Computer Support Forum

Adwares + maybe something worse

Question: Adwares + maybe something worse

I pretty much summed it up in the questionnaire. I'm trying to save my dad's notebook from layers and layers of browse hijackers, adwares and maybe something even worse, I don't know.

Hopefully you guys can show me the right tools and instructions for the job.
Thank you in advance!

More replies
Relevance 100%
Preferred Solution: Adwares + maybe something worse

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 44.28%
Question: adwares again

Hi i had gotten help on here before with issue it doenst sem too far goen this time as last was adware with trojans. i seem to haveing adware problems again i ran the combofix, i did the vundo the auper antispyware is expired so i can not us ethat and i didnt wnt to delete or remove it cause it will release everything that is in the quarnatee list. heres my lastest combo.fox log thank you!!

"Owner" - 2007-07-23 12:04:56 - ComboFix 07-07-04.4 - Service Pack 1
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\system32\fccyyab.dll
C:\WINDOWS\system32\khfgfee.dll
C:\WINDOWS\system32\cbxxwvu.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\wr.txt
((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))
2007-07-23 08:51 <DIR> d-------- C:\WINDOWS\system32\b02FdUe
2007-07-23 08:51 <DIR> d-------- C:\temp\brr
2007-07-03 20:27 <DIR> d-------- C:\!KillBox
2007-07-03 19:56 <DIR> d-------- C:\VundoFix Backups
2007-07-02 07:50 <DIR> d-------- C:\WINDOWS\system32\bits
2007-07-02 07:47 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-02 07:47 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-01 19:45 170... Read more

Answer:adwares again

16 more replies
Relevance 44.28%
Question: Adwares

I work my original window. I feel that adware create problem onto my pc. What are the solutions and also Wi-Fi solution.

More replies
Relevance 43.46%
Question: adwares detected

hi guys,

i have run spybot, ad-aware and cleared everything, but when i ran spyaudit online, i was told i still have adwares. can someone please help me look through my log and advise? Thanks!

btw, is www.burstnet.com the "parent" of this site? it's leaving quite a few cookies while i was surfing this site...

thanks again!

Logfile of HijackThis v1.97.7
Scan saved at 15:23:17, on 6/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\M2W Notifier Service\M2W Notifier Service.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\suen\downloads\hijackthis\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Tool... Read more

Answer:adwares detected

HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

This is Japanese language support. Do you need it? If not, delete.
 

2 more replies
Relevance 43.46%

Pretty much the same problem with this guy
http://malwaretips.com/threads/infected-with-lasuperba-unable-to-kill-it-on-my-own.51369/

Ads pop-ups and redirects taking over the browser. In my case it is the Firefox, though. The adware have not affected chrome yet.
Malwarebytes also shows utorrent affected.

My scan's result using FRST's here
 

Answer:Infected with adwares, need help

Hello,
Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

2 more replies
Relevance 43.46%

scanned my pc with SpyHunter and it detected around 450 infected registeries!!!.though malwarebytes only returned with 15 infection which it already cleaned.here is my HijackThis log attached with this

Answer:too many adwares and spywares

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that....     Let's get going!!  
----------
 
Please download DDS from either of these links
 LINK 1LINK 2
 
and save it to your desktop.
Disable any antivirus programs during the scan (If you have ... Read more

43 more replies
Relevance 43.46%
Question: adwares killing me

many adwares in all of my browsers chrome, firefox and internet explorer every site i open they redirect me to page "adfly" and open pop ups "linkbucks" and other things i can't remember but these adfly and linkbucks are the main viruses i have... i removed all my extensions but they still there
 

More replies
Relevance 43.46%

Hi !
All is in the title : Where can I download adwares ?
Thanks
 

Answer:Where can I download adwares ?

Streaming video and crack sites are full of adwares, toolbars, fake plug-ins, etc.
Enjoy
 

4 more replies
Relevance 43.46%

Hi, I have paid approx $60 for Xoft and Spyware Detector today as I have been desperate to remove the adwares that are ruining my life. Spyware Detector seemed to have removed some of them but most of them, including the most annoying ?Registry Cleaner? still exists. I?m having to type this desperate plead for help in Word as the adwares take-over approx every three minutes and all previous work is lost. Hope you could help. Your time and assistance is much appreciated!Logfile of HijackThis v1.99.1Scan saved at 18:20:42, on 19/10/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\SpywareDetectorSVC.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\windat.exeC:\WINDOWS\System32\CTHELPER.EXEC:\Program Files\Voyager 105 ADSL Modem\dslstat.exeC:\Program Files\Voyager 1... Read more

Answer:Infected With Several Adwares

Download this program:submit files packerHighlight the files listed below in bold and right-click and selecting copy.C:\windows\timessquare.exeC:\windows\adtech2005.exeC:\WINDOWS\System32\SDSystemTray.exeC:\Program Files\SpywareDetector\SDMonitor.exeC:\WINDOWS\System32\LiveUpdateSD.exec:\windows\system32\wininit32.exeThen start the file packer program and right click in the white box and select paste to paste the copied file names in the field.Then press the Continue button.I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.Rename this file to yourmembername.cab (for example grinler.cab).Then go to:http://www.bleepingcomputer.com/submit-malware.phpand fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.

88 more replies
Relevance 43.46%

Hi ya'll!

I was hoping you could help me with my problem. I got this 4 adwares namely DOLLARREVENUE, WUPD, IEPLUGIN, AND SAHAGENT. Also there is one spyware namely media-motor. They are all located at windows registry.

I don't know how to fix this thing. pleaseeeeeeeeeeee help me...
 

Answer:i need help in removing adwares!!!

someone please help me...
 

2 more replies
Relevance 43.46%

Hello,

I'm sorry that my first post here must be about a problem with my computer, but I just ran Spybot:Search and Destroy and it showed that I had the following problems to be fixed:

TagASaurus
ABetterInternet
NumbSoft
Stration.C

I did some checking on these in the internet and they sounded to be more than the average thing that Spybot can remove in one shot. I know each time I run Spybot the TagASaurus one is always there. My computer has been running rather slow at times, and anytime I try to update Spybot for some reason I have to fight with it to download the updates. So, I'm concerned these adwares may be effecting it and possibly more vital things on my computer.

I run Windows 98, generally I only use Mozilla Firefox for my browser, and my computer is very ancient. Can anyone here help me with removing these pests?

Thanks!
 

Answer:4 adwares on my PC that I need to remove

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

1 more replies
Relevance 43.46%

my work requires me to visit these websites to login in them. but. it is filled with adwares and spywares! i only use the com to visit these sites, yet it creates problems and comes out with all the toolbars and stuff. how do i stop these? i know programs like ad-aware and hijack this can help solve them but its only temporaily! how do i effectively stop these programs from infesting my pc. thanks dudes.

Answer:how do i stop these adwares?!

There is no sure way to stop them 100% of the time.

To help prevent future spyware installations/infections, please read my anti-spyware section and use the tools provided.

If you have spyware in your computer now, post a HijackThis log here.

1 more replies
Relevance 43.46%

Logfile of HijackThis v1.97.7
Scan saved at 5:35:33 PM, on 9/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\VVSN\VVSN.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\iMesh\Client\iMeshC... Read more

Answer:Hijack log need help bad too many adwares

10 more replies
Relevance 43.46%

I did a panda online activescan and i found this list of adwares and spywares, i need help in removing them. Below is also a copy of my hijackthis log. Please save my com !
Activescan results
Incident Status Location

Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_38.exe
Adware:adware/savenow Not disinfected Windows Registry
Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TIMKHFY5\upgrade[1].cab[upgrade.exe][nnrun.exe]
Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U78Z1NLP\upgrade[1].cab[upgrade.exe][nnrun.exe]
Adware:Adware/OneStep Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\W8QLWPPR\upgrade[1].cab[upgrade.exe][nnrun.exe]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\sagemse\Cookies\[email protected][1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\sagemse\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\sagemse\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\sagemse\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\sagemse\Cookies\[email protected][2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documen... Read more

More replies
Relevance 43.05%

Hi, I've had a problem for about 2 days now and can't get rid of it. I was able to find help getting rid of a virus called "vidcodecs" recently, but this is...different. I run AVG Anti-Spyware 7.5 and get this message about 10 minutes through:

"AVG Anti-Spyware 7.5 Exception"
"Something bad happened in the application. Error diagnostic file saved to 'C:\ProgramFiles\Grisoft\AVG Anti-Spyware 7.5\avgas.err"

Ok, fair enough. Anyway, I go there and can't open it because of the file type. Seems like an easy problem but it escapes me.

Also, the viruses seem to be driving Windows crazy. I get messages saying I'm "under attack" and popups from FindStuff.com. I searched "Downloader viruses" on Google and got a pop-up for "downloader viruses" at Mega-Market.com.

Anyway, any help would be great. If you need anything else from me, let me know.
 

More replies
Relevance 43.05%

Hi guys,

I need help. My PC is infected with various spywares and adwares.
I have used various anti-spyware programs like ewido , SuperAdBlocker , Spybot and even Windows Defender. I have managed to remove most of them except for a few.
Whenever i open Internet Explorer, there are always these Ads website popup.

