Computer Support Forum

Cleaning an infected Time PC desktop

Question: Cleaning an infected Time PC desktop

I have completed the Major attitude removal guide. I have attached the 2 reports for someone to provide feedback on what is wrong with my desktop PC. My infection occurred when I upgraded from the internet security suite Kaspersky 6 to version 7 which is still active now. Please can a qualified person interprete the reports that I have attached?


Cheers!

Relevance 100%
Preferred Solution: Cleaning an infected Time PC desktop

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Cleaning an infected Time PC desktop

Attached is another log file that was too big to attach in my original post.

The desktop PC still appears to be infected because the machine still operates slowly and prompts PID error messages from Kaspersky 7. Any help I can get is appreciated!

11 more replies
Relevance 61.5%

So at first I had the "Internet Security 2010" bug, but I think I fixed that with rkill. But now I got the green desktop with the "system is infected" message. I have heard of people who have this problem trying to restart only to find their system totally screwed, so I'm scared to turn off/restart. I have run DDS and Root Repeal. I know its Christmas, but please help!!!
DDS (Ver_09-12-01.01) - NTFSx86
Run by Michael at 3:25:14.42 on Fri 12/25/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.44 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome... Read more

Answer:Infected, Big Time... Green Desktop with "Your System is Infected" Message

Visit below website. Understand on how to use ComboFix >> download and run the program >> post the log here http://www.bleepingcomputer.com/combofix/how-to-use-combofix

9 more replies
Relevance 49.61%

So Ive noticed my internet has been slow and doing some weird things lately, so I figure its time to get it cleaned up again. Here is my hijackthis log....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:41:57 PM, on 10/29/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\Ati2evxx.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\system32\ZoneLabs\vsmon.exeE:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeE:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\WINDOWS\system32\CTsvcCDA.exeE:\Program Files\Symantec AntiVirus\DefWatch.exeE:\WINDOWS\system32\PnkBstrA.exeE:\WINDOWS\system32\PnkBstrB.exeE:\Program Files\SanDisk\Sansa Updater\SansaSvr.exeE:\WINDOWS\System32\svchost.exeE:\Program Files\Symantec AntiVirus\Rtvscan.exeE:\WI... Read more

Answer:Time For Another Cleaning

Hello fritzle,Welcome back to Bleeping Computer Sorry about the delay. I don't see anything malicious in your log, so have a look here : http://users.telenet.be/bluepatchy/miekiem...owcomputer.htmlRegards,tea

27 more replies
Relevance 49.61%
Question: Its cleaning time.

hello, i need to clean my computer.

i need to see if i have anything wrong in the system.

heres a hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:58 PM, on 6/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files... Read more

More replies
Relevance 48.79%

Hey everyone!

A friend of mine gave me an HP Pavilion dv1411se notebook and I would like to give the fan and heatsink a thorough cleaning, although I'm pretty positive the fan doesn't work at all. However, I've seen pictures online of how much dust can build up on the heatsink and I'd like to get that taken care of. Ultimately, I would like to replace the fan and possibly the heatsink altogether, but for now, giving both a proper cleaning will give me peace of mind. My objective is to pull the thing apart in order so do so.

This will be my first time doing anything like this and my reason for wanting to is the fact that computer repair shops are just too damn expensive for my budget, plus I'd really just like to know how.

Does anyone have any good words of advice before I tear into my laptop? I've read somewhere that static electricity can "fry the system." Is this true? I'm planning on getting rid of the dust from the heatsink with a vacuum, but I've also read that this isn't always a safe practice either.

I'm gonna use the HP Maintenance and Service guide to assist me:

http://h10032.www1.hp.com/ctg/Manual/c00636251.pdf

If anyone else has any other tips or suggestions, I'd appreciate it.
 

Answer:First Time Cleaning Laptop

13 more replies
Relevance 48.79%

I'm not sure what's what and who is friend or foe....I have a lot of trouble with "hanging". Can someone help me?? and please be a little explicit with your directions on what to do......much thanx

Logfile of HijackThis v1.97.7
Scan saved at 11:45:00 AM, on 11/30/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Sy... Read more

Answer:Cleaning out the drive for the first time

Go into Control Panel, Add/Remove programs and remove new.net

Then

Run HJT again and check all of these that remain.
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_48.dll
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

Close all browser windows prior to clicking fix checked.

Reboot and post back to let us know how things are going.
 

1 more replies
Relevance 48.79%

Hi...I'm getting some annoying pop ups again. I would really appreciate it if someone could go through my HJT log and offer some suggestions. Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 4:35:06 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe... Read more

Answer:Solved: Help with Pop Ups....time for a cleaning??

8 more replies
Relevance 48.38%

Hello, I'm sitting here with my Sony Vaio model PCG-61112L juuuust about cracked open and waiting to be cleaned. I've noticed lately that fps during games has been dipping, and i'll get gpu driver errors whe browsing the web, causing my display to refresh (always recovers). This is why i am cleaning it out now.

I've got my RAM chips, battery, and what i think is the hard drive removed, and all screws out. When i tried opening the bottom case, i then noticed that there is a small black cable attached to the case. I have no idea what this is, but it is attached to a ribbon thing next to where the RAM chips were labelled as "To MB." Sounds like it has something to do with the motherboard, but all i want to do is disconnect it or something so i can get the bottom casing off so i can clean this thing. Any help on this would be fantastic.
 

Answer:Cleaning inside of laptop for first time

"and what i think is the hard drive removed" & "I have no idea what this is" Click to expand...

Do you have a service manual for this laptop? My advice, since you don't sound very knowledgeable or experienced, is to stop what you're doing. Your problems about FPS & GPU driver errors are most likely due to other issues than the computer needing cleaning.
 

3 more replies
Relevance 47.97%

My friend has a laptop that he has had for about 5 years now. He has stopped using it because it is slow and often freezing. It is running windoes 7 i think. I said I would take it and try to sort it out for him as I know you guys would be able to help me. I don't think he ever did malware/virus scans. Probably everything that would need doing is going to have to be done. He has probably never done any updates to anything. I don't really know where to start so was hoping someone could talk me through it.

Answer:Cleaning up and removing malware from an old laptop for the first time

1/ Is there any Data that requires to be backed up first - That he needs ?.....DO THAT FIRST !
    If not - i would restore it to the day he got / if it has a Factory Restore Partition.
 
2/ If you choose the Factory Restore option , goto the Manufactures site of the Laptop / enter the Model etc / follow the Instructions to Restore.
 
    After that is done / you then need to do all Windows Updates / Antivirus / and Install your Programs.
 
3/ If you need to just clean it up / or the restore partition is not available , and just remove any Malware / Viruses etc....
 
    Then you will need to post the Make / Model and wait for assistance in the removal of such and post various Logs as instructed.

2 more replies
Relevance 47.56%

Hi. :] I'm cleaning up my boyfriend's parents PC and after uninstalling the Antivirus XP 2008 trojan along with a few other items, I was hoping y'all would analyse my hijackthis log just to make sure everything's cleaned up and tell me what I should fix. Thanks so much!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:38:56 PM, on 9/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Softex\OmniPass\Omniserv.exeC:\Program Files\Softex\OmniPass\OPXPApp.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\Program Files\USB Storage RW\udsi.exeC:\HP\KBD\KBD.EXEC:\Program Files\AOL 9.1\waol.exeC:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exeC:\Program Files\NETGEAR\WG111T\wlan111t.exeC:\Program Files\interMute\SpamSubtract\SpamSubtract.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\AOL\ACS\AOLacsd.exeC:&... Read more

Answer:Cleaning Up An Infected Pc

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies
Relevance 47.56%

I am trying to clean up my cousin's Windows XP Media Center SP3 box. They apparently let their Trend Micro AV expire almost a year ago and seem to be really infected. I think I have cleaned up some of it (and sorry I didn't note what I cleaned up) but there's clearly some serious remnants still. One of the things that was on it was "Personal Anti-Virus".

Current symptoms:There are multiple versions of iexplore.exe processes running when I have not started internet explorer.
All of the malware detection apps I have tried to run will not (spybox, malwarebytes, avast, various online scanners: ms onecare/safety scanner, trend micro housecall, etc.)
Cannot create a system restore point

I was able to run dds.scr but not gmer.exe. When I run gmer.exe (and the other things that never fully launch) I can see them in the taskmanager processes but they never really launch or error out.

Thanks for any help you can give!!




DDS (Ver_09-07-30.01) - NTFSx86
Run by nanci at 21:19:08.00 on Fri 09/11/2009
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uIn... Read more

Answer:Need help cleaning up an infected XP box

Hello DoberMom Welcome to the TSF Virus/Trojan/Spyware Help forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Delete any version of GMER you have on your Desktop and try one from below. Let me know if it won't run either.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


After 3 days if a topic is not replied to we assume it has ... Read more

4 more replies
Relevance 47.56%

Hi,

The other day AVG started picking up on viruses everytime I started up. It put the viruses into the "virus vault" but I'm worried that didn't help since I keep getting virus warnings still. I ran an HJT log to see if anybody can help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:08 AM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Pro... Read more

More replies
Relevance 47.56%

Hi,

The other day AVG started picking up on viruses everytime I started up. It put the viruses into the "virus vault" but I'm worried that didn't help since I keep getting virus warnings still. I ran an HJT log to see if anybody can help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:08 AM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\sy... Read more

Answer:HJT log - Infected, need help cleaning

Hello and welcome to TSF.

HijackThis is no longer the preferred initial scanning tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 47.56%

It started late last night, shortly after rebooting and launching firefox, the wallpaper on all 3 of my monitors suddenly swapped out to:"WARNING YOU'RE IN DANGER... something about my wife, my children, and must remove all spyware... bla bla bla" (I later found the image located in C:\WINDOWS\Temp\izohore.bmp).I've been chasing my tail and spinning my wheels with this since midnight (11 hours ago) and could really use some guidance.So far:I did a deep virus scan with Zone Alarm (which took 5 1/2 hours!) where it picked up and reportedly treated:"Backdoor.Win32.Sinowal.fci".I'm currently running Zone Alarm's Spyware scan but after 1 hour 36 minutes it's only at 5%!! Does this seem exceptionally long? Are there better options for an infected PC?My Setup:Windows XP SP3 (fully up to date)Zone Alarm v8.0.400.020 (virus definitions updated this morning)If anyone can get me pointed in the right direction to get started cleaning this out I would really (really really really) appreciate it.Let me know if there's anything else I can provide... (screen caps, highjack this log, etc... )Thanks

Answer:I Need Help! - Cleaning Infected XP PC

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

22 more replies
Relevance 47.15%

Fan IssueI've cleaned my laptop sometime this month after about two years of use. Popped it open, blew everything, popped it back. I saw a post before posting this about removing the battery before cleaning so i'm considering going back and doing that. I usually keep it running in high performance because I use it for gaming. Core/CPU usage is almost never above 10%, currently sitting at 2%-4%. Memory is usually high because I only have a 500GB SSD, currently at 58%. The other stats (disk, network, and GPU), sit at 0 (although GPU will boost to about 60% when gaming). Currently, I have it in balanced mode and set the maximum core usage to 40% and it's still going strong. Any suggestions?  Gaming IssueAlso on a side note, if anyone can assist me with a gaming issue I'm having. My computer has a 960 GTX, i74720GQ @ 2.6GHz, and 500 GB SSD (samsung evo--upgraded from 1TB HD) and I'm having issues with my FPS in-game. It locks at 30 or FPS across all games. I do have two GPU's (integrated and 960 GTX) and have always used the GTX as the primary source, uncapped in-game graphics, limited background interference (services, programs, etc.) and possibly other things I can't think of but cannot release the in-game FPS cap. Even when settings are at the lowest settings. In previous times, if I were to uncap, it'd reach above 60 easily consistently but now when it's uncapped, it never goes above 60. One might ask what changed? After upgrading from HDD to SSD, I had to reset my ... Read more

More replies
Relevance 46.74%

Tired Tech support guy here - wondering what you other Support Techs out there are doing these days with infected PCs? Are you trying to clean the malware off of them -OR- is it better to just throw in the towel early with a sick machine, backing up user data, maybe doing some anti-malware scans on the data to make sure it's clean, and then reloading Windows? The Malware battle is sickening... Just another stupid saying...

