Computer Support Forum

Virtumonde- From bad to worse

Question: Virtumonde- From bad to worse

Hi Folks,

I somehow got nailed with Virtumonde two weeks ago and have been fighting with it ever since. Having tried everything I've been able to find on the web (short of attacking things in HJT), I've finally admitted defeat. I noticed some great postings here, so thought I'd ask for some help from the experts at Geeks. I've followed all of the steps in the READ & RUN ME FIRST sticky already, but have managed to end up worse off somehow. That's not a shot at the process, but typical of my last two weeks fighting this thing.

After finishing step 7 last night, I shut down. When I tried to boot into normal mode today, I am now getting a popup window with a title bar of RUNDLL and the message "Error loading C:\WINDOWS\system32\yekrmujm.dll. The specified file could not be found." When I click the OK button on that box, it pretty much causes the system to either grind to a halt or hang (can't tell which- the mouse moves, but nothing came back after an hour, and I can't get task manager to come up).

I can still get into safe mode OK, so I'm trying step 5 again in desperate hope it will at least let me boot into normal mode (it's my work laptop, so I'm a little unproductive right now...).

I've attached all the logs from yesterday's efforts and would greatly appreciate any help with getting back into normal mode, and even better, getting rid of Virtumonde. I was unable to get a log from CounterSpy as it auto-updated on install, and when I run it in Safe Mode, there is no option to view and scan details.

Thanks,
Zigboo

Relevance 100%
Preferred Solution: Virtumonde- From bad to worse

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Virtumonde- From bad to worse

And the rest of the logs...

And I forgot to mention that I followed the additional step for Virtumonde and ran Vundofix, so that log is attached as well.

9 more replies
Relevance 61.09%

I have a series of problems. When booting up, a bright green light rises from bottom of the normally black Windows boot-up screen. Also, I am no longer able to prompt Safe Mode when I hit F8 during the start up. My screen is blurry (to the point that I can barely read text) and flickers. CPU is VERY slow (typing seems to make it slower). I have Symantec Antivirus and Spyware Doctor, but I don't believe either is working properly. Please help.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Tom H at 8:09:49.23 on Wed 03/11/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.298 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMg... Read more

Answer:Possible virtumonde or worse

Hello.Install Recovery Console and Run ComboFixDownload Combofix from any of the links below, and save it to your desktop. Link 1Link 2 Link 3Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Close any open windows, including this one.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If you did not have it installed, you will see the prompt below. Choose YES.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help youshould your computer have a problem after an attempted removal of malware. It is a simple procedure that w... Read more

3 more replies
Relevance 60.27%

This is what I get for letting my cousin use my laptop. He handed it back to me and said "dude, something's wrong"Spybot crashes. Ran VundoFix to get rid of it and a scan didn't flag anything. Can't defrag. System's starting to reset itself randomly now.Here's my Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:57:43, on 1/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\ZCfgSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\1XConfig.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.ExeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Java\jr... Read more

Answer:Started with Virtumonde and got worse

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 60.27%

So after entering in my title I see this Virtumonde attacks many so I won't take it personal anymore.

It happened 12-Feb around 9:30 or at least that's what I gathered from one of the many spyware programs I have run since that time. I did the whole "read me first" and feel a little better and think there might be a chance for my poor laptop:

Microsoft Windows XP
Home edition version 2002
service pack 2

Dell Inspiron 1600 Intel (R) Pentium (R)M
Processor 1.6 GHZ

When I start up in normal mode I get two Rundll error loading

C:\Windows\system 32\ netieuei.dll
and
C:\Windows\system 32 \yaftlnkm.dll

I think this was caused after I ran Vundofix a couple of times.

I would really appreciate help and would like the ok to post(attach) any and all logs you need.

thanks!!!
~K
 

Answer:It started with Virtumonde...and it just got worse!

I also forgot to mention a couple things.

first, I have Avast
Second, Virtumonde...and whatever else is on my computer also stole all my bookmarks from my mozilla (which irked me the most!!)
It used to also give me a new tab which closed the browser and turned into a pop up of sorts, when I x'd out the pop up the browser came back up with the page i was using before.
very odd.

I have attached my log reports. Hope that's.
thanks in advance.

~K
 

6 more replies
Relevance 59.04%

I have just been infected with one of the spyware doctor type viruses that throws a ton of "scanning your computer now" "your computer is infected" notices up and then everything goes to hell.None of my anti virus scanners will open, Spybot S&D, Malware bytes even Hijack this will do nothing upon clicking them. I have tried renaming them with little success. Malwarebytes opened once only to do nothing after hitting "start scan" Also whatever this virus is, It's blocking me from a lot of anti virus help websites. which i found strange. My main concern is that Hijack this will not start.I should also mention that none of the scanners work in safe mode either. I was directed on another forum to use RootRepeal and post the log here. As well as a log from Win32Diag. However the Win32Diag wont produce a log.So here is my Root Repeal log.This is a link to the other thread I posted. http://www.bleepingcomputer.com/forums/t/253389/a-virus-more-annoying-than-virtumonde-help/ Thanks in advance for any help.-MattROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/08/29 17:27Program Version: Version 1.3.5.0Windows Version: Windows XP SP2==================================================Drivers-------------------Name: 1394BUS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYSAddress: 0xBA0C8000 Size: 53248 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xB9F79000 Size: 187776 File Visible: - Signed: -Statu... Read more

Answer:I'm ionfected with somthing nasty. (worse than virtumonde)

Hello Mbroo,Let's begin.....Download and run a batch file (peek.bat): Download peek.bat from the download link below and save it to your Desktop.Download peek.bat Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running. Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.==========With your next post please provide:* Log.txt

15 more replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 42.64%

Hello my new bestest friends. I need help ! (as does everyone who comes here) My computer has been running like a bag of you know what for about 3 weeks. IE became corrupt and will not start even after uninstalling and re installing Versions 6 & 7. However this is not the problem as I am currently using safari and finding it great. The problem lies with my computer and it's sluggishness, ever since IE became corrupt my computer seems to have slowed. I am getting occasional Internal memory (blue dos screen) errors and several other little glitches like windows XP's search program will not close after I perform a file search. I have performed several Virus & spyware checks such as AVG and Spyware Doctor also several registry progs like registry Booster.AVG comes up clean, however Spyware Doctor and Registry Booster both show a lot of Registry errors inluding heaps of lnk file and url files. I removed most of these the first time around but discovered it to have deleted all my shortcuts and bookmarks that I much needed (well not so much the shortcuts) It did not remove the actual .exe files but was a major hassle as my dektop shortcuts where wiped. So I performed a system restore and now have everything back.I am wondering are/have these files become corrupt or is this just overkill on the software (spyware Doc & reg booster) behalf?? I have also noticed in my Hijack this log that there are several (missing files).I am so in need of help as i use my computer to p... Read more

Answer:Need Help Computer Getting Worse And Worse!

