back to the java applet to close it - but that is all i can do. The same thing happens when I try to access the Java console through my control panel. I have the latest Java installed. HOWEVER, I do have old Javas on there that Windows cannot remove because a tempfile is missing.

Third - after I installed SP2 4 days ago, i now am having problems with the touchpad buttons on my laptop. the pad itself will move the cursor fine, but if i want to click anything for any reason, i HAVE to plug in my Logitech mouse.

Finally, in reading some old threads here, i was prompted to check my system event viewer, and discovered the following Event ID # 52 has been occurring frequently over the past month:

The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail. Immediately back up your data and replace ... Read more

Answer:Is malware causing this?

16 more replies
Relevance 44.69%

Ok, so here is my situation. I started getting these pop ups for malware defense. I went to a few websites that suggested I use Malware Bytes to get rid of it, so I downloaded it and ran the scan several times. Each time I ran the scan, It would show up with less and less infected things. I ran another scan and the computer needed to be restarted to finish it, just like all the previous scans, so i restarted the computer, and instead of it restarting, I would get the Dell load up screen and Windows xp screen like usual, then it would flash the blue physical memory dump screen and then start all over with the dell screen. It would never restart completely, just keep cycling through those three screens. I finally pressed F8 at the dell screen and clicked the option to start it from its last working configuration so I am able to open it now. I ran a hijack this scan on it and have the file log. I dont know anything about computers, so I would really appreciate it if someone could take a look at it and tell me what I should delete and what I need to make sure I dont delete. Thank you very much!

Jason

Code:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:25:22 AM, on 12/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
... Read more

More replies
Relevance 44.69%

Hi All

I'm having some trouble with Malware on my PC that's causing it to run slow. I let my 8 year old niece use the internet and ever since have been having issues

I've tried running Malwarebytes and TuneUp Utilities and am finding that everytime each program scans over my "temporary internet files" they freeze up. I've tried clearing my browsing history under internet options but that causes a freeze also. It seems that every program I run just freezes up when it scans over that specific folder.

All help is much appreciated in getting my PC back to running smoothly again. Here is the HJT Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:17:55 PM, on 2/1/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\User\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless ... Read more

More replies
Relevance 44.69%

Hi

I've had some problems for a time with random crashes and BSOD. I tried some of the free Anti Virus programs, and some of they show something, and some don't. I would guess at a malware causing it, but I can't be sure. The frequency of BSOD is almost daily.

I ran all the steps of the read me thread, and the only real obstacle was the ComboFix which crashes to BSOD every time. The MalwareBytes seemed to find something, but removed it as far as I could see.

I attached the 3 logs that I have.

Any help would be really appriciated! I have spent hours upon hours on this stuff now...

Thanks in advance.
Fingon.
 

Answer:Malware causing BSOD?

... And Windows can't update because it detects that the computer is infected...
 

16 more replies
Relevance 44.69%

Thanks so much for taking the time to help! I'm at my wit's end.

I can only run my computer in safe mode for any extended period of time. I keep getting the BSOD (it unfortunately appears about 5 or so minutes into every regular login, after every program I have pops up to tell me something is wrong), and my windows updates, bitdefender security, and spysweeper are all disabled without me having done that. So, I'm forced to run my computer in Safe mode. I have run Ad-Aware, Malwarebytes, and Spybot SD, each of which has found a dozen or so viruses. I think malware may be at the root of all of this. Even cleaning the viruses doesn't seem to get rid of the problem. I only managed to save my malwarebytes log, which I've attached, and I did write the BSOD info down...

PAGE_FAULT_IN_NONPAGED_AREA
***STOP: 0x00000050 (0xE3F4E878, 0x00000001, 0x805509E9, 0x00000001)

I have also get one intermittently that doesn't have a header, just the numbers...
***STOP: 0x0000008E (0xC0000005, 0x8055059A, 0xA76D194C, 0x00000000)

If this is a Windows problem, I will gladly repost it in the XP forum, but it really feels like the root cause is some sort of malware.

Can you help?


DDS (Version 1.0.1) - NTFSx86 NETWORK
Run by Administrator at 21:42:35.39 on Mon 12/15/2008
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.1115 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomL... Read more

Answer:Possible Malware causing BSOD (XP)?

***Bump, please***

Can someone please help, or at least tell me where I can find help???

1 more replies
Relevance 44.69%

Please help. Barracuda filter reports 49 attempts to access
Code:
http://img100-493.xvideos.com/thumbs/
... in a span of 4 minutes. Some are four or five attempts in a second. This computer has NEVER accessed ANY porn sites, it is a work laptop. It has Chrome, Firefox, and Explorer. Chrome being used the most. How did this happen? How come I didn't see it? Why didn't Kaspersky see it? How do I get rid of it?
 

More replies
Relevance 44.69%

This is the most bizarre malware I have ever seen. When I boot the WinXP computer to safe mode the internet works just fine. When I boot in regular mode I am able to ping everything (e.g. www.google.com, 192.168.0.1, etc.) but when I open up a browser (any browser) I get no connectivity.

I did a scan on this pc yesterday and their were a lot of viruses that I removed. I'm not sure if one of those caused this issue but I figured I'd post my hijack this log here to see if you guys have any insight.

Thanks in advance.
 

Answer:Malware Causing Internet Go Down

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 44.69%

I have a self-build pc and I'm running windows XP. I noticed about a month ago that windows updates didn't seem to be loading. I didn't have time to mess with it and didn't see any other issues. Then the other day I was using FF and tried downloading the lastest version of itunes and it wouldn't download (so I switched to chrome and it worked fine). Then I was able to download all the diagnosis software using FF today with no problem. Anyway, earlier today I decided to tackle adding a new printer and when I tried running in the installation disc...it wasn't working. Going into device manager, there was a message saying that it's configuration information (in the registry) is incomplete or corrupted. I figured a good starting point was to scan the computer for malware first before trying to figure out if they are related or not.

(RK and Hitman pro were the only two that seemed to show something)
 

Answer:Not sure if malware is causing all pc problems

The last log...

I did not make any changes and followed the instructions to the best of my ability.
 