1)f-r-e-e-v-i-d-e-o-s.com
2)www222.paypopup.com
3)advnt03.com
4)ads.clicksor.com
5)popunder.adsrevenue.net

I even put them in my hosts file with 127.0.0.1, but it does not work at all.

It is driving me nuts. Please advise.

EDIT removed inline HJT log for guide to be followed


regards
 

Answer:Please Help! My PC infected with Paypopup and other adwares in IE

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
HijackThis


NOTE: You can only attach 3 files in a single message so it will require that you use two messages to... Read more

1 more replies
Relevance 43.05%

A friend's computer was probably infected by a spyware and it sent me a file which i refused to accept , but later another friend on my messenger list sent me the same file and thinking that maybe the other guys asked him to sen to me..i just accepted the file and since then it sends out files to friends on my msn messenger list. I tried using anti-virus and anti spywares but to no avail...i also tried using yahoo adware remover hoping that it would clean it, but yet it remains there. WHat it does to my laptop is to pop up advertisements of different products and also pop up something writing that "your computer is infected with a black door Trojan that allows remote attacker....." and sometimes directly connects me to a "bestseller antivirus remover" which i never click onto... Please, i need some help on how to clear out these sypwares. Meanwhile, i tried going to system32 and deleting the suspected file, but it always tells me that it's in use....I would be very hapy if this is solved...Thanks
 

Answer:Adwares and spywares In my system

7 more replies
Relevance 43.05%

Hello!Please help I need to remove this: c:\windows\system32\jugodika.dllThanks,TeeComboFix 08-12-18.03 - Tri 2008-12-20 11:29:03.5 - FAT32x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.495.269 [GMT -5:00]Running from: c:\documents and settings\Tri\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\hinuhilu.dllc:\windows\system32\poroyoju.dllc:\windows\system32\tijawani.dll.((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 ))))))))))))))))))))))))))))))).2008-12-20 11:18 . 2008-12-20 11:18 <DIR> d-------- c:\program files\Exterminate It!2008-12-20 02:41 . 2008-12-20 03:14 2,148 --a------ c:\windows\system32\wpa.dbl2008-12-10 21:35 . 2008-12-10 21:35 <DIR> d--h----- c:\windows\$hf_mig$2008-12-10 00:38 . 2008-12-10 00:38 <DIR> d-------- c:\program files\UniKey2008-12-09 20:51 . 2008-12-09 20:51 <DIR> d-------- c:\program files\MSECache2008-11-23 18:48 . 2008-11-23 18:48 <DIR> d-------- c:\program files\Webtools2008-11-22 18:35 . 2008-11-22 18:35 <DIR> d-------- c:\windows\PaltalkScene2008-11-22 18:35 . 2008-11-22 18:35 <DIR> d-------- c:\program files\Paltalk Messenger2008-11-22 18:35 . 2008-11-22 18:35 <DIR> d---... Read more

Answer:Jugodika.dll popups Adwares

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I infected? What do I do? forum, explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.Thank you for using BleepingComputer as your malware removal source.This topic is now closed.

1 more replies
Relevance 43.05%

Hello guys,
I am recently getting pop-ups from chrome and google search landed me on another forum (forgot name) and I followed guidelines for posting Adwcleaner log, but strangely could not get registered on that forum so could not post. But I am sure some will help here, as I have experienced before (long time ago though). Thanks. Here is log
# AdwCleaner v3.207 - Report created 06/05/2014 at 22:29:11
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Raj - RAJ-PC
# Running from : C:\Users\Raj\Desktop\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files\Common Files\Spigot
Folder Found : C:\Program Files\GreenTree Applications
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Found : C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Found : C:\Users\Raj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Folder Found : C:\Users\Raj\AppData\Local\Slick Savings
Folder Found : C:\Users\Raj\AppData\Roaming\Slick Savings
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\... Read more

Answer:adwares and pop-ups on Chrome Adwcleaner log

also attaching dds logs, thanks !

26 more replies
Relevance 43.05%

Ok, my lap top has been runnign fine for a while, and now it just got really slow and bogged down. I knew somethings not right, norton antivirus doesnt work on my laptop, and spyweeper has done nothing to get rid of the "trojan downloader Matcash" and some other stuff. Here is my latest Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:15:40 AM, on 1/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe... Read more

Answer:Trojans, adwares, cookies.. and who knows what else... HELP!!!

8 more replies
Relevance 43.05%

i posted a topic like 5 months ago lol and now i have an adware problem again. it always minimize my games so anyways i went to my old thread and here's my hijackthis analyzer results .====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 00:58:10, on 18/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\WLAN\IEEE 802.11b Wlreless LAN\WlanMonitor.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\491D~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\491D~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.... Read more

Answer:Help me remove adwares/spywares

why dont you download spybot S&D and Adaware SE... you can find both at download.com

keep them on your computer and make sure that you run them regularly.

7 more replies
Relevance 43.05%

Hi guys.
It started with a .exe download I ran on my windows 10 which was totally new,But not anymore.
I had to pull up my sleeves :P and get rid of the viruses when I got stuck.
But anyways my system afterwards has these adwares and occasional messing up of my firefox browser like self changing homepage like mail.ru and self installing applications,One of them is the famous UC.exe and other very strange applications but its not like that its totally EFfed up but I do get once two or three very strange self installed applications on my desktop -_- what the hell mannn.
I have a full version malware bytes home premium it worked fine.
But its not getting the job done.
I'm not able to remove these firefox cookies adwares and self installing applications and especially that UC.exe which installs the uc browser itself.
Help
Please suggest me some applications and fixes

Oh and yes i forgot to add two things my firefox changes alot like the whole top Search bar has disappeared itself and PS I had to remove my Microsoft Edge because it was not working and in process I accidentally made it useless,So I just deleted it.
If anyone has a Fix to getting my microsoft edge back that would be helpful too thanks,because it was useful in helping me in my studies .
Thanks guys

Answer:How do I get rid of these Bugger Viruses and Adwares

Oh and yes i forgot to add two things my firefox changes alot like the whole top Search bar has disappeared itself and PS I had to remove my Microsoft Edge because it was not working and in process I accidentally made it useless,So I just deleted it.
If anyone has a Fix to getting my microsoft edge back that would be helpful too thanks,because it was useful in helping me in my studies .
Thanks guys

3 more replies
Relevance 43.05%

What is an Adware ?
Ad-ware is a program which automatically displays ads in our PCs
without our intervention.
These adwares create a disturbance to the users browsing activity
and tend to irritate them.

Generally whenever we install few softwares these adwares get installed into our PCs.

For ex. When we install BitComet we blindly install the Ask.com toolbar.

This is an example of the way the Adwares get installed by the user itself.
How to identify if any adware is present in our PC ?
If pop-ups continue to appear on your desktop though you aren?t browsing anything, then we can say some adware is present in our system.

How to get rid or remove adwares from our PCs ?

Install the latest version of Spybot Search & Destroy in your PCs
 

Answer:How to remove adwares from our computer ?

Adware comes in different forms so I doubt Spybot or any other product will be able to remove all the adware which can be found on the internet , but if I had to place a bet on an scanner for removing adware I would chose Malwarebytes Free.
Spybot has no connection with today's world.....

Best tip here ? : Pay Attention When Installing Software > Be very careful what you agree to install. Always opt for the custom installation and deselect anything that is not familiar, especially optional software that you never wanted to download and install in the first place. It goes without saying that you should not install software that you don?t trust.
 

3 more replies
Relevance 43.05%

I have used adaware and spybot without success in attempts to remove coolsearch and a couple of other adwares and spywares. Can anyone help me? Thanks.

Answer:Want to get rid of Coolsearch and other adwares/spywares

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it in the forum. Do not fix anything in HijackThis since they may be harmless.

14 more replies
Relevance 43.05%

Kindly help with cleanup of the Obrona/Sasa adware removal.
Popups for various ads keep coming up while browsing in Chrome, IE and Mozilla, system has become quite slower.

Appreciate your help in advance.
 

Answer:Need help with Obrona/Sasa adwares on Win 8.1.

Helllo,

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



Download Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check al... Read more

8 more replies
Relevance 43.05%

hello everyone, i wish i could start my first post with something on more of a friendly note, but the truth is, i have this spyware/adware (i dont know which) thats been haunting me for weeks now. whenever and as soon as i run internet explorer, i will get popups. its becoming really annoying, and i have run both spybot S&D and Ad-aware 6 but i still can't get rid of this problem, please help me out. my os is Windows XP and heres my H/T log, thnx:
Code:
Logfile of HijackThis v1.97.7
Scan saved at 3:25:10 PM, on 28/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\atfupkq.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\WinZip\WZQKPICK.EXE ... Read more

Answer:Please help a beginner get rid of his adwares/spywares

6 more replies
Relevance 43.05%

I' m wrong, i have installed AdWares and i need your help. I feel so stupid. 
 