Hello Krisso,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 38.95%

Hello, I've run across issues with the apparently sneaky little buggers and need some help getting rid of them. The problem first started yesterday when AVG antivirus started alerting me to a problem, at which time I ran Spybot S&D, which found and supposedly fixed Smitfraud-C, Virtumonde, and Virtumonde.generic, but after further research today I found out that was not the case. This morning when I rebooted I noticed the following problems, random popups when browsing the internet, and automatic updates cannot be enabled.
I restarted in safe mode and ran an AVG scan, a re-run of Spybot S&D (thinking it could get things in safe mode it could not normally) and CCleaner. The problem still persisted, so I researched and found people with similar problems here and I attempted the solution posted here http://forums.majorgeeks.com/showthread.php?t=74265 and the problems still remain. So now I ask for help.

I am attaching the two rapport.txt files that are labeled BEFOREclean and AFTERclean. (AFTERclean was too large so I had to split it into two parts) My system is Microsoft Windows XP professional Version 2002 Service Pack 3
 

Answer:Problems removing Smitfraud-C, Virtumonde, Virtumonde.generic

Please disregard this thread, the computer that this problem was associated with has since been reformatted. Sorry for any inconvenience.
 

2 more replies
Relevance 38.95%

The computer is very slow plus the internet will have pop-ups come up at anytime. Mostly about removal of spyware.I tried removing with Spybot,AVG&VundoFix No luck AVG said they foundTrojan Agent, Downloader.VB>Fen & .VB>BSA & .Small.BuyLogfile of random's system information tool 1.04 (written by random/random)Run by Bill Solano at 2008-11-26 10:12:35Microsoft Windows XP Home Edition Service Pack 2System drive C: has 19 GB (47%) free of 39 GBTotal RAM: 638 MB (21% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:13:16 AM, on 11/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\System32\hkcmd.exeC:\Pr... Read more

Answer:SpyBot picked up Double click &Virtumonde&Virtumonde.prx

Hello Everyg, Sorry fo the delay. We have many logs backed up. Since it has been several days, please run RSITagain. Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 1 monthClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt

2 more replies
Relevance 38.95%

Hello. Our "recreational" gaming computer (WinXP SP2) has become a swamp of adware and malware which has left it strangled with popups to the point that it cannot browse reliably- too slow, locks up. My wife watches (I should say used to watch) videos from non-mainstream websites and the kids play games anywhere they can find them. For my part, I let McAfee expire. My bad.I have since loaded and run McAfee (which found a number of adware programs and eliminated them), then SuperAntiSpyware (which found other adware/malware), then Ad-Aware (which found other adware) then Spybot Search and Destroy (the product name my kids loved the best) and it found still others. I seem to be down to the 5 mentioned in topic title. I instruct SS&D to eliminate these and it reports that it succesfully eliminates all but Zango. I follow their recommendation to restart right away, and SS&D runs during startup and finds the same 5 issues. I tried running the Zango uninstaller from their website to no avail.With that, here is my log.txt file from hjt. I do not get a minimized window called info.txt when I run RSIT. Perhaps notepad.exe is overwriting that file when it creates log.txt? I tried setting Wordpad to be my default app for .txt files, but the same thing happened. No info.txt file.Logfile of random's system information tool 1.05 (written by random/random)Run by Admin at 2008-12-22 21:23:34Microsoft Windows XP Home Edition Service Pack 2System drive C: has 416... Read more

Answer:Infected with several (IRC.crt, Zango, Network Monitor, Virtumonde, Virtumonde.prx)

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.
Regards,

Rosty.

2 more replies
Relevance 38.95%

*Having run all the above programmes, they often say that they have removed the trojan files; however, after not much time they reappear. *The PC is not running much slower, pop-up ads themselves are not visible*nonetheless, they have been in the past and it is necessary to get rid of this malware!*I appreciate that everyone is super-busy at this time of the year but I want to get rid of this ridiculous piece of rubbish that has infected my computer so any time/advice/guidance that anyone has to impart would be MASSIVELY appreciated. Happy holidays to all. I am pasting my log file from HijackThis to aid any assistance that I may get!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:50:18, on 24/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exeC:\Program Files\Common Files\Microsoft Shared\... Read more

Answer:Virtumonde.prx, Virtumonde unremovable with Spybot, AntiVir, Sophos, HJT...help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable a... Read more

3 more replies
Relevance 38.95%

Hello techguy's, this problem has really been testing my patience, and I think its safe to say I need professional intervention.

So for a couple of days, my computer has been suffering from pop up's and general non-responsive use.

I've ran countless virus scans using AVG, Spybot, and adaware. All pick up the viruses, all confirm deletion. Yet after running the scan again, the same ones are there.

Also on startup, I get an error message saying "Error loading c:\windows\system32\zefifara.dll Specified module could not be found"

I am assuming this is another virus?

I also found this in a spybot scan;
Code:

[B]Product: [/B][SIZE=1][COLOR=#000080][SIZE=1][COLOR=#000080][B]WindowsSecurityCenter_disabled[/B][/COLOR][/SIZE]
[/COLOR][/SIZE][SIZE=1][B]Threat: [/B][/SIZE][SIZE=1][COLOR=#000080][SIZE=1][COLOR=#000080][B]Security[/B][/COLOR][/SIZE][/COLOR][/SIZE]
I checked my internet explorer settings, and security was set to allow all cookies. I am 100% sure I did not manually do that.

Any help would be greatly appreciated.

