Computer Support Forum

Please help it's getting worse! HJT log, virus(es)

Question: Please help it's getting worse! HJT log, virus(es)

Please help!!!! My computer has been encountering various issues, the most severe has been the uninstalling of all installed printers. The issue first occured when we were not able to print using our photo printer, shortly after the photo editor application would be force closed everytime the "Print" button was clicked. Now all printers have been uninstalled without our doing. McAfee occassionally finds PrcViewer but cannot fully delete it.

Last scan came up with three detections (the two cookies were automatically deleted):
Cookie-Advertising
Cookie-Insightexpres
PrcViewer
HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:42 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe
C:\WINDOWS\system\bak\hpsysdrv.exe
C:\hp\drivers\video\845\igfxtray.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\hp\drivers\video\845\hkcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
C:\Program Files\Java\jdk1.5.0_04\jre\bin\jusched.exe
C:\Program Files\DLA\install\tfswctrl.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - 0>Ú - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - ¨Ú - (no file)
O2 - BHO: (no name) - Ð=Ú - (no file)
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe
O4 - HKLM\..\Run: [hpsysdrv] C:\WINDOWS\system\bak\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\hp\drivers\video\845\igfxtray.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mimboot.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\bak\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [HotKeysCmds] C:\hp\drivers\video\845\hkcmd.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\bak\ViewMgr.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jdk1.5.0_04\jre\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\Program Files\DLA\install\tfswctrl.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe
O4 - HKLM\..\Run: [StorageGuard] C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - S-1-5-18 Startup: AutoPlay.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoPlay.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Help - {31CB0B92-678A-4D55-BF54-407DE84DCC5D} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {6E40B642-7663-4B24-9606-1596471C60DD} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {9817F10F-CFA5-44F9-AEA0-ABBA4D253A40} - http://www.comcast.net (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/...l/SymDlBrg.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ive.incresearch.com/dana-cac...erSetupSP1.cab
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

More replies
Relevance 100%
Preferred Solution: Please help it's getting worse! HJT log, virus(es)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 49.2%

I have a friends computer that won't allow the internet browser to function properly and won't play youtube videos. I noticed the following in the task manager: (refer to screenshot060, screenchot090). In which the things that look a little fishy like csrss.exe I try to close them and it comes back as access denied. When I restart the computer it says "Unable to set hook?" with an Nvidia header.  Any help will be much appreciated!![recovering disk space, attachment deleted by admin]

Answer:Virus or something worse?

Sorry I ran out of room on the OP. Also sorry for the size I would use an image host but the virus(s) won't allow it.[recovering disk space, attachment deleted by admin]

14 more replies
Relevance 49.2%
Question: Worse Virus EVER!

I am running Vista on my HP Pavilion e9150t and got a bad virus. I logged onto my computer and all my picture files are there and I can access them, however, when I go to save them onto thumb drive etc. everything is shut down. My internet is wiped out, as well as my Dvd drive. It will not let me open or send anything to my thumb drive, external hard drive or bluetooth. I can still use my camera cards though.

My Avast has been shut down and so has my security center. It wiped out Spybot and hackthis, Malebytes still scans (unsuccessfully). It will not let me boot in Safe Mode of any find. Firewall is shut down too.

This is one of the several error messages I get. "the dependency service or group failed to start"

I back-up my files once a month, but have about 100 pictures that have not been backed up and I have to try to save them. Please help!
UPDATE: Malware bytes completed a scan and this time found 2. They are Malware.Generic (file) and Disabled.Cryptsvc (Registry Data)
 

Answer:Worse Virus EVER!

You'd be best posting this under the Security & HJT section mate. Use "Report" at the bottom of your message and somebody will move it for you.
 

2 more replies
Relevance 49.2%

What brought me here is a problem reinstalling my adobe CS1 - I had problems with acrobat and had to uninstall the entire suite.  I was unable to reinstall...it got just so far and then just 'hung'.  I spoke the the Dell cust. svc person who insisted I had to reinstall windows (which is a last resort).  I thought I may have an intruder on my computer so I followed all the directions or what to do BEFORE I post my question...all the downloads, scans and logs.  I am currenly running windows xp professional on a dell laptop.  I am posting my logs and hope someone can HELP ME!! [recovering space - attachment deleted by admin]

Answer:do I have a virus ...or worse?

Open Hijackthis and select Do a system scan only.Place a check mark next to the following entries: (if there)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)Important: Close all windows except for Hijackthis and then click Fix checked.Exit Hijackthis.I don't see anything malicious, have you tried to do any repairs to windows?Here are a few methods to try.Do you have an XP CD?If so, place it in your CD ROM drive and follow the instructions below:Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)Let this run undisturbed until the window with the blue  progress bar goes awaySFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.----------1. Download IEFix.zip and run it.2. Click the Apply button.3. You'll be prompted for the Operating System CD or the Service Pack Files location.4. Once finished Restart Windows. If you�... Read more

1 more replies
Relevance 49.2%

Hi there! While I've been lurking here in the shadows learning from all of you, a nasty virus has decended upon my computer. It's the dreaded FBI virus, even though the pictures do not look exactly like the ones posted on this site, it's a moneygram, pay up or this will stay on your computer forever virus.

So I did some research here on what to do, but it's getting worse. Here are the steps I've taken:

Using Windows 7, Premium Home edition
Boot in safe mode with networking.
Downloaded Rkill and ran it.
Downloaded emsisoft antimal and ran it.
It quarantined 7 threats - 6 high risk, 1 medium risk.
I selected for it to quarantine, but it gave me a message that there was an error and it could not quarantine 3 of the files.
I tried to delete the items out of the recycle bin and it gave me the message that my recycle bin was corrupt.
I was trying to figure out what to do next when the white FBI screen took over in safe mode.
I rebooted in safe mode again, and every time, the FBI screen appears.
I'm also getting the message that emsisoft has encountered an error and it cannot load.

Please help. I'm at my wits end.

Answer:FBI Virus - getting worse!

Can you boot into safemode with networking?

Do not run any other tools when you are being assisted.

11 more replies
Relevance 48.79%

So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost.

I thought I had everything under control until today when I changed from Norton internet security to my Iolo System Mechanic anti virus. I decided to swap so I can use a special firewall that gives me very user friendly control over everything that goes in or out of my pc. That's when it happened.

When I clicked block all traffic to stop the misc connections that svchost was trying to make, I ended up getting around 20-50 error messages, a pop up fake virus scanner that ive never seen before, and everything on my computer was "gone". Odds are it was just a fake overlay or it turned everything to read only and invisible, but I decided to say F-it and did another format. Now I will provide the data that I have so that hopefully someone can aid me in fighting this thing.

After my format, the very first thing I installed was my mobo driver to connect to the internet. the MOMENT I had internet access again the svchost issue came back. that is it starts to eat up huge chunks of memory as well as cpu usage.

With the windows process explorer I can clearly see what the drain is from.
Under the tcp/ip connection tab, there are tons and tons of random IP's trying to connect to the internet, and as some are closed new ones open up. While this is not the cause of t... Read more

Answer:svchost virus, or something even worse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 48.79%

well... don't think anyone needs backstory so here it is...Something changed my background to a red active desktop picture that says your privacy is in danger download privacy protection software now. Online porn icons keep appearing and task manager, registry editing, and My Computer are disabled. Here is the hijack this log... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:55: VIRUS ALERT!, on 7/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Progr... Read more

Answer:Started With Vav Virus Now Its Worse

Hello Kyle and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

4 more replies
Relevance 48.79%

I downloaded a Demo called spamfighter. It seemed to work ok but it just puts the files in a special folder. I let the time run out and tried to delete it.
I used add remove because it didn't have an Un Installer. To my amazement it connected to the webb and asked me why I didn't want it. I tried to tell them I didn't need it and could find no place to click to erase it. I left the site. Itied several times to remive it, and always ended up on the webb.
I persisted in erasing all the files associated with it and could not erase a file called Proxy.dll, It always comes up access denied so I renamed it Fart.sssss!
How ever since then I can not get email or any webb pages when connected to the webb. What can i do? I'm running XP Home edition!!
 

Answer:WARNING I got something worse then a Virus.!!

Sounds like a nasty bit of software if it does that to your pc.
First I would run anti virus then spyware like spybot and ad-aware, these are good spyware killers not like what you downloaded.

Before you do anything make a restore point so at least you can get back.

Then go to START>RUN>type MSCONFIG then go to the startup tab and uncheck it if it is there.

Then I would look for any registry entries do this>

start>run> type regedit>go to the edit tab>select find> then type in the name of that file, delete all found files>.

WARNING**** make a backup of any file you delete from the registry, just in case you damage the registry.

Reboot and see what happens, If you still have the prob you may need to repair your registry and windows xp.

to repair registry go here

To repair xp go here or do this>
How to go about Repairing Windows XP
1. Put your Windows XP Install CD into your CD-ROM drive.
2. Reboot your computer.
3. Let your system boot off of the CD.
4. Let the Setup go through the first part of the Installation procedure.
5. When you come to the screen in which it says "Welcome to Setup." press Enter to Setup Windows XP.
6. Press F8 to agree to the End User License.
7. Let the Setup search your system for previous versions of Windows.
8. When the Setup is finished searching your system, select your Windows XP Installation and press the R key on your keyboard to start the Repair Procedure.

This is the part that might m... Read more

1 more replies
Relevance 48.79%

can someone please tell me how to get rid of the norton antivirus subscription notification? I had a trial version and that damn renewal notification pops up all the time. Thanks
 

Answer:Solved: Worse than a virus

You will have to remove the trial version from Add/remove programs in control panel.
You will still need an antivirus program of some sort.
 