Answer:How do you deal with Cleaning Up infected PCs

Depends on how quickly you get hold of the machine. If it's just bogus AVs and a few nasties then it's not too much of a problem, but if the machine's been left for a while, or the client has had a go themselves then it can ultimately be a case of reinstalling, but personally I only leave that to the final option simply because of cost and time, especially if the client hasn't got driver disks etc.I also always ask the client if there's any data they can't afford to lose before doing anything else anyway, just in case things go from bad to worse."I've always been mad, I know I've been mad, like the most of us..."

2 more replies
Relevance 46.74%

I have some important files got affected with a virus after i plug it into a public computer ...i cant seem to be able to open those files but they are still there in my usb stick..i used some antivirus software to clean it but they would just delete those files..they are soo important i cant give them up since i dont have another copy of themwhenever i open the usb stick i see the folder called"restore.scr" that i cant delete ...would it be the virus folder? plz help out..how can i clean but keep those files?

Answer:cleaning infected files

Please follow all steps in the following link. http://www.computerhope.com/forum/index.php/topic,46313.0.html

2 more replies
Relevance 46.74%

One of my users was surfing yesterday (Internet Explorer) and they must have become infected with some nasty malware. After a reboot she came to get me and the screen was filled with Symantec Antivirus email warnings. It looked like a virus was trying to send out spam. The computer was unusable and I was unable to do anything.

I rebooted back in as Admininstrator and followed the instructions in "READ AND RUN ME FIRST" thread. This computer is running XP so I followed the instructions in the XP Cleaning thread.

I ran all the tools as the Administrator. I did try to log back in as that user but the emails warning started going crazy again. Also symantec popped up messages about Hacktool.rootkit and another TROJAN. The computer rebooted (from me trying to Ctrl-Alt-Del) to logoff I think, before I could see the name of the Trojan.

Attached are the 4 files that the instructions said to include.

Thanks in advance for any help you can provide. This is killing us because the user cannot get into there account.
 

Answer:Still Infected after following cleaning steps

I know this is going to bump me but I think this information is important.

I finally got the recommended tools to run while I was logged in as the problematic user. After running Super AntiSpyware, Malwareytes said it found more stuff and cleaned it.

Even still after the reboot, Symantec keeps popping up with information saying I have hacktoolrootkit and Trojan.Fakevalert (tied to iehelper.dll).

No more email popups but I am pretty sure I am still infected.

Thanks for your help!
 

4 more replies
Relevance 46.74%

A friend asked me to clean their laptop. Its moving like a slug... Its an Inspiron 1000Windows Xp SP3celeron CPU 2.20 GHz with 224 MB ram They have Trend Micro Internet security Pro on it which i have updated.Last n night i ran the Trend Micro scan which picked up little. Then i ran malwarebytes and adaware to pick up any spyware.The Malwarebytes scan found Vundo files, which i found is a virus, so i ran the VundoFix but it did not detect anything else. EDIT: Logs removed...not allowed in this forum

Answer:Cleaning Infected Laptop

You should do a RAM upgrade. Try thishttp://www.crucial.com/index.aspxMy Mother in law is running an older HP with an Intell Celeron CPU, 512 MB of RAM w/ Windows XP SP3, and its slow as a snail. I cant imagine running anything less than that.Also, it wouldnt hurt to do a complete reintall of the OS. If you can try to do a backup of the My Documents folder at the very least. Write down a list of all the programs under the All Programs list in the Start Menu.I would also try running Killdisk as a extra step, before you reintall the OS. http://www.killdisk.com/

4 more replies
Relevance 46.74%

PC had a ton of pop-ups. Spybot and Ad-Aware said I had AdSPy.TTC, Advertising.com, Smitfraud_C.Toolbar888. They seemd to get rid of all but AdSpy.TTC. After reading a number of threads, I downloaded ATF-Cleaner and ran it, then Vundofix. This seemd to get rid of both the AdSpy and Smitfraud, but the PC still showed 100% busy as soon as I booted. I then downloaded and ran SuperAntispyware...that found a bunch more visueses and said it cleaned them up. CPU still at 100%, with system running 40-65% of it. I then ran Kaspersky online. That found, among other things, Downloader.Win32.Agent.awf.Please help me clean this up. I've attached a HJT log, combofix log and the Kaspersky online log. (I can't figure out how to attach the logs, so I cut and pasted them here). Logfile of HijackThis v1.99.0Scan saved at 9:16:08 AM, on 6/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\LEXMAR~1\LXBRKsk.exeC:\PROGRA~1\LEXMAR~1\bak\LXBRKsk.exeC:\Program Files\Comodo\... Read more

Answer:Pc Badly Infected, Need Help Cleaning It Up

Hi rsk3, If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.Thanks for your patience. I've attached a HJT log, combofix log and the Kaspersky online log. (I can't figure out how to attach the logs, so I cut and pasted them here)Don't attach logs please but copy/paste them into this thread.

29 more replies
Relevance 46.74%

I am trying to clean out a BADLY infected PC. It had everything, well almost, Blaster, Spybot, TROJ_ISTBAR.D, RapidBlaster, etc..
I have run (Updated) Nav 2002, Adaware & Spybot Destroyer .. each found stuff to remove. After all of this, closing port 135, and doing all of the windows updates (Btw, this is XP Home) I am still getting what look like Messenger pop ups, for Viagra etc. (I really don't need that YET). And then this popped up:

500 Servlet Exception
java.lang.NullPointerException
at com.caucho.server.http.Response.sendRedirect(Response.java:609)
at _uninst__run._jspService(/uninst.run:39)
at com.caucho.jsp.JavaPage.service(JavaPage.java:75)
at com.caucho.jsp.Page.subservice(Page.java:497)
at com.caucho.server.http.FilterChainPage.doFilter(FilterChainPage.java:182)
at com.caucho.server.http.Invocation.service(Invocation.java:312)
at com.caucho.server.http.HttpRequest.handleRequest(HttpRequest.java:244)
at com.caucho.server.http.HttpRequest.handleConnection(HttpRequest.java:163)
at com.caucho.server.TcpConnection.run(TcpConnection.java:137)
at java.lang.Thread.run(Thread.java:536)
--------------------------------------------------------------------------------
Resin 2.1.6 (built Fri Nov 8 08:18:18 PST 2002)

Any Ideas what to do next? ... or is it wipe out time?
Thanks, Bear
 

Answer:Cleaning an infected PC now 500 Servlet

8 more replies
Relevance 46.74%

Hello,

A family member has asked me to look at their PC (Windows Vista) and it definitely has some issues. I was hoping to get some guidance as to what the best steps are to rid the machine of this infection. I've installed Malwarebytes and run a quick preliminary scan and it found a few items, but it didn't clean up the problem.

Windows Security Essentials is somehow turned off and the service is gone, as well. This is a big red flag to me.

Would someone be willing to work through this with me? I'd appreciate any help I can get! Thanks!

- motoxer4533

Answer:Looking for Assistance in cleaning up an infected PC

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

7 more replies
Relevance 46.74%

I'm having a Craigslist adventure, having purchased a cheap computer for my office person to use in my business. Something tipped me that the PO may not have been all that tidy, I don't know if it was the username Crystalrock, the half dozen bit torrent source movies left on the drive, or the software that didn't fit the user profile like a complete Adobe creative suite or MS Office 2007 Enterprise.

Anyway, looking at the drive revealed toolbar jive like MyWebSearch and FunWebProducts, so I cleaned out the motley assortment of AV and utilities, and installed Eset AV 5. A scan turned up 23 items, so I set about the Read And Run Me First protocol. Each step seems to have turned things up, including Vundo.

Of note, Root Repeal wouldn't run, so I've attached the logs from when I started the program and when I tried to run it.

I didn't get a system disk, so a clean OS install isn't really an option.

thanks for your help
 

Answer:Cleaning a used computer - its infected

Here's the rest of the logs
 

6 more replies
Relevance 46.74%

Re: Still needs some cleaning and tinkering....

hi chaslang,

thanks for everything on my laptop.... all is well and it feels great again. as i promised i have a desktop in my room that has had this issue of a blue screen with Spyware Infection sign in the middle for a long while. i did all the preliminary program running and it is .. miraculously..... gone... though some tidbits seem to hang on including this error that comes on startup: "Error loading 002k0uzo.dll this module could not be found. plus i have attached 3 of the program finds to this post and a HJT log. when you get some time..... could you please take a look and see how i am doing....

greaty appreciate you and your place here,

anne marie
 

Answer:Desktop PC needs cleaning

Re: Still needs some cleaning and tinkering....

also...... here is that uninstall log from HJT as well

tanx, Anne Marie
 

6 more replies
Relevance 46.74%

Windows 10 PRO with a 1TB 840 EVO. Here's what things look like in EASUS Partition Master.

It may not REALLY be a big thing but it offends my sense of order to have such a goofy looking disk. Which of these parititions do I NEED, and how do I get them all together, preferably at the END of the drive?

Everything from here on down is "normal"partitions. I want to reorganize and this seemed like a good time to cleanup whatever all these 450mb, 300mb and 100 mb things are. I'd like to get all these things out of the way and get back the unallocated space so I can do things with the "normal" partitions on the SSD.

That last little 100mb thing, which everything I've FOUND says "just click on it and do a move/resize/whatever WON'T MOVE. I can click all day, but there's no line in the context menu to move the partition (I'd put in a snip, but I can't get it to do the snip when I right click on the menu - works for OTHER context menus but not the one in partition master)...

So, what can I delete? What can I move and where to? And how do I get the stuff I need all in one place and out of the way?

More replies
Relevance 46.74%

I know this isn't the exact thread to post in but I could not find something that would suit my question.
I have an old computer I am planing to upgrade, but first I want to clean it, the computer has dust and hair all over it, I was wondering what it the best way to clean it without damaging any of the parts the computer runs fine, I just don't want to put in new parts.
Thanks

More replies
Relevance 46.74%
Question: desktop cleaning

what's the best way to clean the pc base unit, the inside the fan the motherboard etc is there a pdfMany thanks

Answer:desktop cleaning

read these websclick here

4 more replies
Relevance 46.74%

I need major help.

Thank you.
 