Here the DDS log
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2011 19:23:09
System Uptime: 12/09/2014 21:25:21 (0 hours ago)
.
Motherboard: TOSHIBA |  | PWWHA
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz | CPU 1 | 990/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 102,926 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 136,992 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda miniport WiFi virtuale Microsoft
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B4DCC7D&0&01
Manufacturer: Microsoft
Name: Scheda miniport WiFi virtuale Microsoft
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&1B4DCC7D&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Scheda Microsoft Teredo Tunneling
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device... Read more

Answer:I' m wrong. I have installed AdWares !

hi,
 
If you still need help simply reply back.

 

9 more replies
Relevance 43.05%

Hello BC forums. I am having problem with my computer for a while now, and the problem now has gone Insane. My computer is reacting really slow, taking while to load programs and my internet keeps popping up unwanted ads and other junks. I downloaded a free adware program called Ad-ware from Lavasoft 2008 and scanned it many times. Each time i scan, the same stuff appear...doesnt seem to get deleted. I also used the AVG anti-virus program, it does the same thing....after i restart my computer/scan/the same items appear. I have ran out of solution and seek technical help.
these two errors appear when i start up computer:

Microsoft C++ Runtime Library
Runtime Error!
Program: C;\Program Files\Logitech\SetPoint\LU\LuLnchr.exe
R6002
-floating point not loaded

RUNDLL
Error loading C:\WINDOWS\system32\gifepujo.dll
The specified module couldn ot be found.

I am using:

Windows XP
Mozilla Firefox
Ad-ware 2008 7.0.1.10
AVG anti-virus

Answer:Virus/adwares/slowcomputer

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that e... Read more

11 more replies
Relevance 43.05%

Hi guys.
It started with a .exe download I ran on my windows 10 which was totally new,But not anymore.
I had to pull up my sleeves :P and get rid of the viruses when I got stuck.
But anyways my system afterwards has these adwares and occasional messing up of my firefox browser like self changing homepage like mail.ru and self installing applications,One of them is the famous UC.exe and other very strange applications but its not like that its totally EFfed up but I do get once two or three very strange self installed applications on my desktop -_- what the hell mannn.
I have a full version malware bytes home premium it worked fine.
But its not getting the job done.
I'm not able to remove these firefox cookies adwares and self installing applications and especially that UC.exe which installs the uc browser itself.
Help
Please suggest me some applications and fixes

Oh and yes i forgot to add two things my firefox changes alot like the whole top Search bar has disappeared itself and PS I had to remove my Microsoft Edge because it was not working and in process I accidentally made it useless,So I just deleted it.
If anyone has a Fix to getting my microsoft edge back that would be helpful too thanks,because it was useful in helping me in my studies .
Thanks guys

Answer:How do I get rid of these Bugger Viruses and Adwares

Oh and yes i forgot to add two things my firefox changes alot like the whole top Search bar has disappeared itself and PS I had to remove my Microsoft Edge because it was not working and in process I accidentally made it useless,So I just deleted it.
If anyone has a Fix to getting my microsoft edge back that would be helpful too thanks,because it was useful in helping me in my studies .
Thanks guys

0 more replies
Relevance 43.05%

Hey everyone, Seranok here. I need help with my computer. Last week I  uninstalled a bunch of softwares and deleated them.One of them was called alarabeyes. I deleated it from control panel, but now I am facing problems with it. There is a browser hijacker in my computer. This website - alarabeyes connects to another websites such as arabysouq and some arabic websites. This browser hijacker loads a lot of ads into every website and no solution can fix it. Also this alarabeyes appear to be a default search engine set on my chrome- it says it is done by the developer. Now the problem is I never made that change, and I cant remove it fully. I downloaded Spyware Remover 4 by Enigma Software. But however enigma software could detect the alarabeyes but it requires to be paid. It also says I have 576 spyware's and adware's. I want a free version, not a paid one like spyware remover by enigma software.Anybody know a reliable software 100% free? I would be delighted. But for fact is only acts on my google chrome. It doesn't happen on my opera browser, maybe because I use a custom VPN extension on it. Please help on this chrome issue as it is my only reliable web browser. Thanks a lot. Please help as soon as possible as this adware is proving to be difficult for my computer to function.Thanks A lot, Seranok.Edit: Topic moved from Windows 7 to AII ~ Computerxpds

Answer:I need a solution to one of the Adwares on my Computer

Hi Seranok Enigma Software is known for their product SpyHunter, which was a known rogueware (program that finds issues on your system, such as malware and ask you to pay for the product in order to remove them, however these detections are fake), back in the days. Despite the fact that they changed their method in the last years, the community is still bitter about that product, and it's effectiveness is far from the main, popular Antimalware program used such as Malwarebytes, SUPERAntiSpyware, etc. There's also a lot of issues caused by SpyHunter (and other Enigma Software products) such as being stuck in a "boot loop" after the installation or during a scan. I suggest you to uninstall the program right away and follow my instructions below. I'll help you get rid of this browser hijacker and the ads you're having.MiniToolBoxDownload MiniToolBox and move the executable file to your Desktop;Execute MiniToolBox and check the following options:Flush DNS;Report IE Proxy Settings;Reset IE Proxy Settings;Report FF Proxy Settings;Reset FF Proxy Settings;List content of Hosts;List Installed Programs;List Last 10 Event Viewer Errors;List Devices - Only Problems;List Users, Partitions and Memory size;Once this is done, click on Go and wait for the scan to complete;Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

29 more replies
Relevance 43.05%

I need help. My problem are random popup ads that appear in Firefox (scrpit based I think, cuz they happen randomly) (they happen even if not at the start of loading of the page, ex. been reading a long thread for 10mins now, then suddenly bam! redirected to a site, usually match.com). Reason: I opened a setup.exe from limewire, thought it was a "good" program (damn it! stupid! stupid!).

My Pc: P4 1.7 Ghz, 512mb ram, 40Gb Hardisk, Win Xp
Things I've tried: Ad-aware, avg anti-virus, hijackthis, startup inspector, bazooka, etc

Each time i tried something new came up from trojans to viruses. Each time I remove them, problem is still not solved. I beleive this is the work of only 1 trojan/virus/script and not multiple. They basically cause you to randomly enter a site (match.com) and you see down the loading page "connecting to ad.firstadsolution.com" and it goes to different websites like "http://www.browserbuy-out.com/tau.html" in the adress bar but all show match.com. I've noticed that they usually follow this pattern http://www.(site here).com/tau.html "tau" seems to appear often. Bazooka says its "Exploit Beehappyy.biz" tho ive researched on it and found no identical symptoms. I've also tried to delete the files that were said in Bazooka main site manual removal, but they dont exist.

Another weird thing is some folders are hidden and i don't know how to make them come out. I don't mean the ... Read more

Answer:Damn Adwares, Need help, don't even know error!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

 

1 more replies
Relevance 42.64%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 42.64%

Hello! I've been noticing that my computer is slower and giving me trouble every time i need to do an update, I ran SAS and MBAM it has found a lot of malawares and some trojan.fakealert but still it does not remove them

when I try to update adobe reader it tells me that I don't have access to certain key and if windows ask for updates and I try to update this process never completes.
PLEASE HELP ME!!!!

here is my log for MBAM.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4942

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/25/2010 9:54:38 AM
mbam-log-2010-10-25 (09-54-38).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 232039
Time elapsed: 56 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Inf... Read more

More replies
Relevance 42.64%

I have kept having this small internet explorer window about aiw3-404.php from mtn6.com asking me if I wanted to save the aiw3-404.htm. I can only click no every time. I wonder why spyware doctor does not detect it. I always use firefox, unless it is not working. Then, I would use internet explorer, so why is this internet explorer window popping up so often? What is this thing?

I still get some adware and pop-up commercials with spyware doctor on. How can I prevent more adwares or spywares? From the day one I got this new computer, I have had hundreds of adwares, spywares windows popping up, whereas my old computer did not with not fully functioned AVG and something else.
 

Answer:cannot rid of adwares or spywares with spyware doctor on

10 more replies
Relevance 42.64%

//Mod edit: Moved from "Windows XP Home and Professional" forum to the more appropriate.//

Please can someone help me I am begging I fear that my computer with crash or stop working or anything at any moment and I cannot lose all the information and important things on it. Here's my problem...

I was surfing the internet on my usual sites (stocks, banking) and all the windows just shut. OH MAN PLEASE IM FREAKING OUT A POPUP JUST SHOWED UP.... ok at the bottom taskbar there is a icon with like the accesibility pic and then it switches to a like a block sign and then switches back. i just ran my spy sweeper program and it says it found: trojan-downloader-zlob(critical), security2k hijacker(critical) and popuper. a red box keeps poping up on the bottom right corner of the screen saying your computer is at risk and it could crash at any moment and i am freaking... Please can anyone help me i need help so much i am literally on my knees. i would die if anything happened to this computer.. I know im kinda obsessing but i need it... Please if you need anymore information ill provide it but please just hurry i need help........