4 more replies
Relevance 44.69%

Hi there. I'm hoping someone here can help me out. I have a Win 7 x86 Toshiba laptop I am trying to fix for a friend : after browsing the net before installing AV software it appears he has picked up some malware. The main symptom is that trying to access a webpage it redirects to 'microsoftblacklists.com' and comes up with one of those fake "You have been infected with a virus... click here to clean" (or words to that effect) pages. I ran Hitman pro on the laptop and it told me I have a possible variant TLD3 rootkit.... and also it did not seem to be able to fix it. I've had no luck getting rid of this thing since November... I believe it is one of the newer variants not as yet able to be dealt with by AV progs. So I have now run DDS and GMER and am posting the logs here. This is my first time at this site and using these utils so hopefully I have done it correctly. I also ran ComboFix (I know, I shouldn't have yet) so am posting that log here too. DDSDDS (Ver_10-12-12.02) - NTFSx86 Run by Lachie at 18:31:21.40 on Sun 19/12/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3062.1907 [GMT 11:00]AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}============== Running Processes ===============... Read more

More replies
Relevance 44.69%

hi- I seem to hv some kind of trojan malware that is causing frequent and incessant pop-ups.
I hv posted the DDS logs.
pls help provide guidance to address....
thanks
Sam
______________

DDS.txt log

____
DDS (Ver_09-03-16.01) - NTFSx86
Run by Saanchi at 12:30:21.79 on Sun 04/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.242 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster\WMP54GSv1_1.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Vi... Read more

Answer:Malware causing incessant pop-ups

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you wi... Read more

2 more replies
Relevance 44.69%

I went on my computer Sunday morning and opened a Mozilla browser window. Immediately, approximately 150 Internet Explorer browser windows opened. Once it settled down, I closed them all. In my system tray, a red circle with a white 'x' in the middle appeared with a dialog balloon telling me that my system was in danger and required anti-virus software. It then downloaded automatically some software (I forget the name, but it was something I hadn't ever heard of). I went into my control panel and removed that program. I then went to Symantec's website and downloaded and installed Norton Internet Security and Anti-Virus. After installation, it recommended that I restart my computer. After clicking ok, everything closed (very slowly) and shutdown. I then saw the computer reboot and the Windows XP loading screen came up. When that display went away, the blue screen of death appeared informing me that I had a missing component. It said that basetjk32 was missing and that if I reinstalled this program that it would resolve the problem. I tried googling 'basetjk32' to no avail. I heard that I should use HijackThis, so I rebooted in safe mode with networking, downloaded HijackThis and ran a scan and saved the log.Here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:03:13 AM, on 4/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS&... Read more

Answer:Malware Causing Bluescreen, Please Help!

Symptoms: 150 IE screens popped up on my computer. I tried to install Norton Internet Security. I restarted my computer after installation and now I get a bluescreen error saying "Component Not Found: basetjk32 was not found. Reinstalling this program may fix the problem." I rebooted in Safe Mode and ran HijackThis. I pasted the log below. What do I do next? Can anyone help me with this?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:03:13 AM, on 4/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070912R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast... Read more

3 more replies
Relevance 44.69%

Ok, so as far as the "am I infected" question goes, without a doubt I know I am. But that about sums it up in terms of what I know about this problem.There I was researching Martin Luther King Junior I clicked on a seemingly legit sight and what I got was some program downloaded to my desktop and numerous pornography pop-ups flashed onto my screen I quickly deleted the thing that had gotten onto my desktop and exitted out of the pop-ups as my littler "innocent" siblings were around.I researched and searched using AVG for about two hours I came up with nothing and AVG came up with a couple suspect applications but putting them in quarantined and later deleted the problem is still there.So all-in-all now what I have is every google search theres always a video link to youtube with a graphic picture and a couple phony links to sites advertising OBVIOUS malware and every now and then when I click on a link it redirects me to a adult finder or w/eIt would be fairly apprecited any help offered seeing as how this is a family computer and it's now nothing but inapropriate...Thnx and if anything is needed just ask ;D

Answer:Malware Causing Porn

hello and welcom a bit more information would be helpful so can you kindly tell us your windows version, and what other protection programs ( if any ) apart from avg antivirus ( 7.5?)you have so far run?

5 more replies
Relevance 44.69%

Not sure how long system has been infected. My laptop has been running slow for quite some time and my hard drive was running low on space so I thought I could clean out to free up space and performance. I downloaded Malwarebytes Anti-Malware & CCleaner earlier this week and began having problems with some programs(Photoshop & Silhouette Studio) thereafter. Both stopped working and details revealed Appcrash. I'm completely at a loss and need some help. I would appreciate any guidance and direction.
 

Answer:Need help - I believe malware causing appcrash

Hello,

Please follow this topic and attach required reports

http://malwaretips.com/threads/preparation-guide-before-requesting-malware-removal-help.20334/
 

19 more replies
Relevance 44.69%

I have a test computer that has two hard disks. One of them has multiple partitions where each partition has one Windows Operating system except two of them which have data and images. There are Windows 7, Windows Vista, Windows 2008 and Windows 2003. The other hard disk has one partition one operating system which is Windows 7.

The have been working fine. All of a sudden the other day I found a Windows 7 system ran out of disk space. Windows Explorer showed that all partitions from between 20GB and 90GB shrunk to 500MB except one partition where the Windows 2003 resides. One Windows 7 system even showed itself and the data and image partitions have zero free space left.

On the disk management, the top part shows exactly the same data of the Windows Explorer which is wrong but the bottom part show the correct values. Using the diskpart of the install disk and the Windows PowerSheel, both show correct values throughout.

On one Windows 7 system alone, there are following additional problems. It proves that it is not GUI or reporting problem. There is something more pernicious in the background.
-The "sfc /scannow" wouldn't run with an error message saying "Windows Resource Protection could not perform the requested operation."
-The security center reports the Windows Update is not turned on though it is set to automatically download and install.
-The Microsoft Security Essentials wouldn't start.
-I can't install any new application but... Read more

Answer:Is some malware causing my problem

I further found I can't start safe mode or disable any startup items or disable any service from MSConfig.

In addition to Malwarebytes' Anti-Malware, I have run Spybot - Search & Destroy and Advanced SystemCare 4 as well as Dr Web CureIt but problem remains.

3 more replies
Relevance 44.69%

I seem to have a virus or malware infection that is proving resistant to all attempts to remove it and would welcome any advice on what it might be.When booted in Normal Mode the processor load is showing in Task Manager as 100% at all times, making it almost impossible to use the laptop. System is running XP with Service Pack 2. I have checked all possible hardware problems I can think of (all normal in Device Manager) and even fitted an additional 1GB RAM (now has 1.25GB-made no difference).When booted in Safe Mode the system runs at normal processor mode, eg 5-20% when no programs open, and functions normally. Therefore I'm thinking that the virus/malware is only loading under Normal Mode boot conditions.I have tried running the following to clean it (I have run all these in both Normal Mode and Safe Mode).AVG Antivirus 8.0.Windows Defender.MalwareBytes Anti-Malware.Spybot 1.6.I have also run the usual clean ups-Disk Cleanup, CCleaner, and Defrag. Hard disk is only about 60% full so this is not the problem. Chkdsk ran and found no problems either,All these have found various things, but none have removed the cause of the above problem.I have also tried reverting to Last Known Good Configuration (no difference) and doing a System Restore to the earliest possible date, however the earliest date it offered was a month ago and the problem predated that.I have now run a Hijack This scan and am posting the log below in the hope that someone can offer me some advice, as I'm reall... Read more

Answer:Malware Causing Processor to Hit 100%

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

2 more replies
Relevance 44.69%

Trying to eliminate machine crashing,

I have seen numerous BSOD, first, was spooldv.sys caused shut down, possible malware. Second, win32K.sys error suggests bad driver, replace graphics card, nothing specific on which driver was causing error. Third, Page fault in non-paged area. fourth error caused by es1371mp.sys.