1 more replies
Relevance 48.79%

Hello,I have a pretty crazy problem and I have no idea how to resolve it.I was reading financial articles online today, when suddenly the entire computer shutdown unexpectedly. Upon start-up, the screen showed a warning that recommended a system restore, so I went ahead and did it.Once I re-started, I noticed that I couldn't access anything through the search engine, Google. Once I realized that every other site worked fine, I did some research and discovered that it was likely the result of a virus.However, I tried searching for "TDSSserve.sys" which is normally associated with this problem, and found nothing.To make matters worse - My Trend Micro is spazing out like crazy. In the last 7 hours, I've received over 80,000 "web threats" from some ( http://) x-web.in /(followed by several random alpha, numbers)...I had to turn off my router to stop these threats from racking up.Thank goodness Trend Micro blocked every single attempt so far!!Any idea what's attacking my computer? I can't access Google and this x-web.in thing keeps attempting to penetrate.Please help!Note: I'm running Windows 7 on an HP G-62 model.

Answer:Possible Google Virus or Much Worse

It seems to be a rootkit..Try runnning malwarebytes free version and hitman pro.

2 more replies
Relevance 48.79%

We have two laptops in the house, both of which use the same router. One of them has come down with a redirect virus, but unfortunately I haven't been able to find either the name of the particular program that it has nor a removal program guaranteed to remove it. Not for free, anyway, but at this point I'd probably even pay for it.

What I've Done:
Scanned with AntiMalwarebytes. -Can't detect virus.
Restored System to Date- System doesn't store a late enough date to remove virus.
Run another Antivirus Program that removed it, only to have it reappear a few days later.

Symptoms:
Redirects to unwanted sites from links.
Disabled all practical use of Firefox, had to download Chrome.
Attempts to alter system files from program files location. (This caused tons of popups and forced me into safemode.)
Occasionally, as in nearly once a day, the internet won't work for either laptop even though the router has full bar reception. It stands only like, ten feet away from where we use the laptops, so it usually isn't a reception issue. The resulting error detection says something about the DNS and server location of the website. This has led me to suspect the virus is in the router.

We can still use the internet on the infected laptop, for now. I'm worried it might spread from the router to my laptop, though I'm not sure that's possible. Both computers have DNS lookup problems on a fairly regular basis that last for a few minutes and then stop. ... Read more

Answer:Redirect Virus-I Really Need Help Before It Gets Any Worse!

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

9 more replies
Relevance 48.79%

I have started this topic before, but was not able to finish. Now the rediredct is getting wors all the time to the point my casual computer use is very difficult.

My kids *(grand kids) playing games are probably the cause.

I get redirected when doing searches and get a virus scan occasionally that tries to say I have problems - which i do.

I have ran the defogger and created the gmer scan. My computer locks when doing the gmer scan so I will give the dds.txt . and then run gmer. I don't see how to atach the Attach.txt file so if you need I have it on my desk top.

Thanks Philby
DDS (Ver_10-03-17.01) - NTFSx86
Run by Tad Ackerman at 11:55:43.28 on Sun 08/08/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1084 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.... Read more

More replies
Relevance 48.79%

Elsewhere a while ago I posted in this forum that I was getting odd logs in Norton with messages of it blocking constant attacks, but I thought that was all there was to it. Wondered what it meant. The computer froze but I didn't seem to have any other problems at the time.

Since I had not heard I;ve done a little more digging, and it's worse than I thought. I can't boot into safe mode -- I get a blue screen of death. And I can't use system restore, it's been disabled and if I try to restart the service it gets stopped almost immediately. So there's likely a virus in there.

I ran malwarebytes and superantispyware (something I'd do in this situation anyway), which found a couple of issues that I deleted but the computer still has the same issues -- and I'm waiting for it to freeze.. so either the virus is still there, or it's done enough damage that I won't get my safe mode back. And none of the programs -- norton, malwarebytes or superantivirus find anything wrong any more.

I did not want to run combofix until someone from the bleeping side responded...but I'm beginning to think maybe I should try it since otherwise my option is to backup and then wipe the drive and reinstall windows? Please let me know....if that makes sense? I kind of need to get this computer back....

Incidentally, thanks to all of you on the bleeping team. What godsends you are. I know you've got a lot on your plates..so understand your... Read more

Answer:It's gotten worse. I have a virus but I can't find it....

It would help if you could post the logs from those scans:If you do not have those logs then perform the following:Download the following:Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to sc... Read more

7 more replies
Relevance 48.79%

Something is eroding my system. Trojan.W32.Generic!BT continues to pop up in Vipre scans. It redirects me on the internet, and does not allow other security software to run. Please help. I can post a HiJackThis log.

Answer:I have a virus that keeps getting worse Troj

please send me the full detail about what the virus doesThanksThe Wiz

3 more replies
Relevance 47.97%

I posted a while back for some help on this, but now the issue is getting worse. With any browser I use, and any search engine I use, I get redirected to another site. If I am quick enough I can use the back button to navigate back to the intended site. It is starting to get to the point where searches are REALLY slow and redirect constantly. I've tried running Malware Bytes, SUPER anti spyware, and ad-aware. Everything says ok. Cleared all my temp folders/files and tried adjusting my startup cfg through msconfig. About the only other thing I notice is that every time I start my computer, there is a screen that pops up and closes so quick I cannot even tell what it is. All I can tell is that the box is a blank white.

My System:
Windows 7 64bit
intel i3-550
6gb of ram
Its an Oe Dell inspiron 580 with a cheap aftermarket gpu card.

I use the computer mostly for gaming, but I also read e-mails, browse the net, and use it for media purposes.

As per the first sticky post in this sub-forum, here is my HiJack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:01:20 PM, on 2/26/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Games\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Progr... Read more

Answer:Search Redirect Virus - getting worse.

16 more replies
Relevance 47.97%

Hi all,

I'm currently running windows 7 Professional N 64bit. I've recently been experiencing my google links being redirected to strange websites, including bts.scour and other ad websites. I feel like i've seen quite a lot of posts concerning the same issue, but it has been 2 days and the redirects are getting much more frequent. I have run hitman pro, AVG pro and Spyhunter 4 countless times but they all come up clean. I really have no idea where to go from here, any help would be greatly appreciated,

Answer:Google Redirect Virus getting worse

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

23 more replies
Relevance 47.97%

Okay, been gone from here a long time, and wonder now how I ever got along without this site, it is the best out there!
I am about to purchase a new computer in the near future. I am not computer savvy at all, mostly use it for surfing and emails, etc. Anyway, have had this one for a few years now, and I am getting spyware one it that I cannot get rid of, about blank for one! Okay, when I do get a new computer, what protection software should I buy and install on it? What is the best out there in other words? Any body have some ideas...or what you use that works? Thanks a lot!
Gary
 

Answer:Spyware is worse then Virus problems?

My personal opinion, Windows XP Home Edition or Professional Edition with Windows XP Service Pack 2 is a start for security. For software I would suggest Norton AntiVirus 2005 for the antivirus. For spyware I would highly suggest SpySweeper, this program has worked wonders for me as in protecting me from spyware infections. If you have WinXP, SP2, NAV, SpySweeper you should stay clean from malware and worms. However you can still be infected if you visit unsafe sites. Hope this helps. Browse Safely!

Also please see this thread How to Protect yourself from malware!
 

6 more replies
Relevance 47.97%

It think I have some sort of virus on my computer but i cant find it! I have tried using like 3 or 4 things but nothing, whenever im on the internet sometimes pop up will come up and i exit them out and it also redirects the links i click on google, one time i didn't exit it out fast enough and i got like 20 more viruses. And I think its starting to do other stuff, just now I got a error report about norton and i looked, it says Auto-protect is malfunctioning. I really really really could use some help!
also sometimes i hear noises like when something fails, its that noise thats not very happy

Answer:Can't Find virus (I think its starting to gt worse)

So i'm trying the "waiting and hoping it will go away" approach, so far its not working :(

9 more replies
Relevance 47.97%

I first noticed that I had a redirect virus on the computer and tried to fix it myself with anti-virus/spyware programs. After several weeks and no progress, my entire system crashed and I could not log int Windows. I do not have the disks, but I was able to reinstall Windws from the company I purched the computer by using F3. I wiped the computer clean, or so I thought. I decided to use Avast antivirus instead of AVG (what I was using before) and every couple of minutes there is a new threat detected from malicious URL's. The addresses on the websites appear to be colleges, insurance, and credit card companies, but Avast shows them globalroot / systemroot / svchost. I also had to stop using google completely because Avast was blocking everything. I am now using Avant browser which helps a ittle, but I'm still being attacked left and right.

Here is the DDS File:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by colortyme at 11:16:52 on 2012-02-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.915 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF4... Read more

Answer:Started as redirect virus, now worse

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Download TDSSKiller.exe to your desktop
http://support.kaspersky.com/downloa...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.7.17.0_date_time_log.txt
Attach that log, please.

Please download aswMBR.exe and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Allow it to download the definitions from the internet.

Click Scan

* Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
* You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

19 more replies
Relevance 47.97%

Symantec Screwup Is 'Worse Than Any Virus'

A recent update from Symantec Security Response incorrectly tagged a company?s program as a virus and cut off the Internet access of its customers. Needless to say the company and its customers weren?t happy.

Symantec on Monday released a virus definition update that incorrectly identified Solid Oak's CyberSitter filtering program as a virus. Depending on the version of Symantec's Norton Antivirus product that Solid Oak customers were running, CyberSitter files were either deleted or banned from use by Norton, according to Solid Oak.

Answer:Symantec Screwup Is 'Worse Than Any Virus'

Speaking of symantic screwups. We have LC5 which is a password hashing program MADE BY SYMANTEC. 2 weekends ago, norton antivirus flagged it and deleted it. Symantec is retarded sometimes.

1 more replies
Relevance 47.97%

So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost.