Answer:I Need Help With Removing Several Virus/trojans/adwares

What program is causing the popup?If it is not being produced by an ap that has an icon in the tray it might just be Windows Messenger spam.Other than the popups is your computer acting strangely in any other way - IE blue stop screens, freezing, running very slowly, rebooting by itself, etc?The first thing to do may be to stop Messenger Service from running, which will cause no harm if this isn't Messenger spam anyway. (this has nothing to do with any of the web instant messenger aps).Messenger (not to be confused with MSN Messenger, AOL IM or any other internet messenger) was originally created for system administrators and users to communicate with other users on large networks.Spammers have figured out how to send spam with it taking advantage of exploits on your computer.What you describes sounds likeWindows Messenger SpamTo block the spam is to turn off Messenger Service. To do that:--In Windows XP, click Start>>Control Panel--In Windows 2000, click Start>>Settings>>Control PanelIn both versions:--Double click Administrative Tools--Double click Services--Double click Messenger--Under Service Status, click Stop--In the box next to Startup Type, select Disabled--Click Apply>>OKAlternatively, you can download a small program that will disable Messenger Service called ?Shoot The Messenger? which is available athttp://www.grc.com/freepopular.htmDownload and run ?Shoot The Messenger?It would also be a good idea to back-up all important data if you can.Next, run both Adaware a... Read more

2 more replies
Relevance 42.64%

I had to disable javascript and java in order for me to browse the Internet without redirecting to random search sites such as waitsearch.ws . It seems to redirect my google search results into the ads. I believe it is something to do with the applets/application within java, b/c as of speaking i disabled both java script and java and everything works fine. Please tell me from my HJT log and see what is wrong. Thanks ==================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:53:00 AM, on 12/28/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFS... Read more

Answer:Adwares (Java/Firefox related)

Also... I cannot do a Disk Cleanup some error pops up

AppName: cleanmgr.exe AppVer: 6.0.2900.2180 ModName: kbdsock.dll
ModVer: 5.5.3400.4432 Offset: 000064e1

7 more replies
Relevance 42.64%

Hello anybody that can save my computer I just got an Virus Alert indicating the following: Norton AntiVirus had detected a Virus on your computer.Object name: c:\Documents and S...\index[1].htmVirus Name: MHTMLRedir.ExploitAction Taken: Unable to repair this file.Seems like a HijackThis log is a helping tool for people on here so I am going to go ahead and post it - anything u can do to help is much appreciated as i have worked on a project for three months and have to present it in two days and its worth a lot of money to me right now and i cant afford to mess it up sooo please PLEASE HELP!!!!!so here goes: Logfile of HijackThis v1.99.1Scan saved at 5:44:20 PM, on 5/1/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Toolbar\TBPS.exeC:\PROGRA~1\Toolbar\PIB.exec:\WINDOWS\TBSSaver.scrC:\Program Files\Winamp\Winampa.exeC:&#... Read more

Answer:HELP!: I may have a number of viruses, adwares and spywares

Hello,First of all, you are still using a previous version of hijackthis..so please update your version by starting hijackthis,click on the 'misc tools'>Check for update online. Download the new version (1.99.1), unzip it and make sure you put it in an permanent folder.(If the update option doesn't work, please download your new version hereUninstall next programs:Spytech SoftwareWinToolsWebSeach ToolbarReboot afterwards.Download and install CleanUp!Run it and log off afterwards to finish its task.Download the latest version of Ad-Aware:http://www.lavasoft.de/support/download/After installing AAW, and before running the program.Please be sure to update the reference file following the instructions here:http://www.lavahelp.net/howto/updref/Reconfigure Ad-Aware for Full Scan:Launch the program, and click on the Gear at the top of the start screen.Click the 'Scanning' button.Under Drives, Folders and Files, select 'Scan within Archives'.Click 'Click here to select Drives + folders' and select your installed hard drives.Under Memory & Registry, select all options.Click the 'Advanced' button.Under 'Log-file detail level', select all options.Click the 'Tweaks' button.Under 'Scanning Engine', select the following:'Unload recognized processes during scanning.'Under 'Cleaning Engine', select the following:'Let Windows remove files in use after reboot.'Click on 'Proceed' to save these Preferences.Run the Ad-Aware scan and allow it to remove everything it finds and then REBOO... Read more

6 more replies
Relevance 42.64%

Hi..I reformatted my pc and copy the files in my backup and delete all the partition in my pc..after i scanned my pc using avg pro and got plenty of different viruses, adwares, trojans and even worms..i don't know if it came from the back up files that i copy..and after the scan, avg removed all of it but i'm not convinced that it's all gone because everytime i switch my computer on..i can't connect to the internet..

can you please help me..:confused
 

Answer:virus, spywares, adwares and worms..

Welcome to Major Geeks!




shorty14 said:





Hi..I reformatted my pc and copy the files in my backup and delete all the partition in my pc.Click to expand...

I think that you have the order of these steps wrong. If the last thing you did was delete the partition, your PC would still be unbootable. I assume you mean you did the below in the order I list them?

delete your partition
create a new partition
format the partition(s)
reinstall
restore from backups
Or are you just restoring a whole partition using a drive imaging program?


Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 42.64%

Hi. At the advice of the article "Preparation Guide for use before posting a HijackThis Log",I followed it to the letter and have installed ZoneAlarm. Here is my HJT log.Can anyone tell me if I'm still infected?Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:59:52 AM, on 12/15/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\Program Files\TOSHIBA\ConfigFree\CFSvcs... Read more

Answer:Multiple Adwares, And Slow Computer

Hello user12, Welcome to Bleeping Computer I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. That's why I want you to install one!!AVG, Avira OR Avast are good FREE antivirus.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!Run a full system svan with the one you chose to install and let me know what it says, if anything.Your Java is way out of date, which leaves your computer vulnerable.Updating JavaDownload the latest version of Java Runtime Environment (JRE) 6u3.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: "Accept License Agreement".The page will refresh.Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6-windows-i586.exe ... Read more

9 more replies
Relevance 42.64%

Each time I use Firefox (ver. 2.0.0.14) I get a message stating that it has already been opened and I must end that session prior to beginning a new one, although I closed the browser in my previous session. This issue is resolved by rebooting. Then when I close the browser an error message appears. Several adwares and trojans are detected during virus scans but after cleaning/healing/deleting them they are again detected in repeat scans. I have never had problems with Firefox before.MAIN.TXTDeckard's System Scanner v20071014.68Run by Admin on 2008-05-24 16:41:31Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --65: 2008-05-24 08:41:40 UTC - RP163 - Deckard's System Scanner Restore Point64: 2008-05-23 05:51:41 UTC - RP162 - System Checkpoint63: 2008-05-22 00:02:03 UTC - RP161 - Software Distribution Service 3.062: 2008-05-21 15:37:43 UTC - RP160 - System Checkpoint61: 2008-05-20 11:28:57 UTC - RP159 - System Checkpoint-- First Restore Point -- 1: 2008-03-18 12:11:55 UTC - RP99 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Admin.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:43:16 PM, on 5/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Interne... Read more

Answer:Infected With A Variety Of Adwares And Trojans

Hi, sorry for the delay. If you would still like assistance, please run Deckard's System Scanner again and post the new log here.

2 more replies
Relevance 42.64%

It all started when I noticed my laptop to be considerably slower than usual. Then, there were these error messages that keep showing up whenever I try to open Windows Explorer or Internet Explorer. After I closed them, the program still managed to run, though. Below is the full text of the message that appears when I open My Computer.

OS: Windows XP Professional, SP2
CPU: AuthenticAMD, AMD AMD Turion(tm) 64 Mobile Technology ML-32, MMX @ 1800 MHz

Module name: C:\WINDOWS\Explorer.EXE

Application data:
VmVyc2lvbjogV25KN2NXOXNaV0JnZDFzcUoxdzdKQ2s3SmlvNkp5dzh
VQ0V1QXdWVUlUNGlKREp3Wm5wNGNEVWxJRGdsSVRoS2ZIVi9lMmgrUV
RBOVJsOXllbWRGV1FGeVRVNU1SMHRTUzB4TlNWRjZCZz09DQpJbWFnZ
UJhc2U6IDA0NjEwMDAwDQpFaXA6IDYwODYzQTQNCkVheDogNDhCRkQ5
NjMNCkVjeDogNDhCRkQ5NjMNCkVkeDogNTVEOTMzODYNCkVieDogNDI
3Qzc4RkMNCkVzaTogNjQzMDQwOA0KRWRpOiA2MDcwMDAwDQpFYnA6ID
NEMUQ3NEMNCkVzcDogM0QxRDczQw0KRXJyb3JDb2RlOiANCjhCLDEwL
DNCLDE1LDE4LDY0LDksNiw3NCwxMiwzQiw1NSxDLDc1LDUsODksNDUs
RkMsRUIsMTAsOEIsNTgsNCw4MyxDMyw4LDMsQ0IsM0IsMTUsMTgsNjQ
sOSw2LDc1LERBLDhCLDQ1LEZDLDVGLDVFLDVCLDU5LDVELEMyLDgsMC
w5MCw2OCxFOCwwLDAuLi4NCkNvZGUgPSBbMjAyXQ0KLSAwDQotIDANC
i0gMA0KLSAwDQotIFtdDQo+IEM6XFdJTkRPV1NcRXhwbG9yZXIuRVhF
DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRkbGwuZGxsDQo+IEM6XFd
JTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGxsDQo+IEM6XFdJTkRPV1
Ncc3lzdGVtMzJcbXN2Y3J0LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXEFEVkFQSTMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFJQ
Q1JUNC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxHREkzMi5kbGw
NCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxVU0V... Read more

