Computer Support Forum

malware removal/popup/iexplore removal

Question: malware removal/popup/iexplore removal

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny

Relevance 100%
Preferred Solution: malware removal/popup/iexplore removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: malware removal/popup/iexplore removal

16 more replies
Relevance 90.2%

Dear All,

I'm a long time reader, first time poster. My laptop happened to acquire a very annoying virus/malware about 1 week ago. I do not run Internet Explorer, yet two processes of iexplore.exe are in my Task Manager. I oftentimes have nothing open at all and audio ads start to play from my speakers (when I end the two iexplore.exe processes, the audio ads stop). However, after few minutes the iexplore.exe processes reappear in my Task Manager.

Additionally, when I click on search engine results, I am redirected to ad sites. Lastly, my Skype randomly and automatically closes after 10 seconds of use.

I really hope for all your guys' support and help! Looking forward to replies!
 

Answer:iexplore.exe Virus/Malware Removal

Forgot to mention, I scanned my computer using avast, as well as Malwarebytes' Anti-Malware and nothing was detected.

Before the above problems occurred, I was infected with Vista Home Security 2011 and somehow got rid of it (though not sure if completely gone).
 

1 more replies
Relevance 90.2%

Yesterday, I had a program called drwatson64ex.exe launching. I noticed in task manager that a process I didn't recognize was also running: msdtctr. When I killed that, drwatson64.exe stopped launching. I thought I had removed it manually without issue as no further adverse effects were noticed for the rest of the day.

Earlier today, I was being disturbed by av.exe. I removed it and in the process of rebooting, came to realize that msdtctr was running again on start. I did a bit more digging and was able to remove av, drwatson64ex, and msdtctr completely, including emptying out my TEMP folder altogether. I also uninstalled Adobe Acrobat reader since today was the second time I was infected via a website that had no need for Acrobat, yet it was launched anyways as a vehicle to deliver the infection.

However, now I see that IEXPLORE continues to launch itself. No window or any other indication, but a process is listed. I later found out that in uninstalling Acrobat Reader and/or tweaking my browser's security settings, Flash wasn't present or functioning, so I reinstalled that. Shortly after I did, it turns out that IEXPLORE is probably acting as a frontend for advertising because now, there was unwelcome audio gracing my machine as well. Audio that stops whenever I use task manager to end process IEXPLORE.

Thankfully, the audio is only present about 2% of the time. But it has got to go. Based on the two infections I just experienced, is there maybe something ... Read more

More replies
Relevance 90.2%

Hello, this has been posted already, but perhaps the treatment method may vary depending on my situation and logs etc, so reposting...

XP SP3
IE 8 BETA (although using Firefox mainly)
Tried: Fullscan with KIS 2009 (kaspersky) and Adaware.
It removed some win32trojan downloader agent mkav or so, but problem remains.

Description:
I've been experiencing multiple iexplore.exe processes running freely without my control (I use Firefox mainly). While they run, there's a weird chinese speech in the background which sounds like a commercial, it may repeat itself few times and even overrun itself in sound.

The Problem:
iexplore.exe keeps on running along with the CHINESE talking in the background.

Now, if I run full scan on my system with KIS, it wouldn't detect anything, not to mention updated Lavasoft Ad-Aware 2008...

DDS LOG:

DDS (Version 1.0) - NTFSx86
Run by Idan at 22:27:53.26 on Mon 12/08/2008
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1606 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WIN... Read more

Answer:iexplore.exe malware detection and removal ?

Hello and welcome to TSF

Please do NOT start multiple threads on the same problem.

Here is what it says in the forum rules:


Quote:




MULTIPLE POSTING

This refers to posting the same question or same replies in multiple areas of the site (also called flooding). Please only post only once. If you feel you have posted in the wrong forum, contact a Moderator or Manager, who will move the post for you. This also includes the creation of multiple new threads on the same or similar topics and sending PM's continuously to one or more Staff members.




Click here for the rules

This thread is Closed

1 more replies
Relevance 88.97%

For the last two months I have been getting this message:

iexplore.exe - Application Error. The instruction at "0x043cf5db" referenced memory at "0x00000". The memory could not be read.

At first I thought nothing of it until recently the computer has been running painfully slow. Now I've realised it's probably a virus.

Three times I've tried to paste my logs onto this page and it has crash. Sorry that I have had to attatch them. THe Active Scan log won't even attatch, its too large. What shall I do about that? I hope you can help and thank you for your time.

Answer:Malware Removal Help - iexplore.exe - Application Error

Hello marnsnowy.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------


Quote:




AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) Outdated




Your antivirus is outdated. If you cannot update it, I can suggest some good, free ones once you are clean.

------------------------------------------------------

Download Flash_Disinfector.exe and Save it to... Read more

1 more replies
Relevance 86.51%

hey guys,
i'm having a persistent popup problem with this malware called Outerinfo...it basically just pops ads up on every click of the internet. I've tried using Xoftspy and Adaware to clean it off and it gets most but it doesn't get (Command Service)...

I've attached my Hijackthis log.
thanks in advance!
 