Also, recently have had difficulty with Windows Update, getting error 800704DD. Edited registry as suggested ...no help.

The crash will occur most frequently while beginning a download. But also occurs when running virus scanner. Microsoft MSRT will almost always cause crash as will most scanning tools, unless they come back clean. The Malwarebytes Anti-Malware crashed immediately. (No log submitted.) SAS did not run clean on first attempt.

System history, I had trouble before and did a complete reinstall and upgraded to SP3, added a wireless connection via Netgear's Rangemax Dual Band Wireless-N USB Adapter and added NEC PCI USB 2.0 card. I am running AVG8 Internet Security with Firewall.

Am thinking all this could be malware and would like to confirm that before I move onto hardware issues. Thanks.
 

Answer:Is malware causing BSOD? or

Does anybody care to make a suggestion, as to where do I go from here? ReScan, Scrape, Keep Crashing?
 

3 more replies
Relevance 44.69%

I cannot access data on my USB, as it appears it's not being fully recognized by my computer. I need the data that was saved. About a week ago I was getting a prompt from Microsoft saying that one of my Word files may possibly be infected, but i kinda shrugged it off
Now i cant access anything on my USB and the computer says there is "no media" on the USB.
I need help because i REALLY need to access the information from my USB...please help!
 

Answer:Malware Causing defective USB?

may i add that when i click on the USB icon in "my computer" it keeps asking me to insert a disc
 

18 more replies
Relevance 44.69%

On the 17th Feb my CA virus detector picked up the fact that my machine had been hit with the Bredolab Trojan (got it after visiting the Auto Trader canada site). Since then I have used CA, MalwareBytes Anti Malware, Ad-aware. Seems to have cleaned up some stuff but now I am getting the Google redirect problem (Sites going to wrong address) from the Safari Browser. I am worried because I am not sure whats happening.Also heard that some Trojans mess with the system restore....am new to this stuff. Can anyone help please.
THX

I have just run HijackThis and here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:17 AM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eH... Read more

More replies
Relevance 44.69%

Hello,

I am very impressed by the support offered by this site to people with malware problems. I found you via a recommendation to use Malwarebytes to clean my system - it hasn't worked :-(.

I have been fighting a losing battle with malware on my machine for some time.

Symptoms now are persistent redirects when browsing the internet. This occurs with IE8 and Firefox (portable). Most frequently from links in a google search results page but also sometimes from other links. The sites redirected to mostly seem harmless but sometimes are clearly dangerous and may be blocked (in firefox) with a warning page. Sometimes the pages redirected to launch clearly hostile behaviour.

I have Avira Antivir Personal running and this frequently reports malware which I quarantine. I have scanned my system with Avira, Malwarebytes, search & destroy and online with f-secure. Always something is found but still the problems persist.

Any help is gratefully received, i hope to be able to respond quickly to requests from helpers here but please bear with me if there are any delays.

Thanks, pasbury.

I have followed your preparation guide and the logs are here:
DDS (Ver_10-11-27.01) - NTFSx86
Run by Pablo at 21:36:33.29 on 04/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.510.134 [GMT 0:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===... Read more

Answer:Malware causing redirects

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

18 more replies
Relevance 44.69%

Hi,

I am suffering from a lot of pop-ups when using Firefox on my HP computer (Windows 8 64bit). I assume it's caused by malware, so I went through the steps described in this forum (up until the point where it should be fixed), but there was no improvement.

All the steps were executed nicely, except that I wasn't able to download and execute MGTools from my c:/ root. It claimed I haven't got necessary permissions even though I am administrator. So I ran it from my desktop instead.
All the logs produced are attached. At least MalwareBytes found something.

I?d be very thankful for support in handling this infection. Please let me know if I can provide you with any additional information to make it easier.

//carr
 

Answer:Malware causing popups

Welcome to MajorGeeks, carr

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts. *Re-enable them before physically reconnecting to your ISP.

Using "Programs & Features" uninstall: (If you do not find it or it will not uninstall, just keep going.)
Interenet Optimizer
Java 7 Update 60

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Tinka\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O20 - AppInit_DLLs: c:\progra~3\intere~1\intere~1.dll
NOTE: Allowing uTorrent to autorun at startup is a security risk that I'm disabling.

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box

Code:

:Files
C:\ProgramData\Microsoft\Windows\S... Read more

14 more replies
Relevance 44.69%

Greetings!

Happy Birthday! I hope you have a great celebration. Glad you had a good vacation.

Now my backup laptop is infected with the same Chinese popups. This is an HP Pavillion running XP professional. I think the infection occurred through a USB flash drive I use, though both laptops were also connect to the same wireless network.

I was able to run all of the scans on the HP and the results are attached. I will try to run MGtools again on the Toshiba.

Thanks again for your help.

Robbi
 

Answer:Malware causing popups on 2nd PC

Re: Remove Malware causing popups

Here is the log for the MGtools for the HP.
 

9 more replies
Relevance 44.69%

My computer has been infected with malware. It has blocked access to mrt (Microsoft malicious removal tool) spybot and any anti-malware website or program I try to use. Also it has blocked access to system restore. One problem that it causes is, anytime I click on a result after using a search engine. Instead of taking me to the website I desired it takes me to an ad of its own. Any suggestions on how to fix this? Thanks for the help.

Answer:Malware Causing Problems

When you save a downloaded Malware program save it as a different name ......many bugs are cognizant you are trying to remove them and they have the names of common AV programs loaded so they block them. try change the name at download and then try run them....Good Luck.

6 more replies
Relevance 44.69%

Hi , I've been having issues with windows vista home premium and have been advised to ask here for help as it could be a malware problem .
I have done what was asked in the notes for posting as best I'm able to .

I've been having issues with windows updates not installing (but am currently up to date by standalone installation of updates ) . Plus windows security centre has been turned off and will not switch on (the only message I get from it is "security centre cannot be started" ) . I have had times when my desktop icons have all moved positions and the most recent problem is sp1 for vista will not install "error code 0x800F081F".


Any help would be massively appreciated .

Deckard's System Scanner v20071014.68
Run by andrew on 2008-04-17 15:39:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as andrew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:50, on 17/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Keyboard Manager\Manager Utility\KeyboardManager.exe
C:\Windows\System32\hkcmd.exe
C:\Wind... Read more

Answer:Malware causing problems ?

Forgot to add that whilst trying to work thru the sp1 problem with microsoft (via email) I discovered the system file checker will not scan fully .It gets to 5% then says it cannot continue .

9 more replies
Relevance 44.69%

Hi,
My dad's pc has very poor performance on its internet connection. Its fastest download speed is about 90 kilobytes per second.  Even after upgrading our download speed ot 8 megabits per second, his pc still barely acheives 90 kilobytes per second. All of our other PCs have good download speeds.  Also, web browsing in Firefox makes the PC run slowly. Although the PC is about 8 years old, it was able to handle web browsing easily about two months ago. Due to all of these issues, my dad can't do any work on his computer. Is this being caused by some kind of malware? Thanks in advance.