More replies
Relevance 42.64%

Hi, this is main.txt (I attached Super Anti Spywares log)

Deckard's System Scanner v20071014.68
Run by Mita on 2008-07-11 01:29:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Mita.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:15, on 11.7.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Sun\jstudio\DirectoryServer5.2\bin\https\bin\ns-httpd.exe
C:\Sun\jstudio\DirectoryServer5.... Read more

Answer:Infected With Bunch Of Trojans, Adwares Etc

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\system32\cnjjgnlv.dll
C:\WINDOWS\system32\wmaosmjb.dll
C:\WINDOWS\system32\pWycfMoq.ini2
C:\WINDOWS\system32\VFgjPqss.ini2
C:\WINDOWS\system32\5336
C:\WINDOWS\system32\BJkSYJjl.ini2
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\vbem
C:\WINDOWS\system32\202
C:\WINDOWS\system32\olixds05
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.=================Download SDFix and save it to your Desktop.Double click SDF... Read more

4 more replies
Relevance 42.64%

I have a lot of adware/ offer optimizer and such stuff in my computer, and I simply hate it. I tried a lot of programs to remove them, and some can detect it, but cant fix it. Here is my log of hijackthis. please help.

Logfile of HijackThis v1.98.2
Scan saved at 11:17:43 AM, on 9/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Fi... Read more

Answer:Adwares/ pop ups and offer optimizer problem. please help

Will someone help me

7 more replies
Relevance 42.64%

Hi Admin,
Just before few days you have helped in solving a big problem in my PC.. Now Chinese Adwares have got in to my PC, and they are almost killing my PC, it has changed my registry settings.. Pls help Admin... Here is my Hijack this log file..


Logfile of HijackThis v1.99.1
Scan saved at 22:32:53, on 2007-3-25
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\NTService.exe
C:\WINDOWS\system32\ntmsoprq.exe
C:\WINDOWS\system32\compmgmt.exe
C:\WINDOWS\wsttrs.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\wgs3.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\haier\LOCALS~1\Temp\byetmr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\MSRundll.exe
C:\WINDO... Read more

Answer:Chineese Adwares Killing My PC Plss Help...

8 more replies
Relevance 42.23%

Hello,

I am currently using a Windows XP Home SP2 machine, with anti-virus protection andfirewalls installed. Yesdurday i was online and i got a wierd icon in my task bar next to my clock, a little red dot with an X in it, a bubble pops up and reads " Your computer is infected !". I have never seen this icon before so i dont know if its a legit windows warning some kind of non-legit program installed on my system.

If you right click it , no options appear, and if you left click , it then opens IE and proceeds to a Anti-Virus Gold web site. Shortly after the web site opened i got a virus alert from my V-Com SystemSuit anti-virus program, warning me that TROJ_STARTPAG.RE was found. I then noticed that in My Favorites in IE, there were many bookmarks i didnt put there, mortgage rates...bad credit loans, free adult web site passes... and so on.

I proceeded to use my installed anti-virus,spot-bot,and ad-ware programs to try to clean my system. Theese include V-Com System Suite 5's Trend Micro Anti-Virus Program,Spybot S+D v1.4, Ad-Aware SE personal, and Spy Blaster. it said that it removed some spybots,adware and it said it deleted files containing the troj virus.

The red dot however, never went away, so I rebooted my machine once i double checked that it was clean, but after the reboot my IE and Yahoo Browsers tried to connect to the internet.They were both stopped by my firewall before a connection could take place, but about 2 mins after that it once again sa... Read more

Answer:Solved: Help! I have infestation of viruses,spybots, and adwares!!

12 more replies
Relevance 42.23%

Hi,could somebody help me with my no heap, tesllar a problem? 'coz i really dont know whatto do anymore and i am really worried. I have tried everything, from installing AVG anti spy and anti virus, to root kits but nothing seem to work.AVG scans always come up with zero threats, but when i scan it using yahoo anti spy- tesllar A always comes up.and at random i get this message from buffer overflow protection "C:\WINDOWS\explorer.exe:KERNEL32.GetProcAddress BO:Writable BO:Heap" I dont really know much about computers and i dont know what it means. Also I have been getting pop-ups and ads of late. Can somebody tell me what to do??? please???Here is my logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:27:33 AM, on 2/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:... Read more

Answer:Please Help Me With Bo Heap, Tesllar A, Pop-ups And Adwares I Really Dont Know What To Do Anymore

Hi,

Earlier today I edited my log file from yesterday because I
received a message that I shouldn't touch anything on my computer
until I receive word from the HJ team. However, I read the message
too late and installed SuperAntiSpyware after I posted my log file.
Posted above is the newly updated log file.

I am really sorry for the inconvenience.

3 more replies
Relevance 42.23%

How do I prevent pop-up windows while I am online? LowerMyBills is terrible. It pops up every single time as long as I am online, and it does not just once but many times.

Here is the web address for LowerMyBills http://ad.doubleclick.net/adi/N3285.ivillage/B2343920.2;sz=720x300 Can I do anything to it?

No anti-adware can prevent LowerMyBills...... What can I do? it's very annoying.

Thanks
 

Answer:Solved: Anti-adwares don't work for some pop-up windows?

7 more replies
Relevance 42.23%

Hey lovely people!
I got the following spywares in my PC,
1> Adware.Agent.BN
2> Adware.ActiveSearch
3> Trojan.BHO.BO
4> Adware.Maxfiles
5> Adware.Softomate

And now, I seek for help from my brother league!!

Many thanks
Bidyut
 

More replies
Relevance 42.23%

Hiya and boy am I glad to have found you ! Though you may not have been so glad I have

My symptoms are virtually identical to Wasper but I bet it has been driving me more crazy than him. I am semi-computer literate but an intermediate skill may be a tad optimistic !!!

I don't know how much info you need but I have Norton Internet Security 2005, fully up to date with virus definitions and regularly scanned, operating on an ME system on a PC which I performed a full restore about a month back. I have next to nothing on the thing except the net, a photo-imager a CD burner and the usual Windows and Office programs.

I've been tearing my hair out trying to follow the advice of symantec and others.

Should I start by following the advice you offered Wasp on 8th July (ewido and hijack) and posting logs here ?

Many thanks

Tony

PS Am I being really stupid if I ask how these things get through Norton Internet Security when I have high custom level controls ?

PS2 - after 6 unsuccesful hours tonight I am going to bed - I may not be on the PC tomorrow night but I definitely will be on Thursday.
 

Answer:Solved: Help! I have infestation of viruses,spybots, and adwares!!

16 more replies
Relevance 42.23%

Hi. I posted a log yesterday, but while I am waiting for that I got some update. the anti-virus number-1 adware that kept popping up on my screen has disappeared. No more adware/spyware pop ups continue to annoy me, but I still don't feel safe. I know for sure that there are a couple of spywares in my computer (eMule, BearShare, XoloX, KaZaA, WhenU SaveNow, and others) that are still in my computer and my yahoo anti-spy and McAfee can't delete because of some agreement.

Anyway, I have a Dell computer with Windows Vista. It's an Inspiron 530 and here's the HijackThis Log. I had to run as administrator to run the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:08 PM, on 3/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Quick Search Box\qsb.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)... Read more

Answer:UPDATE: Adwares, P2P, anti-virus number-1

There's no need for you to start 2 separate threads for the same problem because it's not going to get you help any faster.

You admittedly practice unsafe browsing habits and use multiple file-sharing programs to download who-knows-what, which infects your computer in the process.

Your best bet is to wipe out the hard drive and start out fresh.

--------------------------------------------------------------
 

1 more replies
Relevance 42.23%

Hello there, I'm having issues for some time with chinese software that installs automatically without any permission and some chinese adware that always appears on my browsers.
I would like to remove those annoying adwares and softwares permanently.

The chinese adware, I don't know how it works exactly, but it opens randomly on the lower right corner of my browser so I have to clike the cross to close it all the time... It is totally random it seems, sometimes I'm on facebook and it appears, sometimes I'm reading news and it appears. I don't even know how to name it because I don't understand chinese... I only know it opens everytime that I open browser and I don't know how or when it will open again.

I'm sending some images.

I've used my antivirus to scan and also used malwarebytes to scan and nothing was found... But sure there is something installing all this stuff automatically. I remember I have uninstalled/deleted those softwares over than 5 times.