More replies
Relevance 46.74%

Windows 10 PRO with a 1TB 840 EVO. Here's what things look like in EASUS Partition Master.

It may not REALLY be a big thing but it offends my sense of order to have such a goofy looking disk. Which of these parititions do I NEED, and how do I get them all together, preferably at the END of the drive?

Everything from here on down is "normal"partitions. I want to reorganize and this seemed like a good time to cleanup whatever all these 450mb, 300mb and 100 mb things are. I'd like to get all these things out of the way and get back the unallocated space so I can do things with the "normal" partitions on the SSD.

That last little 100mb thing, which everything I've FOUND says "just click on it and do a move/resize/whatever WON'T MOVE. I can click all day, but there's no line in the context menu to move the partition (I'd put in a snip, but I can't get it to do the snip when I right click on the menu - works for OTHER context menus but not the one in partition master)...

So, what can I delete? What can I move and where to? And how do I get the stuff I need all in one place and out of the way?

Answer:Cleaning up the DESKTOP SSD...

By default you should have 4 partitions - ESP (100MB FAT), MSR (16MB unformatted), C (size depends on your disk, NTFS) and recovery (normally 450MB NTFS).


See: UEFI/GPT-based hard drive partitions | Microsoft Docs

Windows likes to make extra recovery partitions on upgrade if it finds one that is too small. You have a too small recovery partition (300MB) coming presumably from an upgrade from Windows 7 or 8.

I'd backup C, clean install (so Windows makes it own partitions) and restore C back again although you could shuffle them around with minitool partition wizard or something to make them look like the picture above.

Once you are done you will need to re-register your recovery partition using reagentc command as described here Deploy Windows RE | Microsoft Docs

4 more replies
Relevance 46.74%

On their site it is written that only one on-demand scan will be performed.Does that mean if I run the online scanner on my pc for once and clean detected items,I will not be able to use it in future?There is also a 30day unlimited trial offer is given.Not sure if this is about their private wifi or online scanner.Seeking some advice and feeling terrified.

Answer:ESET online scanner provides only one time free detection and cleaning?

What web page did you see that information?The main scanner page and FAQs do not say it can only be used one time.http://www.eset.com/int/home/products/online-scanner/http://www.eset.com/int/home/products/online-scanner/faq/After every scan, you have the option to uninstall the ESET Online Scanner with all its components or leave them for future scanning.

8 more replies
Relevance 46.33%

Hi people.
My computer's infected with loads of viruses and spyware. I'm thinking of reformatting.......but if anyone knows of a virus software that is known to actually be good at CLEANING an infected system then please tell me as that would be preferrable

Thank u
 

Answer:Software for cleaning infected systems

Celtic Queen said:

Hi people.
My computer's infected with loads of viruses and spyware. I'm thinking of reformatting.......but if anyone knows of a virus software that is known to actually be good at CLEANING an infected system then please tell me as that would be preferrable

Thank uClick to expand...

Hi Celtic. I would like to suggest that this be moved to the Security forum ( I'll PM a mod for you ). You are more likely to get help there as many very experienced folks thrive on this stuff. Also, if you read some of the posts there you will see quite a few programs that are free to download. Ie: AdAware, Spybot Search and destroy and more importantly HJT.
Edit: you can get two of the programs from links in my sig. Be sure to update them before you use them. As far as HJT is concerned DON"T do anything until instructed by a security guru.
 

2 more replies
Relevance 46.33%

Hello MajorGeeks!

Love the site and am constantly referring people to here to clean their computers. The detailed step by step instructions are invaluable and I truly appreciate the time and effort by everyone involved to assist in keeping computers clean and safe.

Unfortunately my own computer has been infected. I feel very silly, but I believe I was infected via yahoo messenger when a contact was infected and sent me a message that I stupidly didn't identify as suspect. This would be about 8 months ago. I didn't realize it at the time, although I suspected, but I hoped that nothing had happened or my Microsoft Security Essentials had prevented issues. Since then though, I have noticed periodic times when my net connection will slow to a crawl, even though other devices on the net seem okay. I rationalized it, not wanting to think that I could have been infected, but now I think I am.

I ran your procedure and nothing was found on any of the scans, however, I then ran a full scan with MSE and it came up with 5 hits, java exploits. It removed them, but I am not sure if that is enough. To my thinking, it seems likely that although the infected programs may have been caught by the virus scan, there is a chance other programs were installed on my computer that may not be so obvious?

Any help would be appreciated. I am in the process of running another full scan with Microsoft Security Essentials but I am not sure what to do after that or if there is any... Read more

Answer:Been infected and need help cleaning - Logs posted

I am not seeing any malware in the logs you attached. You have Combo on your desktop, but it looks like you didn't run it. Was there a problem?
 

7 more replies
Relevance 46.33%

Hi

I have been called in to help with a friends Dell pc after it became infected with a virus. The first signs were that the machine became very slow, and that the IE toolbar was "different" - some of the menu items such as Internet Options were either greyed out or not showing. Internet Options was also missing in the Control Panel. However, the main problem came when she tried to install a regular Windows upgrade which crashed. Following this she was unable to use her Sky TV remote connection to watch TV on the PC (it's main use, although you will probably spot in the log below that it had previously been used for her son's games). Any attempt at rolling system back failed, and now the roll back option is no longer there and cannot be switched back on.

The other worrying problem was that her AVG antivirus product had also disappeared from her desktop and Start Menu (the program folder is still there if you drill down through the C:\Program Files folder).

As I wasn't going to be able to get over to see her within the next couple of days, I advised her to install and run an old version of Norton 360 that she still had, and to then download and run MalwareBytes Anti-Malware. She did this and says that both programs found and successfully cleaned some malware, but unfortunately she didn't keep a note of the reports and had been unable to find them on her PC - if this is a major problem, I can probably hunt them down on the machine. (nb... Read more

Answer:THINK MACHINE IS STILL INFECTED AFTER AV +AMWB CLEANING

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
Do not install any other programs until this if fixed.[/b]
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass... Read more

16 more replies
Relevance 46.33%

I got infected by the Katuna virus this past week. I have performed a half-dozen different varieties of cleaning using different softwares, and still have a high consumption of CPU when computer is idle. How do I resolve this, if somebody would be so kind as to help me, please?

Thanks in advance,
theAdmiral

Answer:Infected by Katuna, after much cleaning, still many CPU cyc. when idle

What antivirus do you have? download malwarebytes (as it will not hinder an antivirus already installed on your computer) and see what it says.

Never (besides malwarebytes) have two antiviruses installed at the same time. Also, never uninstall an antivirus without using an antivirus removal tool. I can further help you out after you let me know about your AV setup. waiting to hear back

2 more replies
Relevance 46.33%

Hi everyone. I am transferring my files from my old laptop to my new Windows 8 laptop, then hopefully in the near future onto an external hard drive. However, Norton Internet Security identified a lot of them as being infected by Ramnit and other pleasant stuff. Most of them are html files, sometimes contained within zip/rar files that I created myself with a probably bad version of WinRar. Of course, Norton usually either deleted or quarantined them and only sometimes repaired them, but I'm wondering if it's possible to repair all of them--especially the html files, as those are what I really want to keep?

I'm planning to reset my laptop to factory settings and try to keep it clean of course, but if these files continue to be a problem, I'm really at a loss for what to do.

More replies
Relevance 46.33%

Hello,

I followed a link to an NSFW site the other day and soon afterwards got a popup notification along the lines of "Windows system inspection has found an error" and then my browser started randomly opening windows to "anti-virus" purchase sites and redirecting google links to them as well.

I've been running through the Windows XP cleaning procedure, but seem to have gotten stuck on running combofix. I think it's because I'm not properly disabling my AV, but here's what's happening, anyway: I run combofix, it says "McAfee VirusScan Enterprise is still active, disable it". I thought I had disabled it, so doubled-checked (and found on-access scanning, and all other 'disable'-able options set to "disabled") and clicked OK. Combofix runs until it gets to this screen: http://www.bleepstatic.com/combofix/en/autoscan.jpg and then just sits there for 30 minutes at which point I manually close it. I tried running MGtools, hoping it was just something with Combofix, but MGtools also froze after about a minute of scanning through my files.

Logs from Superantispyware and Malwarebytes' attached. Should I just uninstall McAfee at this point and start over, is there a better way to disable than described above, or something else? The "How to Disable your AV" section on MajorGeek doesn't seem to cover my version of AV.

Thanks for your help!
 

Answer:Infected computer, w/ questions on XP cleaning

Yes, try uninstalling McAfee. Did you try running Combo and MGTools in safe mode? Have you tried renaming them?
 

35 more replies
Relevance 46.33%

I have been cleaning for 2 days now. Reading the forums and running HJT to figure out what to fix. I give up. Can some expert please tell me what I've missed? I've been using a variety of tools - Free AVG anti-virus, Trend-micro's housecall, adaware SE + vx2 plugin, dllcompare, killbox, spybot s&d, Spyware blaster, sfc.exe /scannow, renaming hijackthis, microsoft's registry cleaner on top of HJT 1.99. I've learned way more than I ever wanted to but apparently not enough to fully clean this machine. By the way- when I ran lspfix it "ate" my wireless networking icon (+ who knows what else) in my control panel and now the 2 monitor icon no longer shows up in the system tray. I'm using a linksys utility that came with my wireless card now. sfc.exe does not repair this.
 

Answer:After days of reading and cleaning I'm still infected

LSP-Fix should only be used when a malware expert request it or you feel comfortable enough to use it. However it still should only be used when something malicious gets into the LSP Chain.

What problems are you having?
 

13 more replies
Relevance 46.33%

I installed and ran Microsoft Security Essentials.
Full scan: removed 2 instances of some java exploit updater (?)
Ran CCleaner before the scan.

Please advise. Not sure where to start.

Thank you.

Answer:Infected with Babylon Search; need help cleaning PC

webgal318,

Here are some instructions that you will find helpful:
Remove Babylon Search hijack (Uninstall Guide)

Basically, this is how the process goes...


Uninstall Babylon Search

Please click Start > Control Panel > Uninstall a program
Search for and uninstall Babylon, Babylon toolbar on IE, Yontoo, BrowserProtect, or any Babylon related entry.


Remove Babylon Search from Internet ExplorerOpen Internet Explorer,then click on the gear icon at the top right and select: Manage add-ons.
From the Toolbars and Extensions tab, select Babylon toolbar, Babylon toolbar helper, Babylon IE plugin, babylonToolbar.com or anything related to Babylon.
Next click on: Disable
Under Add-on Types, click: Search Providers
Select a search provider, click Set Default, then click on Search the Web (Babylon) in the list and click on Remove
To change your home page, go to the home page you normally use..
Next, click on the gear icon , select Internet Explorer options, and in the General tab, under the Home page section, click on Use current to restore your Internet Explorer home page.
If you use FireFox or Chrome, check the link provided at the beginning of this post, and follow its instructions.


Remove Babylon Toolbar Registry keys

Please download AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
Save the program to the Desktop
Close all open programs and internet browsers.
Right-click on adwcleaner.exe and select: Run As Administrator
At the program con... Read more

9 more replies
Relevance 46.33%

I removed a lot of spyware and viruses before doing the steps in "READ & RUN ME FIRST. Malware Removal Guide." Logs attached.