Answer:Is malware causing trouble for this PC?

Download Minitoolbox - http://www.bleepingcomputer.com/download/minitoolbox/
Start the application.Set ticks everywhere.Click GO button.After is done a log will appear.Save and attach it here.

14 more replies
Relevance 44.69%

I posted about this a few weeks ago but never got a reply, so I figured a fresh one with recent system cleans and new HJT log.

My PC has been having problems for a long while. Ive done all the up to date scans with malwarebyte's anti-malware, spybot, and antivirus. Found and removed alot of infections but still have issues it seems.

First, every so often while browsing on Firefox, I get random web site pop ups that appear on a new tab, or links I click go to random sites. My pop up block is on.

Secondly, I've had my windows theme always set to the Windows XP selection, but recently it seems to automatically switch to the classic look but not all at once (like the start menu may look classic but a new window I open may still have the XP look) and the selection to change back to the XP theme in Display is gone. After I restart, it all looks normal again, but then not too long after it does it again. Another issue that I think is actually tied to the previous, is that my shared folders stop sharing over the network and it wont let me re-share them. I also can't seem to adjust volume with either the keyboard or main external volume control during this, or sometimes the sound won't work at all. Again, it's all fine after restart then does it once more. These didn't start happening until after I turn off the automatic restart after system failure (kept getting a pop up stating the DHOC server access or whatever it was called had failed and must res... Read more

More replies
Relevance 44.69%

Thanks for your help.

I have been having a lot of problems with my PC crashing. It crashes sometimes during boot up (while XP is starting) and sometimes just as the PC is sitting there. The frequency is 5-6 times daily if I'm using the machine (that is, if I am around to restart the PC after the crash), and there doesn't seem to be any correlation between what program I'm using and even if the PC is in idle/active. These crashes always give the Blue Screen of Death, but the error messages vary. They include BAD_POOL_CALLER and IRQL_NOT_LESS_OR_EQUAL, but often there is not a specific error message just a generic description telling me that I might have a malfunctioning driver.

Initially, I thought it might be a driver because the first time the problem occurred was after I installed a couple of printing-related things: 1) a driver from the Dell website for my Dell Photo All-in-One 922 Printer, 2) Zan Image Printer, and 3) PDF995. However, uninstalling these things and restoring my PC to an earlier system restore point did not help the problem.

Next, I suspected malware. The frequency of the crashes has been greatly reduced after I downloaded and ran SUPERAntiSpyware and Malwarebytes' Anti-Malware. So, I suspect that malware is the problem since getting rid of some of it helped a little. Both these programs found a lot of spyware that Ad-Aware and A-Squared had apparently missed including Vundo. Ad-Aware will not actually complete a scan anymore. It han... Read more

Answer:Is malware causing BSOD?

I still don't know if this is a malware issue or a more serious problem. Perhaps it was both? Maybe someone could point me in the right direction? I would really appreciate it.

More symptoms.
The system actually hung during the BIOS startup screen. It refused to move past that point, and I began to suspect a hardware problem. I removed 2 of my sticks of RAM (slots 1 and 2. Each slot (4) has 1GB of DDR2 RAM in it), and the machine magically booted. After that I began to suspect a problem with the RAM, so I downloaded Memtest86+, reinstalled all 4 sticks of RAM. It ran for 20 hours with no errors. After this, the machine continued to boot with all 4 sticks of RAM installed. I began to question my hard drive, so I ran chkdsk /r on my drives. It found several errors and displayed the following interesting messages that I post here in hopes someone more knowledgable can enlighten me on their meaning.

Deleting corrupt attribute from file record segment 52455
Deleting corrupt attribute from file record segment 125973
Deleting corrupt attribute from file record segment 125977
Deleting index entry mss.log in index $I30 of file 879
Deleting index entry mss0015F.log in index $I30 of file 879
Deleting index entry msstmp.log in index $I30 of file 879
Deleting index entry sessionstore.js in index $I30 of file 46734
Deleting index entry session~1.js in index $I30 of file 46734
After that it recovered some orphaned files which I don't think are important enough to type out.

I ha... Read more

1 more replies
Relevance 44.28%

Hello. I recently sold a PC to a friend. It worked great. I've used it for about 6 months and had no problems. The people I sold it to said the internet worked for 3 days and then stopped working. everything else on the PC works fine but the internet does not. They called in a PC technician to look at it and he said the CPU was bad and that's why the internet didn't work. They are attempting to use a dial-up connection. So now they are trying to return it to me. anyways, I just find it hard to believe that the CPU could be bad if everything else on the computer works just fine. XP, Office, Games, etc. and I don't understand why the Technician would say that and put me in a bad situation. So if anyone can clear that up for me I'd really appreciate it. I've yet to look at it myself but I'm going to do that right now. Thank you
 

Answer:CPU causing internet not to work?

So-called PC technicians say some strange things, but if he/she said that I wouldn't put any trust in the person. More likely the friend misunderstood whatever was diagnosed.

You gave little information, so I'm going to assume that it is a desktop and "the internet" was by ethernet connection.

I would guess that it is the NIC that failed or maybe the network controller section of the motherboard. If the former a PCI NIC should work. If the latter a USB ethernet adapter may work.
 

1 more replies
Relevance 44.28%

I have 2x nVidia GeForce 7950GT's and a Broadcom wireless network card. When I enable SLI using the nVidia Control Panel, my wireless connection slows down such that everything keeps timing out, the connection has "Limited or No Activity" and I can't even ping my router any more.

It still "sees" all networks available but is un unable to connect correctly. If I turn of SLI it works fine again, doesn't even need a restart.

I do notice that the wireless card and one of my GPUs share an IRQ.

I have an ASUS A8N-SLI Deluxe mobo with 2GB RAM, the above GPUs and a happy AMD X2 4600 CPU running good old Vista x64.

Any help will be much obliged :-) Thanks

More replies
Relevance 44.28%

My phone started making this weird tone seemingly random or for no reason but sometimes it seems like it is making it because I am touching the screen but other times no reason at all...unlock the phone and it makes the noise some of the time.
The tone is not something I can select either in the apps and sounds.
I have a Lumia 830 with Rogers in Canada. OS is Denim.

Answer:What is causing my phone to make that tone that isnt even a selectable tone in the apps and sounds?

Check if NFC is on, and if you have any card that can be reed with NFC, that was my case.