Answer:popup malware (Outerinfo) removal help

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages t... Read more

1 more replies
Relevance 79.13%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 79.13%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.31%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 76.67%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 76.67%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 76.67%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 73.8%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 73.8%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 73.39%

Hello
In looking thru the threads it seems I have the same issue that MFDnNC fixed for debiebrett.
I do have a virus that is making mulitply adds popup all the time and my system is running soooooo slowly!! AFter many many hours of trying to fix this myself and doing scans etc. I have been told the iexplore.exe is the issue-I just dont know how to remove it. Can someone please please help?
Thanks
Ginny
 

Answer:iexplore.exe removal

Welcome to the forum. You can add/remove/change program installation options via. "Start Button">>"Control Panel">>"Add/Remove Programs" Have you tried some of the online antivirus programs and are you running an antivirus program right now?
 

3 more replies
Relevance 72.57%

I have the iexplore.exe virus and need help removing it. I have already downlaoded hijackthis as one of your other responses said to do. I have the log info but dont know whare to go from there. Please help.

Answer:iexplore virus removal help

Looking at your HJT log I would suggest running HJT again and putting a check mark next to the following items:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dllR3 - URLSearchHook: (no name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - (no file)O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll (file missing)O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll (file missing)O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg"&"inst=NzYtOTQyOTEyMDg4LUZJKzEtRkwxMCsxLUZPSSsyLUREVCsxMzQxNi1ERDEwKzEtU1QxMEFQUCsxLUxTRCsyLVNUMTJPSSsxLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=f5309b5dfa7747d1851f1943efd18978-926b0c372c81b6990e23f4ac36feb0d919cf63a9After that could you please download and run SuperAntiSpyware free and Malwarebytes free also.http://www.superantispyware.com/http://www.malwarebytes.org/pr... Read more

12 more replies
Relevance 72.57%

Hello i've been having 2 iexplore.exe processes running in task manager on startup and cannot remove them. Once i end there process they come right back. I have used spyware doctor and kaspersky antivirus but it did not fix the problem please help. My logfile is in the attachments your help is appreciated.
 

Answer:Two iexplore.exe processes removal help

http://www.techspot.com/vb/topic58138.html
 

2 more replies
Relevance 71.75%

Hi,

I removed VUNDO detected by Symantec Antivirus using VundoFix v6.5.7; but when I start Internet explorer and load a webpage, Symantec AV pops up with a message that VUNDO is found in a temp file in CONTENT.IE5/... and a dll in windows\system32. I can delete the dll no problem, vundofix does not detect anything, until I run IE again...

Hope you can help,

Thanks


Logfile of HijackThis v1.99.1
Scan saved at 7:34:36 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\navnt\vptray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\twain_32\SiPix\SCBlink2\Srvany.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NuCam\CamCheck\CamCheck.exe
C:\WINDOWS\twain_32\SiPix\SCBlink2\USBPNP.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\navnt\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\navnt\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\savroam.exe
C:\WINDOWS\System32\svchost.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\hp... Read more

Answer:after vundo removal, iexplore problems

anyone?
 

3 more replies
Relevance 71.75%

I believe the problem has something to do with iexplore.exe but I have no idea how to fix it. I've been receiving random popups even when ie isn't running. Also an error pops up occasionally saying C:\WINDOWS\sytem32\nkgxfiwylzjslv.dll cannot be found. Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:08 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporat... Read more

Answer:iexplore.exe trojan system removal (HJT)

bump
 

1 more replies
Relevance 71.75%

My computer is infected with something. It started when I found Whitesmoke Translator tool installed. After this all programs would not run. I was able to stop the whitesmoke process, and can now work on the computer. However after being online for a few minutes, I can tell that other programs are running in the background. I use firefox as my web browser because I've had problems with explorer in the past, but iexplore.exe and explorer.exe show up in the processes on task manager along with some other randomly named exe files. I keep getting JIT debugger error while working, also an error about Clear My Tracks. Other strange names appearing in processes are ppc.exe, ppd.exe. If I end the process tree on these processes, the background programs appear to stop for a while. I'm also getting some redirecting while using google search. I have run mbam and avg free, but I have limited knowledge on how to do this independently. I can use the directions that are posted on here, though. Please help! Thanks for your time.

Oh - I'm using windows xp.

Laura

More replies
Relevance 71.75%

Greetings all;

I have a user who complained recently of hard-core pornography popping up on her Windows XP Pro computer. I restarted her into safe mode and ran Symantec Antivirus version 9 with instructions to scan for and remove "threats" (i.e. spyware, etc.) as well as any viri.

It found about 20 suspect files, none of which were windows system files, and whatever the program was unable to remove, I manually deleted.

Now the user is back in, but internet explorer will not start up. It fires up but immediately crashes with an error in iexplorer.exe in the winb2s32.dll mod. I googled the DLL and discovered an apparent connection to malware. I've run HijackThis, fixed the obvious instances but still cannot get IE to come up. Here are the current results from HijackThis. Any and all help is appreciated!

Tim

Logfile of HijackThis v1.97.7
Scan saved at 12:15:19 PM, on 7/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan... Read more

Answer:Threat Removal Causes iexplore.exe to fail

7 more replies
Relevance 70.93%

I see a lot of these things started happening yesterday. Unfortunately, It also attacked my computer. Since i can't find a reliable straight answer and i understand because it's still a new kind of Virus, I'ma take chances and ask for help here because it's really affecting my computer.There's alot of problems:First let me throw it out there i have IE7.So let's start:1. There's 2 running iExplorers in the task manager under System so is it a malware/virus or is it normal? I use safari and not IE since it's slow. Haven't used IE since 2008 or something.2. The Microsoft phishing thing. I remember before it all started, i got an error and i kinda read it and it said "Comino.exe has been terminated" Kinda thing. After then, there's been background clicking noises and advertisement.3. I did some scans and found some virus and i deleted all i can find, cleaned my temp folders, did scans. I have Malware bytes, Spybot, Avg. Although i removed all i can find, the problem still persists.Here's my DDS scanDDS (Ver_10-03-17.01) - NTFSx86 Run by at 14:33:38.35 on 07/12/2010 MonInternet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.932.81.1033.18.510.37 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunch... Read more

Answer:Microsoft Phishing Popup/Sound/iExplore Malware Virus

Hello EelaiiWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\tasks\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download the following GMER Rootkit Scanner from HereDownload the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on RunIt may take a minute to load and become av... Read more

1 more replies
Relevance 70.93%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 70.93%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 69.7%

Here is my HJT Log:


Edit by bjgarrick: Unrequested, Inline HJT log removed!