I thought I had everything under control until today when I changed from Norton internet security to my Iolo System Mechanic anti virus. I decided to swap so I can use a special firewall that gives me very user friendly control over everything that goes in or out of my pc. That's when it happened.

When I clicked block all traffic to stop the misc connections that svchost was trying to make, I ended up getting around 20-50 error messages, a pop up fake virus scanner that ive never seen before, and everything on my computer was "gone". Odds are it was just a fake overlay or it turned everything to read only and invisible, but I decided to say F-it and did another format. Now I will provide the data that I have so that hopefully someone can aid me in fighting this thing.

After my format, the very first thing I installed was my mobo driver to connect to the internet. the MOMENT I had internet access again the svchost issue came back. that is it starts to eat up huge chunks of memory as well as cpu usage.

With the windows process explorer I can clearly see what the drain is from.
Under the tcp/ip connection tab, there are tons and tons of random IP's trying to connect to the internet, and as some are closed new ones open up. While ... Read more

Answer:[SOLVED] svchost virus or something worse

Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.

Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.
If Malicious objects are found, ensure Cure is selected (it should be by default)

Click Continue then click Reboot now

Once complete, a log will be produced at the ... Read more

10 more replies
Relevance 47.97%

Hello,

I'm used this forum as a resource before, and now I have a pretty crazy problem and I have no idea how to resolve it.

I was reading financial articles online, when suddenly the entire computer shutdown unexpectedly. Upon start-up, the screen showed a warning that recommended a system restore, so I went ahead and did it.

Once I re-started, I noticed that I couldn't access anything through the search engine, Google. Once I realized that every other site worked fine, I did some research and discovered that it was likely the result of a virus.

However, I tried searching for "TDSSserve.sys" which is normally associated with this problem, and found nothing.

To make matters worse - My Trend Micro is spazzing out like crazy. In the last 7 hours, I've received over 80,000 "web threats" from some ( http://) x-web.in /(followed by several random alpha, numbers)...I had to turn off my router to stop these threats from racking up.

Thank goodness Trend Micro blocked every single attempt so far!!

Any idea what's attacking my computer? I can't access Google and this x-web.in thing keeps attempting to penetrate.

Please help!

Note: I'm running Windows 7 on an HP G-62 model.

Answer:Google Virus And Possibly Worse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 47.97%

Hi,

Last week I got a virus of some sort on my computer and ever since it hasn't been working properly and I keep getting a lot of pop-ups. Within the last few days I've also started getting warnings on my internet screens themselves. Everything is in red and it says Warning: You're computer needs to be scanned, viruses detected. I've been scanning it daily with avg, but it is never completely resolved. It may seem slightly better after the scanning but later it will be even worse than it was prior to the scan.

Please help! I don't know what to do....

Thank you!

Answer:trojan virus keeps getting worse on my computer

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through allthe steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 47.97%

Since a few days ago I've been harassed by a redirect virus that redirected Google results and other websites to odd places. The primary site was Infomash, but there were other websites I was redirected to.

I used a .exe file called Rkill in conjunction with Malwarebytes Anti-Malware and turned internet off to try to get rid of the virus. After 5 futile attempts I decided to follow the steps in NEW INSTRUCTIONS Removal Help thread.

Running DDS.SCR was as expected. I saved the two log files onto my desktop. When attempting to scan with GMER.exe, three disastrous things happened:
1. First attempt resulted in computer going to the Blue Screen mode out of a sudden. The computer then restarted itself.
2. The second try resulted in an odd computer freezing where the monitor showed only zig-zags. I took a picture from my phone if the visual is needed. I had to press the restart button on the CPU.
3. The third and fourth tries ended in the program simply freezing and turning off. The third try's crash happened pretty quickly after the GMER scan began; the fourth try's crash happened a long while after GMER had been scanning.

I cannot get GMER to run properly, so I am assuming that the virus is much more malicious than I thought it was. Here are the logs from DDS.SCR, but I could not finish the GMER scan.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 21:57:51 on 2012-07-20
Microsoft? Windows Vista? Home Premium ... Read more

Answer:Redirect Virus is Worse than I Had Thought

Hello kkj1116,

You are infected with ZAccess also known as Sirefef and several other names depending on the AV company. I'll want to gather a bit more information before we begin.

Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

19 more replies
Relevance 47.97%

Hello,

I recently had some sort of virus/malware attack my laptop which meant I was unable to access the internet. Its not a problem with the wireless as far as i'm aware as other people have been able to connect. The windows connection diagnostics said there was a winsock catalog error but sometimes it gives me different messages.

I attempted to try and fix it, firstly by running norton goback and then attempting to use DrWeb but think I've made it alot worse (did that before reading the first 'DO NOT FIX YOURSELF' page on the forum - schoolboy error).
A few virusy type things that have come up in the scan are 'trojan.swizzor' and 'adware.xbarre' and 'tool.killproc.3' - Think they are quarantined but not entirerly sure. i have the scan results saved if you require them at a later date.
i'm writing this from another pc as the laptop cannot connect to the internet.

Here are the reports of the scans as requested:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Tim Abraham at 0:23:39.92 on 27/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.583 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtSe... Read more

Answer:Virus problem... made worse

Bump, please.

6 more replies
Relevance 47.97%

A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers...This is the third time in less than a year that Symantec's Norton products have caused severe damage to computers running CYBERsitter software offerings...pcmag.com

More replies
Relevance 47.97%

I attempted running the tutorial for removing OpenCloud Antivirus. It was unsuccessful and Symantec keeps popping up about quarantined items. I've used this forums in the past and they were extremely helpful. Any help would be great or even a starting point. I've posted some of the error messages that pop up here.

Security risk detected: Trojan.Gen.2
File: C:\Users\ChrisV\AppData\Local\Temp\DWH316A.tmp

Security risk detected: Trojan.Gen.2
File: C:\Users\ChrisV\AppData\Local\Temp\DWH2D15.tmp
dds log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by ChrisV at 22:44:25 on 2011-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6389 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Wind... Read more

Answer:OpenCloud or worse Trojan Virus

attach.txt

31 more replies
Relevance 47.97%

Greetings, This week, I suddenly started to get the Security Warning virus, so I did a system restore to the previous day to get that settled. But later that day, I started getting weird search results every time I searched from my toolbar, but not from the Google page directly. Then I started getting strange results intermittently from each search attempt. I'm hoping I can get some help with the Google redirect thing, which I can't find a name for. It seems to be pretty ominous. I followed directions. One glitch with that was GMER kept giving me blue screen crashes, so I ran it in Safe Mode. Thanks for any help available. P.S. I loaded a number of servers on my computer but they aren't running and haven't been since school ended in June. DDS (Ver_10-03-17.01) - NTFSx86 Run by Sandra at 18:23:38.07 on Fri 08/20/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.354 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exeC:\WINDOWS\system32\spoolsv.exe... Read more

Answer:Search redirect virus getting worse

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below a... Read more

17 more replies
Relevance 47.97%

Hello and thanks for any and all help! I was trying to find a good program to make it easier to take notes on a pdf file and in the process downloaded a virus. I changed a bunch of my browser settings (eg changed the default search and home page) to fantastigames metacrawler. I ran scans and only found something using malware bites. It deleted two files but the problem persisted. Using some online guides, I found some more files with the fantastigames name in it and deleted them. But the problem persists and my computer is slowing down. Also, if I try to do a system recovery to restore to a previous point, it says the restore can't be completed. There are two possibilities: the virus is still hiding on my computer or I deleted something I shouldn't have. I know I should leave it to the professionals, I've now learned that lesson, so I don't need chastising. But I am desperately in need of help and appreciate any help and time taken. Let me know what to post, etc etc. Thanks!

Answer:Infected with a virus, may have made it worse

Have you only tried getting rid of the virus with Malwarebytes? I would suggest downloading another one just so you can always do a secondary scan to be sure of things. I would recommend the free version of AVG. Trying running AVG and see if it finds anything.If the problem persists. Restart your computer and hit F8 to enter the boot options menu. From there, choose Safe Mode. When you're in safe mode, try running the anti virus programs again.Another solution, maybe one you should try before the previous one, is to open up task manager. In the process tab, do you notice any processes that is consuming a lot of Memory? If so, do you recognize the program at all? If there is a process in there with the same name of that virus you had, right click it, and select open file location. Once there, delete it. Only do this if you are sure that it is the virus. I've looked at task manager enough times to recognize what should be there and what shouldn't. So if you are not sure, please ask because if you delete the wrong thing, you might mess up your computer worse.

3 more replies
Relevance 47.97%

Please don't tell me I have to reformat my whole computer...

Ok, so basically I think I was infected with a really bad form of that go.google.com redirecting virus (mine used web-analytics.google.com) that also made my explorer.exe constantly crash and reboot itself (it actually seemed like it was being closed while functional, as no error message ever popped up, and I could access my desktop/folders for like 5 seconds or so between each crash/reboot). When I manually closed explorer.exe in Task Manager, it stopped rebooting.
Since I couldn't access any anti-virus downloads (redirected to ad sites by the virus), I went with the only solution I could find that didn't require accessing a 3rd party program, which was to disable some "TDSSserv.sys" in Device Manager. Once I did, and restarted, my internet stopped working. I then tried to access Safe Mode (with and without Networking) to no avail. It freezes somewhere around the login screen (sometimes it freeze before I click which user to log in, sometimes it freezes as far as after I say "yes" to continue in safe mode and not attempt system restore, but it ALWAYS freezes. I tried at least 20 times).
To sum it up, my explorer.exe closes/reboots every 10 seconds, my internet doesn't work (can't even access router through Firefox), and I can't start in Safe Mode. Oh, and logging in normally only works like once every ten tries (freezes like when I attempt to start in Safe Mode... Read more

Answer:Go.google.com redirecting virus--except worse

Welcome to Major Geeks!


Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for TDSSserv.sys
Let me know if you find this or not.
If you do find it, right click on it, and select Disable. Do not try to uninstall it!!!! It will just reinstall and make removal more difficult.
Also if this is found and you disable it, then just immediately reboot.
After doing the above, please immediately follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and i... Read more

1 more replies
Relevance 47.97%

The virus is on an old desktop that is running MSXP Version 2002 Service Pack 3. I have tried to check for updates but the MS Site says it can't get my information. I have deleted all users on the pc and their files - except for me and mine. I tried to download updates for Norton, (after running rkill)which appeared successful, but after the install while updating my definition files, the pc froze. After a reboot, here is what I see.
First I get a popup with "Application failed to initialize 0x80070006. The handle is invalid"
Next popup I get is "Old Virus Definition File"
Third popup is "The ordinal 1109 could not be located in dynamic link library WSOC32.dll"
Then a large WINDOWS RECOVERY screen comes up and tells me it is Analyzing my pc and ends with telling me there were 5 errors detected, all of which are critical errors and to click to "fix". (I'm assuming this is still the virus).

What is my best path forward to attempt to get rid of this?

Thanks,

Dinx

Answer:Windows Defender Virus - or worse?

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Relevance 47.97%

Please review the FRST text files. Unfortunately the Trojan Adclicker seems to be back.
 

Answer:DLL.exe adclicker virus has come back worse than before

Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe

When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.


===========================


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desk... Read more

5 more replies
Relevance 47.97%

MyPublisher sunk its claws into your system and won't let go? You've come to the right thread.

There were two separate threads on this already, both are wrong / not solved. (might want to link to this one, or remove the other threads, @TechSupportGuy)

-

MyPublisher really screwed things up with a no-uninstaller program (who does that?)
If you're not a software company, it's best to avoid making software.

To all of you who must suffer the idiocy of MyPublisher - here's my solution so far:

UNINSTALLING MYPUBLISHER

1. Remove program files @ "\Program Files (x86)" (The entire "MyPublisher" folder)
2. Remove Roaming app data (click the start icon, type %appdata% & hit Enter), here you must also remove the entire "MyPublisher" folder
3. Remove icon from desktop (right click > delete)
4. Remove icon from start menu (right click > delete)
5. Clean up registry (click the start icon, type in regedit & hit Enter) here you must use Find (F3) to search for MyPublisher. I've found 6 (!) MyPublisher folders in my registry, and 4 "new shortcut" keys. Delete all of this crap.
As a final thought, I might sound upset in the above message. I am.
I care about my PC, and don't appreciate it being crapped on by impotent programmers & clueless companies.
 

More replies
Relevance 47.97%

I'm very, very scared and I need some help. I have had a LOT of trouble with my computer over the last few months. I've run everything from Avast Virus removal to other stuff and every time I've managed to make the computer run. However, this time the problem isn't with the computer crashing or running so slowly it's impossible to use. This one is some sort of encryption virus that is encrypting things on my computer. I have about 100 links to a page that shows me this long message about going to a site, entering my "personal code" that is provided and paying money to have my files decrypted. I've read online that this is just another scam to get money (no kidding) and will not help to decrypt the files. I need to get rid of this FAST before it infects any of my other files. Can someone please, please help me? I have run Avast again and it found 10 infected files, yet the virus is still present. Please help me.

Answer:I have a serious infection that's getting worse? Encrytpion Virus

Greetings NINTR and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problem... Read more

3 more replies
Relevance 47.97%

After visiting what should of been a normal website (I believe it may even of been the XNA creators club website) I got a pop up from AVG saying it had found a trojan and dealt with it. Silly me I thought that was the end of it. The next day I'm getting what looks like the google redirect virus. AVG, adaware and spybot all find nothing wrong with my system so I start hunting online for a fix. I found this website and started working through this topic before I posted here. I ran defogger with no issues and turned off any emulators, and then went on to download DDS. Mid way through DDS was running, my PC decided to throw up a BSOD and restart, so there are no logs from DDS. I then went onto GMER. Half way through the first run the program went non responsive and I had to restart it. Mid way through the second run, it threw up another BSOD. I have a partial log from GMER (attached), though I don't know if it will be of any use.To me this sounds worse than just the google redirect virus, however I have yet to see any other issues with my PC except the original trojan. Think I may have to reformat, but figure I would come here first for a last ditch try at fixing my PC! Am running Vista.

Answer:Google redirect virus (Maybe worse?)

Hello Steve772Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

1 more replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 47.56%

Cause: Trojan or Virus. Unsure. Most likely contracted from an infected webpage/website.

I've never experienced anything like this before. There was no BSOD but this is so severe, I had to turn to the power off and am too scared to switch on computer.

Effect:
1. web browser (IE, version ?) couldn't function, except load homepage (which I have always set to Google). Error message:
Microsoft Visual C++ Runtime Library
Runtime error
C:\program files\internet explorer\IEXPLORER.EXE
R6025
-pure virtual function call

2.I tried to open Ewido. Error message:
Not enough quota is available to process this command.

3.Tried to open HijackThis but could not access hard-drive.Error message:
Not enough quota is available to process this command.

4.Tried again to open Ewido via shortcut. Error message:
This no longer exists. It might have been renamed, moved or deleted. Would you like to remove from list? (I pressed No)

5.Tried again to open Ewido. Error message:
Application failed to initialize properly (0xc000012d). Click to terminate application.

6.Tried to open Ewido again. Error message:
SecuritySuite.exe -Bad Image
The application or DLL C:\windows\system32\PSAPI.DLL is not a valid Windows image. Please check this against your installation diskette.

7.Opened Spybot, forced to download updates before scanning. Then couldn't find anything after scanning for only few seconds (unusual- scans always take over 5mins). Error message:
C:\wi... Read more

Answer:Worse than BSOD. Trojan or Virus. Urgent Help!!

Microsoft says this is a memory problem. Upgrade ram or increase your virtual memory, which assumes you have some free hard drive space.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/1495.mspx?mfr=true

If you have not done computer maintenance in some time, you might consider cleaning up unneeded files, startup items and doing a defrag (this would be especially a good idea if your going to increase virtual memory).
http://forums.majorgeeks.com/showthread.php?t=106650
 

1 more replies
Relevance 47.56%

my husband had a window to mini clip games opened and we believe our daughter clicked on one of their websites by accident while we were in the other room and some how got a virus on his laptop and now the virus has shut him out where he can only operate in safe mode...and he also gets errors when he can get in but we cant get into the laptop the regular way there is just a black screen but he can get in safe mode but we cant install the virus programs like avg once he's in we were lucky to get the tgs exe it was rejecting it at first to even recognize that that we can use the scan disk but somehow he got through to open it up and get the info for you
we are sending you this message from my account i'm his wife and we put tsg sysinfo on a sd card and got this on his laptop in safe mode:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3002 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1309 Mb
Hard Drives: C: Total - 225436 MB, Free - 94422 MB; D: Total - 12836 MB, Free - 2145 MB;
Motherboard: Hewlett-Packard, 306B
Antivirus: Norton 360, Disabled

how can we begin to get these viruses out when we can not access the computer the regular way? please help you have always been successful before i believe you can help again.
 

More replies
Relevance 47.56%

So a couple weeks ago, I started getting redirected to ad sites whenever I clicked on a google search result. I was able to get around it by clicking my address bar after choosing the result and hitting enter. However, it's gone and messed with my system. Windows Firewall has been broken (impossible to turn on anymore), my internet won't work anymore, and my ArchiCAD program won't start up. None of my antiviral programs could find anything, even ones that I put on from a flashdrive that were meant to work on an already infected system. Since I researched this some, I ran the DDS, and here are my results.http://uploading.com/files/633b1267...http://uploading.com/files/cd643a24...

Answer:Google redirect virus turned worse

J_K,Thanks for the reports.Let's see if we can make more progress...Please run rhe following OTL ScriptDouble-click OTL.exe to start the program.Copy/Paste ALL the following text into the Custom Scan/Fixes textbox::otl
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
DRV:[b]64bit:[/b] - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
:files
C:\windows\SysWow64\vswmi.dll
C:\windows\SysWow64\vsxml.dll
C:\windows\SysNative\drivers\vsdatant.sys
C:\windows\SysWow64\vspubapi.dll
C:\windows\SysWow64\vsdata.dll
C:\windows\SysWow64\ZoneLabs
C:\Program Files (x86)\Zone Labs
C:\windows\SysWow64\vsutil.dll
C:\windows\SysWow64\vsinit.dll
C:\windows\Internet Logs
C:\ProgramData\CheckPointClick the Run Fix button at the top.Click: OKOTL may ask to reboot the machine. Please do so if asked. If not asked, reboot anyway.A report should appear in Notepad.Please Copy/Paste the new OTL report and upload it. Then, provide the link in your next reply.Now, run the following once again:Click Start > Run, type: notepad and press Enter.Once Notepad is open, copy/paste ALL the text below into Notepad:@echo off
echo.Please wait...
ping localhost >log.txt 2>&1
ping 192.168.1.82 >>log.txt 2>&1
dir /a/b/s c:\qoobox >>log.txt
notepad log.txtClick: File > Save As...Save to th... Read more

55 more replies
Relevance 47.56%

Hi.
First of all, my I am running a Windows XP OS. My computer was weird in that it had the virus where any search inquiry would be redirected to some bogus websites. I tried finding a program that would help fix this, but I think I inadvertently downloaded a malignant antiviral program (i think it was pc tools, because popups would keep occuring, and sometimes it was from them). Avast starting bringup warning signs of a trojan, but as soon as I tried to delete it, another warning would come up.
this was the warning..
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\Q0B87V23\flist[1].js [L] JS:FakeAV-G [Trj] (0)
File will be deleted during the next system start...

i ran combofix, but that was before i came to this forum and read that we really shouldn't have. for now my computer seems to be running without any popups, but I wanted to make sure my computer was completely purged. if there is any other information that you guys need, don't hesitate to ask.