Thanks

Goliano
 

Answer:Cleaning badly infected system

Hi goliano,
Welcome to the Malware Forum!

Your computer is still badly infected. Please use it as little as possible until I can post a set of instructions to you and try not to unboot unnecessarily.

abri
 

20 more replies
Relevance 46.33%

Hello all, I have been infected. I noticed the odd stuff started after i was prompted to install a plug-in to view a video knowing good and well I had all the plug-ins anyone would need to view anything they would want. I installed the plug-in anyway...
I am using a dual-boot setup with XP Pro, and Vista Home Premium on a RAID 0 with separate partitions and an External ESATA HD.
I was logged into XP and using Firefox when this occurred. What I noticed first was that I couldn't run any kind of Spyware or Malware scanners, so I rebooted. The first thing I noticed after rebooting was none of my Anti-Malware programs that usually show up in the system tray were there. Every time I tried to access a anti-virus, or anti-spyware app I would get an access denied message. After reading in BC forums, I noticed other people with a similar problem that was being told to rename some of the programs they couldn't get to run, and they ran after renaming. So I thought I would try it on ComboFix, and it worked. It seems that ComboFix took care of the most part, but I want to be sure.
By the way, both XP and Vista are fresh installs less than 2 weeks old, and fully updated with Drivers and Windows Updates.
Would someone be so kind as to look at my config and tell me if anything needs fixing?

Answer:Infected, Have done minor cleaning & ComboFix

Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Combofix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer. That's the decision by the creator and we will abide by that decision.Further, you should not be following specific instructions provided to someone else especially if they were given in the HijackThis forum. Those instructions were given under the guidance of a trained staff expert to help fix that particular member's problems, NOT YOURS. Before taking any action, the helper must investigate the nature of the malware issues and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system. You were fortunate in this instance that no unforeseen consequences occurred.Please download Malwarebytes Anti-Malware (v1.40) and save it to your deskt... Read more

17 more replies
Relevance 46.33%

Hey!
I need some help cleaning up my computer after a malware attack (CryptoLocker version 4) that I got two days ago. I got some help from a forum member to sort out what sort of malware/virus I have on my computer to be able to use a decrypting program to decrypt the files that CryptoLocker encrypted, unfortunatley I apparently I got the latest verion of CryptoLocker so there's not a decryption program avalible just yet, but he told me that I should ask here for help to remove the malware properly. 
Anyone interested in helping a fool out?
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Admin at 19:16:56 on 2015-01-11
Microsoft Windows XP Professional  5.1.2600.3.1252.46.1033.18.1014.198 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Pro... Read more

Answer:Infected with CryptoLocker version 4 need help cleaning

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi fredXhunger,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to... Read more

24 more replies
Relevance 46.33%

This is by far the most infected PC I've ever seen. I usually can clean them up good too. This one I cant seem to help. The major problem is many security/AV sites are blocked. I still dont know how they are doing it either. The host file looks clean. I did just discover a file running out of the system32 folder called fastnetsrv.exe is trying to connect to a DNS server but I didn't delete it because I already did my scan logs and don't want to mess you guys up. I already tried to post this but forgot my logs so my topic was moved. I had to start a new topic because the browse button wasn't there when I tried to attach my logs sorry guys I'm new to forums and usually do this stuff on my own. Thanks in advance! Like I said in topic title I need help! LOL
DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 12:04:05.48 on 2009-12-17
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.439 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Ex... Read more

Answer:need help cleaning a badly infected computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

20 more replies
Relevance 46.33%

My machine appears to be infected by some virus which occassionally redirectes a google search (once every three or four) to either google.analytics or some other sites. I recently completed the README as well as the Win XP cleaning procedure. It doesn't seem like I have this problem at work, although I don't surf the net as much there (could the issue be in my router?).

The next step in the post instructed me to post my logs here, which I am doing now. Please share your thoughts. Thanks!

Mark

PS I will post the log for ComboFix on a subsequent thread. Only can fit four per thread.
 

Answer:Still infected. Already ran the READ ME and XP cleaning procedure

Here is the log from Combo Fix.

I wonder if my next step should be to "Toggle System Restore."

Mark
 

17 more replies
Relevance 46.33%

When I start the computer up, the Windows Boot Manager screen comes on. I press enter, but every time the desktop comes up, the icons have rearranged themselves to be as close to the left hand side of the screen as possible. Also, the computer is chucking me out of games sometimes, when before they didnt. Could I be infected?

This is the first post I have done on this forum, so if I have done something wrong, please let me know. Thanks

Answer:Windows Boot Manager comes up every time I turn on the computer, Icons re-arrange themselves on desktop every time i start up t...

Hello. Have I done something wrong in my posting? Please let me know if I have. It has now been over 48 hours since I asked my question. Has anyone ever had this problem before or am I over-reacting.

Thankyou

2 more replies
Relevance 46.33%

Hello all,

I have a rather strange problem, from the past 5-6 days, I noticed that whenever I click any icon on the desktop /start menu, my machine just sits there, uses all the resources and after about 90s-120s launches the application. The application works fine without any problem though as it used to. When I launch the same application from the Program Files folder, the application launches very quickly without any problem and without hanging the machine.

Also, it takes very long only when the bare application is clicked, to elaborate, if i click on file.txt on the desktop, it opens in notepad without any problem, if i click on Notepad icon to launch Notepad, thats when the system freezes as mentioned above. This is similar for all applications, I can launch a .fla file from the desktop and it will launch pretty quickly in flash, but if I launch the flash program by double clicking on the icon on the desktop, then I can go have breakfast before i get control of my machine :D

The strange part is that almost all of the applications have this problem of freezing the machine when the icon on the desktop is used to launch the pogram, but only IE launches quickly without any problem.

I use kaspersky anti virus and scanned the machine, did a root kit scan on my machine and nothing came up. I scanned the machine with Malaware's Anti-Malware too and nothing came up. I am not an expert but I ran a HJT scan, and glanced through it, there were no entries that were spurios.
... Read more

Answer:Applications When Launched From Desktop Take A Very Long Time And Use All Resources In That Time

Hello jacksnake,

Have you performed a disk cleanup and a defrag of the system?

12 more replies
Relevance 46.33%

Hi MGs,

A couple of months ago, my parents' desktop had some crud on it, which my brother-in-law cleaned by following the R&R, which ostensibly cleared everything up.

Fast forward to today, where I am visiting and just doing some background cleaning. No known issues/problems, but while doing the maintenance my parents don't do, SAS picked up stuff only in the System Restore (waiting for the go-ahead to toggle it).

Would've called it a day, but MBAM didn't seem to complete, and Avast! kept popping up during the scan, something which it hasn't done before.

CF log is attached.

RR never got past the initialization.

MGtools did not get past GetRunKey.bat and a likely empty log is attached.

Thanks for your help.
 

Answer:Cleaning parents desktop

Please shut down all AV and AS software while you do the following.

Please click Start, Run, and enter cmd and click OK. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
GetRunKey <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
ShowNew <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.
 

22 more replies
Relevance 46.33%

My friend wants me to clean up her Compaq presario CQ3502F desktop.
I want to make sure I'm doing this the "proper" way. So I can be "trusted" to do it for other people, word of mouth is really how I get my work out there.

What I would do would usually be:


Scan with the installed AV.
Run Ccleaner to remove the temp files.
What else should I be doing?
I also don't turn anything off in the Start-up section of Ccleaner, due to not knowing what is really needed or not.

Any help would be greatly appreciated.
Thanks,
Spock96
 

Answer:Cleaning out a friend's desktop.

Spock96 said:





My friend wants me to clean up her Compaq presario CQ3502F desktop.
I want to make sure I'm doing this the "proper" way. So I can be "trusted" to do it for other people, word of mouth is really how I get my work out there.

What I would do would usually be:


Scan with the installed AV.
Run Ccleaner to remove the temp files.
What else should I be doing?
I also don't turn anything off in the Start-up section of Ccleaner, due to not knowing what is really needed or not.

Any help would be greatly appreciated.
Thanks,
Spock96Click to expand...

Hi my friend , you can follow this

http://www.microsoft.com/atwork/maintenance/speed.aspx#fbid=MNvUgz5fu4E

even you can follow this

http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&dlc=en&cc=us&product=12455&docname=bph07555

because the code is faulty :wave
 

30 more replies
Relevance 46.33%

I'm cleaning my desktop computer, and would like to know if I need to go further, or if it's ok now.

I have followed the directions in the "Read and Run Me First" thread for my Windows XP Home edition OS.

MGlogs.zip is attached.

When I ran AVG Antispyware, it seemed to go through it's process ok, but at the end, it said "No reports available". When I clicked on the "Reports" button, there was no response.

The ComboFix.txt file is empty (zero bytes - I couldn't attach it to the message). The ComboFix program seemed to execute ok.

Does evil still lurk inside my computer?
 

Answer:Cleaning Desktop Computer

No ComboFix did not run properly and neither did MGtools. You were getting errors and did not notice them. I would bet they are possibly the error messages noted on the Using MGtools download page. Run those fixes and then try ComboFix again. And then also run C:\MGtools\GetLogs.bat to create a new MGlogs.zip file. Watch for error messages and let me know exactly what they are if you see any. Don't rewrite the error messages, give me the exact wording.


Is your copy of Spy Sweeper a paid version or free trial?
 

1 more replies
Relevance 46.33%

I am trying to clean up an old Dell machine that is running XP. It had AOL and Norton Ghost installed on it and was running quite slow. I uninstalled these items and it has improved the speed.

Can someone suggest the protocol for removing all the spyware, etc? It's been a long time since I have used this site. I would like to remove all the garbage, then post a HJT log for some further help.

Thanks
 

Answer:Cleaning Up Old Dell Desktop

Removes unwanted preinstalled software from Windows XP and Vista machines. Free for personal use, commercial version includes automation capability.
www.pcdecrapifier.com/

For any pre-installed stuff still left on.

Then try RevoUninstaller to remove any other progs.
Revo Uninstaller is a freeware uninstaller, which you can use to uninstall programs and scan after uninstall for leftover registry keys, files and folders ...
www.revouninstaller.com

Richard
 

2 more replies
Relevance 46.33%

I have an unused desktop shortcuts folder created after I ran the desktop cleanup wizard. I'm a bit of a clean freak when it comes to the appearance of my desktop; ultimately I want to shove everything into my folders and have nothing but the recycle bin, My Computer and Firefox on it.

Unfortunately I don't know what to do with the unused folder - it has a windows media player icon inside and a strange IE folder - no icon, just a folder named Internet Explorer {871C5380-412A0-1069-A2EA}. When this is opened, ie comes up...twice. My theory is that one of the windows updates I recently installed was ie7, which deposited itself on my desktop, thus doubling the number of places it occupied. Does this sound about right?

In any case, how do I get rid of unwanted shortcuts - does deleting them actually remove the programs?

There a number of other installation icons that come with my various security program downloads, any tips as to where I should put them?

One last thing. A minor thing. But a thing nonetheless. I find those tiny little arrows on the corner of shortcut icons incredibly irritating, in the same way a rogue contact lens is irritating.
 