(P.S. I know I'm sending links of shortcuts on recycling, I've had deleted the shortcuts firts so later uninstalled where we uninstall softwares) But they just came again =________________=


 

Answer:Chinese Adwares and Softwares Auto Install

16 more replies
Relevance 42.23%

Logfile of HijackThis v1.99.1Scan saved at 3:07:20 PM, on 6/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeD:\Program Files\Common Framework\FrameworkService.exeD:\Program Files\McCafee Virus Scan\Mcshield.exeD:\Program Files\McCafee Virus Scan\VsTskMgr.exeD:\PROGRA~1\COMMON~1\naPrdMgr.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exed:\Program Files\Spyware Doctor\sdhelp.exeC:\WINDOWS\system32\wdfmgr.exed:\Program... Read more

Answer:Infected With Adwares From Netpumper And Antileech Plugin

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

2 more replies
Relevance 42.23%

Hi,

I hope somebody here could lend me a helping hand, 'coz i really dont know what
to do anymore and i am really worried. I have tried everything, from installing AVG anti spy and anti virus,
to root kits but nothing seem to work. i even tried spybot but nothing helps.
AVG scans always come up with zero threats but when i scan it using yahoo anti spy- tesllar A always comes up.
and at random i get this message from buffer overflow protection "C:\WINDOWS\explorer.exe:KERNEL32.GetProcAddress BO:Writable BO:Heap" I dont really know much about computers and i dont know what it means.
Also I have been getting pop-ups and ads of late.
Can somebody tell me what to do??? please???
Thank you in advance!!!

Answer:Please Help Me With Bo Heap, Tesllar A, Pop-ups And Adwares I Really Dont Know What To Do Anymore

Hello Lara0101,I see you have an open HJT log posted in the HijackThis Logs and Malware Removal forum.You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.I'm closing this topic until you are cleared by the HJT Team. If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.If you have any questions, don't hesitate to send me a PM.

1 more replies
Relevance 42.23%

hi there, i m not a professional, so i need a little help from u guys,i m using xp sp3, my downloading speed is enough for me, but surfing s...ks, plz help me out, i've tried hijack this, and the log file is asLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:11:44 PM, on 1/11/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\BitTorrent\bittorrent.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Symantec AntiVirus\DoSca... Read more

Answer:so many adwares checked by hijack this, chck my log file

Hi HELP MASK,Welcome to Bleeping Computers My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for the issues on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.Download TFC to your desktopClose any open windows.Double click the TFC icon to run the programTFC will close all open programs itself in order to run,Click the Start button to begin the process.Allow TFC to run uninterrupted.The program should not take long to finish it's jobOnce its fi... Read more

1 more replies
Relevance 42.23%

Hey, i regulary clean my computer up, but i have been consistantly getting the same pop ups.so i'm hoping someone could help me out with cleaning.THank you!!Here is my log :Logfile of HijackThis v1.99.1Scan saved at 8:25:11 PM, on 22/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RunDll32.exeC:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\AVPersonal\AVGNT.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\... Read more

Answer:Same Adwares Keep On Popping Up Everyday: Avenue A. Mediaclick, Etc.

Hi There Radicalsheep! I am currently working on your log and am checking it with a teacher.I will get back to you as soon as possible.David

11 more replies
Relevance 41.82%

Avira detects these viruses from the same locations almost every time (...AppData\Local\Temp\afgytdrp_458142(or other number)_setup.exe) and removes them into the quarantine . Still they keep coming back several times a day. It may happen right away when the computer is switched on and WLAN is connected or later whenever. Not normal, I think?

I tried to scan with aswMBR for 4 times, but the scan failed for some reason ("Avast! Antirootkit has stopped working etc...")

Some help would be appreciated, please...
 

Answer:How to get rid off Trojans/Adwares (Zusy.73969, Spy.Gen, Adware.Gen and GOffer.A)?

Hi, we need deeper scan

Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

Close any open browsers
Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:

createsrpoint;
StandardSearch;
installer-list;
installedprogs;
uninstall-list;
Click on button.
Please wait until a logreport will open (this can be after reboot)

Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

13 more replies
Relevance 41.82%

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:02:44 PM, on 1/3/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)

FIREFOX: 43.0.3 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\JRT Studio\Cheetah Sync\CheetahSync.exe
C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\ProgramData\1c1e4ef3-a4fe-42a4-a546-08f69e47d2d1\plugins\7\plugin.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\ProgramData\1c1e4ef3-a4fe-42a4-a546-08f69e47d2d1\plugins\3\plugin.exe
C:\ProgramData\1c1e4ef3-a4fe-42a4-a546-08f69e47d2d1\plugins\12\plugin.exe
C:\WINDOWS\SysWOW64\rserver30\FamItrfc.Exe
C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\plugins\12\plugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Imran\Downloads\Programs\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Pro... Read more

More replies
Relevance 41.82%

hi,

it seems I have too many problems.
First, my computer shuts down abruptly with message : System Shutdown by WIN NT\System and with additional message : C/winNT/System32/lsass.exe with error code 128.

Also, my AV continuosly detects and deletes various exe files( silent53.exe, prot.exe etc.). But they keep appearing.

while connected to internet, even when i am not browsing, connection status shows that it is continuosly sending data

I am using Quick Heal AV and also Webroot spysweeper.

please help.

bkg

sorry, i forgot to attach HijackThis log. Here it is.Logfile of HijackThis v1.99.0
Scan saved at 2:53:33 PM, on 2/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\OMC\BSC\BAM\BamService.exe
C:\PROGRA~1\QUICKH~1\QHONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\PROGRA~1\QUICKH~1\MailSvr.exe
C:\PROGRA~1\QUICKH~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\QHM32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\QUICKH~1\QHONLINE.EXE
C:... Read more

Answer:Abrupt Shutdown by WIN NT/System, virus and adwares reappearing

OK, you seem to have a version of Sasser on your computer. This worm/trojan will cause this 60 second shutdown message. For each of these steps (until it's fixed), if you get that message, immediately go to Start->Run and type in shutdown -a and hit OK. That will prevent it from shutting down.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download FxSasser but don't run it yet.

Reboot into Safe Mode (hit F8 key u... Read more

3 more replies
Relevance 41.82%

Ok i left my computer on yesterday and went to sleep and some time later everything went wrong !- Some Icons in the desktop are not visible. - Could not open any folders, programs. Some message boxes appeared but i cant do a screenshot on them, cant copy and paste, etc. But i rem they warn about system32 stuffs.- When i open a folder, those information on the left (i dont know what they are called) turns BLACK too. Menus are sometimes visible only.- Active Title Bar turns black in color (never met anything like that)- Dont seem to able to access internet.So i restart my computer.- Can open certain programs, but sometimes when i open Notepad, a message box will pop out and says:The application or DLL C:\WINDOWS\system32\USP10.dll is not a valid Windows image.Please check this against your installation diskette.After several tries, Notepad can be open again.- Some Icons seem weird, lets say i've a Real Media file but the logo is different, but after some time they're back to normal.- While reading the forum, texts appear to be messy (letters jumpin here and there, some canot be seen)--------------------------------------------------------------------------------------------------------------- Have already scanned with AVG, Ad-aware, Stinger, Spybot SnD, Panda- Protected with SpywareBlaster----------------------------------------------------------------------------------------------------------------Panda Scan Results:Incident ... Read more

Answer:Weird/messy Presentation Of Windows, Infected With Adwares

Hello rody and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.There are a few housekeeping items we can clean out so let's do that while you re here.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blankR3 - Default URLSearchHook is missingNow close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.The USP10.dll file is used for displaying text, fonts and processing unicode scripts. If it is missing then that could be the cause of the issues you are experiencing. Try running the System File Checker utility to see what files might need to be replaced.Click Start-Run and type sfc.exe /scannow. Have your XP CD available so... Read more

3 more replies
Relevance 41.82%

hi

i have been hAVING PROBLEMS WITH MY PC recently,4 adwares and 1 trojan here is the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 1:35:12 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\fjdvrupd\fjdvrupd.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Common Files\AOL\1171523261\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\... Read more

Answer:Trojan horse downloader.Generic4.XEV and adwares. help needed

Closing duplicate thread, please continue here: http://forums.techguy.org/security/586103-c-windows-temp-win54t-1-a.html
 

1 more replies
Relevance 41.41%

Hi ya'll!

I was hoping you could help me with my problem. I got this 4 adwares namely DOLLARREVENUE, WUPD, IEPLUGIN, AND SAHAGENT. Also there is one spyware namely media-motor. They are all located at windows registry.

I don't know how to fix this thing. pleaseeeeeeeeeeee help me...

here's my HJT log. thanks!



Quote:




Logfile of HijackThis v1.99.1
Scan saved at 7:42:52 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\... Read more

Answer:help!!! 5 adwares: dollarrevenue, wupd, ieplugin, sahagent, media-motor; with HJT log

anyone please? i'm not getting any help in here..

just tell me..is my problem a low, medium or high risk? please i need a n answer..i don't have any idea on the hjt log that i posted that's why i'm asking help..

any help would be greatly appreciated!