 

Answer:Need help with Popup Removal

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support


Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis
NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
 

11 more replies
Relevance 69.7%

Hi,
I just found you and hope someone can help with a major problem with popups /redirect.

I have square popups on both lower corners, a wide tower on the right side, related searches bar at the bottom and the insidious chitka and frequent redirects.
I've tried everything on the first 2 pages of Google, installed about 8 popup blockers, ran several different long scans including Malwarebytes etc. Nothing has worked.
My computer is about a year old Windows 7 desktop and I mostly use Firefox.
Please help me. Thanking you in advance, Lee.

Below are all the scans mentioned in your instructions.
#1
HIGHJACK:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:24:33 PM, on 17/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Desktop Lightning\Desktop Lightning.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Read... Read more

More replies
Relevance 69.7%
Question: Popup removal..

I have a friend who has a problem with 'porn' pop ups. She has children who use the PC so wants rid of them !!
I have ran Spybot, AVG free full scan, Bit defender total security 2009 full scan, Malwarebytes full scan. All of these found some problems and dealt with them. But there is still one site persisting in appearing randomly - sometimes after several days not appearing. I also ran COMBOFIX which ran through without problem.
Regretably I am not in a position to post hijack this logs at this time.
Can anyone suggest what I could try if not able to post hijack this log.
Thanks AL..
 

More replies
Relevance 69.7%
Question: Popup Removal

Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: Intel(R) Celeron(R) CPU B810 @ 1.60GHz, Intel64 Family 6 Model 42 Stepping 7 Processor Count: 2 RAM: 4030 Mb Graphics Card: Intel(R) HD Graphics Family, 1791 Mb Hard Drives: C: Total - 283488 MB, Free - 226154 MB; D: Total - 17358 MB, Free - 7606 MB; E: Total - 301 MB, Free - 261 MB; F: Total - 4085 MB, Free - 1160 MB; Motherboard: Hewlett-Packard, 167E Antivirus: avast! Antivirus, Updated and Enabled
 

Answer:Popup Removal

16 more replies
Relevance 69.7%
Question: Cid Popup Removal

hey, i've looked at other posts regarding this and it seems you have to run a hijack this log so heres mine below, please help there so annoying!Logfile of HijackThis v1.99.1Scan saved at 19:14:32, on 31/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\WINDOWS\SOUNDMAN.EXEC:\ATI-CPanel\atiptaxx.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Mi... Read more

Answer:Cid Popup Removal

Hello Lizi My name is Rahina Rescue and I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

15 more replies
Relevance 69.7%
Question: Cid Popup Removal

Not sure if this will help everyone but I have fixed the CID popup problem on my computer rather easily and by mistake. I was watching my processes on task manager trying to figure this one out and as the CID popup was plastering iexplore.exe's all over the place I noticed that another file had emerged onto the screen before morphing into another iexplore.exe file. I only got a split second glimpse of a file that looked something like pl#$%.exe. I did a file search on my computer for all exe files starting with "PL" (pl*.exe). Found nothing at first and realized that I didn't have hidden files/folders checked. Started it again and found this particular file "plan real.exe". It was located at C:\Documents and Settings\All Users\Application Data\Dumb Pure Blind Support\Plan Real.exe.
I opened up regseeker v1.45 and went into startup entries and deleted the line item for this file, restarted the computer, surfed the internet without popups.
I then went to the Dumb Pure Blind Support folder and executed the Plan Real file just to make sure and the popups started again. Restarted the computer and deleted the folder and file. All appears to be in order.
I hope this is the answer for everyone.....I just got lucky.
 

Answer:Cid Popup Removal

Hi and welcome to TSG.

Happy you resolved your problem.
 

1 more replies
Relevance 69.7%
Question: Popup - Removal

My XP (Home) seems to be affected by an annoying popup programme. When I'm on-line (broadband) every now and again I'm being told about men's medicines and so on. I have the usual anti-spyware installed and the XP firewall on. I've been through the Registry manually and haven't dicovered anything obviously amiss (although I'm only a novice and might have missed the offending line). I've tried a couple of free downloads to attempt to cleanse the system but they haven't worked. Anything else I could do please? Many thanks.

Answer:Popup - Removal

Messenger Service pop-ups? click here

2 more replies
Relevance 69.7%
Question: Cid Popup Removal.

I am having a lot of trouble trying to remove this program from my computer.I have ran nolop which came up with no infection and have also tried to remove the files listed in another thread relating to this from add/remove software. I have also ran through the steps in the preperation guide.Any help with this matter would be greatly appreciated.CheersPeteLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:52:30 AM, on 11/2/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\ntl\ntl Netguard\fws.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exeC:\Program Files\ntl\ntl Netguard\RPS.exeC:\WINDOWS\RTHDCPL.EXEC:�... Read more

Answer:Cid Popup Removal.