Heres the HijackThis log (I have no idea what this means, I just followed the instructions )
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:19:13, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\... Read more

Answer:Spyware Problems - Virtumonde, Smitfraud-C., Virtumonde.generic

Bump
 

1 more replies
Relevance 38.95%

Here is the Hijackthis logfile after multiple attempts to clean the system. System largely unusable and moving very slowly as it loads programs on start-up. In Safe Mode, the system doesn't slow down to a snail's crawl.Have succeeded in deleting ddcaxxu.dll with Killbot on reboot, but not qqugifdj.dll, for example.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:56:23 PM, on 10/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\hkcmd.exeC:\... Read more

Answer:Virtumonde.generic, Virtumonde.rtk, Dloadr-bdy & Bckdr-qjl (last 2 Per Webroot)

Hello SoCalBob55,Welcome to Bleeping Computer 1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

12 more replies
Relevance 38.95%

Hi guys,Now my Desktop start to have pop up and running very slow. Used Spybot S&D to scan and detected Virtumonde, Virtumonde,generic etc. After Click fixed it the PC start to clean up but half way through it, it just go into window protection saying Window detected problems and need to reboot. once after reboot PC Spybot S&D start again but saem problem happen again and again. Virtumonde and Virtumonde keep appearing on the detection list, some of the other problem disappear.PLease kindly advise me. below is the Hijackthis data.Logfile of Trend Micro HijackThis v2.0.2Scan saved at PM 12:14:34, on 18/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\SVCHOST.EXEC:\Program Files\BUFFALO\Client Manager 2\bwsvc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\SYSTEM32\LEXBCES.EXEC:\WINDOWS\SYSTEM32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\bkxcvmya.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\PRO... Read more

Answer:Virtumonde/virtumonde Generic Is Making My Pc Slow And Keep Popping Up

Please refer to your original topic here:http://www.bleepingcomputer.com/forums/t/117045/pc-having-problem-after-spybot-s-d-is-trying-to-clean-up-problem/*This particular topic is closed*

1 more replies
Relevance 38.13%

Hi.
I started getting popups whenever i open IE..or any other browser ( such as firefox ) theyre just random popups...I Scanned my system with Spybot-Search and destroy...it picks up Virtumonde.DLL and virtumonde.exe ( i did some resaerch and it told me to remove this i have to disconnect from internet which i did ) and i clicked fix...but apparently it keeps comming back! i tried it in safe mode aswell...same thing happens...Then i searched google and came across this site : http://www.bleepingcomputer.com/malware-re...undo-virtumonde i sscanned using vundofix nothing was detected...i then tried virtomunoBegone restarted...( checked the log file and it diddnt pick up anything) i scande once again using search and destroy and its still there!...nothing appears to work...please..any help would be greatly appreciated!

Once again the files are:

Virtumonde.exe
VirtuMonde.dll

forgot to mention..when ever i turn on my computer automatic updates are always disabled...when i try to turn it on it doesnt turn on...if i manually go to autoupdate throught control panel...i have it set to " Automatic updated on". This sarted when the popups started aoccuring aswell...my guess is that its virtumonde?...dunno...
I turned on my interent as i needed it for a minute or so...and after a minute like i turned it back off and i scanned using spybot search and destroy once again and now it not only picks up virtumonde.dll and .exe but it also picks up Zedo

Please help guys... Read more

Answer:Annyoing Virtumonde.dll and Virtumonde.exe keeps comming back!, help me please!

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide


If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 38.13%

My PC has recently been infected with a number of malicious programs: all but Virtumonde & Virtumonde.dll I was able to safely remove. I've already looked up removal instructions for Virtumonde and they led me to HijackThis (a program I've used before). But I don't trust myself enough to fix the problem. Can someone help me by analyzing my HijackThis Log?

Thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:53 PM, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Mi... Read more

Answer:PC Infected by Virtumonde/Virtumonde.dll; PLEASE analyze HijackThis Log

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Note:

Do not use Safe Mode unless it's been requested by a helper.

1 more replies
Relevance 38.13%

I seems I picked up these viruses recently on the web. After doing a google search for information on a russian volcano I clicked on a site that was checked as a trusted site by my Mcafee antivirus software. However, a link within the site caused my Mcafee softward to give me a warning that a virus was just blocked but I started getting other warning pop-ups and I inadvertantly clicked on one.

I run adaware and spybot search and destroy and remove virtumond generic, vitumonde and smitfraud-c but they return when I restart and my Mcafee virus scan does not completed remove the infections, I also use uniblue registry booster 2009

Now I get advertising web pages pages that pop up in the background, other warning pop ups, and my compter locks up with I try to start it. I may have to turn off and start a few times before it will fully start up. Also I've notice differences in my desktop with the taskbar color and the start button being smaller, also difference in the maximize, minimize and off butttons being a different shapes and sized and just the colors and subtle differences.

Please help if you can.

Here is my DDS log file:
DDS (Ver_09-01-07.01) - NTFSx86
Run by Michael at 12:09:55.40 on Thu 01/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.366 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: Cox Security Suite Anti-Virus *On-access scanning disabled*... Read more

Answer:Infected with Virtumonde, Virtumonde Generic and Smitfraud-C

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

10 more replies
Relevance 38.13%

I've been battling this since 12:52 a.m. cst on 12/8/07. I scanned with both Ad-Aware and Spybot until they were both clean. McAfee comes up with nothing as well. After not touching my computer since last night when it was clean, I just scanned again with Spybot and have the following:Rabio Search EnhancerVirtumondeVirtumonde.ddcTracking CookiesTagasaurusAdRevolverBurstMediaCasaleMediaDirectTrackDoubleClickFastClickMediaPlexStatCounterWin32.small.ddzZedoI tried to run Panda and as it was running, all of my IE Windows shut down. Thought I should run Hijack This and get the logs to you guys to see if you can help me. Thanks for what you do for all of us.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:14:49 PM, on 12/10/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\System32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\McAfee\MSC\mcmscs... Read more

Answer:Virtumonde/virtumonde.ddc/rabio Search Enhancer

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Trish PMy name is Richie and i'll be helping you to fix your problems.You?re running msconfig in Auto mode which means that you may have selectively unchecked some items in the past from starting up with Windows. This can be bad if they?re malware, so please re-enable those startup entries by doing the following:Click on Start>Run,type msconfig and then press Enter. When the ?System Configuration Utility? opens click on the ?Startup? tab,make sure all the boxes are checkmarked. Then press Apply/Ok to exit the utility.If it asks you to restart your pc,please don?t,it?s not necessary at this point. Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2... Read more

5 more replies
Relevance 38.13%

Plagued for the last two days by pop ups etc informing of trojans/malware on computer. Spybot S+D confirmed. Have been to their forums also, not had reply yet. On their instruction did a kaspersky online scan (the log far too long to post), then did HJT scan. Downloaded and ran combofix, then did another HJT scan. So far no more pop ups, but I'm sure the little bugger's just biding it's time. Here's the logs in order taken as above:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:06:09, on 16/11/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\nvsvc32.exeC:�... Read more

Answer:Virtumonde, Virtumonde. Generic; Security Toolbar

Hi Jollyjedi!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Sorry that it took us so long to get back to you, but as you can see we're stumped withthe amout of logs.