2 more replies
Relevance 43.87%

My main post with symptoms and problems thus far:http://www.bleepingcomputer.com/forums/ind...mp;#entry855109I have disconnected my computer from the internet for the past few days and done rigorous scanning (with system restore off) with AVG, Spybot, Adaware, SuperAntiSpyware, and AVG AntiSpyware and although eventually everything came up clean and the problem isn't as big as it was before, it's still here. I'm using Windows XP.My computer no longer completely freezes, and cscript.exe does not try to connect every 10 minutes any more, but it still does about once an hour. Randomly (anywhere from right after Windows loads to a few hours later), when I try to open Internet Explorer (or any web browser for that matter), it won't open, it just hangs there. Same with the task manager, it won't open. I have been experiencing this for about 2 weeks. Some programs also fail to load.For some reason, my Deckard's System Scanner doesn't create a secondary extra.txt file (well it did the first time I ran it, but not any more), only a main.txt, so here it is (hopefully extra.txt isn't mandatory). For privacy reasons, I've changed the username in some of the log to 1Hz, and this is a really old computer, :Deckard's System Scanner v20071014.68Run by 1Hz on 2008-06-27 17:39:29Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 76% (more than 75%).Total Physical Memory: 286 MiB (512 MiB recommended).-- Hijac... Read more

Answer:Unknown Malware Causing Problems.

Hello 1Hz,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 43.87%

First of i'd like to say hello! and thanks for the help you guys have been doing around here (:Anyways it all started this morning when I began to surf the web, an advert popped up saying free computer scan!! I have WOT so it was marked red but when i exited it it said Are you sure? and when I clicked the x it ran D: I quickly proceed to close it and ultimately shutdown the power of my computer. Now I see symptoms of mal-ware I ahve scanned with malware bytes but it showed nothing was infected. Im not sure so far My internet has been really slow, my passwords and usernames haven't been saving even after i checked remember me, and my computer internet is sometimes irresponsive. here is my DDS .DDS (Ver_09-06-26.01) - NTFSx86 Run by HP_Administrator at 13:39:03.65 on 26/06/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1025 [GMT -6:00]AV: AVG 7.5.524 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}AV: avast! antivirus 4.8.1335 [VPS 090626-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Prevx 2.0 *On-access scanning disabled* (Updated) {557C3342-BC52-4508-AC25-4441BDF5C04C}AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}============== Running Processes ===============C:\WINDOWS\system32 ... Read more

Answer:Advert causing some unknown malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 43.87%

This is my first post on this site and i appreciate any help i can get.
I have read the "first steps" potion but would like to check that i havent screwed things up too far before i download anything else.

First of i have had Avira(free) and Threatfire running as protection on my computer for a few months with no problems at all until last week. I recieved a warning while on line that a trojan had been detected so i ran scans with both Avira andTF and found 2 viruses, I nievly deleted them without really investigating them although i remember one was called agent. something or other. i re-scanned and nothing came up so i thought "cool".
Then i started to get pop-up after pop-up and continuously redirected from google on every search. Also my Avira would not update. I downloaded malware malbytes(i think it was called, it was recomended in a lot of forums) and ran a scan it found 10 adware things so again i deleted them.
As Avira would not update i tryed to remove it from the computer using Add/remove programs where it said it no longert exsisted although i had hadnt already deleted it. it is still on my computer as i can click on the shortcut to open it although it has disappeared from add/remove programs.
I then downloaded avast and ran a full scan to which it said my computer was fine(i Think Not!!)
And now when trying to open C/Drive it says Cannot find resycled/boot.com.

through all this messing about i have regulary used CCleaner hoping it w... Read more

Answer:I think malware is causing absolute chaos!?

Hello, SlicDicovchsky
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on yo... Read more

19 more replies
Relevance 43.87%

I came across this message in a readme.txt file. It was in D:\PerfLogs\System\Diagnostics\20110905-0001 along with other files such as "UAC Settings", "User Accounts", "BIOS", "AntiVirusProduct", "AntiSpywareProduct", "FirewallProduct", "Startup Programs", "Startup Settings", "Processes", etc. It sounded really suspicious to me.

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!--This file is automatically generated.-->
<DataCladFileStore>
<Message>This directory is being used as an AutoBackup File Store. MODIFYING OR DELETING ANYTHING IN HERE WILL CAUSE IRREPARABLE DAMAGE TO YOUR BACKUPS. DON'T DO IT!</Message>
<Version>2.5.0.0</Version>
<BuildVersion>4.60.0.7916</BuildVersion>
<BuildType>sgm</BuildType>
<eSellerID>STR4043462256</eSellerID>
<ProductType>autobackup</ProductType>
<Lang>en-US</Lang>
<OwnerToken>D95BFF1B08BBE08FE33702A48633B346</OwnerToken>
<EncryptionKey />
</DataCladFileStore>

At the time I posted this thread, I was running a rootkit scan with Spybot, so I was unable to run the AdwCleaner, FRST, and aswMBR scan logs and attach them, but I will run them as soon as Spybot finishes.
 

Answer:Malware infestation causing CPU to run at 100% continually.

Hi, when you finish, follow this topic and attach requested reports --> http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

40 more replies
Relevance 43.87%

Hi guys,

I guess I have some sort of malware on my computer that causes audible ads on my computer. I don't see an ad or any pop or anything, but hear the ads constantly. Even when I'm not using the computer! Also, there are popus that come when I scroll over certain words on any website.

Also, I don't know if its related but I can't update my Adobe reader beyond 7. When I try to download the update right at the end of the download I get "Windows error 1402: Cannot open key. Verify that you have sufficient access to use this key or contact administrator."

Thanks for your help in advance.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Administrator at 20:34:55.23 on Sat 12/25/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.140 [GMT -6:00]

AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
svchost.exe 4
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe... Read more

Answer:Malware causing Talking Ads in background

Hello,

You are infected with a bootkit - meaning the master boot record is infected.

It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix w... Read more

3 more replies
Relevance 43.87%

Several days ago (nearly 10), my computer began acting up for a strange reason. I've been searching for the reason for a good while. I've posted on several forums, but have not gotten a solution.

The problem is that every hour on the hour, all access to websites is blocked. My internet is completely fine. I can access steam, teamspeak, and several other programs, but anything that deals with a website is blocked. No web pages will load on any browser, the steam store page will not open, spotify quits working.

I've run several virus scans with both Avast Antivirus and Malwarebytes, and I had found some DNSChanger Trojans, but quickly disposed of them. Any scans after come out negative.

It finally occurred to me today to check Windows Event Viewer. That is where I found the underlying cause of my problem. Every hour on the hour, I get 4 errors. The first being an application error for svchost.exe_DPS. The other three are for it's services, Base Filtering Engine, Diagnostic Policy Service, and Windows Firewall. The application error states that the faulting module is Esent.dll. This file may have been corrupted, but I am not certain.

More info can be found in my other thread.

The only solution I've found is going into the Services Manager and restarting the three services above. This has worked without fault, but it is not a permanent solution, as I'd have to do this every hour.

Answer:Possible Malware causing Internet Loss

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

19 more replies
Relevance 43.87%

Ok im having problem using Mbam(Malwarebytes)free edition with my Sony Vaio Laptop VPCEE42FX Windows 7 Home Premium sp1 64bits. The first time i installed mbam it runs perfectly and what happened in the next day is i downloaded some application called "My Lockbox" v. 2.8 with KeyGen and after clicking the keygen my computer starts run slow and start crashing ( windows hang , cant open anything , cursor is loading and able to move ). After that, i found out that mbam is causing my computer to hang because i run Clean boot everything works fine but when i enabled mbam in startup and services my computer is starting to hang again.