Hi, Wellcome to Bleeping Computer Forums!Please take note of the following:I will be handling your log and helping you, please do not make any system changes yet. The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience.The fixes are specific to your problem and should only be used for this issue on this machineIf there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.

6 more replies
Relevance 69.7%

I have tried running everything I can possibly run to keep this from happening. I am getting Winfixer 2005 popups on every window I open. I have run Ad Aware, Norton, the Auto Run "fixer". Nothing is working. Can anyone help?

Answer:Need Help with Popup removal

Other than Ad-aware, are you using these basic security programs?(They're all free.)a? free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. a? fills this gap.Spybot S&D - Detects and removes spyware, of different types, from your computer.Spywareblaster - A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.SpywareGuard - A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...Download them, update them, and then run them.Important:Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.If that doesn't help, then:Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They w... Read more

1 more replies
Relevance 69.7%
Question: Popup Removal

i dont know much about virus but i keep getting alot of popups for no reason (just looking at emails)

Answer:Popup Removal

Hello Omegadream and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is comple... Read more

1 more replies
Relevance 68.88%

Hi, Please help me stop these CID popups.. here's my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:27:41 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG7\avgamsvr.exe
C:\PROGRA~1\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0... Read more

Answer:Solved: CID Popup Removal

Please Download NoLop to your desktop from

http://www.thespykiller.co.uk/index...be028538366e8b644d0e9fd&action=tpmod;dl=get16

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder then rerun the program. -
================

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Cl... Read more

3 more replies
Relevance 68.88%

I have tried Spybot from safer networking didn't clean it
I have tried adaware and did stop it
I have tried AVG didn't stop it
I have tried TrendMicro and Mcafee as well

please help
 

Answer:Help with adware popup removal

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support
 

1 more replies
Relevance 68.88%

I keep on getting these stupid CiD popups for ie even though I am using firefox. I have researched and this forum seems to offer the most help...otherwise I can't find anything else that will work. Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:18:47 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TOSHIBA Ap... Read more

Answer:Solved: CiD popup removal help PLEASE!

6 more replies
Relevance 68.88%

Thank you in advance for your assistance.  I cannot locate the means to remove this annoying popup - PCKeeper.  It does not appear in programs that can be uninstalled. My operating system is windows 7 home premium.
 
Regards,
 
jwshepo

Answer:Removal of popup - PCKeeper

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Relevance 68.88%

I am constantly recieving pop-ups from xlime and other sites. Here is my log:



Logfile of HijackThis v1.99.1
Scan saved at 12:30:10 PM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLServiceHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Progr... Read more

Answer:Popup removal help!( xlime)

Anthony

Post your log in: HijackThis Log Help

2 more replies
Relevance 68.88%

I need help... I got a new ideabook and need to know how to remove a pop up for firedog software.  I  get this pop up almost every 5 minutes.  There is no short cut in the start up menu and there is no "add/remove" programs in the control panel.  How can I get this removed and how can I get the "add/remove" programs button back in the control panel?  Thanks for any assistance.

Answer:Need help with firedog popup removal

First of all, you should state what model IdeaPad and what OS you are using. In Windows Vista, "Add/Remove Programs" is labeled "Programs and Features". That is if you are using Windows Vista.





\\ I do not respond to PM regarding individual tech support. Keep discussions in the forum for the benefit of others //

1 more replies
Relevance 68.88%

I am getting REALLY annoyed by these CiD pop ups and i have tried running every Malware removal tool that I can think of.Hijackthig log posted below....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:41:52, on 15/10/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Hp\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Hp\HP Software Update\hpwuSchd2.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program ... Read more

Answer:CiD Popup Removal - Help Needed

Hello, Purdie. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTViewIt.txt Will be openedExtra.txt Will be minimizedDownload Lop S&D by Eric_71 and save it to your desktop.Lop S&D will only run on Windows XP and Windows VistaDisable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.To see how to disable security programs visit this tutorial:How To Temporarily Disable Your Anti-viru... Read more

3 more replies
Relevance 68.88%

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Robert (administrator) on TRADINGPC (14-11-2015 14:54:14)
Running from C:\Users\Robert\Downloads
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.e... Read more

Answer:akamaihd.net popup removal help

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

16 more replies
Relevance 68.88%

Hi -
Within the last hour I have come to your website and downloaded a trial version of Spy Doctor, which said I had a high risk with the Spy Guard warnings popups. This is so true! I have tried for months to get rid of it. The Spyguard people even gave me an uninstall link for this promo, but it won't launch because my computer says it is not a valid Win32 application. Anyway, approximately 30 minutes ago I agreed to pay $29.95 for Spy Doctor. A license registration code was emailed. I plugged this in, ran Spy Doctor, and the program says my computer is clean (which it is not - the Spy Guard popups are still coming). What gives?

Thanks.
Verlie

Answer:SpyGuard popup removal

I have ask for this to be moved to "Am I Infected" Please be patient, you will get better Help there.

1 more replies
Relevance 68.88%

About a month ago this popup started showing up everytime I open Firefox. It opens a second smalled window called oyodom.com then some online TV program starts playing. Though different things show up in that window it is not always TV programs. Help nothing I've tried gets rid of it, basically MBAM, Combofix. I could find no exceptions in the browser allowing access. Help

Answer:oyodom.com popup removal

Oyodom virus can be removed by following this tutorial .
 