Before we can start, please post a fresh hijackthis log back here.

1 more replies
Relevance 36.49%

Well ever since i clicked on a link, pop ups and everything have been starting to come up on my firefox and S&D is finding theses things.
Virtumonde Gemeric / Virtumonde
Also, when ever im on firefox it blinks alot opening up ads.

Heres a Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:24 AM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\121700~1\EE\AOLHOS~1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\COMMON~1\AOL\121700~1\EE\AOLServiceHost.exe
C:\Progra... Read more

Answer:Virtumonde. Gemeric / Virtumonde Trojans i think..

16 more replies
Relevance 36.49%

Logfile of random's system information tool 1.04 (written by random/random)Run by Administrator at 2008-11-30 22:40:03Microsoft Windows XP Professional Service Pack 3System drive C: has 25 GB (70%) free of 35 GBTotal RAM: 3327 MB (81% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:40:06 PM, on 11/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ASUS\Six Engine\SixEngine.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\WINDOWS\system32\Wacom_Tablet.exeC:\WINDOWS\System32\svchost.exeC:\Documents and Settings\A... Read more

Answer:virtumonde, virtumonde.generic and smitfraud c

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow th... Read more

5 more replies
Relevance 36.49%

hey gang i need some help! i can barely use my laptop as i seem to keep getting infected with vrtumonde and trojan.vundo. i am looking forward to your help in getting rid of this problem. thank you in advance!here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:51:36 PM, on 9/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\inet... Read more

Answer:Virtumonde, Virtumonde.pfx, Trojan.vundo Help!

sorry for some reason i didnt see the sticky about bumping, guess i was just being impatient. i will wait patiently for help.

17 more replies
Relevance 36.49%

Problem: getting pop-ups occastionally. Sometimes the pop-ups would be severe (constantly after another, especially in sites like youtube), other times they will appear every once in a while. (I would only get pop-ups when I go on the internet)So far I have...1) I ran Spybot w/ advanced mode on and identified two trojans: Virtumonde and Virtumonde.generic. 2) After the scan I clicked on 'Fix selected problems'. I assumed that it was deleted because of the check marks. 3) I ran spybot again and it identified the trojans again. So I clicked on the '+' sign to see the entries for each trojan. I right clicked each entry to their location and tried to delete the entries. 4) Assuming that I had deleted them I scanned again w/ spybot to confirm but the trojans were still there. 5) After I rebooted, I scanned again w/ spybot but the trojans were still identified. *I scanned w/ my Norton but did not identify anything (i think my antivirus is out-of-date even though the subscription did not expire yet. I been using norton for 4 yrs now and never had it go out-of-date.)**I forgot to mention that that first time I scanned w/ spybot, it also identified a malware called "Smitfraud-C" and 3 more trojans: 'Win32.agent.amyy, Win32.Agent.amwr, Win32.agent.aiae'. I went to the entry location and deleted them and rescanned. Spybot did not identify them, so I assumed that they were deleted. Window version: XPVirtumonde.generic has 3 entires -> 2 files and 1 re... Read more

Answer:2 Trojans - Virtumonde and Virtumonde.generic

If you use Spybot's Teatimer, disable it for now---------------------------------Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on... Read more

2 more replies
Relevance 36.49%

On Friday I began getting random pop-ups while surfing the web. Doing a scan with Spybot 1.5.2 it came up with two culprits: Virtumonde and Virtumonde.dll. I tried cleaning it but they reappear. Can you help?

Attached is the log file from HiJackThis.

Thanks.

---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:18 AM, on 05/06/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Applications\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Applications\Common Framework\FrameworkService.exe
C:\Applications\McAfee VirusScan 8.5\Mcshield.exe
C:\Applications\McAfee VirusScan 8.5\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Applications\Ghost 9.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Applications\Common Framework\UdaterUI.exe
C:\Applications\Ghost 9.0\Agent\GhostTray.exe
C:\Applications\Common Framework\McTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\... Read more

Answer:Random Popups - Virtumonde, Virtumonde.dll

I read on another website on Friday that if Virtumonde is not removed completely when you restart your computer it 're-establishes' itself. Not sure if it is true or not so I restarted my computer and ran HiJackThis again.

Here is the log file.

-------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:05 AM, on 05/06/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Applications\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Applications\Common Framework\FrameworkService.exe
C:\Applications\McAfee VirusScan 8.5\Mcshield.exe
C:\Applications\McAfee VirusScan 8.5\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Applications\Ghost 9.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DWRCST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Applications\Common Framework\UdaterUI.exe
C:\Applications\Ghost 9.0\Agent\GhostTray.exe
C:\Applications\Common Framework\McTray.exe
C:\Program Files\Java\jr... Read more

2 more replies
Relevance 36.49%

Well after trying and trying, still can't get rid of these things. and now i have a new error message that keeps popping up:

XXXX - Bad Image

The application or DLL C:\WINDOWS\system32\pomijowu.dll is not a valid Windows image. Please check the against your installation diskette.

this pretty much pops up any time i try to open something.

Well here's the log:
DDS (Version 1.1.0) - NTFSx86
Run by Amanda Grace at 13:09:52.79 on Mon 01/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.51 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090105-0] *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr... Read more

Answer:Infected with Virtumonde BY, Virtumonde K, and Darksma

Hi and welcome to Bleeping Computer Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2Link 3**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.--------------------------------------------------------------------Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review.Note:Do not mouseclick combofix's window while it's running. That may cause it to stallClick here to download HJTInstall.exeSave HJTInstall.exe to your desktop.Doubleclick on the HJTInstall.exe icon on your desktop.By default it will install to C:\Program Files\Trend Micro\HijackThis .Click on Install.It will create a HijackThis icon on the desktop.Once installed, it will launch Hijackthis.Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT use the AnalyseTh... Read more

2 more replies
Relevance 36.49%

I was recently infected with the Trojans: Virtumonde, Virtumonde.generic, Virtumonde.sci, Virtumonde.prx, as well as the malware Smitfraud-C. and can't seem to remove them using spybot alone. The only things that the files do as far as I can tell, is open up pop up spam windows and show the windows security alert shield in the taskbar saying that my firewall is disabled, although it is actually enabled. Thanks!
DDS (Version 1.1.0) - NTFSx86
Run by Owner at 18:33:35.81 on Mon 01/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.130 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\H... Read more

Answer:Virtumonde, Virtumonde.generic, Virtumonde.sci

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

19 more replies
Relevance 34.44%

I cannot remove the following from my computer:
Virtumonde.generic
Virtumonde
Smitfraud-C.CoreService
Smitfraud-C

I found the following using SpyBot.