Thanks.

Answer:google redirect virus turned into something worse

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Clic... Read more

4 more replies
Relevance 47.56%

Hi all I have a huge problem and I am about to go nuts.

I have tried everything I can think of from these forums and others but I cant seem to get this virus off my computer.

I believe the Virus name was "Security Protector" or something of that nature. I have removed these fake security viruses over 5 times now. I am no wiz at computers or anything but thanks to certain malware removal tools it worked.

This time around I cant kill the damn thing. Ok now onto everything I have tried to do:

-booted in safe mode tried to remove it via Rkill and Malwarebytes but this time it did not run malwarebytes. it said it was unable to access and also later threw a code 707 2
-booted again in safemode then decided to do a system restore to a previous date and try to clean the computer that way...didnt work same bleep.
-booted in safe mode tried to run all the options in Rkill dns, scan etc. didnt remove it.
-booted again and tried to reinstall malwarebytes but redirecting started and wouldn't let me access anything via google yahoo etc.
-used my laptop and got inherit.exe was told to open and put malwarebytes folder inside it...no luck inherit wont even open up.
-booted again this time firefox won't even open up!!! ARRRRRGGHHH

Please help me with what ever you can. Rkill still works so I can copy the log from that if it helps thank you all!

-TY

Answer:Malware redirect virus getting massively worse!! HELP!

Hello.You have an advanced rootkit infection. This type of thing goes beyond the scope of this forum and will require assistance from our Malware Removal Team.It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!~Blade

2 more replies
Relevance 47.56%

Like other users, I have had the symptom of redirected searches for a while. Now my computer will be OK for a few hours, then desktop links will disappear and it becomes too groggy to use - I need to restart. Sound is also very garbly. It's very ill. Ran dds logs but gmer gets stuck. Here's what I have - thanks for any help you can provide.

Answer:Google Redirect Virus is Worse Than It Sounds

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 47.56%

Cause: Trojan or Virus. Unsure. Most likely contracted from an infected webpage/website.I've never experienced anything like this before. There was no BSOD but this is so severe, I had to turn to the power off and am too scared to switch on computer.Effect:1. web browser (IE, version ?) couldn't function, except load homepage (which I have always set to Google). Error message:Microsoft Visual C++ Runtime LibraryRuntime errorC:\program files\internet explorer\IEXPLORER.EXER6025-pure virtual function call2.I tried to open Ewido. Error message:Not enough quota is available to process this command.3.Tried to open HijackThis but could not access hard-drive.Error message:Not enough quota is available to process this command.4.Tried again to open Ewido via shortcut. Error message:This no longer exists. It might have been renamed, moved or deleted. Would you like to remove from list? (I pressed No)5.Tried again to open Ewido. Error message:Application failed to initialize properly (0xc000012d). Click to terminate application.6.Tried to open Ewido again. Error message:SecuritySuite.exe -Bad ImageThe application or DLL C:\windows\system32\PSAPI.DLL is not a valid Windows image. Please check this against your installation diskette.7.Opened Spybot, forced to download updates before scanning. Then couldn't find anything after scanning for only few seconds (unusual- scans always take over 5mins). Error message:C:\windows\system32\S... Read more

Answer:Worse Than Bsod. Trojan Or Virus. Urgent Help!

Some questions :- Which operation system you have Windows?XP?2000?- Is it upto date?- Go to START RUN and type dxdiag please tell which version of Direct X you have- Under Control Panel Software please tell us which version of Java you have- Do you have a legimite windows?- A work around to see what is causing the problem is to download Firefox here and install. In normal mode, run an online antivirus check from at least two and preferably three of the following sitesBitDefenderComputer Associates Online Virus ScanPanda's ActiveScanTrend Micro HousecallWindows Live Safety Center Free Online ScanThis scanner from Trend does not require an Active X to run. 1. Detects and removes malware ( viruses, worms, trojans, etc. ) 2. Detects and removes grayware and spyware 3. Restores damage caused by malware to your system. 4. Notifies about vulnerabilities in installed programs and connected network services. 5. Multi-platform support for: Windows, Linux, Solaris. 6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.Please try to run test nr.6 in Firefox and post the results to rule out any virus

1 more replies
Relevance 47.56%

Specs,

CPU: Intel core duo T8100 @2.10 Ghz and 2.10ghz

Graphics: Ati mobility radeon hd 3870

Ram: 2 Gb

Running Windows Vista 64 (although some of my program files say 32?)

So suddenly on june 5th my computer started acting more sluggishly and couldnt perform near as well as it did before. I checked the updates and windows defender and mcafee were the only programs recently updated, I defragged the hard drive, searched for malware and spyware, updated all drivers and none of it fixed my problem. My rig was easily able to play 1080p before and now the video lags terribly, and the games the used to run super smoothly (in range of 30+ fps) now run at and average of 12 fps or lower. On clean boot the problem persists and i cant really tell if the problem is there in safe mode because the only time i can really tell my computer is slowing down is when it is streaming video or playing games.

The weird thing is ive been messing with my video drivers to see if i can fix it, and after using driver sweeper my graphics card didnt function (my windows experience index went from a 5.9 to 1, i couldnt use windows aero) but 1080p ran smoothly as ever. Once i reinstalled the drivers my index score went back up to 5.9 but it cant play 1080p. Because of that fiddling around i cant install catalyst control center anymore (it seems to install ok but when i open it there is an error message "could not load file or assembly CLI.implementation or one of its dependancies the s... Read more

Answer:Computer performing much worse than it used to, not virus or malware

In addition to a full antivirus scan, did you make a full scan with malwarebytes?
If so make a memory test
http://www.geekstogo.com/forum/topic...ing-memtest86/

2 more replies
Relevance 47.56%

Hi,

I have read the post about Antivirus xp 2008, I have this thing on my other computer and i have tried doing what the mod suggested, i am not having any luck because when i run malwarebytes (installed from a cd because i cant access the site) it crashes after about 25 mins when it is scanning firefox folders. I have tried scanning in normal mode and safe mode.
The computer is doing all sorts of weird things ie

The Web browser will only load google and a few other pages and when i try to go to an antivirus web site it just says cant connect
It also redirects to stupid selling sites

google also says analytic checks at the bottom left hand side when searching

The computer sometimes crashes at log in

Every so often the bubble comes up on the task bar saying i have 1164 viruses

Also every now and then i get the blue stop screen which means a restart
Could you please help me, i have pulled most of my hair out, i would just format and reinstall but i need to try and recover my files.

Cheers
Acestu

Answer:Worse Case Of Anti Virus 2008

Please print out and follow the generic instructions for using "SmitfraudFix". -- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If using Windows Vista be sure to Run As AdministratorMake sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.The tool will go through a series of cleanup processes and automatically start the Disk Cleanup program to remove Temporary files. Wait for it to complete and Disk Cleanup to finish.-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.If you're using Windows 2000/XP, please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to re-enable you anti-virus and and other security programs before conn... Read more

11 more replies
Relevance 47.15%

Hello all,

In a nutshell, my computer is running hella slow and I cannot access one of my hard drives. I just recently ran a virus scan with AVG 7.5 and am using Comodo Firewall and even though it says everything is fine, its not.

Where it started
- About two months ago, I opened the music folder on my hard drive (Z:) and noticed my files from D-Z were nowhere to be found. The weird part was when I opened iTunes, I was able to play all of those files no problem and when I right click on a song and picked 'Get Info', the 'Where' path referenced the Z drive and music folder like it was there no problems. Later that month, I go to My Computer to see if the files are there. For one, it took my computer about 5 minutes to bring up all of the icons. When it finally displayed all of my drives, I noticed Z drive didn't show any remaining space. I try to open the Z drive and Windows gives me an error message saying the disc is not formatted; would I like to format now? I closed the box and immediately ran scans with AVG, Comodo, and Kapersky online scan. They cleared a lot of malware yet when I click My Computer it still is very slow to display all of my drives and of course, I can't access the Z drive.

Just before posting this, I just went through and checked all of my running programs and found these:

ctfmon.exe
llsass.exe
services.exe
spoolsv.exe
wdfmgr.exe
winlogon.exe
wuauclt.exe

I don't know what more to do. I don't want to start over an... Read more

Answer:Post Anti-virus/malware Removal - Worse Than Before!

Those are all normal as written . Is this an XP machine?

13 more replies
Relevance 47.15%

I downloaded a torrent, then shutdown my computer. Next time I started it up, it went really slow and every time I move the mouse, the desktop icons disappear and a window pops up saying "Explorer has encountered a problem and needs to close" also something saying "run DLL as an APP has run into a problem and needs to close"

I deleted the afore mentioned download, but the problem persists and gets worse each day. Did the 5 steps, ran different cleaners, virus scans, etc. and nothing new. I tried to system restore, but it kept saying no changes made.