Regards,
Abcd. 

1 more replies
Relevance 68.88%

hi again My daughters computer has an issue. She had a popup for a virus removal issue but do not recall the specifics. Here are the files for the frst scan.
 

Answer:virus removal popup

Monitoring
 

12 more replies
Relevance 68.88%

http://cidhelp.com/

This is the parent site for the (No Lop) uninstall program.

No HJT logs, no technical wrangling. Just click the link, and if you don't know where LOP is hiding, click the part that says you don't know which bundled software installed the darn CiD thing in the first place.

The whole thing took me about 3 minutes to free my computer of CiD pop-ups.

I had tried BitDefender, Adaware (Lavasoft), SpyBot, Avast, AVG, and CCleaner. The only help I got was from the sneaks that put it there in the first place!

froedge
 

More replies
Relevance 68.88%

I am constantly recieving pop-ups from xlime and other sites. Here is my log:



Logfile of HijackThis v1.99.1
Scan saved at 12:30:10 PM, on 3/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110083~1\EE\AOLServiceHos t.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Prog... Read more

Answer:Popup removal help!(xlime)

bumpp

18 more replies
Relevance 68.88%

I have installed and run HijackThis as instructed in another thread. Below is the results before fixing anything.

What can be fixed/corrected?

Thanks,

Dave.

--------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:15:59 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPE... Read more

Answer:Solved: cid popup removal

8 more replies
Relevance 68.88%

I installed IE8 directly from Microsoft's website, restarted computer, and IE8 works fine. BUT, a pop-up screen keeps returning to "Upgrade to IE8". How to get rid of this? Windows XP SP3, Thanks

Answer:IE8 Installation Popup Removal

after you install IE 8 there will be a window that opens up every time you try to open the browser it is to set the parameters of how you want IE 8 to function default search provider suggested searches that sort of thing just go through the steps once and it will not come up again

1 more replies
Relevance 68.88%

I have tired various scanners: Adaware, Spybot S&D, ewido, Kapsersky, and Norton Anti virus. Nothing has been found on any scan. Do you see anything? What suggestions are available? Here is my log:Logfile of HijackThis v1.99.1Scan saved at 9:10:03 AM, on 5/21/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exeC:\Program Files\Common Files\Sy... Read more

Answer:Outerinfo Popup Removal

I have tired various scanners and read other possible fixes on this site. None seem to apply to me. I have used Adaware, Spybot S&D, Stinger, ewido, Kaspersky, and Norton Antivirus. I am in the process of installing SP2 for XP. here is the log:Logfile of HijackThis v1.99.1Scan saved at 11:12:45 AM, on 5/21/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exe... Read more

3 more replies
Relevance 68.88%

Hi everybody!

Adssite popups have found there way into my computer and I can't seem to get rid of them. I am running Win Vista so avenger.exe won't work. Could you please tell me if I have to attach anything more so that you can help me?It's just that the ad's are really inapropriate for the younger poeple using my computer.

Paladinj,
 

Answer:Addsite popup removal

Welcome to Majorgeeks!


As you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,



Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

Steps and applications that run with Vista are listed in the read me guide above,
 

1 more replies
Relevance 68.47%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 68.06%

this little popup crap from the toolbar to show a little mini of the window you are hovering over in windows 7 is really starting to get annoying... is there any way to stop it from popping up?
i don't know whose dumb idea that was... each tab on the toolbar is clearly fricking labeled......

Answer:windows toolbar popup removal.

Try the methods shown here.
 
http://www.bleepingcomputer.com/tutorials/taskbar-thumbnail-preview-in-windows-7/

3 more replies
Relevance 68.06%

I'm reading most of these threads and I'm still unable to remove the popups that continue to occur even after using HJT and removing them, they continue to pop back. Here is my latest HJT file. I have removed all the O1 entries, O4 - Global Startup: hggpiu.exe, and the O10 entries. After I do this, I continue to get pop-ups. I have removed the O20 Winlogon Notify entries, and they continue to come back as well after using Killbox. What else do I need to remove? Thank you.
Logfile of HijackThis v1.99.1
Scan saved at 5:53:42 PM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook i... Read more

Answer:PopUp Removal Frustration - HJT File Inc.

16 more replies
Relevance 68.06%

Please someone help me remove this annoying popup. It only hits my mozilla browser.
I have avast running
I have windows 7 64bit
UAC is disabled
I ran Ccleaner and cleared everything
I ran the listed antimalware tools and am attaching the logs.

Please Help!! thank you !!!!
 

Answer:ib.adnxs browser popup removal

We are going to be uninstalling your old version of FireFox and installing the new version. So do the below to save bookmarks:
Run FireFox and click Bookmarks.
Then select Organize Bootmarks.
Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.

Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

You will need to exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

Start by uninstalling FireFox and then reboot. Do not skip the reboot.
After reboot, delete the below folders:

C:\Documents and Settings\UserAccount\Local Settings\Application Data\Mozilla
C:\Program Files\Mozilla Firefox

where UserAccount is the actual user account name being used.

Now reinstall FireFox from the file previously downloaded.
Import your bookmarks file. (similar process to exporting).


Is FireFox working okay now?
 

3 more replies
Relevance 68.06%

After struggling for months trying to get rid of the irritating popup resolution notice, I finally discovered how to do it. It has nothing to do with Windows or your computer. The resolution notice is coming from your MONITOR.