Can anyone help? I'm desperate, I've had these on my computer for 6 days now and can't go online without crazy pop ups.

Here's what I've tried:
Smitfraud Fix

I've read forums where people have advised after seeing the person's ComboFix and HijackThis logs and really am hoping someone can do the same for me. Posted below are my ComboFix and HijackThis logs. I'll be so grateful for any help. Thanks in advance!
 

Answer:Virtumonde.generic, Virtumonde, Smitfraud-C.CoreService, Smitfraud-C Removal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:11:18, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwl... Read more

3 more replies
Relevance 34.44%

Hey guys first post here.I was recently infected with metajuan and virtumonde.dllSpybot found virtumonde & deleted most of it but froze when trying to remove one dllSo i got vundofix and ran it and it did the same thing but could not delete mljiigh.dll so it rebooted. Every time it reboots it either doesnt show the .dll under files to delte or is unable to remove it and asks me to restart again.I've tried in safemode, I've tried using Norton, Nod32 spyware removal, vundobgone, atfcleaner etc.I also have problems with hardware interrupts taking up 90-100% of my RAM the IRQ for my video card is conflicting with network adapters and other things (might be normal since i dont have many slots) but this started when the vundo appeared so i think its probably related.I currently cannot access my computer in any mode beside Safe Mode w/ or w/o networking, I have 4 bit color in normal mode and all it does is display my desktop without icons and freeze completelyRundll32.exe is also behaving strangely and launching browser helper objects which spybot blocks thankfully. Anyway heres my Hijack This! log (from safemode): Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:11:04 AM, on 2/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:... Read more

Answer:Trojan.metajuan+trojan.virtumonde +virtumonde.dll=good Times

Hi moomoo2u and Welcome to the Bleeping Computer!Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

6 more replies
Relevance 34.44%

Hi,
I made a post about my windows 7 explorer crashing, it seem to only happen when I move files from my internal to my external hard drive. it was still happening, nothing i tried fixed it.but NOW its gotten worse. Its crashing on a loop...every single second.this happens as SOON as I SIGN ON...in seconds it crashing and looping
and I cannot do a thing but use my internet...I get a message that tells me my program
fences (stardock program) has detected that there is problem with 7, and it disables itself, Then windows7 explorer crashes. sends info. then restarts...If I start a video or a program before it closes (which is seconds) then it will run. I have been up for HOURS trying to get this solved. I have NO clue what is going on. I ran Anti-Spyware free edition, found 8 harmful things, had them deleted. I also ran my microsoft essentials...BEFORE that..and it Finds nothing...it NEVER does. but anti does...that confuses me.

SO what is going on? what do I do? PLEASE anyone, I am computer illiterate...
I have windows 7 (genuine)
32bit home premium.
I was tryng to get the rest of the info. but I can't as the explorer is completely locked up as I type this...please help I am so frustrated, I want to make Bill Gates come fix my computer lol...who has his number!?
ASLO! After it crashes and re-opens it keeps bringing up the c drive file location library? every single time, so now i have a list of these file locations open...also I JUST get a message saying that my firewall is... Read more

Answer:Oh no its worse! Help!

Can you get into Safe mode instead? If so, does it happen in safe mode?
Safe Mode

EdiT:--------------------------------------
Do you have a system restore point you can revert to?
http://www.sevenforums.com/tutorials/700-system-restore.html

Oops sorry just read last line of your post.

9 more replies
Relevance 34.44%
Question: It's worse

my computer has been acting up for awhile running really slow, but now it's started this trick of adjusting the screen every little bit. It either moves up or down. It changes the sizes of the window as well. Then i noticed down at the bottom in the task bar, a button appears for just a second with a little icon in it. Then it disappears before i can do anything. Now, my email has started bouncing and i can't get outlook express to connect. Also, i was kicked off yahoo messenger and then all i could get was page cannot be displayed on even my home page. Here is my HJT log. I would appreciate your help.

Demi

Logfile of HijackThis v1.99.1
Scan saved at 1:01:23 AM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Dig... Read more

Answer:It's worse

6 more replies
Relevance 34.44%
Question: from bad to worse

please help-got a new laptop trying to use the wi fi.there is no wireless connection icon any where.maybe there no driver,im guessing. do i need to use the disc that came with my router.my other laptop works fine.maybe i need to use another keycode,i dont know please help.thanks

Answer:from bad to worse

I think you're already running a thread on this: click herePlease don't double-post.

1 more replies
Relevance 34.44%
Question: Bad to Worse

Friends,

It appears my browser (IE/XPpro non-sp2) has been hijacked - at boot time I get an IE page that advertises WinAnti-Virus and demands I purchase. I can close the window and continue, but there are 37 processes running and the drive is constantly active, where an identical box has 28 processes running. I have downloaded (but not run) all the software you recommend, but apparently nudged the wrong bad actor and now the system won't boot at all. I have backed up some data, but don't want to loose everything if I can help it. I don't know how to use command line recovery and I can't remember the Admin password to use it anyway.

This happened once before and I let the system just run and reboot itself and after about 4 hours it was successful. I have about 4 hours on it now and no luck. I will let it run all night to be sure it doesn't heal itself.

If I reload XP, will all my data still be there?

Things started to go south about 2months ago when McAfee found Vundo and couldn't seem to kill it off.....

thanks, GearHead.
 

Answer:Bad to Worse

Hi GearHead,

Check out this link and try the removal tool from Symantec.

READ ME: Virtumundo Problems/Resolution Threads

Should that fail, I would suggest following the steps here:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Best luck
PP
 

2 more replies
Relevance 34.44%

Just a curiosity question. I found an old AMD K6 chip in a scrap computer.
I would like to know if it is better/faster than my "Cyrix Instead" with MMX?
Both I think are 266's and socket 7.......

It's for my first PC that is now used for solitaire and surfing the net...

And what steps, if any, should I do to swap them, if the K-6 turns out better?
 

Answer:Better/Worse? Two old CPU's for old PC..

10 more replies
Relevance 34.44%

I just finished a download that had some pretty nasty side effects. I am getting a pop up saying "It is recommended to update you antispyware protection to prevent data loss. Please install the most up-to-date antispyware for you" then an ok button. This isn't the only one, there are about 2 or 3 that seem random, none of which seem encouraging at all. Please help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:48:46 PM, on 1/26/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20935)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TVersity\Media Server\MediaServer.exeC:\WINDOWS\explorer.exeC:\Program Files\Unlocker\Un... Read more

Answer:pop ups and probably worse

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all.I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it i... Read more

18 more replies
Relevance 34.44%
Question: Gotten Worse...