I was trying to install Superspyware but i cant install it i dont know why, however im able to run full scan of my AVASt AV and Mbam both in Safe mode and Normal mode but still nothing found. I also tried using rkill + mbam full scan but still no malicious item found. Also tried using chkdsk /r /f and sfc /scannow but still didn't resolve the problem. Later i will post the log file of Rkill and Mbam cause im currently running Combofix(sorry for that) in my laptop right now (im in 2nd computer)

I dont know if my laptop has a virus/malware or corrupt registry or whatsoever. Thanks in advance! God Bless!

Answer:Malware causing mbam to crash

ok its already an hour trying to install ComboFix but the installation procedure is not moving its still in ..

"Extract: blah blah
Extract: blah blah
Extract: blah blah
C: blah blah
C: blah blah"

Is this normal? How long does ComboFix takes time to install?

Edit:
Ok i have read this link http://www.bleepingcomputer.com/forums/topic273628.html and immediately i went to my laptop and stop the combofix from installing. But again the installation procedure seems stuck.

44 more replies
Relevance 43.87%

Hi all,

Thanks in advance for being nice to the new guy. Well, I clearly downloaded something bad the other day because my computer was going nuts! I finally cleaned out the major virus I had gotten and the rest of the spyware, but there must be something left in there because any Google search result I click on brings me to sites like pebble.com, goingnorth.com, and buddytv.com. Any help would be much appreciated.

Thanks much!

Answer:Malware Causing Google Redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 43.87%

HelloPlease could anyone help. All day today my PC has been freezing a few minutes after startup. Sometimes, I strike it lucky and it stays on for a lot longer, but 8 times out of 10 it just freezes and I have to turn the PC off by holding the power button in. I then tried to install Spybot S&D, and it didn't initially let me install it as it kept saying that there was a connection error, so I went back and unchecked automatic updates and then installed it. All went fine. Then I tried double-clicking on Spybot S&D on my desktop, and nothing happened. I tried again, and again, nothing happened. I thought this seemed a bit funny so I tried running a McAfee Virus scan and it kept closing, saying McAfee VirusScan - On Demand Scan has encountered a problem and needs to close. We are sorry for the inconvenience. The error signature stated: szAppName : mcods.exe szAppVer : 13.3.127.0 szModName : mvsscan.dllszModVer : 13.3.130.0 offset : 00019fc0I then downloaded HijackThis, but again, this would not open, so, after doing some research, I changed the filename to skanneri.exe and it started working again.Would someone please be able to help me to solve all of these problems please? I'm getting quite upset at the fact that everything seems to be going wrong, and I know that there must be an easy solution somewhere!!Thanks very muchEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Really bad malware causing multiple problems

btw, tried to use system restore and not even that works (I keep clicking next and nothing happens, it's as if i haven't clicked anything!)

4 more replies
Relevance 43.87%

Supplying hijackthis.log in hopes of identifying possible cause(s) of:1. Applications slow to launch2. System doesn't shut down3. Can't delete c:\WINDOWS\Temp\customB and a few other files in temp dir's********************************************************************Logfile of HijackThis v1.99.1Scan saved at 9:53:04 PM, on 4/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\PackethSvc.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc... Read more

Answer:Looking For Malware Causing Xp Sp2 Shutdown Hang

Hello Michael-Bloom and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. There are a couple of housekeeping items we can take care of so let's do that while you are here.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htmO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O23 - Service: HK - Unknown owner - C:\DOCUME~1\mbloom\LOCALS~1\Temp\HK.exe (file missing)Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.To clean out the temp folders go here and download CleanUp!. Start CleanUp! and do the following:Click the Options button.Make sure only the following are checked:Empty Recycle BinsDelete CookiesDelete Prefetch files (XP only)Cleanup! All UsersClick the Ok button to close the Opetions dialog.Click the CleanUp! button to run the cleanup. It may take a while depending on the size of the hard drive so be patient.When it has finished, close CleanUp!.For non-malware related performance issues I recommend posting a question in the XP forum. Let them know that you have been to this forum and no malware was found.Cheers.OT

1 more replies
Relevance 43.87%

Okay, this log is posted in relation to the following thread:http://www.bleepingcomputer.com/forums/t/54721/is-a-virus-causing-web-page-redirection/I ran this one is my partners login, which seems to be the one having the problems - Cheers Guys!!!Logfile of HijackThis v1.99.1Scan saved at 4:33:41 PM, on 7/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\CTHELPER.EXEC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program F... Read more

Answer:Possibly Malware Causing Ie6 Redirect.

So I dont have to read that whole thread can you give me a summary of what the problem is?

10 more replies
Relevance 43.87%

Hello Again

I recently followed the Malware removal procedure and Malware Anti Bytes found 41 PUP's and quarantined them. The PUP's used to hijack my web browser which is now cured(great!).

However, what ever changes the PUP's made - has made the PC really slow to boot up.

I have attached the log files from the different utilities incase they might be of value. Is there any utility I can use to make boot up normal, or will have to re-install windows 7?

R3
 

Answer:Malware Causing slow boot up

Apart from what Malware Bytes found I'm not seeing anything...

The Malware Bytes log doesn't actually show they were quarantined. You must have attached the log before you let it quarantine, please rescan again and attach new log just to be sure.
 

3 more replies
Relevance 43.87%

Hello, I have a 32 bit pc with windows XP Home Edition. Periodically while trying to view a web page the cursor scrolls all the way down to the bottom of the page. If I scroll back up, as soon as I let go the page scrolls back down.The last time this happened a firewall, antispyware and antivirus were already installed.

I closed the browser and tried to run the antispyware but it would not start. Instead notepad opened on its own and the cursor jumped around the page. Since restoring to an earlier point, the cursor has been behaving normally. However every antivirus/antispyware I've run has not not detected anything. Every time I have a problem with the cursor I change all of my passwords from another computer. I would like to to know if there is any malware lingering in my system. Thanks
 

Answer:Is Malware Causing Problems with Cursor?

SUPERAntiSpyware is below
 

4 more replies
Relevance 43.87%

My internet quit working for some random reason yesterday, Thursday. Everything else regarding the internet is working fine. Xbox 360 on Live, Wirless Laptop through my router (what im on) Aim, Outlook Express.But Whenever I try to go to a webpage an error always occurs. Page cannot be displayed... I downloaded many different programs to try and fix it, such as Spybot, Ad-Aware, AntiVir Personal, Microsoft Defender, Kill2Me, cwshredder, Genuine Check, and Hijackthis.I was at majorgeeks.com for help, and they told me to download that stuff and run in under safe mode and I did. Found 3 objects with Microsoft Defender...WinSofware.WinfixerCatefory: Potentially Unwanted SoftwareDescription:This program has potentially unwanted behaviorAdvice:Remove this software immediatelyResourcesFile: C:\Documents and Settings\mom\Application Data\Netscape\NXB\Profiles\vrlkba04.default\Cache\ 6307B5C8d01File: C:\Documents and Settings\mom\Application Data\Netscape\NXB\Profiles\5ua3ftpa.default\Cache. Trash\Trash\Cache\6307B5C8d01File: C:\Documents and Settings\mom\Application Data\Netscape\NXB\Profiles\5ua3ftpa.default\Cache. Trash\Trash\Cache\851A1E9Bd01PowerReg SchedulerResourcesFile: C:\Program Files\ Microsoft AntiSpyware\Quarantine\2A4C705D-5DCE-47AD-9ECF-FCE52C\4B441E8B-0626-4D15-Ac76-6660B2File: C:\Progra... Read more

Answer:Malware Causing Major Problems

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
Do you have access to the net through another computer? Can you download programs through that computer and move them to the infected computer?