19 more replies
Relevance 40.18%

Hello, i've got a serious problem here. My computer has been infected with so many adwares/spywares/viruses that i've spent the past 7+ hours dealing with it!There are way too many things that i wanted to say.. hmm.. i've taken down the virus/adwares/trojans along the way when im doin scannin, and i hope it helps First of all, when the computer get started up, the desktop items cannot be seen, same goes to the Start Menu. So only the wallpaper is shown. So i've trouble acessing programs and files....The only way for me to get access to the programs (spybot, ad-aware, etc) is that i do a ctrl+alt+delete, then file>new task>browse programs ....While im using the internet, there are many popouts too (Chinese site.. there are also unknown Chinese search toolbar appearing in my IE)Spybot Search & Destroy- many infected items- VX2.a (Adware/Spyware/BHO) could not be deleted even though i restart the computer and run the program again- WSearch kept appearing even though i've deleted it?Ad-Aware- more than 350 items are found- viruses are found (Win32.Trojan - PSW.Lineage)- ToolBarDeepDive (cdnns.dll)- CNNIC- BDSearch Plugin kept appearing even though i've deleted them again and againA squared FreeI've also used A squared Free program and i think it works very well because it has detected 150++ items for me.. I didnt delete all of them as most of them are registry items, im not sure if it's ok to delete items myself? Mostly infected with: CNNIC, delcuwiz.ini, cp... Read more

Answer:Desktop Items And Start Button Not Appearing, Infected With Virus, Adwares, Spywares, Popups

Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

24 more replies
Relevance 37.72%

Hi all,
i'm on Windows 10, system x64 bits,

and my three multibootables "sardu" usb drives includes clevx foldit,
two windows2go win 8.1 portables usb drives made with wintobootic,
and my zalman ve350 all plugged on my actual pc,
and black sandisk connect wireless 128 gb stick drive also plugged on this pc,

i pre-installed by wintobootic win 8.1 on samsung fit 128 gb and sandisk reversible micro usb/usb 64 gb drives, but if i boot on this impossible to configure and install win 8.1 because of infinite loop on black screen with windows logo,

and for my three "sardu" multibootables whichs are the customusb foldit 16 gb drive, emtech mobile&go reversible micro usb/usb 64 gb drive and sandisk reversible usb/micro usb 16 gb drive, i have boot error on yumi/sardu boot on theses three drives,

and on my zalman ve350 900 Gb hdd, i have on his root the "_iso folders" actually contains between 13 and 30 iso files and the zalman in dual mode (hdd + iso virtual cd), but the lcd display on the top of zalman drive displays "no iso files" words

and my black sandisk connect wireless 128 gb stick drive have enough free space, but when on "sandisk connect" android app i upload on this sandisk 128 Gb drive a 1 kb or 10 mb file, i have "not enough free space" on the error message of android app

letters attribued of theses drives with all theses weird bugs:

zalman are g disk (virtual iso cd) and h drive (hdd)

emtech... Read more

More replies
Relevance 36.9%

Hey,

So as described, all my browsers keep getting infected by "safesearch" adwares/ malwares. I reset my browsers, the ads go away temporarily but reappear in a day or two.

Looking for a permanent solution for this.

Thanks
 

Answer:Browsers keep getting infected by"safesearch" adwares

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy

Should you think that is not the case, please send me a private message.
 

0 more replies
Relevance 34.44%

I tried to run a payment on a website and the submit button did nothing but make the cursor blink which it still is.  I looked under inspect Element and there was a JS file that downloaded.  I looked at it and it looked fishy.  I tried to run the normal cleaning techniques (ADW Cleaner, JRT, RKiill etc) and they all returned a messagge. "the service cannot accept control messages at this time "
 
It is slowly getting worse by the minute so I am not sure that this will even get to someone in tim,e cause I know u guys are backed up but if possible I dont know what to do I tried to use msconfig.exe , and the search functions to get safe mode to work but I just get either nothing happening or the same message.  I am afraid that if I turn off the computer to shift into safe mode that it will loack up..  Any helop would be appreciated.

Answer:I have something bad going on and ts getting worse byt the second

Sorry, but it seems that your pc is infected with a virus or malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.Please follow this Preparation Guide, post in a new topic and include a link to this thread.Let me know if all went well.

3 more replies
Relevance 34.44%

Hi,

I just wanted to start by saying a very big thankyou to all of you that help people on this forum. It is very generous of you and it is appreciated.

I have been infected by this fake security application that says "Windows Security has found critical process activity on your system". It keeps redirecting our web searches. In safe mode I have ran malware bytes, super anti spyware and created a hijack this log all before finding this forum. Both these scans found problems initially however upon following the instructions of this forum no more were found. I tightened up my zonealarm resetting it to default and searching programs that try to run as they popped up, mshta.exe was one of the programs.

I have followed the instruction on this web site to the best of my knowledge and i will attach the logs of the various scans. All scans went well except for the combo fix scan that ran through to stage 50, flashed a page suggesting it was deleting files and then restarted my computer. I repeated it with the same result.

I now have a message that says "SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe." whenever i start my computer and it takes a long time before all the applications are loaded and ready to be accessed. It seems to run faster if the internet is turned off?

I am posting this from another computer.


Here are the logs - Thankyou for yo... Read more

Answer:Please Help, its getting worse

I am not seeing much in the way of malware on your system. Let's do this and see where you are after:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present --Unless you set this.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present --Unless you set this.Click to expand...

After clicking Fix, exit HJT.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Ta... Read more

5 more replies
Relevance 34.44%

 Can anyone help??? It all started when I installed a new game (well new for my old PC) the other day, when ever I tried to load it, once it got past the intro video it just returned to the desktop, most of the time, it did occasionally work. So I went to look on the web for advice and was told to update my sound and video drivers. My PC is an old PII 350 with windows 98. I went to ATI and downloaded what it said was the latest driver for my card, now when the game does play the colours are all wrong and blocky (I have also updated direct X above the one the game needs). So I tried a sligthly older driver, which was even worse, so I put the newer one back on. To add to this the company who made my sound card (Aureal) have gone out of business, so don't give drivers now. I have found on another page what was supposed to the the latest driver they did release, but when I load the diagnostic tool on my computer (some sort of direct X thing) when I test the sound, it says there is a fault there too. It seems that what ever I try to do, the thing just gets worse, I am starting to think about getting another PC, but when it works, it does everything I need. Does anyone have and advice how I should try and fix all this? Thanks James

Answer:It just keeps getting worse

Did you simply overwrite the videocard drivers? If yes, you may wish to thoroughly clean your computer by uninstalling them and running a program such Advanced System Optimizer V2 or Advanced Uninstaller Pro 2004 There is also a useful tool that removes drivers for you.. I'll get back to you on that once I recall the name. Even though your soundcard manufacturer has gone out of business, use Google to search for drivers. There is quite a high chance of still finding them.As for DirectX, see to it that you have the latest version from Mirosoft.Buying a new PC will not solve your problems. It is not the PC's fault, it is the users fault. Your problems will just start anew if you donot know what you're doing.

1 more replies
Relevance 34.44%

Hi. I hate to be a nooge, but I posted a problem I had a week ago with a single search term being redirected in Google -- only that one search term was redirected. That much has stayed constant -- I've been using Google all week and only that one search term is redirected. My post has dropped down to page 12 and I think it's pretty much off the grid by now.Tonight I tried to run Hostsman to update my Hosts file and Avast! immediately put up the Warning notice that:12/2/2009 11:40:42 PM SYSTEM 2016 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\HostsMan\hm.exe" file.I quarantined the file, but now I'm very concerned. When it was just the one redirect it was interesting, but this has me a bit panicked.I've copied last week's post here.Can anyone help?EDIT: Okay, it looks like Avast! may be reporting false positives right now with virus database 091203-0, the one I'm using right now, according to what I read in the various forums. I'll keep a good thought, anyway.But my redirect problem IS still there, and I'd like to get to the bottom of it, if anyone can help. Thanks!Hello again -- I was here with a severe problem about a year ago. It took several weeks, and a lot of help, but I got cleaned.I also learned a few things. I have since installed the NoScript and Cookie Whitelist addons to Firefox, I installed the free version of ZoneAlarm, and I installed a Hosts file manage... Read more

More replies
Relevance 34.44%

I have been workin on this for several days now and I am at my wits end. I am attaching my Bitdefender log and an HJT log. I have followed all of the instructions in the "Before Posting" page. And should tell you the following. My Add/Remove programs hasn't worked in years so when necessary I use the free trials downloadable from various places.
When I try and run Microsoft Windows Defender it says I need to perform an upgrade, and will not open.
I tried running Pandascan this morning and waited for over two hours and it never did complete downloading.
As I mentioned, I am at my wits end and believe it's time for some help.
Thanks
 

Answer:The more I try the worse it gets! I need Help!

Welcome to Majorgeeks!

You did not attach your HJT log. Make sure you follow all instructions in step 7 properly and then attach your HJT log.

You should look at your Bitdefender log (change the .txt to .html and then double click on it and you can see it in your browser) You need to delete those items it is pointing out in your email.

Is your copy of Windows licensed to you and has it been activated with Microsoft?

What happens when you try to use Add/Remove programs? Be specific.
 

9 more replies
Relevance 34.44%
Question: Bad to Worse

Friends,

It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

If I reload XP, will all my data still be there?

Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

thanks, GearHead.
 

Answer:Bad to Worse

Hi GearHead,

Check out this link and try the removal tool from Symantec.

READ ME: Virtumundo Problems/Resolution Threads

Should that fail, I would suggest following the steps here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Best luck
PP
 

2 more replies
Relevance 34.44%

Ok my computer has been progressivly getting worse becuase before i wasnt able to enter my control panel becuase explorer would just crash. And now i started up my computer and restarted a couple of times and i cannot see my tool bar(the one with the start button) and my cousin is bringing my xp disk christmas.. what can i do in the meantime? oh and when i click my windows key it doesnt do anything.