Answer:Solved: Cleaning Desktop

16 more replies
Relevance 46.33%

All I want on my Win 7 desktop right click New menu is New Folder, New Shortcut, and New Text Document. Using Regedit in elevated mode it was easy enough to clean it up except for New Briefcase. I've been using Windows since the 90s and have never once used Briefcase so I'm unlikely to start now

So how do you remove it please using Regedit?
 

Answer:Cleaning up Desktop RC New menu

EDIT - it's OK, I've found it.
 

1 more replies
Relevance 46.33%

Hi! First I want to thank y'all for the help I received recently cleaning up an infected laptop. A friend of mine managed to get her laptop and desktop infected just a few days apart. I took the desktop first and got it booting again, did some cleanup and added some security, then swapped it for the laptop knowing I wasn't finished with the desktop. I now have the desktop back.

I don't know exactly how this one ended up not booting. It was getting to the black Windows loading screen, and not much past that.

I used my UBCD4WIN and ran scans of the hard drive with several anti-virus and anti-malware programs. They removed a bunch of MyWebSearch stuff, Hotbar, Zango, and Trojan.Qakbot. I was still unable to boot, and got the message "C:\WINDOWS\system32\command.com The parameter is incorrect." So I ran chkdsk from UBCD4WIN, and it ended with the message, "Windows has made corrections to the file system." I was then able to get the computer to boot.

I temporarily used msconfig to disable some things, rebooted, and uninstalled (with permission) MySpace IM, MIRC, MySpace Profilewatcher, messenger, and Kodak EasyShare.

I installed Online Armor and Avast. Then I ran CCleaner and Defraggler, and created a restore point. This is when I swapped for her laptop, which she continued to use some even though it was infected. I knew the desktop still had issues, but I figured it was reasonably safe and stable and she needed a working... Read more

Answer:Cleaning Friend's Desktop

And the MGTools log.
 

13 more replies
Relevance 46.33%
Relevance 46.33%

Morning Chaps,I think it about time I sprused up my desktopbox. Noticed the other day (floppydisc obsolete now..)floppy drive entrance to be caked in dust. I am assuming then, that the insides of the box are in the same (or worse!!)condition. Could this be the reason that, if I click eg. **start** or bring up the hidden icions on the taskbar at the bottom, for just a second or 2 all icons leave desktop then reappear. Seems to be doing this more often and can't think why... Am fully up-to-date with AV and antispyware etc, so don't think it virus attack. Any thoughts please?Have a good Easter all of you,AngeTheHippyxx

Answer:Cleaning Inside Desktop box - How??

.

9 more replies
Relevance 46.33%

My friend has had it to where her monitor, keyboard, and mouse won't light up and she cleaned the computer out (like the dust) and they came back on.Well recently, her computer loaded through everything all the way to her desktop. Out of nowhere, she was no longer able to click anything or open any programs - even her system tray stopped loading.Now, we tried to check everything (specifically the hardware) that she cleaned and make sure she didn't screw anything up.Nothing was wrong.So we booted up again and then the monitor didn't turn on, nor the keyboard, nor the mouse, nor the tablet.Then I removed everything in every port and slowly put them back in after re-restarting.After that, it was all but the monitor that turned on.Another restart.Everything turned on but then the initial problem happened once more - load to desktop, can't click or open a program.The most recent thing she downloaded was her new subscription to norton antivirus.We did a final restart (she was getting way too mopey looking at the monitor which she couldn't use) and then went back to no monitor, no keyboard, no mouse working.So I don't know what to tell her.She really does not want to lose this computer cause she loves it and it has all her artwork.All I could tell her was to take it to our campus site and call in our computer science major friends... but I would love to hear answers from you guys.And not sure if this makes a difference but on the last start-up, the pen tablet - which was plugged in ... Read more

Answer:XP desktop frozen after cleaning PC

Hello,Can you try booting up in Safe Mode? Press F8 when the computer is about to boot. Choose 'Safe Mode'. If/when you are in and on your desktop, press Ctrl+R and type 'msconfig'. Go to the 'Startup' tab and unselect any unknown programs. Note: you HAVE to keep 'Microsoft Windows Operating System'. The problem could be a virus and may be loading on startup.Matt

3 more replies
Relevance 45.92%

(At least the Recycle Bin can be removed without a registry edit hack. These have always been my top 2 peeves of Windows.)

How please.

From the desktop view I simply want to look down and to the right to see the ?Sunday, September 8, 2013 ? 2:17PM? I see now ... but have to move my mouse over there and hover over it first. Why would I want to have to do that?

It wasn't possible in XP (that I know of) ? not without having to expand your taskbar to twice the width. (And let's face it, there is nothing quite as intimidating as a big huge fat thick taskbar.)

Answer:How to change desktop taskbar time to date+time?

Hello Win8fait,

If you like, you could use the method in the tutorial below to show the full date and time on your taskbar.

Date Format for Taskbar System Tray - Show Full Day and Month Names - Windows 7 Help Forums

Hope this helps,
Shawn

16 more replies
Relevance 45.92%

Hey guys. I woke up to an extremely unresponsive Firefox with loads of popups. Same goes for IE 7. So I ran the usual AV products. Spyware Doctor and NOD32. Deleted all entries they found. But the problem was still present. So I used MalwareBytes Anti Malware and deleted all the 5 entries it found. The malware was still present after a reboot. So ran HijackThis, ComboFix and then Hijackthis for the last time. First HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:24:45 PM, on 29/4/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC... Read more

Answer:Infected, Spent Whole Day Cleaning, Please Review Logs

Hello TheSacredSoul,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 45.92%

after reviewing some previous redirect problem threads (when I use google, etc. I get infomash, weird sites, etc.), I followed some of the programs to run and the Bamital trojan came up in my ESET scan

so, let me know what you need me to do/run/etc. on this thread and I'll get started.

and thanks in advance for your help

Answer:I'm infected with the Bamital virus and need help cleaning my computer

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 45.92%

Hello,
It seems that my PC is infected by the ZapChast.reg trojan because I get the following message every time I start my PC: "The file C:\a.bat was infected by the ZapChast.reg trojan and has been deleted to complete the Clean process". I already tried several tools like Ad-Aware, Hitman Pro, Super AntiSpyware etc. but they were not able to solve the problem: every time again I get the message, so that the trojan is still there. I have seen that it should be possible to get rid of this trojan, but I've no idea how to do this! I would kindly ask you to help me. I have the log-file of HijackThis copied below, hopefully this will help solving the problem. Can anyone tell me what to do? Thanks in advance!!

========================================================

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:54:33 PM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.e... Read more

Answer:Solved: Infected with ZapChast.reg trojan, please help cleaning

8 more replies
Relevance 45.92%

A friend of mine gave me his old computer since he went out and purchased himself a brand new one... and the problem is that whatever he used the computer for he must have gotten some viruses or alot of spyware and other malicious content because I keep getting a bunch of random pop ups all the time. Also when I first log onto the comnputer, random programs as well as the internet start up by itself not to mention that after being online for some period of time I will get kicked off for no reason and im using cable internet. I went ahead and posted my hijack this log and can already tell my computer needs major cleaning.. so if someone would be so kind to look over my log and lead me into the right direction and hopefully get my computer working NORMAL for once. Thanks in advance to all who reply!

Logfile of HijackThis v1.99.1
Scan saved at 11:43:08 PM, on 8/19/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuaucl... Read more

Answer:*VIRUS ALERTS* Infected Computer Needs Serious Cleaning!!

Hi and welcome

Before we can provide you any assistance, you need to go here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx and install "Service Pack 1" This will patch numerous security holes in IE and Windows. Many baddies get on your machine by taking advantage of these vulnerabilities. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

DO NOT install Service pack 2 yet. If you install SP2 on an infected machine, it will cause serious problems. Just get Service Pack 1 installed then come back here and post a new Hijack This log.
 

1 more replies
Relevance 45.92%

Hello, My name is Jhazel, and I had a nasty bit of malware that I cleaned out using Malwarebytes' Anti-Malware and then I used SUPERAntiSpyware Free Edition followed by installing and running Avira AntiVir. It cleaned it up as far as I can tell because I'm using the same computer to post this, but I can only access the internet using Firefox, and when I try to update my software to make sure all of my definitions are up to date it will not connect. When I try to use Internet Explorer I can't even connect to the internet. Any help would be very appreciated. I diagnosed the connection problem and this is the log that comes up:Windows Network Diagnostics Publisher details Issues found The remote device or resource won't accept the connectionThe remote device or resource won't accept the connectionThe device or resource (www.google.com) is not set up to accept connections on port "The World Wide Web service (HTTP)". Detected Contact your network administrator Completed Issues found Detection details 5 The remote device or resource won't accept the connection Detected The device or resource (www.google.com) is not set up to accept connections on port "The World Wide Web service (HTTP)". Contact your network administrator Completed The computer or device you are trying to reach is available, but it doesn?t support what you?re trying to do. This might be a configuration issue or a limitation of the device. Detection details Netw... Read more

Answer:Infected and Now Internet doesnt work after cleaning

Hello there, and sorry for the delay. I'll move this topic to the right forum.Please run the fix below and let me know how things are afterwards.OTL FIX------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox. Do not include the word "Code"CODE:otlIE - HKU\S-1-5-21-3250631313-659605060-4246142799-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1IE - HKU\S-1-5-21-3250631313-659605060-4246142799-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>IE - HKU\S-1-5-21-3250631313-659605060-4246142799-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092:commands[emptytemp]Push OTL may ask to reboot the machine. Please do so if asked.Click .A report will open. Copy and Paste that report in your next reply.

7 more replies
Relevance 45.92%

Hello all.
I used to have a pretty strict practice, when a machine is way too infected, I just re-load Windows. This time, I wanted the challenge to take on my Uncle's PC (He bought in '06) and has never ran an Anti-Virus program on it since his trial ran out. (Just found this out) This computer is shared among others in the household, some of which being teenagers, and I found all sorts of downloaded music on it. (Limewire) I decided to try and disinfect it, based on what he was telling me about the data he had saved on it, and it was all over the place. I imaged the PC before I started and dug in.. 4.5 hours and multiple scans later.. it appears to be clean. I wanted to post my Hijack log here, from this PC to see if some of the veterans at removing spyware/malware/viruses can see something I don't. It all looked okay on hijackthis.de/en site.... Everything was safe to very safe, except for line 020 - Hijack this had a "?" mark beside this one. I Googled it, and it seems that registry key can get hijacked and overwritten, only way to tell is to have AdAware remove it.. but then one of the side effects from that is a possibility of not being able to log into Windows. I am not sure it is worth trying that for.. thoughts?

Programs used for the disinfect process included:
Malware Bytes (safe mode)
CCleaner (safe mode) *ran this like 4 times back to back, until it showed up nothing to fix*
Dial A Fix (safe mode)
Glary Utilities (safe mode)
ComboFix (saf... Read more

Answer:Cleaning customer's computer: Worst ever infected!

Save yourself a lot of headaches. Simply tell the customer it's a lost cause, and do a clean install. Back up what you can (ensuring that whatever that happens to be is clean of infections, if that's even possible) and then start clean and put some proper AV software on their pronto. Avira is free, ranked incredibly high since it started pushing into the market last year, and works fine. Get Firefox on there also if possible...