I have a NEC LCD 1765 monitor and I read the online manual at www.nec.com which mentions how turn the "resolution notice" on and off. I did it by pressing button #5 on my monitor but the menu selections are not clickable with a mouse. You have to scroll up and down the menu list with Montior Button #4 and then select with Monitor Button #5. I went to the "advanced menu" in this manner and found the menu item for "resolution notice" and selected "OFF".

I am finally rid of that very irritating popup screen that was driving me crazy.
Thank God !!! Please spread this information far and wide because I know many others are suffering from this same problem. Good luck...

Rodger

Answer:Resolution Notice Popup Removal

Are you talking about the confirmation where when you change the resolution in display options it asks you if you'd like to keep this setting?

1 more replies
Relevance 68.06%

I allowed a friend of mine to use my machine to play a few games. Seemes he wanted a trainer and downloaded and ran an .exe without telling me. I was able to stop the pop ups from occuring. However when I went to load a game (F.E.A.R. 2) the .exe runs but the game doesn't boot. The only reason I know that it's running is I rebooted after nothing happened thinking I required a restart and I recieved the "End program now" dialog with the FEAR.exe as the program it was trying to close. Pressing CTRL+ALT+DEL also does nothing. I attempted to run it dirrectly from the .exe and an error window appears:

"Windows cannot find 'C:\WINDOWS\system32\taskmgr.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search."

Same thing happens when I attempt to run Regedit or any *.reg files for that matter. I'm at quite a loss and unsure how to proceed. I thank you in advance for any help that can be rendered. Following is my DDS log:
DDS (Ver_09-02-01.01) - NTFSx86
Run by Deimos at 11:20:20.12 on Sun 03/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.658 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svch... Read more

Answer:Popup/trojan removal issues

Hello DeusExDeimos,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

10 more replies
Relevance 68.06%

Hi All,I have recently been asked to look at a friends machines which was suffering poor performance as a result of popups. I have run both Spybot and Adaware both of which deleted numerous nasties. I also ran Grisoft AVG which has deleted a number of trojans. Things are looking good - but would \one of you please take a look at the following HJT log and confirm if all is clear?TIALogfile of HijackThis v1.99.1Scan saved at 09:00:18, on 08/06/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\Program Files\Common Files\Symantec Shared\Secu... Read more

Answer:Popup And Adware Removal- Successful?

Hello Megmoto, Are still having problems with this computer? Popups? Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java Runtime Environment (JRE) 6u1. Scroll down to where it says "Java Runtime Environment (JRE) 6u1". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions in Add or Remove Programs:
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 6 Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.C:\DOCUME~1\CHRISW~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exeDelete the Hijackthis.exe you ... Read more

3 more replies
Relevance 68.06%

Here is the HJT LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:09:59 PM, on 3/19/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\PROGRA~1\FREEDO~1\fdm.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mcknet/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Softw... Read more

Answer:ad.yieldmanager.com popup removal help needed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 68.06%

Deckard's System Scanner v20071014.68Run by fuzzy on 2008-05-16 01:03:00Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as fuzzy.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:03:05 AM, on 16/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Canon\IJPLM\IJPLMSVC.EXEC:\WINDOWS\system32\lxcrcoms.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Tablet.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WTablet\TabUserW.exeC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Windows Live\Messenger\usnsvc.exeC:\Program Files\BitTorrent\BitTorrent.exe... Read more

Answer:Cid Popup Removal: Hijackthis File

Hi Fuzzboy

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.

10 more replies
Relevance 68.06%

My computer suddenly had a box popup from MS Removal Tool stating I have TONS of infections/Malware! It is trying to force me to buy protection from them. I HAD Avg on this PC now it will not run. I cannot even CNTL/ALT/ Delete..it tells me EVERYTHING I try is "infected"! What happened? I tried to download some of the suggested malware apps but it tells me THEY are infected.Thank you!

Answer:MS Removal tool popup,cannot open anything!

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. ******************************************************Please do this in this order. Boot in Safe Mode with NetWorking, download and run MBAM. Next, re-boot in Normal Mode and run MBAM again as w... Read more

7 more replies
Relevance 68.06%

I am continuing to have popup problems after following all of the steps at http://forums.majorgeeks.com/showthread.php?t=35407

Firstly, within those instructions I had the following problems:

When running Trend MicroHousecall all 13 files that were discovered were unable
to be cleaned, including a variety of Trojan files.

I could not run the Symantec Security Check, it says "redirection for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked." I tried going to the Symantec website to find a security check and run it myself but the links wouldn't work correctly.


Among the popups I am getting are some error windows including the following:

An error has occurred in the script on this page
Line: 92
Char: 4
Error: Access is denied
Code: 0
URL: http://xadsj.offeroptimizer.com/imp...ttp://forums.majorgeeks.com/showthread.php?t%
Do You Want to continue running scripts on this page? (Yes/No)

And multiple advertising based popups by "Aurora - Part of the ABI Network" which cannot be stopped using popup blocking software.

Please help!
 

Answer:PopUp Problems After Following Removal Instructions

Somehow it never seems to fail that when I post here I have to boost my thread because it goes overlooked while other people who don't even follow the rules get responses. *sigh*

ANY-how, could someone pretty pretty please help me out?
 

10 more replies
Relevance 68.06%

I must have installed something bad because now I am constantly bombarded with with official looking Windows Security Alerts about serious threats to my computer's safety, and fake trojan.w32.looksky warnings then directed to fake anti-spyware websites. I've created a HijackThis log to see if someone might be able to help me figure this out, as I have very little knowledge of where something like this might be hidden in my computer. On a related note, the very next time I tried to access my external hd after all this started to happen, it wasn't recognized, and windows asks to format it. This must be related, but I can't figure out how, and I'm very worried about losing it all.