Here is my main.txt and extra.txt:

Deckard's System Scanner v20071014.68
Run by Tony on 2008-02-15 18:10:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-02-15 23:10:51 UTC - RP61 - Deckard's System Scanner Restore Point
60: 2008-02-15 07:26:13 UTC - RP60 - Software Distribution Service 3.0
59: 2008-02-15 0625 UTC - RP59 - ComboFix created restore point
58: 2008-02-15 05:41:59 UTC - RP58 - Removed Ad-Aware 2007
57: 2008-02-15 05:24:38 UTC - RP57 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-14 00:39:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memo... Read more

Answer:Worse each day! downloaded memory eating virus from torrent

Forgot to add:

Incident Status Location

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Spyware:... Read more

19 more replies
Relevance 47.15%

Opened a window to mini clip games and believe mydaughter clicked on one of their websites by accident while we were in the other room and some how got a virus on the laptop and now the virus has shut me out where i can only operate in safe mode...and it also gets errors like adobeARM.exe is unable to start correctly 0xc0000006 ...when i can get in but we cant get into the laptop the regular way there is just a black screen but i can only get in safe mode but i cant install the virus programs like avg once i'm in i'm lucky to get the tgs exe it was rejecting it at first to even recognize that that i can use the scan disk but somehow i got through to open it up and get the info for you
i'm sending you theinfo put tsg sysinfo on a sd card and got this on the laptop in safe mode:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3002 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1309 Mb
Hard Drives: C: Total - 225436 MB, Free - 94422 MB; D: Total - 12836 MB, Free - 2145 MB;
Motherboard: Hewlett-Packard, 306B
Antivirus: Norton 360, Disabled

how can we begin to get these viruses out when we can not access the computer the regular way? please help you have always been successful before i believe you can help again.
 

More replies
Relevance 47.15%

So the virus seems to have gotten worse. Now all my desktop icons dont work and task manager doesnt work either it simply says i twas disabled by the administrator. I cant even get to the desktop properties it sayd runddl32.exe not found.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:04:26 PM, on 5/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.e... Read more

Answer:Virus Got Worse! Desktop Doesnt Work. Hjt Inside

Hi,

Please let me know in your next reply if your Norton is still up to date - because I can't believe it's up to date with this HUGE malware amount you are dealing with.
If your Norton was up to date, it would have blocked most of it.

2 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 42.64%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 42.23%

Hello,
I have a laptop which has odd startup behaviour and which reflects the behaviour of another laptop, my sisters laptop that I was fixing.  I copied files from my sisters laptop to my laptop but scanned her disk before hand, but think now I've copied across a boot sector virus or something worse.
 
The beheviour of my laptop is when I press the start key, the button and power light come on, the fan comes on at a low speed, the dvd is checked, and then it repeats this behaviour with the lights going off, then after about 30 times on/off, it finally comes on, with the fan constantly on. But no screeen, no boot.
 
My sisters laptop reported almost the same behavioir. My laptop Windows 10. The other laptop Window 8.

Answer:Laptop will not boot, suspect boot sector virus or worse.

I've moved this to the more suitable forum,

Am I infected? What do I do?
This is now closed.

5 more replies
Relevance 41.82%

I*ve started a thread about this already but the people who have already tried to help didn*t know how to =/ I wanna ask again because this might get worse.. it already is.

So this was the problem before:
- Couldn*t copy/paste text in or out of Internet Explorer (able to COPY picture files however)

And here are some more problems I*ve noticed in addition to the above:
- Sometimes unable to save some picture files from IE. SOMETIMES. I don*t think that*s a problem NOW though.
- It is harder to copy text using CTRL+C... When I want to get the URL for a link, for example, the only way to do that is by right-clicking the link and going to 'Properties'. When I press CTRL+C, I have to do it many times before it works. And yes, I pressed it CORRECTLY. This does not happen all the time.. just sometimes. It still seems to be a problem however.

Problem details:
- CTRL+V, right-click select 'Paste', and even pressing the 'Paste' button at the top of the IE browser does not work. Cannot paste in IE. PERIOD.
- The moment I click on the IE browser (the page I*m on), the clipboard is erased. One example is when I view the properties of a text link to get the URL, copy it, then click on the page, then click on notepad, nothing shows up. This happens all the time.
- The "Paste" option is always disabled (in gray) when I right-click.. but ONLY for IE.

Is there anyhere I could ask about this? Like Microsoft or IE. (So they could learn more about this ... Read more

Answer:New/Unknown "Virus" Slowly Getting WORSE

go here and get an online virus scan virus
then go here and run spybot spybot
go here run adaware adaware
then go here and run hijack this hijack
install to its own folder run and post logs in security forum
 

1 more replies
Relevance 34.44%

I have been workin on this for several days now and I am at my wits end. I am attaching my Bitdefender log and an HJT log. I have followed all of the instructions in the "Before Posting" page. And should tell you the following. My Add/Remove programs hasn't worked in years so when necessary I use the free trials downloadable from various places.
When I try and run Microsoft Windows Defender it says I need to perform an upgrade, and will not open.
I tried running Pandascan this morning and waited for over two hours and it never did complete downloading.
As I mentioned, I am at my wits end and believe it's time for some help.
Thanks
 

Answer:The more I try the worse it gets! I need Help!

Welcome to Majorgeeks!

You did not attach your HJT log. Make sure you follow all instructions in step 7 properly and then attach your HJT log.

You should look at your Bitdefender log (change the .txt to .html and then double click on it and you can see it in your browser) You need to delete those items it is pointing out in your email.

Is your copy of Windows licensed to you and has it been activated with Microsoft?

What happens when you try to use Add/Remove programs? Be specific.
 

9 more replies
Relevance 34.44%
Question: Bad to Worse.

Hi all,  So not only does the Control Panel on my T520's nVidia card fail to work, but safe mode doesn't either. It gets stuck in a reboot loop for memory reasons. Using last known boot configuration I can get it to boot normally but the networking cards/drivers don't work. They are detected in Windows 7 but ipconfig only gives the Tunneling adapters.  Any ideas? Or should I just send it in for servicing?













Solved!

Go to Solution.

Answer:Bad to Worse.

Hi kingofthering
 
If you need to use the machine temporary or to ensure your Nvidia GPU is defect, you could change the graphics settings in the BIOS to Integrated Graphics.
 
If you are not technical savvy or / and wish to save the hassle, it's probably good to send it in for servicing.
Have a nice day!
Peter
W520 (4284-A99)
Does someone?s post help you? Give them kudos as a reward, as they will do better to improve | Mark it as solved if the solution works for you, so it could be reference for others in the future
=====================================
Sound Enthusiast and Enhancement (Post comments, share mixes, etc.)
http://forums.lenovo.com/t5/General-Discussion/Dol?by-Home-Theater-v4-for-most-Lenovo-Laptops/td-p/6...
http://forums.lenovo.com/t5/IdeaPad-Slate-Tablets/?IdeaPad-Tablet-Sound-Enhancement-Thread/td-p/7150

9 more replies
Relevance 34.44%

my topic is here http://www.bleepingcomputer.com/forums/t/134217/virus-and-rootkits/ and it has been a couple days since a reply, and i was told not to reply again until i get a reply from someone to help me. but my computer is now losing the whole task bar whenever i close anything...i can bring up the task manager and see everything there, and i can ALT+TAB between programs and they will come up, but when i press the windows button will not bring up the start menu. the HJT log is in that other topic. thank you for looking

Answer:I Think My Pc Is Getting Worse

Hi dizz15,I know it's frustrating, but please be patient. It may take a while to get a response, because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

1 more replies
Relevance 34.44%

Is a 635 slower than a 640? Is the camera worse? Is there less internal memory? What are the differences?

Answer:How much worse is a 635 than a 640?

Here's the differences compared to the 640...
The 635...
...has half the RAM, which meant Facebook and Messenger refused to run in my case on W10M, multitasking is less smooth and whatnot. But it works for the basics.
HOWEVER, there are some 635's that have 1 GB of RAM, matching the 640.
...is not supported currently so you won't be getting Windows 10 Mobile easily, although some 635's have indeed been getting it with little effort oddly enough.
...has an inferior, lower-resolution 5 MP camera with no LED flash. (the 640 has a flash and an 8 MP shooter)
...is smaller than the 640.
...does not have a proximity sensor.
...does not have double-tap to wake or Glance.
...has a smaller and lower-resolution display.
...has a smaller battery.
Although the 635 and 640 share the same Snapdragon 400 processor and 8 GB of storage + microSD.
The 640 is the better all-around phone but I your needs are very basic and the 635 is significantly cheaper then the 635 may make sense.

2 more replies
Relevance 34.44%

Like all AOL software, I'm wondering if the new AIM version is worse than the previous. Has anyone tried it yet?

It seems to have a lot of the features that AIM mods have introduced. I use DeadAIM myself, and have loved it for years. I tend to like things minimal. I've tried GAIM and Trillian, but I only use AIM, and GAIM messes up direct connections and profiles. I've tried AIMutation (sp?) and didn't like it much either.

What do you guys think?
 

Answer:AIM 6: worse because it's new?

i like it, but alot of people don't.
you just have to tweak it to the way you want it.
 

3 more replies
Relevance 34.44%
Question: It's worse

my computer has been acting up for awhile running really slow, but now it's started this trick of adjusting the screen every little bit. It either moves up or down. It changes the sizes of the window as well. Then i noticed down at the bottom in the task bar, a button appears for just a second with a little icon in it. Then it disappears before i can do anything. Now, my email has started bouncing and i can't get outlook express to connect. Also, i was kicked off yahoo messenger and then all i could get was page cannot be displayed on even my home page. Here is my HJT log. I would appreciate your help.

Demi

Logfile of HijackThis v1.99.1
Scan saved at 1:01:23 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Dig... Read more

Answer:It's worse

6 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

0 more replies
Relevance 34.44%
Question: Getting worse

I followed your advise to rid my computer of a BHO and virus (red circle w/white X in system tray). Now my computer takes 20 minutes to boot, asks what mode to load in, (safe, normal, MS-DOS, etc), and only loads in 640 x 480 video. I've also lost the printer driver.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:56 PM, on 12/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant ... Read more

Answer:Getting worse

hi, welcome to TSG.
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php
Download A2

http://www.emsisoft.com/en/software/free/

update A2 and run a full scan.
*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* run cleanup

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Ex... Read more

1 more replies
Relevance 34.44%

i now cannot access my e-mail since doing an update every time i click on the e-mail icon nothing happens its just blank, nutty norm again

Answer:its seems to get worse

What email icon?????????????