Or deal with all the crap and frustration and headaches and try to appease the customer and...

In the long run you end up doing exactly what I just suggested anyway.

Been there, done that, thousands of times over the years. I simplified it now and just tell people "I'll back up what I can and disinfect it but I will be doing a clean installation on this machine which will make it screamingly fast." If that doesn't make the customer happy, I send them on their merry way. I can't afford to give myself an aneurysm or a heart attack over some idiotic customer that won't listen to reason.

There's the right way, and there's the wrong way, unfortunately customers only seem to understand their way which is meaningless to me when I'm attempting to resolve their issues caused by their technical ignorance.

Look at how much time you've invested already in this and you're still basically nowhere in terms of a final solution (except the one I just provided). Don't let it drag you down, nip i... Read more

24 more replies
Relevance 45.92%

As per topic, a few months ago I was infected by winprocess.exe.vbs, but I removed it, or at least I thought I removed it and negated all the negative side effects. But recently I discovered that two of my thumbdrives were carrying this virus, and as such a few of my friends' computers have been infected as well. What I'd want to do now is to make sure I've removed it once and for all. Below is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:03:41 PM, on 11/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exeC:\WINDOWS\System32\wdfmgr.exeC:\WINDOWS\system32\UStorSrv.exeC:\WINDOW... Read more

Answer:Infected with WinProcess.exe.vbs previously, wanting to do some cleaning...

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Regards

2 more replies
Relevance 45.92%

Hello,
My computer was infected with an unknown malware  that didn't allow me to search on common websites as google or youtube while allowing free connection to all other websites through an unknown proxy, plus other symptoms
 
I tried to search for the problem with malwarebyte anti malware, avast, emisisoft emergency kit, spybot, they did not identify anything. I'm also 100% sure that the problem was inside the computer, not a browser problem, not a network/router problem.
Since backup + formatting takes me much less effort than cleaning up an already clumsy, now infecter computer, i saved every data that has to be saved on an external hard drive, then i formatted the computer.
My question is:
Since the backup may be infected with the same malware - that i have NO idea how i got it, so  NO idea on how it infects other PCs, how can i clean the backup from another Windows installation without infecting it when i plug the hdd in? which precautions, tools, should i use? How should i proceed, since my actlal knowledge failed me?
 
Available instruments:
-One clean PC (windows 8.1)
-One formatted PC, with fresh Windows 7 installation - the one on which i have to restore data
Both computers can be booted from DVD and USB
 
-multiple empty DVDs for bootable distros (if needed)
-1GB USB drive for bootable software
 
-1TB USB3 external backup HDD probably infected - that needs cleaning
 
Any help would be appreciated
 
Davide
Edit: i used Sear... Read more

Answer:Infected Backup cleaning from a clear computer

If you disable autorun it will stop malicious programs jumping to your clean computer from your backup drive. You can copy personal docs and pics over, but all program files and settings files are risky.
 
Here is a tutorial on how to disable autorun.
 
or you can copy this into any new text file and rename it anything.reg, double click it and OK.... autorun for all drives will be disabled.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
Once you have recovered your personal data you can reformat the drive to clean it.

5 more replies
Relevance 45.92%

Hi there,

I am trying to help a friend fix his computer and it appears it is infected with some sort of virus or worm... (I think he clicked on an attachment to an email disguised as either a read receipt for an email or a DHL delivery receipt - unfortunately, both attachments seem somewhat plausible!) - and it has been running slow ever since. Also, task manager refuses to launch, making it difficult to stop running applications.

He has anti-virus installed (CA) and has recently installed Microsoft software (ie: Windows Defender). Anyway, after the logon prompt, a dialog box with the label 'Spyware Alert' advises that Worm.Win32.Netsky is detected on the machine. After that, a dialog headed 'RUNDLL' advises that C:\Windows\alifijoc.dll could not be found. Then a Windows Defender warning advises that Trojandownloader:WIn32/Fakeinit has been found.

The PC is a HP laptop running Win XP Pro SP3.

The DDS log is pasted below and the Attach.txt and ark.txt files are attached.

Thank you so much in advance for any assistance you can provide.

______________________________________________________________


DDS (Ver_09-12-01.01) - NTFSx86
Run by Manny Hill at 22:10:59.07 on Tue 02/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.264 [GMT 11:00]

AV: CA Anti-Virus *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: Microsoft Security Essentials *On-access scannin... Read more

Answer:Help cleaning infected PC (Worm.Win32.Netsky)

Hello and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

17 more replies
Relevance 45.92%

Hi all,My computer appears to have become infected by an infected email from a relative (oddly enough asking for help with cleaning her computer). I've run malwarebytes in both regular and safe mode, and while it can find this trojan and temporarily remove it, upon rebooting the files in question appear to regenerate after a few minutes.The file appears in my registry as: HKLM\..\Run: [Jrelominixigo] rundll32.exe "C:\WINDOWS\ebunenorixatabiv.dll",eThe DLL reappears with a new random name every time it's cleaned out. So far all it appears to be doing is randomly redirectly search engine pages. But several tries (malwarebtyes, hijackthis, superantispyware, spybot, and Mcafee professional antivirus) have left me scratching my head as to how to rid myself permanently of this, short of completely reinstalling windows.Any help is greatly appreciated as this is starting to drive me nuts. DDS log below (and attach.txt attached), followed by hijackthis logDDS (Ver_09-03-16.01) - NTFSx86 Run by rgualtieri at 13:59:00.22 on Wed 04/01/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1042 [GMT -4:00]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\System32\svchost.exe -k CognizanceC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WIN... Read more

Answer:Infected with Trojan Agent, keeps returning after cleaning

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

3 more replies
Relevance 45.92%

Hi Flavalee gave me a website to do the clean and reinstall but for some reason I am having a hard time to get it to do what it is doing on the instructions on the website.

Can someone please help me do it step by step.

Thanks
 

Answer:Solved: Help havine a hard time cleaning har drive and reinsatting vista basic!

16 more replies
Relevance 45.92%

Hi, thanks for the help i received from your experience on the forum.
I have read about your help in a desktop malfunction situation were a spyware program installed an executable file, changing the desktop walpaper permanently with an html file.

Well, my situation was similar but i have already fixed badfiles using SPYWARE and antivirus sw. The bad html file was inside the system32 dir (desktop.html)
The only problem still present on my PC is the reduction of the control of the desktop options: rightclicking on the desktop it opens the dialog windows but it shows only two tabs, Screensaver and res settings; the other tabs are hidden so i can't restore the walpaper i need.
I guess is a registry bad setting, made by the bad exe file.
Could you help me to show again the desktop tab and theme tab in the screen properties window?
Hope to be clear enough, i'm italian and my english is not perfect.
Thanks a lot anyway.
Marino
Italy
 

Answer:Desktop troubles after spyware cleaning

first let's se if there is still anything on the computer bad

go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

1 more replies
Relevance 45.92%

Hi! I'm back with another friend's computer. When I got it, it was not booting. It would just give the message, "Windows Boot Manager: Windows failed to start. A recent hardware or software change might be the cause... etc. about using the disk to repair... File: c:\windows\system32\winload.exe ... Info: The selected entry could not be loaded because the application is missing or corrupt." And so on.

The owner didn't have a Vista disk, and neither do I, so I booted it with UBCD4WIN and used it to explore the drive. I saw the familiar Total Security on there, so I asked her if she had clicked on a popup telling her she had a boatload of viruses shortly before her computer crashed, and she had. She actually is somewhat computer-savvy, and was surprised she fell for it.

I tried to start chkdsk several ways on the computer exploring with UBCD4WIN, but even navigating straight to it to start it, and starting it from command line, didn't work. I got "c:\windows\system32\chkdsk.exe is not a valid win32 application."

So, knowing that most applications on UBCD4WIN can be run on Vista without hurting anything, I carefully started choosing some to try. I figured I couldn't do much more harm than had already been done.

I ran Avast Virus Cleaner, but it didn't find anything. I ran Avira, and it detected and deleted:
FakeAV.TS
Alureon.BK.99 (3 detections)
FakeAV.TT

I then deleted six more Total Security files an... Read more

Answer:Cleaning Neighbor's Desktop, only got 4 logs

This is not a malware issue. Your logs are clean. We can remove some leftover junk, but I suggest that you post in the software forum for further assistance.

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]

Click to expand...

Make sure that you tell... Read more

4 more replies
Relevance 45.92%

When I install a new program, it often installs an icon on my wife's desktop. She does not have admin. priviledges. How do I remove them from her desktop?

Thanks,

John
 

Answer:Solved: cleaning wife's desktop

open 'My Computer'...

C:\Documents and Settings\(your wifes account name here)\desktop

at this point you should be able to edit what is on her desktop if you are logged in as the administrator.

without administrative rights she should be able to 'delete' desktop items by highlighting them and pressing delete, unless the configuration of the PC prevents non-admin people from this action

.....

As an afterthought... if the icon is installed under

C:\Documents and Settings\All Users\desktop

you can 'cut' the icon out of this folder and paste it under

C:\Documents and Settings\(your account)\desktop
 

1 more replies
Relevance 45.92%

I have a notebook and a desktop that are both filthy with years of accumulated dust, dirt and pet hair. They are both running hotter and hotter over time. The pet hair is visible sticking out from under the keyboard and in the fan on the notebook.

A local computer places charges $50/hr for labor for the desktop and $75/hr for labor for the notebook to clean them. They charge one hour minimum labor.

I think I might be okay opening up the desktop, but I am nervous to open my laptop.

Is there a link available with step-by-step instructions for cleaning a notebook and a desktop myself?

Is it a better investment in my computer to hire a professional?
 

Answer:Notebook & desktop need cleaning - is it safe to do myself?

Here's a good reference on cleaning a laptop or notebook: Cleaning A Laptop Computer. I'd also watch the video there.

And, here's a video on cleaning a desktop PC inside: Desktop Computer Cleaning Tips. Since your computer is quite dirty, I suggest taking it outside for this procedure, if possible. When cleaning, pay particular attention to the heatsink on your processor. If the fins are clogged with dust, that's going to take some extra work, perhaps even removing the heatsink. If your computer appears to need major heatsink cleaning, beyond what can be done with compressed air only, post back before procedure. Removal and reinstallling a heatsink requires some special steps.
 