4 more replies
Relevance 43.87%

I'm currently running XP Home, and for about a week now, any time I run a program that uses full screen (such as full-screen games), they are minimized about once a minute.

I've run 5 antivirus programs: McAffee, Adaware, Malaware Bytes, Spybot S&D, and SpyHunter and have been unable to locate the malware causing the issue. I've checked my Task Manager, all running programs are normal. I've also attempted repairing Windows, per a suggestion from another tech site, which did not work.

This has been irritating to say the least, and I would greatly appreciate any help.

More replies
Relevance 43.87%

Hi, recently i noticed strange thing happening during powering up my PC i get error msg saying memory could no be read, please terminate program andsurfing speed was extremly slow i also found that my start up list has been changed . I wouls appreciate if someone can help and look at my log thanks Logfile of HijackThis v1.99.1Scan saved at PM 3:41:39, on 12/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\PROGRA~1\CACHEM~1\CachemanXP.exeC:\WINDOWS\system32\CTSVCCDA.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Windows\system32\HpSrvUI.exeC:\Program Files\VERITAS Software\Update Manager\sgtray.exeC:\HP\KBD\KB... Read more

Answer:Malware Causing Pc To Be Extremly Slow

Hello gibb, and welcome to BleepingComputer. I will be handling your log to help you get cleaned up.Please take note of the following:1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.5. Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,htv8

25 more replies
Relevance 43.87%

Thank you in advance for your help.

My antivirus program (Vipre) popped up with a message yesterday indicating that it had discovered a trojan file on my computer. Before I could even read the name, the computer rebooted and everytime the desktop would begin to load the computer would reboot again. Prior to the reboot, a rectangular blue screen appears and then the computer immediately reboots. I am able to work in safe mode still. After running all of the scans, I still have the same issue.

Thanks,
-Eric
 

Answer:Malware causing constant reboots

I also ran TDSSKiller and MBRCheck and here are the associated logs from each.
 

2 more replies
Relevance 43.87%

Hi,my first post, so thanks for such a great site :-)Okay problem: my kids have been using my laptop a lot recently, mainly MSN and by yesterday it was damn near impossible to connect to the internet without pop-ups and such. I started off by looking at unknown processes in taskmanager and found this "bendgluewipe.exe". Googling this gives very little - including a link to prevx1 - a malware remover/preventer - which I installed under trial.I then found your forum and went through all the procedures described on the "preparation guide..."Everything seemed ok, but then this prevx1 program keeps finding "amokjoyplatform.exe" and "bendgluewipe.exe".2 things I am wondering: 1) Is this prevx1 programme safe to use (or is it making itself look good?)2) How do I get rid of these last few things.Any help appreciated.Here is my HJT log.Logfile of HijackThis v1.99.1Scan saved at 14:07:07, on 23/02/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files&... Read more

Answer:Bendgluewipe -unknown Malware Causing Pop-ups?

Welcome to BC Wizards Hat Please make sure all hidden files are showing:* Click 'Start'.* Open 'My Computer'.* Select the 'Tools' menu and click 'Folder Options'.* Select the 'View' tab.* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.* Uncheck the 'Hide file extensions for known types' option.* Uncheck the 'Hide protected operating system files (recommended)' option.* Click Yes to confirm.* Click OK.******************************Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*******************************Download HostsXpert 3.8: http://www.funkytoad.com/download/HostsXpert.zip1. Extract the zip file to your desktop or a permanent folder on your hard drive.2. Open the folder and double-click on the Hoster.exe3. Press "Restore Microsofts Original Hosts File" 4. Press "OK" and... Read more

5 more replies
Relevance 43.87%

Hi guys, first of all I would like to try to get straight to the point and explain the problem that I am having when trying to fix my friend's laptop, since last week. He has already told me that it doesn't have any sort of antivirus software installed.

Okay so I turn the laptop on and Windows seems to start normally. It loads onto the desktop and to my surprise all I see is the mouse cursor and a black screen. I can move the mouse around, but when I right-click nothing happens. I cannot see the taskbar or any icons, nor the background whatsoever, so my first guess is that the explorer.exe process isn't running. When I press Ctrl+Alt+Del the options menu for windows 7 appears normally, and I can click on the task manager and it suddenly appears out of nowhere, but the black screen is still there.

Here is where I sense a problem of malware of some sort, as I can see, the explorer.exe process is running, after waiting around 10 seconds every process seems to end, one by one. They just start dissappearing until the computer logs off and restarts by itself!

The only way I can search for the malware or spyware or virus (I still don't know what's causing this) is by starting the system in Safe Mode. Here I have run a full system scan using malwarebytes portable from a USB and it has successfully found 29 files. Okay, so I removed them from the system and with a lot of optimism I restarted the laptop thinking that the problem after a 2 hour scan wou... Read more

Answer:Not sure what malware is causing this suspicious activity

First off, what OS are you running?

Second, can you do any of the following in safe mode?:

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 43.87%

Yesterday morning we had some machines at our office become infected with some type of malware. Initially the symptoms were recognized by the changing of the system time and date to the year 2000. The applications that appear to be effecting this change were showing up in the process list as bb.exe, aa.exe, an instance of cmd.exe. The HijackThis logs I was running have many BHO objects that couldn't be removed while they were in memory. They were also showing changes to the /HKLM/software/microsoft/windowsnt/logon/shell key. There are also some DLL files that have been added to the /HKLM/software/microsoft/windowsnt/windows/appinit_dll key. On one machine after successfully removing the appinit_dll entries and something was still running that was trying to alter the logon/shell and keeps starting the cmd process which in turn starts the bb.exe and the aa.exe processes. It is potentially a service but I have been unable to identify it yet. Below are my log files after running the DSS scan. Any help you can give would be a godsend and much appreciated. Deckard's System Scanner v20071014.68Run by mmcquinn on 2000-05-30 09:49:52Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...success.-- Last 1 Restore Point(s) --1: 2000-05-30 13:49:55 UTC - RP1 - System CheckpointBacked up registr... Read more

Answer:Bb.exe And Others Causing Me Persistant Malware Woes

Hello nashrm, my name is fenzodahl512 and welcome to Bleeping Computer..