I know i posted about it a couple days ago with my computer going down the pooper. Well it was running real smooth untill recently. i had lots of disk drive space open now today it says i have 55.6GB of free space now i have a total of 74.5. I have been running virus protectors and spyware programs but its not working and there are icons showing up on my desktop that i cannot get rid of.... Do i have to re install windows or something? Sorry to ask again but i need help. Also i forgot to mention in my add remove programs there is a new program called search plug in and also micromedia flash player which im unfimiliar with and they are the biggest files in there.
 

Answer:Gotten Worse...

Please don't start a new thread for the same issue

If you are not getting any responses bump the original back to the top by simply posting to it...

here's the oiriginal... http://forums.techguy.org/t313054.html

closing this one

buck
 

1 more replies
Relevance 34.44%

Hello, I never write posts to ask questions when it comes computers, but this time I saw myself having to do so.
I have had many problems recently, and it just got to the point where stuff just doesnt work anymore.
I upgraded to Win 10 about 10 days after its launch. I loved it. I had that often problem everyone had but I could solve it.
About 20 days ago, everything worked greatly. Then, I don't remember what exactly happened, but all of a sudden I couldn't access the Groove Music App. Then I realized I couldnt open any other Windows built in apps, not even store worked. However, Edge and apps like calendar for some reason do work. So in an attempt to repair this, I messed up the Appdata folders's permissions. I had recently installed this context menu button when I right clicked, that let me take ownership of a folder, so I took the ownership "administrators."
Then, the hidden items check box in the View Tab on Explorer suddenly unchecked itself when I checked it. I looked up online and there it said it had to do with the Administrator account, but hell, I am the admin account on my PC, so this just didnt make sense. Then I read a simple reboot would help, so I rebooted and it was fixed.
This is where I mention my recent installs. Around the time, I installed this now piece of software on my pc, and this software was Bit defender Total Security. I had replaced my previous antivirus, Avast Internet Security, with this. Now, I highly doubt this program contributed to this in ... Read more

Answer:Help! My pc is getting worse

That last part went wrong somehow, here are the links:
click here
href
10-windowsstore/store-not-opening-in-windows-10-this-app-cant-open/c0de1565-9c33-4604-a1cd-b4ce18b72117?page=2&auth=1
10-windowsstore/windows-10-app-store-will-not-run-cannt-add-a-user/682d6bd8-39ae-4ee4-b0fc-c19027b44552?rtAction=1444233209744&auth=1
storeandappswontopenreregistering/
1-windowsstore/windows-store-app-not-opening-in-windows-81/9882357f-ae86-4e4d-ba37-209aa960063c

7 more replies
Relevance 34.44%
Question: It could be worse

I come to this forum and read all the time in search of knowledge . With the reading and help of the fine people here I have fixed many problems . Some posts I have read complain about a program taking a minute to start up . Some complain about a slow boot up . Well when I said it could be worse I found one that couldn't be . Uncle brought his PC out to me to see iffin I could make it work for him . HP Pailion with 128 ram and XP Home . Hooked it up to my monitor and turned it on . One hour and 15 minutes later I could finally do something . First thing I attempted to do was run defrag . It took 15 minutes for the menue to work enough to let me click on defrag and another 29 minutes to open defrag . Now I have it open and click on derag to run , 7 hours later it finished . Pc Was still slow . A bit better but not much . Started to empty temp folders . One temp folder took 15 minutes to empty . Emptied all the temp folders and the history then deleated some programs . Only deleted 3 small programs but with them and the temp folders I regained 17 gigs of hard drive . Did another defrag and this time it went much faster . Then I started on malware and viruses . Did the ususal scans I learned from here and took a bunch of them out . Got to the point that the PC was healthy again . Took out the 128 megs of ram and replaced it with 512 which is the max for this HP . Now it is running very smooth and probably as fast as it ever will . So when you think you are running slow do t... Read more

More replies
Relevance 34.44%

my topic is here http://www.bleepingcomputer.com/forums/t/134217/virus-and-rootkits/ and it has been a couple days since a reply, and i was told not to reply again until i get a reply from someone to help me. but my computer is now losing the whole task bar whenever i close anything...i can bring up the task manager and see everything there, and i can ALT+TAB between programs and they will come up, but when i press the windows button will not bring up the start menu. the HJT log is in that other topic. thank you for looking

Answer:I Think My Pc Is Getting Worse

Hi dizz15,I know it's frustrating, but please be patient. It may take a while to get a response, because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible.If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".To avoid confusion, I am closing this topic.

1 more replies
Relevance 34.44%

dear all, any softwares that can fix this...

3 men go into a hotel for the night. The clerk informs them that it's $30 for the room, so they each take out a $10 bill to pay for the room. So far they paid $30, correct? You with me so far? Good.

A few moment after the men went up to the room, the manager reminds the clerk that there was a special promotion that night, and that the room was only $25. So the clerk gives the bell boy five dollars to bring back to the men. On his way up to the room, the bell boy says. "Hey, I'm not stupid, I'll give each of the man a dollar back and keep two for myself, $5 right, 30-5=25.

Well, since the bell boy gave each man a dollar back, that means each man only paid $9, correct?

Well, the last time I checked, 9x3=27, plus the 2 that the bell boy took makes 29, what happened to the other dollar??????

[This message has been edited by kokaik (edited 07-03-2000).]
 

Answer:the more you think, the worse it gets

7 more replies
Relevance 34.44%

Is a 635 slower than a 640? Is the camera worse? Is there less internal memory? What are the differences?

Answer:How much worse is a 635 than a 640?

Here's the differences compared to the 640...
The 635...
...has half the RAM, which meant Facebook and Messenger refused to run in my case on W10M, multitasking is less smooth and whatnot. But it works for the basics.
HOWEVER, there are some 635's that have 1 GB of RAM, matching the 640.
...is not supported currently so you won't be getting Windows 10 Mobile easily, although some 635's have indeed been getting it with little effort oddly enough.
...has an inferior, lower-resolution 5 MP camera with no LED flash. (the 640 has a flash and an 8 MP shooter)
...is smaller than the 640.
...does not have a proximity sensor.
...does not have double-tap to wake or Glance.
...has a smaller and lower-resolution display.
...has a smaller battery.
Although the 635 and 640 share the same Snapdragon 400 processor and 8 GB of storage + microSD.
The 640 is the better all-around phone but I your needs are very basic and the 635 is significantly cheaper then the 635 may make sense.