So here is the logfile, and thanks in advance:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:53 AM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\m... Read more

Answer:infuriating popup spyware removal ads

Hello and welcome to TSF.

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply and a fresh HijackThis log please.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

10 more replies
Relevance 68.06%

Keep getting Spyware Removal Wizard popup. Have run Adaware, Spybot, Ewido, Smitfraud. Can't seem to get rid of it. Here is the Hijack this.Logfile of HijackThis v1.99.1Scan saved at 4:21:00 PM, on 10/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Wave Systems Corp\Common\DataServer.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\... Read more

Answer:Spyware Removal Wizard Popup

Any help would be appreciated.

10 more replies
Relevance 67.24%

Hello, Thanks in advance. My computer is running super slow and there are popups from nexplore search and also some spyware program that asks me to click ok for a free scan...looks very questionable. also there is this a "blog" popup of some sort as well. I can also actually hear my computer "working" every second along with the green light flashing on my desktop every second as well.

Please help.

THANK YOU VERY MUCH!!

Bob

DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 1:04:53.23 on Wed 04/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1533 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files ... Read more

Answer:nexplore popup, antivirus/spyware removal

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 67.24%

Hi there, New to this forum, found it looking for help to a problem i'm having with popups all over the place!I've ran various scanners and most come up blank withthe exception of a couple that suggest I have a virtumonde infection and one that suggests jkkjg.dll needs to be removed fron the windows dir. (always locked and cant remove - even in safe mode)any help would be appreciated!!below is a fresh hijack log...many, many thanks,Pauzter.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:59:56, on 30/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeD:\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\WINDOWS\tsnpstd3.exeC:\WINDOWS\vsnpstd3.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeD:\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.ex... Read more

Answer:Popup Ie Windows, Jkkjg.dll Removal? Hijack Log

Hello Paulzter,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

8 more replies
Relevance 67.24%

Hi folks,well, I am sure I have the Google redirct popup virus and am having a hard time finding any solutions on line for 6 bit system. Can someone here please help me get rid of this thing. it's causing more problems each day. I ran the free Malwarebyte program and it did delete 6 problems but not this one.ThanksSorry, I ment to say 64 bit system ;-)Merged posts. ~ OB

More replies
Relevance 67.24%

I keep getting popups from a program called Windows Defender claiming i have a virus and need it removed. I already had this virus once before and had to re-install windows to get rid of it. It's not as serious as that now but I don't want it to get to that level. I also was unable to get RootRepeal to work, I received an RootRepeal(2) Error message: FOPS-DeviceIoControl Error! Error Code = 0xc0000024.DDS (Ver_09-12-01.01) - NTFSx86 Run by Steve at 20:32:46.23 on Thu 01/28/2010Internet Explorer: 7.0.6000.16982Microsoft? Windows Vista? Business 6.0.6000.0.1252.1.1033.18.2045.935 [GMT -5:00]AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\... Read more

Answer:Windows Defender Virus Removal Popup

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 67.24%

My PC is infected. A program "MS Removal Tool" pops up when I boot and scans my computer and then asks if I want to remove the threats. It has blocked my viris software from running. I followed the Bleepingcomputer Forum preparation guide and ran DDS.txt and have attched attach.txx and ark.txt Logs to this topic. I am posting them here. Please help.Thank you.DDS.DDS (Ver_11-03-05.01) - NTFSx86 Run by Robert at 18:02:41.05 on Sun 04/24/2011Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3574.2324 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k Netw... Read more

Answer:Infected with "MS Removal Tool" Popup "scans PC"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

16 more replies
Relevance 67.24%

Hello,

Since a while now i have been experiencing a very inconvenient Popup, always for the site Party Poker. This happens on different sites, can't pinpoint just particular one. It seems to be a general popup.
I read through the "First steps for spyware removal" and followed the steps as best i could. I think that my antivirus was still running some processes though.
I hope this doesn't cause any problems with the log results.
Thanks in advance to all of you for helping everyone out on your own time!! Two thumbs up for all of you at Tech Support Forums!

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Felix at 10:56:16.92 on 07-Jun-10
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2037.786 [GMT 2:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrs... Read more

Answer:Party Poker Popup Trojan removal

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2Double-click SystemLook.exe to run it. (Vista/Win7 users, right-click > Run as Administrator)
Copy/paste the contents of the following codebox into the main textfield:

Code:

:folderfind
party
:regfind
party

Click the Look button to start the scan.
When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------

19 more replies
Relevance 66.83%

I have tried the most obvious things to no avail. The many sound-enabled ads are reallyreally distracting and unnerving. I hope you can help.
 

Answer:Popup adware still remains after using basic removal tools.

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceedin... Read more

12 more replies
Relevance 66.83%

I am attempting to clean my in-laws computer but I have been unable to remove AWOLA spyware from their system. I have downloaded Ad-Aware and also followed the steps that you suggested and I am still seeing the yellow box pop-up and AWOLA will uninstall and then re-install itself. I have been unable to locate the original file only shortcuts. Also, I have not been able to do any Windows Updates on their system. PLEASE HELP!

Deckard's System Scanner v20071014.68
Run by Owner on 2008-05-16 17:15:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 383 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:55 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Owner\Applicati... Read more

Answer:AWOLA Removal and Your computer is infected! Popup continuous

Hi, welcome to TSF!