If you still need our help, please post a fresh Deckard System Scanner log for further review..

Regards
fenzodahl512

2 more replies
Relevance 43.87%

Malware Problem(s) Discussed & Preparation Guide Documented Step-By-Step/************ PLEASE FORGIVE THE GRAMMAR, THIS HAS TAKEN UP MY ENTIRE SATURDAY MORNING, NOT THAT I MIND BECAUSE YOU ALL DO SUCH AN EXCELLENT JOB AT HELPING US, BUT I AM EAGER TO BE FINISHED AND CAN'T GO OVER IT ANOTHER THREE TIMES...WAIT, I will copy it to Word and check it on there, bbut we all know the grammar checker on there, I mean it is nice of them to work so hard at making a grammar checker, but need I say more:*************/Malware Issue::Hello, I am 97 percent positive that I am infected. My processes are constantly running, even when there are no windows open. This is slowing down the computer tremendously. And on startup, it is taking more time than usual to load to the desktop. It will run a number of startup processes in the background and take a number of minutes before it shows the desktop, whereas it used to right away. 1.) I made sure I backed up my data2.) I have been checking for a few days to make sure that there is an issue with my computer3.) I have an account4.) Topic Reply Notification was Enabled5.) I have my Firewall Enabled6.) I downloaded 'Defogger' in order to 'Disable My Emulation Software. I ran the executable and followed the steps to Disable my Emulation Software..7) I downloaded 'DDS Tool Download Link':Once it downloaded, I ran the script and waited as the command propt ran the background code and would eventually display the logfiles. W... Read more

Answer:Malware Causing Slowdown of Computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

10 more replies
Relevance 43.87%

Hi. I was recently infected with Spysheriff, which caused the normal desktop changes i've read about. I thought I removed it, though my desktop is still not normal. Symptoms are blocky colored text under icons, and a white, 'active desktop recovery' background screen that regularly appears. My ie favorites were also removed. These abnormalities are, however, the least of my worries at the moment.The most serious problem is the constant crashing of windows explorer and, less frequently, internet explorer. "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience" is the message I get. Also, I am unable to run my anti-vir anti-virus program scan fully, nor any other spyware scans, such as adaware, spybot, or most of the others you recommended in the preparation guide post before posting here. I was able to get complete one spybot scan recently and no malware was indicated. Also, just today panda online scan indicated 7 cookie spyware entries, but then ie crashed before I was able to save a log.Any help you are able to offer will be most appreciated! Thanks.Logfile of HijackThis v1.99.1Scan saved at 3:26:43 PM, on 1/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC: ... Read more

Answer:Spysheriff (+ Other Malware?) Causing Serious Instability

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogSorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

15 more replies
Relevance 43.87%

Yesterday malware infected my computer, although I don't remember going to any untrusted websites. The symptoms are:disabled task manager (I enabled it again)error message saying "*** - Bad Image" in the heading where *** is the executable I'm trying to run and "The application or DLL globalroot\systemroot\system32\SKYNETtsspuyqx.dll is not a valid Windows image. Please check this against your installation diskette." in the description, even though sometimes the executable still runs (like firefox)unable to run computer in safe mode (gives me blue screen)unable to use system restore (can't press the last "next" button)causing the computer to restart (most likely from crashing) when I'm in the middle of doing a malware scan (using PC Tools Spyware Doctor)

Answer:Malware causing many problems [Moved from XP]

I am moving this topic from the Windows XP forum to the Am I Infected forum for you.

Orange Blossom

44 more replies
Relevance 43.87%

My friends computer has some malware in it. It is having pops galore happen. Also Windows is claiming it is not activated. However when you try to activate it the Microsoft site it directs too {not sure if bogus or not} doesn't load, it tries to but it gets into a endless loop of page reloads.

I have done all the pre-scans and attached the logs.

Thanks in advance.

ALSO NOTE:
------------

ALL SCAN WERE DONE IN NORMAL MODE, AS SAFE MODE WAS NOT ACCESSIBLE.
 

Answer:Malware Causing Windows to be Unactivated?

3 other logs...

ALSO NOTE:
------------

ALL SCAN HAVE BEEN DONE IN NORMAL MODE. SAFE MODE WAS NOT ACCESSIBLE.
 

5 more replies
Relevance 43.87%

A week ago while I was using the computer when messages started to appear regarding the installation of "Internet security suite 2010" as I knew I had not installed or downloaded this I guess it was a virus and tried to use an antivirus scan however after another 10 minutes the computer restarted itself.

I have been unable to boot up the computer since besides once when I used windows recovery console. What happens is that the computer will go through the start-up fine until Aafter the black Windows XP loading screen when it will restart again. The one time I booted it up and was able to run an antivirus scan when I found numerous trojan horses after the antivirus software said it had deleted these I restarted the computer and it again has been unable to load.

I don't know how the malware got onto my computer

I use the free version of Avast antivirus

I haven't got any personal files backed up but if given a method on how to do this I would be content at wiping the computer and reinstalling the operating system

Any help would be greatly appreciated.

Answer:Malware causing XP to be unable to boot

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One way to export data in preparation for a format/reinstall is to use a Linux Live CD, and an external USB hard drive.

We can first try a different sort of bootdisk environment, and try to see what might be causing the machine to do the reboot loop, and see if we can get you back in.

Using OTLPE

This file is quite large, and requires a CD/DVD burner, and a blank CD on your clean machine. A USB device would be handy as well.Download and install ISOBurner. This will allow you to burn OTLPE.ISO to a bootable CD. Here are ISO Burner Instructions

Download OTLPE.iso and burn to a CD using ISO Burner (Or your own burnin... Read more

5 more replies
Relevance 43.87%

Ok, this is driving me nuts. Having BSOD issues when A-V software was trying to auto update 9I think). Was running Spysweeper and AVG Free 8.5 which I have removed via add remove programs. Probs started about a month ago with I.E. having probs & closing and then progressed to the BSOD issues with no other changes. Now i can boot up into normal mode but will BSOD once up with 0x_0A, 0X_8E, 0X_50, stop errors (IRQ not less or equal) (page fault in non paged area) (pfn list corrupt). Seem to be stable in safe mode with networking. Followed the Read & Run me guide could only run the checks in safe mode. Machine info Dell Dimension 3100 XP home.
 

Answer:Malware causing crash on A-V updates?

MGtools log for above

Thanks for input.
 

4 more replies
Relevance 43.87%

I believe I recieved this malware that was attached to a GIF from a forum I was browsing. As a result...Whenever I load up IE8, my CPU runs up to 50% for the iexplore.exe process. Also, I get random Malicious URL (something like from media9s.com) pop-ups from Avast in which the process is from iexplore.exeI ran MBAM and this is what I got: C:\Documents and Settings\Hoberz\Local Settings\Temp\0.6259046118078023.gif (Extension.Mismatch)I deleted this file and rebooted my computer, but the real malware is hiding somewhere in my computer. I can not find this nor how to remove it.Help would be appreciated!- Hoberz

More replies