3 more replies
Relevance 34.44%
Question: from bad to worse

please help-got a new laptop trying to use the wi fi.there is no wireless connection icon any where.maybe there no driver,im guessing. do i need to use the disc that came with my router.my other laptop works fine.maybe i need to use another keycode,i dont know please help.thanks

Answer:from bad to worse

I think you're already running a thread on this: click herePlease don't double-post.

1 more replies
Relevance 34.44%

Hi, I have been using PC tools for the last couple of years with no bother. However, when I wanted to put it on my laptop I lost the ability to access the internet. They told me (eventuallY) to reboot using my windows XP home edition disc. having done that I was initially able to access the internet, but I could not open links or download any thing, and now explorer won't open at all, I just get error reporting. Things have gone from bad to worse and I need some help.Thanks

Answer:going from bad to worse

sorry - spyware doctor

2 more replies
Relevance 34.44%

Hi,
I made a post about my windows 7 explorer crashing, it seem to only happen when I move files from my internal to my external hard drive. it was still happening, nothing i tried fixed it.but NOW its gotten worse. Its crashing on a loop...every single second.this happens as SOON as I SIGN ON...in seconds it crashing and looping
and I cannot do a thing but use my internet...I get a message that tells me my program
fences (stardock program) has detected that there is problem with 7, and it disables itself, Then windows7 explorer crashes. sends info. then restarts...If I start a video or a program before it closes (which is seconds) then it will run. I have been up for HOURS trying to get this solved. I have NO clue what is going on. I ran Anti-Spyware free edition, found 8 harmful things, had them deleted. I also ran my microsoft essentials...BEFORE that..and it Finds nothing...it NEVER does. but anti does...that confuses me.

SO what is going on? what do I do? PLEASE anyone, I am computer illiterate...
I have windows 7 (genuine)
32bit home premium.
I was tryng to get the rest of the info. but I can't as the explorer is completely locked up as I type this...please help I am so frustrated, I want to make Bill Gates come fix my computer lol...who has his number!?
ASLO! After it crashes and re-opens it keeps bringing up the c drive file location library? every single time, so now i have a list of these file locations open...also I JUST get a message saying that my firewall is... Read more

Answer:Oh no its worse! Help!

Can you get into Safe mode instead? If so, does it happen in safe mode?
Safe Mode

EdiT:--------------------------------------
Do you have a system restore point you can revert to?
http://www.sevenforums.com/tutorials/700-system-restore.html

Oops sorry just read last line of your post.

9 more replies
Relevance 34.44%

new note pad mesgwhen I boot up.
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

I get this on start up and firefox is giving me an error

Well, this is embarrassing.

Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page
Can any one help me out?

Thank you so much
 

More replies
Relevance 34.44%
Question: Gotten Worse...

I know i posted about it a couple days ago with my computer going down the pooper. Well it was running real smooth untill recently. i had lots of disk drive space open now today it says i have 55.6GB of free space now i have a total of 74.5. I have been running virus protectors and spyware programs but its not working and there are icons showing up on my desktop that i cannot get rid of.... Do i have to re install windows or something? Sorry to ask again but i need help. Also i forgot to mention in my add remove programs there is a new program called search plug in and also micromedia flash player which im unfimiliar with and they are the biggest files in there.
 

Answer:Gotten Worse...

Please don't start a new thread for the same issue

If you are not getting any responses bump the original back to the top by simply posting to it...

here's the oiriginal... http://forums.techguy.org/t313054.html

closing this one

buck
 

1 more replies
Relevance 34.44%
Question: From Bad to Worse

Hello to all the experts here at Bleeping Computers.

I was in the process of following your steps from the "Preparation Guide" when my computer decided to crash big time.
Initially I had my homepage hijacked by something called start.search.us. That by itself didn't seem to be a big deal. I was proceeding through the steps and made it to step 8 (Create a GMER Log). Approximately 5 minutes into the scan my entire screen went all screwy. It looked like the GMER scan program filled the screen and scrambled itself.

Now my computer won't work at all. After a restart, the computer locks up on the black screen with the green progress bar (Microsoft Corp underneath). I tried a safe mode reboot but it stops loading at the following line of text, "Windows\System32\Drivers\avgidshx.sys" This was the same line of text that was being scanned during the GMER scan.

After another restart (so many I lost count) my computer reads the following, "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:...." Several options are listed but even after inserting the original operating disc to repair, I can't get past the green progress bar thing.

Help!!! I'm moments away from turning this laptop into a very unaerodynamic flying brick.

(I'm typing this on my wife's Macbook, in case anyone was wondering how I could post)

More replies
Relevance 34.44%

Hi,

I just wanted to start by saying a very big thankyou to all of you that help people on this forum. It is very generous of you and it is appreciated.

I have been infected by this fake security application that says "Windows Security has found critical process activity on your system". It keeps redirecting our web searches. In safe mode I have ran malware bytes, super anti spyware and created a hijack this log all before finding this forum. Both these scans found problems initially however upon following the instructions of this forum no more were found. I tightened up my zonealarm resetting it to default and searching programs that try to run as they popped up, mshta.exe was one of the programs.

I have followed the instruction on this web site to the best of my knowledge and i will attach the logs of the various scans. All scans went well except for the combo fix scan that ran through to stage 50, flashed a page suggesting it was deleting files and then restarted my computer. I repeated it with the same result.

I now have a message that says "SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe." whenever i start my computer and it takes a long time before all the applications are loaded and ready to be accessed. It seems to run faster if the internet is turned off?

I am posting this from another computer.


Here are the logs - Thankyou for yo... Read more

Answer:Please Help, its getting worse

I am not seeing much in the way of malware on your system. Let's do this and see where you are after:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present --Unless you set this.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present --Unless you set this.Click to expand...

After clicking Fix, exit HJT.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Ta... Read more

5 more replies
Relevance 34.44%

I have a virus on my computer in which my Windows Defender warning pops up every few minutes I remove it and it keeps coming back. I am also getting lots of internet pop-up ads. Please help before I throw my lap top out of my window. I ran hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:47 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Softw... Read more

Answer:Please help! It's getting worse

it is:
browser modifier: win32/fotomoto
 

2 more replies
Relevance 34.44%
Question: It could be worse

I come to this forum and read all the time in search of knowledge . With the reading and help of the fine people here I have fixed many problems . Some posts I have read complain about a program taking a minute to start up . Some complain about a slow boot up . Well when I said it could be worse I found one that couldn't be . Uncle brought his PC out to me to see iffin I could make it work for him . HP Pailion with 128 ram and XP Home . Hooked it up to my monitor and turned it on . One hour and 15 minutes later I could finally do something . First thing I attempted to do was run defrag . It took 15 minutes for the menue to work enough to let me click on defrag and another 29 minutes to open defrag . Now I have it open and click on derag to run , 7 hours later it finished . Pc Was still slow . A bit better but not much . Started to empty temp folders . One temp folder took 15 minutes to empty . Emptied all the temp folders and the history then deleated some programs . Only deleted 3 small programs but with them and the temp folders I regained 17 gigs of hard drive . Did another defrag and this time it went much faster . Then I started on malware and viruses . Did the ususal scans I learned from here and took a bunch of them out . Got to the point that the PC was healthy again . Took out the 128 megs of ram and replaced it with 512 which is the max for this HP . Now it is running very smooth and probably as fast as it ever will . So when you think you are running slow do t... Read more

More replies
Relevance 34.44%

Hello, I never write posts to ask questions when it comes computers, but this time I saw myself having to do so.
I have had many problems recently, and it just got to the point where stuff just doesnt work anymore.
I upgraded to Win 10 about 10 days after its launch. I loved it. I had that often problem everyone had but I could solve it.
About 20 days ago, everything worked greatly. Then, I don't remember what exactly happened, but all of a sudden I couldn't access the Groove Music App. Then I realized I couldnt open any other Windows built in apps, not even store worked. However, Edge and apps like calendar for some reason do work. So in an attempt to repair this, I messed up the Appdata folders's permissions. I had recently installed this context menu button when I right clicked, that let me take ownership of a folder, so I took the ownership "administrators."
Then, the hidden items check box in the View Tab on Explorer suddenly unchecked itself when I checked it. I looked up online and there it said it had to do with the Administrator account, but hell, I am the admin account on my PC, so this just didnt make sense. Then I read a simple reboot would help, so I rebooted and it was fixed.
This is where I mention my recent installs. Around the time, I installed this now piece of software on my pc, and this software was Bit defender Total Security. I had replaced my previous antivirus, Avast Internet Security, with this. Now, I highly doubt this program contributed to this in ... Read more

Answer:Help! My pc is getting worse

That last part went wrong somehow, here are the links:
click here
href
10-windowsstore/store-not-opening-in-windows-10-this-app-cant-open/c0de1565-9c33-4604-a1cd-b4ce18b72117?page=2&auth=1
10-windowsstore/windows-10-app-store-will-not-run-cannt-add-a-user/682d6bd8-39ae-4ee4-b0fc-c19027b44552?rtAction=1444233209744&auth=1
storeandappswontopenreregistering/
1-windowsstore/windows-store-app-not-opening-in-windows-81/9882357f-ae86-4e4d-ba37-209aa960063c

7 more replies
Relevance 34.44%

I've been trying to fix this computer for several days now, and it keeps getting worse instead of better

I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.

I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa

Here is my HJT log, let me know what if anything else will help.

Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program... Read more

Answer:It's Getting Worse....

I downloaded the newer version of HJT...new log file is:

Logfile of HijackThis v1.99.0
Scan saved at 12:13:41 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system... Read more

3 more replies
Relevance 34.44%

Ok my computer has been progressivly getting worse becuase before i wasnt able to enter my control panel becuase explorer would just crash. And now i started up my computer and restarted a couple of times and i cannot see my tool bar(the one with the start button) and my cousin is bringing my xp disk christmas.. what can i do in the meantime? oh and when i click my windows key it doesnt do anything.