2 more replies
Relevance 34.44%

Hey all.
I am loaded with popups. I went through all my prelim scans, booted safe mode, all that jazz. I didn't notice anything for about three minutes, then it all came back. If anything, they just seem to be getting worse. Anyway, here's my log, thank you much for your time.

Logfile of HijackThis v1.97.7
Scan saved at 11:43:05 PM, on 11/27/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\mllcrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
C:\WINDOWS\system32\vmss\vmss.exe
C... Read more

Answer:Keeps getting worse.

Hi
You will need to get rid of the Peper Trojan first so run the PeperFix from my list..

After that
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please post a new log when finished...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O4 - HKLM\..\Run: [W7ABA] c:\documents and settings\... Read more

5 more replies
Relevance 34.44%

Sorry to be such a bother but this problem is driving me bonkers!
Every turn develops into a new drama-here's the situation so far-

(1.) When I go to click on a program (any program) my computer either immediately or soon afterwards pops up a window that says "program error-process has already been exited-has generated errors and will be closed by windows. You will need to restart the program. An error log is being created." Of course restarting the process only sends me in circles-the same thing continues to happen-sometimes, obviously, I'm able to start the program but usually during the course of operation the "program error" window pops up and it's back to musical chairs again!
My system is, O/S Windows 2000 Pro, P4-1.6GHz 400MHz/P4FAN (P4-1600AR), Motherboard-D850MVL -MB Intel D850MV w/LAN, Rambus 256MB (2).

(2.) Now if I didn't already have enough problems I've apparently been infected with the Fortnight.E virus-it gets worse, in turn, I infected my ex-wife with the virus via an email (well, I'm sure you can imagine my situation-it would be better to have my nipples dipped in honey and dangled over a pool of hungry piranhas-she's pissed! Of course, the fact that the virus installed porno weblinks into her favorite file made matters even more unbearable-you'd think she was a nun or something! At any rate,
I have run a Panda On-Line AV-Scan-several Norton AV scans-SpyBot, Ad-Aware and SpySweeper-nothing works!
... Read more

Answer:Sos....from Bad 2 Worse!

6 more replies
Relevance 34.44%

I have been workin on this for several days now and I am at my wits end. I am attaching my Bitdefender log and an HJT log. I have followed all of the instructions in the "Before Posting" page. And should tell you the following. My Add/Remove programs hasn't worked in years so when necessary I use the free trials downloadable from various places.
When I try and run Microsoft Windows Defender it says I need to perform an upgrade, and will not open.
I tried running Pandascan this morning and waited for over two hours and it never did complete downloading.
As I mentioned, I am at my wits end and believe it's time for some help.
Thanks
 

Answer:The more I try the worse it gets! I need Help!

Welcome to Majorgeeks!

You did not attach your HJT log. Make sure you follow all instructions in step 7 properly and then attach your HJT log.

You should look at your Bitdefender log (change the .txt to .html and then double click on it and you can see it in your browser) You need to delete those items it is pointing out in your email.

Is your copy of Windows licensed to you and has it been activated with Microsoft?

What happens when you try to use Add/Remove programs? Be specific.
 

9 more replies
Relevance 34.44%

I've been trying to fix this computer for several days now, and it keeps getting worse instead of better

I know from my Ad-Aware scans that it has coolwebsearch on it, but CWShredder doesnt find anything wrong when I run it. ad-Aware does and keeps fixing it, but it's back within seconds. I've also run spybot search, about buster, and pest patrol. My HJT logs are getting worse, not better.

I would be much obliged if someone could help me; I can't figure out what else to do.
Thanks!
-Vanessa

Here is my HJT log, let me know what if anything else will help.

Logfile of HijackThis v1.97.7
Scan saved at 11:41:07 PM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program... Read more

Answer:It's Getting Worse....

I downloaded the newer version of HJT...new log file is:

Logfile of HijackThis v1.99.0
Scan saved at 12:13:41 AM, on 2/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\iety.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\msbo32.exe
C:\DOCUME~1\ness\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system... Read more

3 more replies
Relevance 34.44%

I have a virus on my computer in which my Windows Defender warning pops up every few minutes I remove it and it keeps coming back. I am also getting lots of internet pop-up ads. Please help before I throw my lap top out of my window. I ran hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:47 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Softw... Read more

Answer:Please help! It's getting worse

it is:
browser modifier: win32/fotomoto
 

2 more replies
Relevance 34.44%
Question: Bad to worse

I posted a previous problem in regards to my computer shutting down at random and suspect virus. It seems things have gone from bad to worse in rapid time. I have lost internet connection, I open a program "regedit" and it closes, same with "msconfig" I cannot boot in safe mode. Suddenly all that was in my "connections" are completely gone, that folder is now blank. I know in the past I have tested your patience here but am throwing myself at your mercy once more. Sorry if this should have been posted with my previous question but I am unsure as to how protocol is.

btw forgot to give the basics.
Winxp
Medion computer.
should be current on updates.
again tia.
 

More replies
Relevance 34.44%

Hi,

I just wanted to start by saying a very big thankyou to all of you that help people on this forum. It is very generous of you and it is appreciated.

I have been infected by this fake security application that says "Windows Security has found critical process activity on your system". It keeps redirecting our web searches. In safe mode I have ran malware bytes, super anti spyware and created a hijack this log all before finding this forum. Both these scans found problems initially however upon following the instructions of this forum no more were found. I tightened up my zonealarm resetting it to default and searching programs that try to run as they popped up, mshta.exe was one of the programs.

I have followed the instruction on this web site to the best of my knowledge and i will attach the logs of the various scans. All scans went well except for the combo fix scan that ran through to stage 50, flashed a page suggesting it was deleting files and then restarted my computer. I repeated it with the same result.

I now have a message that says "SQL Server could not find the default instance (MSSQLSERVER) - please specify the name of an existing instance on the invocation of sqlservr.exe." whenever i start my computer and it takes a long time before all the applications are loaded and ready to be accessed. It seems to run faster if the internet is turned off?

I am posting this from another computer.


Here are the logs - Thankyou for yo... Read more

Answer:Please Help, its getting worse

I am not seeing much in the way of malware on your system. Let's do this and see where you are after:

Download The Avenger by Swandog469, and save it to your Desktop.