Answer:it just got worse...

looks like a virus to me
what antivirus program are you using? and is it up to date?

9 more replies
Relevance 34.44%

I just finished a download that had some pretty nasty side effects. I am getting a pop up saying "It is recommended to update you antispyware protection to prevent data loss. Please install the most up-to-date antispyware for you" then an ok button. This isn't the only one, there are about 2 or 3 that seem random, none of which seem encouraging at all. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:46 PM, on 1/26/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20935)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\explorer.exeC:\Program Files\Unlocker\Un... Read more

Answer:pop ups and probably worse

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all.I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it i... Read more

18 more replies
Relevance 34.44%

i now cannot access my e-mail since doing an update every time i click on the e-mail icon nothing happens its just blank, nutty norm again

Answer:its seems to get worse

What email icon?????????????

3 more replies
Relevance 34.44%

my topic is here http://www.bleepingcomputer.com/forums/t/134217/virus-and-rootkits/ and it has been a couple days since a reply, and i was told not to reply again until i get a reply from someone to help me. but my computer is now losing the whole task bar whenever i close anything...i can bring up the task manager and see everything there, and i can ALT+TAB between programs and they will come up, but when i press the windows button will not bring up the start menu. the HJT log is in that other topic. thank you for looking

Answer:I Think My Pc Is Getting Worse

Hi dizz15,I know it's frustrating, but please be patient. It may take a while to get a response, because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

1 more replies
Relevance 34.44%

Like all AOL software, I'm wondering if the new AIM version is worse than the previous. Has anyone tried it yet?

It seems to have a lot of the features that AIM mods have introduced. I use DeadAIM myself, and have loved it for years. I tend to like things minimal. I've tried GAIM and Trillian, but I only use AIM, and GAIM messes up direct connections and profiles. I've tried AIMutation (sp?) and didn't like it much either.

What do you guys think?
 

Answer:AIM 6: worse because it's new?

i like it, but alot of people don't.
you just have to tweak it to the way you want it.
 

3 more replies
Relevance 34.44%
Question: bad to worse

Now I'm getting a little spooked.First it was just some irritating re-directs from Google searchers.Then multiple windows began propagating, sometimes blaring music, voices, phone sounds.Then, trying to work my way through the instructions in the preparation guide, I discovered that attempting to run the gmer.exe crashed me, locked up the processor, prevented me to restarting, the whole thing.Now, my touchpad has stopped responding. I uninstalled and restarted to replace the driver, but no effect. I am having to use a USB mouse, which works OK, but has not improved the touchpad.What's next?!Just curious. A question, for those of you who have experience with this forum--how long does it usually take to get help? Should I assume that all topics are addressed eventually, as folks find time? If I have failed to supply some bit of information, or violated some etiquette, I'd rather know, make my amends and start over that wait on the sidelines longer than necessary.Or should I just throw this piece-of-crap netbook out the window and get a real machine?

Answer:bad to worse

Hello pfosinger,It's hard to say how long it will take for a topic to get picked up. I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 300 unanswered topics, the oldest dated Aug. 26, 2010 at 5:14 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30 2010 at 10:00 pm using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange ... Read more

2 more replies
Relevance 34.44%
Question: Bad to worse

I posted a previous problem in regards to my computer shutting down at random and suspect virus. It seems things have gone from bad to worse in rapid time. I have lost internet connection, I open a program "regedit" and it closes, same with "msconfig" I cannot boot in safe mode. Suddenly all that was in my "connections" are completely gone, that folder is now blank. I know in the past I have tested your patience here but am throwing myself at your mercy once more. Sorry if this should have been posted with my previous question but I am unsure as to how protocol is.

btw forgot to give the basics.
Winxp
Medion computer.
should be current on updates.
again tia.
 

More replies
Relevance 34.44%
Question: From Bad to Worse

Hello to all the experts here at Bleeping Computers.

I was in the process of following your steps from the "Preparation Guide" when my computer decided to crash big time.
Initially I had my homepage hijacked by something called start.search.us. That by itself didn't seem to be a big deal. I was proceeding through the steps and made it to step 8 (Create a GMER Log). Approximately 5 minutes into the scan my entire screen went all screwy. It looked like the GMER scan program filled the screen and scrambled itself.

Now my computer won't work at all. After a restart, the computer locks up on the black screen with the green progress bar (Microsoft Corp underneath). I tried a safe mode reboot but it stops loading at the following line of text, "Windows\System32\Drivers\avgidshx.sys" This was the same line of text that was being scanned during the GMER scan.

After another restart (so many I lost count) my computer reads the following, "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:...." Several options are listed but even after inserting the original operating disc to repair, I can't get past the green progress bar thing.

Help!!! I'm moments away from turning this laptop into a very unaerodynamic flying brick.

(I'm typing this on my wife's Macbook, in case anyone was wondering how I could post)

More replies
Relevance 34.44%

dear all, any softwares that can fix this...

3 men go into a hotel for the night. The clerk informs them that it's $30 for the room, so they each take out a $10 bill to pay for the room. So far they paid $30, correct? You with me so far? Good.

A few moment after the men went up to the room, the manager reminds the clerk that there was a special promotion that night, and that the room was only $25. So the clerk gives the bell boy five dollars to bring back to the men. On his way up to the room, the bell boy says. "Hey, I'm not stupid, I'll give each of the man a dollar back and keep two for myself, $5 right, 30-5=25.

Well, since the bell boy gave each man a dollar back, that means each man only paid $9, correct?

Well, the last time I checked, 9x3=27, plus the 2 that the bell boy took makes 29, what happened to the other dollar??????

[This message has been edited by kokaik (edited 07-03-2000).]
 

Answer:the more you think, the worse it gets

7 more replies
Relevance 34.44%
Question: from bad to worse

please help-got a new laptop trying to use the wi fi.there is no wireless connection icon any where.maybe there no driver,im guessing. do i need to use the disc that came with my router.my other laptop works fine.maybe i need to use another keycode,i dont know please help.thanks

Answer:from bad to worse

I think you're already running a thread on this: click herePlease don't double-post.

1 more replies
Relevance 34.44%

new note pad mesgwhen I boot up.
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

I get this on start up and firefox is giving me an error

Well, this is embarrassing.

Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page
Can any one help me out?

Thank you so much
 

More replies
Relevance 34.44%

Is a 635 slower than a 640? Is the camera worse? Is there less internal memory? What are the differences?

Answer:How much worse is a 635 than a 640?

Here's the differences compared to the 640...
The 635...
...has half the RAM, which meant Facebook and Messenger refused to run in my case on W10M, multitasking is less smooth and whatnot. But it works for the basics.
HOWEVER, there are some 635's that have 1 GB of RAM, matching the 640.
...is not supported currently so you won't be getting Windows 10 Mobile easily, although some 635's have indeed been getting it with little effort oddly enough.
...has an inferior, lower-resolution 5 MP camera with no LED flash. (the 640 has a flash and an 8 MP shooter)
...is smaller than the 640.
...does not have a proximity sensor.
...does not have double-tap to wake or Glance.
...has a smaller and lower-resolution display.
...has a smaller battery.
Although the 635 and 640 share the same Snapdragon 400 processor and 8 GB of storage + microSD.
The 640 is the better all-around phone but I your needs are very basic and the 635 is significantly cheaper then the 635 may make sense.

2 more replies
Relevance 34.44%

I've been trying to fix this computer for several days now, and it keeps getting worse instead of better

I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.

I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa

Here is my HJT log, let me know what if anything else will help.

Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program... Read more

Answer:It's Getting Worse....

I downloaded the newer version of HJT...new log file is:

Logfile of HijackThis v1.99.0
Scan saved at 12:13:41 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system... Read more

3 more replies
Relevance 34.44%
Question: It could be worse

I come to this forum and read all the time in search of knowledge . With the reading and help of the fine people here I have fixed many problems . Some posts I have read complain about a program taking a minute to start up . Some complain about a slow boot up . Well when I said it could be worse I found one that couldn't be . Uncle brought his PC out to me to see iffin I could make it work for him . HP Pailion with 128 ram and XP Home . Hooked it up to my monitor and turned it on . One hour and 15 minutes later I could finally do something . First thing I attempted to do was run defrag . It took 15 minutes for the menue to work enough to let me click on defrag and another 29 minutes to open defrag . Now I have it open and click on derag to run , 7 hours later it finished . Pc Was still slow . A bit better but not much . Started to empty temp folders . One temp folder took 15 minutes to empty . Emptied all the temp folders and the history then deleated some programs . Only deleted 3 small programs but with them and the temp folders I regained 17 gigs of hard drive . Did another defrag and this time it went much faster . Then I started on malware and viruses . Did the ususal scans I learned from here and took a bunch of them out . Got to the point that the PC was healthy again . Took out the 128 megs of ram and replaced it with 512 which is the max for this HP . Now it is running very smooth and probably as fast as it ever will . So when you think you are running slow do t... Read more

More replies