If you still need assistance, please post a fresh main.txt log

1 more replies
Relevance 66.83%

hiya
i have run superant spyware, registry mechanic, ad aware, none of which have removed these bloody pop ups!!

im a DJ, im getting a bit better with computers but not much, can anyone help
heres my hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:57:52, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shar... Read more

Answer:AV System Care Popup Removal Help/fix? hijack this log enclosed

anyone? x
 

1 more replies
Relevance 66.83%

The message popped up today and I cannot access anything-including task manager. When I restart the system I get a black screen with a cursor if I try to restart anyway except the choice of starting in the last known way that worked.

Could use help getting rid of the message so I can get my computer back up
Sorry, its windows xp pro with sp 3

internet explorer browser
 

More replies
Relevance 66.01%

HelloI'm new to this website and in desperate need of help. This virus is actually giving me anxiety and I'm starting to have chest pains. I'm such an idiot! I downloaded a suppossed video codec from a link that was hosted by cnn (so I thought it was trusted) and it downloaded a file titled "install_player3913012" And ever since then a popup comes up and says: your system has been infected with a dangerous file ...download this spyware removal tool or malicious files will be lost. Obviously I don't ever download it.I followed preparation guidelines but it took forever! I don't believe Housecall was able to complete. And also my Norton Antivirus says it's unable to access the engine to complete a scan. I want to reinstall but I'm scared to do so without your input first.And worse off!! I just found out while writing this post that it must be messing with my keyboard because as i am trying to type, the cursor automatically goes back 1 space and places the letter there. I had to edit this post for it to be spelled correctly. I can't go on like this. To get a better idea of what I mean I'll show you what it does if I don't edit it:Helo Iam hving trouble wthm cmputerand I' aking bleeping copter.com to help m because i dot know wher else to turn .eneutmm oy ia lTHIS HAS NEVER HAPPENED BEFORE, I AM POSITIVE IT IS BECAUSE OF THAT DOWNLOADed virus.Please, kindly extend your help to me. I live on my computer and I am absolutely paralyzed in my professio... Read more

Answer:Popup: "your System Has Been Infected...download This Spyware Removal Tool"

Hello and Welcome to Bleeping Computer. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. Please give me some time to analyze your log, and I will post back with instructions ASAP.

5 more replies
Relevance 65.19%

Hello,

Every time I reboot my computer, a new directory labeled common is created and placed in C:program files with helper.dll in it. I can delete it, but it just recreates itself everytime I reboot. How can I get rid of this? I have read that this can be disguised as a trojan that can retreive banking info, but it says that it is usually in the c:windows/system directory, which in this case it isn't, as far as I know.

I have scanned my computer with my Trend Micro Internet Security and no trojans are found and the adware/spyware that is found, supposedly is removed. I get a few popups like nexplore, and virus remover 2009, so I am pretty sure my computer has something on it that I'm not aware of. Just not sure what else I can do at this point. I have cleared all cookies, and temp internet files, etc.

Also, what virus scan/spyware removal program is the best out there? I have always used Trend Micro, but I was just curious if anyone could give me advice on what to use in case there is anything better out there.

Thank You.

Answer:Helper.dll, nexplore popup, antivirus/spyware removal program advice

I would strongly suggest that you read through this topic:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/You have probably picked up a Nasty hiding in the bowels of your system...Even the best of malware removal programs are not able to find some of these things much less remove them. Read this article which will help you prepare for the HighJackThis forum. Once you have prepared the reports follow the directions for opening up a new topic there.PLEASE, Do not post the logs in this forum...They will be ignored or moved to the appropriate forum. That may delay your request for help.

1 more replies
Relevance 64.37%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 64.37%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 64.37%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 64.37%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 64.37%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 64.37%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 64.37%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 63.55%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 63.55%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 63.55%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 63.55%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 63.55%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 63.55%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 63.14%

Hi Guys,
Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

Even I delete this virus, this gets automatically generated by itself or recreates itself.
autorunme.exe is not the actual virus, but it is just a duplicate.

Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

Manual removal autorunme.exe process:
After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
They will not recreate now.

Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
 

More replies
Relevance 63.14%

I recently started my daughters laptop to find a Windows Security window pop up prior to desktop starting up. It mentioned there is a Worm, WIN32.NETSKY that has infected my system, and that I should perform a full scan to remove the worm. I have McAfee on my computers so I contacted them for help. They concurred with the Windows suggestion. I did a complete scan of the system. 14 infections were found. McAfee quarantined them all and I deleted them. I re booted. After the Windows XP boot screen I got a standard blank screen with the shut down immediately going into process. It would restart and go through the same process again. Shutting down and restarting. I have found out through this site what the WIN32.NETSKY worm/virus is, i can imagine how it got into the computer, So how do I fix this? I might also add the computer will NOT let me enter safe mode. So at this point I can do nothing but go through an eternal reboot! Also I can't figure out weather I removed the worm or not!



Thanks in advance, Tom

Answer:[SOLVED] Computer won't start up after removal of WIN32.NETSKY removal

This is what can happen with viruses. They shred your Windows OS files.

What happens when you keep pressing F8 at start up? Can you get to the advanced options menu to do a "repair install"?

Otherwise I think you will probably have to recover your personal data off the drive, completely reinstall Windows, but cleanse that personal data with anti-virus cleaners before you migrate it back to the new installation so the machine doesn't get infected all over again.

4 more replies