2 more replies
Relevance 45.92%

Hi, Newbie Here.
I've got a new XPS 8920, and noticed that there's a sizeable exhaust fan on the top of the unit. Since dust tends to accumulate on the top of the desktop, I was wondering if, aside from an occasional case-off thorough de-dusting, I should vacuum the fan grid/assembly on top regularly.
Any thoughts welcome.
Thanks,
Anton

More replies
Relevance 45.92%

Hi all new to the forum and I am after some information on how to clean out and keep my computer running without dramas. I have always taken my computer to the techie guy up the street and I am paying him $130 each time he does it. I was thinking why cant I do this myself and save heaps. I am reasonably cluey around computers I have built a few and can do most things to keep myself out of trouble. What I was hoping to find out of you guys is what you have to do or what programs these guys use to warrant $130 each time I an confident I am able to do this with the correct guidance from you. Nine times out of ten my computer comes back sometimes worse than when I took it there still running slow and freezing up and just not playing fair.
If any of you are willing to pass on some of this info to do just that I would be more than grateful, I have searched for ages trying to find anything on this subject but never actually finding anything maybe I am typing in the wrong questions or something.
So if you are wanting to help me thanks so much I can guarantee I am only going to use this info on my own computers as I don't want the responsibility of things going wrong on someone elses machine Im not getting into that.
I just want to keep mine healthy and running good and doing what it should and save myself that $130 every few months.
Kindest Regards.
Daz

Answer:WANTED HELP WITH CLEANING OUT DESKTOP COMPUTER

There is no reason to pay someone to maintain your computers. You can do it yourself.Start by reading these 2 postshttp://www.bleepingcomputer.com/forums/t/44694/slow-computer/http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/Windows has built in tools you can use. There are also 3rd party programs such as CCCleaner, ATF Cleaner, and TFC.Scan at least once a week with your antivirus and programs such as Malwarebytes Anti-Malware, Emsisoft AntiMalware, SuperAntiSpyware. Before running scanners update the definitions.If you install programs make sure you look carefully at each screen. Many programs will also install other things you may not want. Simply say no to those things.One of the posts linked to states to uninstall programs you don't use/no longer need. If you have any questions about what to uninstall and what to leave please post back in this topic and ask.

9 more replies
Relevance 45.92%

In a PC (OS=WMe) with a User (password) Desktop, are Cookies, Temporary Internet Files, and History found in a different location than where these items would normally be if there were no User profile establlished?

Trying to run the following DOS routine:
smartdrv
deltree cookies
deltree tempor~1
deltree history

Not sure whether to run this from C:\Windows, or whether the routine should be run from C:\WIndows with some kind of subfolder.

Any clues?

Thanks for the help.
 

Answer:Cleaning Caches in User Desktop

7 more replies
Relevance 45.92%

Please forgive me if I posted this in the wrong area. I am new to this site.Somebody I know has been exploited and it wanted to install winantispyware2008. The person ended up canceling it and it didn't install. They used (Avast! but it found nothing) SUPERantispyware Free and scanned. There was a trojan and ended up cleaning it out. The person is unsure if there is still viruses on the computer.I would like to control that persons desktop to fix it easier. But I have a problem I don't know a good safe program that will let me do it. Without the person's computer I am controlling, controlling mine. (I have important files on my computer and I don't want to get the virus spreading to mine.)I use Windows Vista Home Premium and Ubuntu 8.04 (Dual Boot)The person that was infected uses Windows XP.

More replies
Relevance 45.51%

Don't know if this should be in hardware or here.Sister-in-law has virus. (Dell computer, unknown CPU) Can boot to safe mode but won't clean.  Can't boot to Linex from CD with programs and get them to clean.Can I clone the HD, hook up to clean computer as external drive, clean it and then clone cleaned drive back to her computer?Best free program to do such?

Answer:Clonning HD, cleaning virus and cloning back to infected HD?

Your best bet would be to have her post in this forum and I can clean it for her.

9 more replies
Relevance 45.51%

Hi all!
 
It has been a long time I posted here, but well...I'm back!
 
This time it is my mother-in-law's Windows 10 (Home Edition) computer that is the victim.
 
Earlier today she was browsing online for information on the presidential election primaries while using Mozilla Firefox and ended up on a page that gave her a warning about a virus or unwanted activity on the computer and a very loud piercing sire along with a phone number. 
 
Yup! My 76 year old mother-in-law panicked due to the sound and called the number - 1-855-816-4648. The person that answered identified himself as being from Microsoft, with the name of Flea.
 
This person then proceeded to ask her all sorts of questions; what browser do you use? do you have Internet Explorer? What is your network? All of which she answered to the best of her ability, and then this guy asked for a remote session using GoToAssist from fastsupport.com. He poked around in the computer, but being a bit panicked and not technically saavy she was not sure what he was doing --- then called her daughters (including my wife) who immediately had her shut down the computer, hang up on the attacked and called me and got me on the line with Mom.
 
Unfortunately this person had unfettered control for a time period of maybe 15-30 minutes or more...I'm unclear. The assist session was opened at 2:36pm EST on 3/4/16 and I wasn't called until 3:36pm. 
 
I advised her to leave the computer off, call ... Read more

Answer:Could use some advise on cleaning my mother-in-law's potentially infected comput

Chances are no serious malware or damage was done before breaking off the connection. Post the MBAM
results of what was found and deleted/ quarantined. Run some more scans to clean up the computer and remove
adware and malware. I take it she did not give her CC number to the criminal.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a wh... Read more

18 more replies
Relevance 45.51%

My computer used to shut down and a message used to be displayed that there was a thermal event. I opened the computer, remove the screws of the fan and cleaned the thing underneath it of dust which it had a lot( and of course other parts too). after that I put the fan back but I am not sure whether I put it in original upside down position or in wrong way, anyhow the wires connecting with the fan are now in between the fan and the thing which it cools but computer still sometimes shuts down suddenly even before booting. What should I do? should I re install the windows? thanks

Answer:Desktop still having problems after cleaning interior after thermal ev

In short you are saying that you removed the heatsink over the processor, cleaned it and put it back? If it's the case, you might want to NOT start the computer until you open it back and put some thermal paste between the processor and the heatsink, or else the computer will do as you say, shut down by itself because of overheating.

2 more replies
Relevance 45.51%

On about 5/3/10 early morning, I was browsing around using Firefox 3.6.3 with Google toolbar on my IBM/Lenovo T43 with Windows XP Pro SP3 when I responded to a pop-up window with clicking "OK". Then I became aware that an application that called itself Desktop Security 2010 was installed and running. It quickly put windows up with messages about malware and viruses being present. So I hit the power button. After a few hours of reading on an apparently unaffected other computer what I could find understandable about such malware such as a page at http://www.2-spyware.com/remove-desktop-security-2010.html, I rebooted in safe mode without networking, and Symantec Antivirus program 10.1.5.5000, scan engine 101.1.0.75 with the most recent virus definition file I had, maybe downloaded the previous day, but it didn't complain about the Desktop Security 2010 that was clearly installed; it did quarantine taskmgr.dll as infected with Suspicious.Vundo 2 and a jar_cache809027123305560346.tmp. I spent more hours exploring the registry for run keys and found that startup entries had been put in HKCU/Software/Microsoft/Windows/run. I also found files like those mentioned in the above web page in C:\Documents and Settings\Ours\Local Settings\Temp and in C:\Documents and Settings\Ours\Application Data\Temp. I killed cftmon.exe because I had no reason to believe it would have been started. Even though the registry keys and files wer... Read more

Answer:Cleaning Up After Desktop Security 2010 "Removal"

Hi mobathome,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.I'm surprised you have no complain about Google search redirection as there is still a rootkit on your computer that redirects the searches.Please download MBR.EXE by GMER. Save the file in your Windows directory (C:\Windows).Download http://download.bleepingcomputer.com/farbar/TDLfix.exe and save it to your desktop.Close all the open windows.Double-click TDLfix.exe to run the tool.Type (or copy the following and right-click to paste) in the command window and press Enter:mbrA log file will open, please post the content of it to your reply.

19 more replies
Relevance 45.51%

Hey, this is my first post here, though I've been searching through the forums for a solution to my problem. It seems many other people have already had the same problem anways, however after going through the safe-mode processes of running smitfraudfix, ccleaner, and superantispyware, this virus still seems to be coming back...I guess I should start by posting my Notepad logs from smitfraudfix and superantispyware, which at the end detected no more corrupted or infected files or applications on my computer.
Smitfraudfix:

SmitFraudFix v2.209

Scan done at 19:38:43.46, Thu 08/09/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

???????????????????????? SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

???????????????????????? Killing process


???????????????????????? hosts

127.0.0.1 localhost

???????????????????????? Generic Renos Fix

GenericRenosFix by S!Ri


???????????????????????? Deleting infected files

C:\WINDOWS\privacy_danger\ Deleted

???????????????????????? DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A009281B-8236-4E0E-9BAE-FD571FD20F93}: DhcpNameServer=167.206.245.77 167.206.245.76
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A009281B-8236-4E0E-9BAE-FD571FD20F93}: DhcpNameServer=167.206.245.77 167.... Read more

Answer:Constant Pop-ups, three different programs on Desktop, comes back after cleaning

Sorry, I didn't include a HJT log....just did one now, heres what it read:

Logfile of HijackThis v1.99.1
Scan saved at 9:02:08 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\AOL\1146789630\ee\AOLSoftware.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech... Read more

11 more replies
Relevance 45.51%

xp pro...installed desktop address toolbar. very handy to copy and paste into. it defaults to google for search. however I am unable to erase entries for security and privacy issues. still there even after uninstall and re-install of the toolbar. none of my current removal softwares remove these entries. Like it and would like to continue use, but need to remove sensitive info. help?
 

Answer:cleaning desktop address toolbar entries

From IE go to Tools > Internet Options use clear history and delete temporary interent files that should take care of it. Let me know how you made out
 

1 more replies
Relevance 45.51%

My laptop has a WXGA TFT Super-Bright screen, and I'm wondering what the best way to clean it is? It's similar to glass in that it shows up finger-prints and all sorts of other marks, and I was not sure what the best material or fluid might be to clean it?

Also, my desktop computer has a standard flat-screen monitor. What's the best method to clean that?
 

Answer:Solved: Cleaning Laptop And Desktop Screens

7 more replies
Relevance 45.1%

Just a few minutes ago I had music playing, youtube on watching pranks, and had a game loaded and running on my chrome browser, my whole computer froze up and started making noises(I guess the noise was from the video I was watching, it was like spitting out sounds from the video while being frozen, can't move the mouse or anything for 15-30seconds) then it comes back to normal and I can use the computer again.

Not sure what I need to do to check what's the problem, so far i think i really only had 1 BSOD, but not really sure as other people in my family use this computer as well. But the freezes happen quite often when ur watching movies, playing games that take a lot of processing power, etc. Anything I can do to solve this problem? Thank you!

Edit: Looks like I've had 3-4 freezes so far on my desktop all in one computer in the past 30mins, 1 before this post and 2 after this post. Really driving me crazy, never really had a problem with this computer before, I even reformatted my hdd, reinstalled my win7 like a month ago, still getting these annoying freezes, not sure if this is the correct place to post it in, if I posted in the wrong section, please point me in the right direction so I can get fast replies on this problem. Thank you!

Answer:Desktop Freezes frequently time to time, need help please!

These dump files are fairly old but I will try to use them as guidance.

You have had two 0x116 bugchecks which indicate an attempt to reset the display within the allocated time interval failed.
There are two main causes for such bugchecks.
A bad display driver or a faulty GPU.
Your display driver is out of date..


Code:
1: kd> lmvm nvlddmkm
start end module name
fffff880`0483e000 fffff880`05343700 nvlddmkm T (no symbols)
Loaded symbol image file: nvlddmkm.sys
Image path: \SystemRoot\system32\DRIVERS\nvlddmkm.sys
Image name: nvlddmkm.sys
Timestamp: Tue Jul 28 01:41:15 2009 (4A6E492B)
CheckSum: 00B12301
ImageSize: 00B05700
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
It looks like you're using a laptop.
Therefor you should update your display driver form your manufacturers website, in this case it looks like a Sony VAIO.