Answer:it just got worse...

looks like a virus to me
what antivirus program are you using? and is it up to date?

9 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

9 more replies
Relevance 34.44%

Hi. I hate to be a nooge, but I posted a problem I had a week ago with a single search term being redirected in Google -- only that one search term was redirected. That much has stayed constant -- I've been using Google all week and only that one search term is redirected. My post has dropped down to page 12 and I think it's pretty much off the grid by now.Tonight I tried to run Hostsman to update my Hosts file and Avast! immediately put up the Warning notice that:12/2/2009 11:40:42 PM SYSTEM 2016 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\HostsMan\hm.exe" file.I quarantined the file, but now I'm very concerned. When it was just the one redirect it was interesting, but this has me a bit panicked.I've copied last week's post here.Can anyone help?EDIT: Okay, it looks like Avast! may be reporting false positives right now with virus database 091203-0, the one I'm using right now, according to what I read in the various forums. I'll keep a good thought, anyway.But my redirect problem IS still there, and I'd like to get to the bottom of it, if anyone can help. Thanks!Hello again -- I was here with a severe problem about a year ago. It took several weeks, and a lot of help, but I got cleaned.I also learned a few things. I have since installed the NoScript and Cookie Whitelist addons to Firefox, I installed the free version of ZoneAlarm, and I installed a Hosts file manage... Read more

More replies
Relevance 34.44%

dear all, any softwares that can fix this...

3 men go into a hotel for the night. The clerk informs them that it's $30 for the room, so they each take out a $10 bill to pay for the room. So far they paid $30, correct? You with me so far? Good.

A few moment after the men went up to the room, the manager reminds the clerk that there was a special promotion that night, and that the room was only $25. So the clerk gives the bell boy five dollars to bring back to the men. On his way up to the room, the bell boy says. "Hey, I'm not stupid, I'll give each of the man a dollar back and keep two for myself, $5 right, 30-5=25.

Well, since the bell boy gave each man a dollar back, that means each man only paid $9, correct?

Well, the last time I checked, 9x3=27, plus the 2 that the bell boy took makes 29, what happened to the other dollar??????

[This message has been edited by kokaik (edited 07-03-2000).]
 

Answer:the more you think, the worse it gets

7 more replies
Relevance 34.44%

Just a curiosity question. I found an old AMD K6 chip in a scrap computer.
I would like to know if it is better/faster than my "Cyrix Instead" with MMX?
Both I think are 266's and socket 7.......

It's for my first PC that is now used for solitaire and surfing the net...

And what steps, if any, should I do to swap them, if the K-6 turns out better?
 

Answer:Better/Worse? Two old CPU's for old PC..

10 more replies
Relevance 34.44%

Hey all.
I am loaded with popups. I went through all my prelim scans, booted safe mode, all that jazz. I didn't notice anything for about three minutes, then it all came back. If anything, they just seem to be getting worse. Anyway, here's my log, thank you much for your time.

Logfile of HijackThis v1.97.7
Scan saved at 11:43:05 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mllcrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C... Read more

Answer:Keeps getting worse.

Hi
You will need to get rid of the Peper Trojan first so run the PeperFix from my list..

After that
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [W7ABA] c:\documents and settings\... Read more

5 more replies
Relevance 34.44%
Question: Bad to worse

I posted a previous problem in regards to my computer shutting down at random and suspect virus. It seems things have gone from bad to worse in rapid time. I have lost internet connection, I open a program "regedit" and it closes, same with "msconfig" I cannot boot in safe mode. Suddenly all that was in my "connections" are completely gone, that folder is now blank. I know in the past I have tested your patience here but am throwing myself at your mercy once more. Sorry if this should have been posted with my previous question but I am unsure as to how protocol is.

btw forgot to give the basics.
Winxp
Medion computer.
should be current on updates.
again tia.
 

More replies
Relevance 34.44%

I tried to run a payment on a website and the submit button did nothing but make the cursor blink which it still is.  I looked under inspect Element and there was a JS file that downloaded.  I looked at it and it looked fishy.  I tried to run the normal cleaning techniques (ADW Cleaner, JRT, RKiill etc) and they all returned a messagge. "the service cannot accept control messages at this time "
 
It is slowly getting worse by the minute so I am not sure that this will even get to someone in tim,e cause I know u guys are backed up but if possible I dont know what to do I tried to use msconfig.exe , and the search functions to get safe mode to work but I just get either nothing happening or the same message.  I am afraid that if I turn off the computer to shift into safe mode that it will loack up..  Any helop would be appreciated.

Answer:I have something bad going on and ts getting worse byt the second

Sorry, but it seems that your pc is infected with a virus or malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.Please follow this Preparation Guide, post in a new topic and include a link to this thread.Let me know if all went well.

3 more replies
Relevance 34.44%
Question: bad to worse

Now I'm getting a little spooked.First it was just some irritating re-directs from Google searchers.Then multiple windows began propagating, sometimes blaring music, voices, phone sounds.Then, trying to work my way through the instructions in the preparation guide, I discovered that attempting to run the gmer.exe crashed me, locked up the processor, prevented me to restarting, the whole thing.Now, my touchpad has stopped responding. I uninstalled and restarted to replace the driver, but no effect. I am having to use a USB mouse, which works OK, but has not improved the touchpad.What's next?!Just curious. A question, for those of you who have experience with this forum--how long does it usually take to get help? Should I assume that all topics are addressed eventually, as folks find time? If I have failed to supply some bit of information, or violated some etiquette, I'd rather know, make my amends and start over that wait on the sidelines longer than necessary.Or should I just throw this piece-of-crap netbook out the window and get a real machine?

Answer:bad to worse

Hello pfosinger,It's hard to say how long it will take for a topic to get picked up. I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 300 unanswered topics, the oldest dated Aug. 26, 2010 at 5:14 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30 2010 at 10:00 pm using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange ... Read more

2 more replies
Relevance 34.44%

Sorry to be such a bother but this problem is driving me bonkers!
Every turn develops into a new drama-here's the situation so far-

(1.) When I go to click on a program (any program) my computer either immediately or soon afterwards pops up a window that says "program error-process has already been exited-has generated errors and will be closed by windows. You will need to restart the program. An error log is being created." Of course restarting the process only sends me in circles-the same thing continues to happen-sometimes, obviously, I'm able to start the program but usually during the course of operation the "program error" window pops up and it's back to musical chairs again!
My system is, O/S Windows 2000 Pro, P4-1.6GHz 400MHz/P4FAN (P4-1600AR), Motherboard-D850MVL -MB Intel D850MV w/LAN, Rambus 256MB (2).

(2.) Now if I didn't already have enough problems I've apparently been infected with the Fortnight.E virus-it gets worse, in turn, I infected my ex-wife with the virus via an email (well, I'm sure you can imagine my situation-it would be better to have my nipples dipped in honey and dangled over a pool of hungry piranhas-she's pissed! Of course, the fact that the virus installed porno weblinks into her favorite file made matters even more unbearable-you'd think she was a nun or something! At any rate,
I have run a Panda On-Line AV-Scan-several Norton AV scans-SpyBot, Ad-Aware and SpySweeper-nothing works!
... Read more

Answer:Sos....from Bad 2 Worse!

6 more replies
Relevance 34.44%
Question: Bad to Worse

Friends,

It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

If I reload XP, will all my data still be there?

Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

thanks, GearHead.
 

Answer:Bad to Worse

Hi GearHead,

Check out this link and try the removal tool from Symantec.

READ ME: Virtumundo Problems/Resolution Threads

Should that fail, I would suggest following the steps here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Best luck
PP
 

2 more replies
Relevance 34.44%

I just finished a download that had some pretty nasty side effects. I am getting a pop up saying "It is recommended to update you antispyware protection to prevent data loss. Please install the most up-to-date antispyware for you" then an ok button. This isn't the only one, there are about 2 or 3 that seem random, none of which seem encouraging at all. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:46 PM, on 1/26/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20935)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\explorer.exeC:\Program Files\Unlocker\Un... Read more

Answer:pop ups and probably worse

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all.I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it i... Read more

18 more replies
Relevance 34.44%

 Can anyone help??? It all started when I installed a new game (well new for my old PC) the other day, when ever I tried to load it, once it got past the intro video it just returned to the desktop, most of the time, it did occasionally work. So I went to look on the web for advice and was told to update my sound and video drivers. My PC is an old PII 350 with windows 98. I went to ATI and downloaded what it said was the latest driver for my card, now when the game does play the colours are all wrong and blocky (I have also updated direct X above the one the game needs). So I tried a sligthly older driver, which was even worse, so I put the newer one back on. To add to this the company who made my sound card (Aureal) have gone out of business, so don't give drivers now. I have found on another page what was supposed to the the latest driver they did release, but when I load the diagnostic tool on my computer (some sort of direct X thing) when I test the sound, it says there is a fault there too. It seems that what ever I try to do, the thing just gets worse, I am starting to think about getting another PC, but when it works, it does everything I need. Does anyone have and advice how I should try and fix all this? Thanks James

Answer:It just keeps getting worse

Did you simply overwrite the videocard drivers? If yes, you may wish to thoroughly clean your computer by uninstalling them and running a program such Advanced System Optimizer V2 or Advanced Uninstaller Pro 2004 There is also a useful tool that removes drivers for you.. I'll get back to you on that once I recall the name. Even though your soundcard manufacturer has gone out of business, use Google to search for drivers. There is quite a high chance of still finding them.As for DirectX, see to it that you have the latest version from Mirosoft.Buying a new PC will not solve your problems. It is not the PC's fault, it is the users fault. Your problems will just start anew if you donot know what you're doing.

1 more replies