Secondly because you reinstalled I am leaning towards a failing GPU but we can't be certain yet.
Run Furmark after updating your display driver.
Stress test your graphics card with Furmark

I recommend running it for around 30 minutes



   Warning

Furmark will increase the temperature of your GPU rapidly so keep and eye on your temperatures

9 more replies
Relevance 45.1%

Here's the scenario:
I am backing up somebody's data onto a usb drive or external hard-drive from an infected installation of Windows. To disinfect it, you have to connect it to a PC, which can expose the PC to further infection (Of course, Never, ever, ever your own machine. I treat mine as if I would a server).

My question is:
What is the best method for this? Sure you can reload Windows on the machine, get the security going on it (per the guide), run updates and all, and then throw that infected data right on in, but is this the smartest option? I'd rather get those infections off before getting it back on the machine so you don't waste time reloading Windows if something got through. I would think you'd want to have a workstation that's a reliable virus and malware killer? And on this workstation, is there a good sandbox environment that could assist in this? Maybe I'm overlooking something easier, maybe I'm not.

This would be good to know... I would like to see a guide created or help start one if there's reason. I didn't see any other posts, just somewhere in the guide it mentioned cleaning the data before putting it back on the machine. It's like a potential step "b" to steps "a" and "c".
 

Answer:Optimal Environment for Cleaning Data Removed from an Infected Installation?

Scenario one: Follow the Read and RUn FIrst instructions.

Scenario two: If for some reason the system is too bad to clean and a reformat is the only choice, then copy only data and personal info to a cd ( no exe or scr type files!).

Re-install the OS and your protection software and scan the cd before transferring the data back to it.
 

1 more replies
Relevance 44.69%

My computer used to shut down and a message used to be displayed that there was a thermal event. I opened the computer, remove the screws of the fan and cleaned the heat sink underneath it of dust which it had a lot( and of course other parts too). after that I put the fan back but I am not sure whether I put it in original upside down position or in wrong way, anyhow the wires connecting with the fan are now in between the fan and the heat sink but computer still continued to shut down suddenly off and on sometimes even before booting. I again opened the computer and this time even unscrewed the heat sink and cleaned it with air blow and a brush. After that computer has become like dead. When I turn it on a green light beneath the off on button lits but there is absolutely no sound which I used to hear when the computer used to boot. What should I do now? thanks

Answer:Desktop now almost dead after cleaning interior after thermal events

It sounds like you didn't put something back together properly. If you're not too keen about computer hardware, it is best left for the professionals because you can really screw something up if not put back together correctly. Usually CPU heat sinks have four notches that push down and lock into place. You will hear a click when that happens. Also, if you separated the heat sink from the CPU, you will need to reapply thermal paste to the bottom of the heat sink - Newegg.com - Arctic Silver 5 Thermal Compound - Thermal Compound / Grease


Can you take a picture of your motherboard and upload it here?

8 more replies
Relevance 44.28%

I have been scanning the forums for hours and noticed that this post BELOW is the exact same problem I have after running Dr Web............
Quote
Like a few others that have been before me, I have feel victim to the Backdoor.TDSS.565 virus, at least that is what Dr. Web is calling it. Like the others, Dr. Web claims to remove it, but it returns in the very next process that is run on the machine. Also I am be re-directed from any favorites or any clicks from a google search.

Others with a similar problems have claimed to fix it but their post do not give an indication on what needed to be done to make that happen.

I have read the first part and am familiar with most as I do this for a living, but the advanced stuff i will leave to you, if you will help me finish this

Here is my log of GMER. If you want me to start fresh with OTL, I will do this

I have run every program available in safe mode and removed stuff for a week, but as soon as its online again, I get a Generic Windows Services 32 errors, which shows is related to (mshtml.dll) and also an Ntdll) which i see listed in GMER log below

Thanks in advance

JB

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-28 08:56:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD5000AAKS-75A7B2 rev.01.03B01
Running: rgclexyg.exe; Driver: C:\DOCUME~1\Spencer\LOCALS~1\Temp\agtoapoc.sys
---- User code sections - GMER 1.0.15 ----

.text C:&#... Read more

Answer:Need Final Cleaning Help-backdoor.tdss.565 / Infected with System Tool & redirecting

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

8 more replies
Relevance 44.28%

Hello,

Our server was left unlocked and it was used by the cleaning service people at night and is now infected with multiple malware problems. Could anyone help to clean this system? It's an NT 4.0 Server so it may be different from cleaning XP. I tried installing some antispyware products but no luck, everything seems to come back. I am posting my HijackThis log. Please let me know if there is anymore info needed.

Thanks!
Stan

Logfile of HijackThis v1.99.1
Scan saved at 9:31:17 AM, on 1/22/06
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINNT.SBS\System32\smss.exe
C:\WINNT.SBS\system32\winlogon.exe
C:\WINNT.SBS\system32\services.exe
C:\WINNT.SBS\system32\lsass.exe
C:\ARCserve\DBENG.EXE
C:\ARCserve\JOBENG.EXE
C:\ARCserve\RDS.EXE
C:\ARCserve\MSGENG.EXE
C:\ARCserve\TAPEENG.EXE
C:\ARCserve\casmrtbk.exe
C:\ARCserve\DBAXCHG\dbasvr.exe
C:\WINNT.SBS\System32\llssrv.exe
C:\WINNT.SBS\LogWatNT.exe
C:\WINNT.SBS\System32\tcpsvcs.exe
C:\MSP\mspadmin.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Program Files\Trend\OfficeScan\PCCSRV\web\service\ofcservice.exe
C:\WINNT.SBS\System32\LOCATOR.EXE
C:\WINNT.SBS\system32\RpcSs.exe
C:\PROGRA~1\Trend\SMEX\instmon.exe
C:\WINNT.SBS\system32\tapisrv.exe
C:\OfficeScan NT\tmlisten.exe
C:\PROGRA~1\Trend\SMEX\RMonitor.exe
C:\MSP\wspsrv.exe
C:\WINNT.SBS\System32\ASDscSvc.exe
C:\WINNT.SBS\System32\Liccheck.exe
C:\OfficeScan NT\ofcdog.exe
D:\ZFAX\SERVER\EPSTIFF.EXE
D:\ZFAX\SERVER\QM.EXE
D:... Read more

Answer:Help! Server left unlocked, cleaning service people infected system!

Download Hoster from here:
www.funkytoad.com/download/hoster.zip
Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.

Fix these with HJT mark them, close IE, click fix checked

O2 - BHO: ohb - {22B720C7-5FA6-40A8-9F8F-8584BF669690} - C:\WINNT.SBS\System32\trgen.dll

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINNT.SBS\System32\winb2s32.dll

O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINNT.SBS\System32\rtneg3.dll

O4 - HKLM\..\Run: [ap9h4qmo] C:\WINNT.SBS\System32\ap9h4qmo.exe

O4 - HKLM\..\Run: [regsync] C:\WINNT.SBS\System32\regsync.exe

O4 - HKLM\..\RunOnce: [Register C:\WINNT.SBS\System32\vbrundll.dll] "C:\WINNT.SBS\System32\rundll32.exe" "C:\WINNT.SBS\System32\vbrundll.dll",DllRegisterServer

O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) - http://smartdownloader.com/installer.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted al... Read more

1 more replies
Relevance 44.28%

The other day I emptied all of my old folders in an attempt to clean out my Outlook Express, once I deleted them all and exited OE, I right-clicked on the desktop to refresh (a habit I've had forever) and instead of instantly pulling up the options, there was a long pause of 30-60 seconds before I was able to refresh. I logged off and restarted the computer, but the speed didn't improve.

Prior to cleaning my inbox, I had uninstalled some unused games from iwin.com and yahoo games (Family Feud).

Could I have deleted something I shouldn't have? I ran CCleaner and SpyBot afterwards to see if I had picked anything up and both were clear. The registry mechanic showed numerous problems, but the free version only could fix about 6 or 8 of the 192 problems.

Am I over-reacting or what?

JAFO
 

Answer:Desktop Refreshes Slower after cleaning Inbox Deleted Items

After running the processes on READ & RUN ME FIRST Before Asking for Support, the problem was resolved. Now if I can just get those darn Java cups from collecting at the bottom of the screen.

JAFO
 

1 more replies
Relevance 44.28%

Hi!!

First, let me say thanks for the EXCELENT work and help that you guys are giving to everybody. Your tips, advices and instructions were very useful for me! I had a redirect browser problem now I dont!

But after following the instructions (and now here is my problem) I found to many folders and even files that didnt exist before.

For example, there is a "desktop.ini" file on many folders of my computer. There are also many useless shortcuts inside my c:\ folders. For example, there is a shortcut folder for music files, another for my documents files, there is even a recyclebyn shortcut, etc. Some of the shortcuts wont work. For example, when I click on the "Programs" shortcut, there will be a popup window saying "c:\programs is not acessible" and in the second line "Acess denied" [by the way this is my direct translation of the problem, since my windows is portuguese].


The last programs that I installed before the problem were, I think, SpywareBlaster, Comodo and SuperAntiSpyware.

Can you give me some insight about my problem?

Thank you!
 

Answer:Lots of shortcuts, folders and desktop.ini files after cleaning computer

Seems like you just have hidden files and folders set to show by the sounds of it.
 

3 more replies
Relevance 44.28%

Hi All,

My system was infected and I had the following issues:
1. Flashing screen on my desktop about my machine being infected
2. ALERT VIRUS near the clock on the taskbar
3. Regedit and Taskbar disabled
4. pop-ups redirected to purchasing anti-virus programs
5. IE urls/keys changed, etc

After a combination of using:
1. Malwarebyte's Anti-Malware
2. SUPERAntiSpyware
3. Registry editing
4. Deleting files
5. using Gpedit.msc
....now i've managed to fix almost everything except one:

==> My desktop background still has like a 'blank' screen. I'm able to go to Display property and see that my background/wallpaper is still set properly. Moreover, when the system boots's up or log-in for a brief period I can still see the back ground. After that, its like a white screen on the wall paper.

Some things I haven't tried yet:
1. ComboFix
2. SmitFraudFix.exe

I'm sorry, I'm not able to give the specifics since I didn't note/log the details of the files infected/cleaned or the virus messages.

Appreciate your help.

Thanks in advance

Warm Regards
Narendra

Answer:Unable To View Desktop Background Even After (?) Cleaning Virus/malware

Go to Start > Control Panel > Display. Click on the "Desktop" tab, then the "Customize Desktop..." button. Click on the "Web" tab, then under Web Pages, uncheck and delete everything you find (except "My Current Home page").These are some common malware related entries you may see:Security InfoWarning MessageSecurity DesktopWarning HomepagePrivacy ProtectionDesktop UninstallIf present, select each entry and click the Delete button. Also, make sure the Lock desktop items box is unchecked. Click "Ok", then "Apply" and "Ok".When done, go back into your Desktop Settings and you should be able to change the color/theme to whatever you want.

5 more replies
Relevance 43.87%

Was not able to post a reply and saw several threads with the problem so here is the info I saw.
After removing Malware that falsly said I had a disk drive failure, had to go into C:\documents and settings\username and UNHIDE several folders. Hope this helps.
 

More replies