* Extract+ avenger.exe from the Zip file and save it to your desktop

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present --Unless you set this.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present --Unless you set this.Click to expand...

After clicking Fix, exit HJT.

* Run avenger.exe by double-clicking on it.
* -Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:



Files to delete:
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Ta... Read more

5 more replies
Relevance 34.44%

Hi. I hate to be a nooge, but I posted a problem I had a week ago with a single search term being redirected in Google -- only that one search term was redirected. That much has stayed constant -- I've been using Google all week and only that one search term is redirected. My post has dropped down to page 12 and I think it's pretty much off the grid by now.Tonight I tried to run Hostsman to update my Hosts file and Avast! immediately put up the Warning notice that:12/2/2009 11:40:42 PM SYSTEM 2016 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\HostsMan\hm.exe" file.I quarantined the file, but now I'm very concerned. When it was just the one redirect it was interesting, but this has me a bit panicked.I've copied last week's post here.Can anyone help?EDIT: Okay, it looks like Avast! may be reporting false positives right now with virus database 091203-0, the one I'm using right now, according to what I read in the various forums. I'll keep a good thought, anyway.But my redirect problem IS still there, and I'd like to get to the bottom of it, if anyone can help. Thanks!Hello again -- I was here with a severe problem about a year ago. It took several weeks, and a lot of help, but I got cleaned.I also learned a few things. I have since installed the NoScript and Cookie Whitelist addons to Firefox, I installed the free version of ZoneAlarm, and I installed a Hosts file manage... Read more

More replies
Relevance 34.44%
Question: bad to worse

Now I'm getting a little spooked.First it was just some irritating re-directs from Google searchers.Then multiple windows began propagating, sometimes blaring music, voices, phone sounds.Then, trying to work my way through the instructions in the preparation guide, I discovered that attempting to run the gmer.exe crashed me, locked up the processor, prevented me to restarting, the whole thing.Now, my touchpad has stopped responding. I uninstalled and restarted to replace the driver, but no effect. I am having to use a USB mouse, which works OK, but has not improved the touchpad.What's next?!Just curious. A question, for those of you who have experience with this forum--how long does it usually take to get help? Should I assume that all topics are addressed eventually, as folks find time? If I have failed to supply some bit of information, or violated some etiquette, I'd rather know, make my amends and start over that wait on the sidelines longer than necessary.Or should I just throw this piece-of-crap netbook out the window and get a real machine?

Answer:bad to worse

Hello pfosinger,It's hard to say how long it will take for a topic to get picked up. I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have nearly 300 unanswered topics, the oldest dated Aug. 26, 2010 at 5:14 pm Eastern Daylight Savings time in the U.S.A. Your log topic is dated Aug. 30 2010 at 10:00 pm using the same time zone.Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.Orange ... Read more

2 more replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

0 more replies
Relevance 34.44%

Like all AOL software, I'm wondering if the new AIM version is worse than the previous. Has anyone tried it yet?

It seems to have a lot of the features that AIM mods have introduced. I use DeadAIM myself, and have loved it for years. I tend to like things minimal. I've tried GAIM and Trillian, but I only use AIM, and GAIM messes up direct connections and profiles. I've tried AIMutation (sp?) and didn't like it much either.

What do you guys think?
 

Answer:AIM 6: worse because it's new?

i like it, but alot of people don't.
you just have to tweak it to the way you want it.
 

3 more replies
Relevance 34.44%
Question: Bad to Worse.

Hi all,  So not only does the Control Panel on my T520's nVidia card fail to work, but safe mode doesn't either. It gets stuck in a reboot loop for memory reasons. Using last known boot configuration I can get it to boot normally but the networking cards/drivers don't work. They are detected in Windows 7 but ipconfig only gives the Tunneling adapters.  Any ideas? Or should I just send it in for servicing?













Solved!

Go to Solution.

Answer:Bad to Worse.

Hi kingofthering
 
If you need to use the machine temporary or to ensure your Nvidia GPU is defect, you could change the graphics settings in the BIOS to Integrated Graphics.
 
If you are not technical savvy or / and wish to save the hassle, it's probably good to send it in for servicing.
Have a nice day!
Peter
W520 (4284-A99)
Does someone?s post help you? Give them kudos as a reward, as they will do better to improve | Mark it as solved if the solution works for you, so it could be reference for others in the future
=====================================
Sound Enthusiast and Enhancement (Post comments, share mixes, etc.)
http://forums.lenovo.com/t5/General-Discussion/Dol?by-Home-Theater-v4-for-most-Lenovo-Laptops/td-p/6...
http://forums.lenovo.com/t5/IdeaPad-Slate-Tablets/?IdeaPad-Tablet-Sound-Enhancement-Thread/td-p/7150

9 more replies
Relevance 34.44%

I tried to run a payment on a website and the submit button did nothing but make the cursor blink which it still is.  I looked under inspect Element and there was a JS file that downloaded.  I looked at it and it looked fishy.  I tried to run the normal cleaning techniques (ADW Cleaner, JRT, RKiill etc) and they all returned a messagge. "the service cannot accept control messages at this time "
 
It is slowly getting worse by the minute so I am not sure that this will even get to someone in tim,e cause I know u guys are backed up but if possible I dont know what to do I tried to use msconfig.exe , and the search functions to get safe mode to work but I just get either nothing happening or the same message.  I am afraid that if I turn off the computer to shift into safe mode that it will loack up..  Any helop would be appreciated.

Answer:I have something bad going on and ts getting worse byt the second

Sorry, but it seems that your pc is infected with a virus or malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.Please follow this Preparation Guide, post in a new topic and include a link to this thread.Let me know if all went well.

3 more replies
Relevance 34.44%
Question: Getting worse

I followed your advise to rid my computer of a BHO and virus (red circle w/white X in system tray). Now my computer takes 20 minutes to boot, asks what mode to load in, (safe, normal, MS-DOS, etc), and only loads in 640 x 480 video. I've also lost the printer driver.

Logfile of HijackThis v1.99.1
Scan saved at 12:49:56 PM, on 12/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\ATIPTAAB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant ... Read more

Answer:Getting worse

hi, welcome to TSG.
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!
Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710
Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php
Download A2

http://www.emsisoft.com/en/software/free/

update A2 and run a full scan.
*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* run cleanup

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Ex... Read more

1 more replies
Relevance 34.44%
Question: From Bad to Worse

Hello to all the experts here at Bleeping Computers.

I was in the process of following your steps from the "Preparation Guide" when my computer decided to crash big time.
Initially I had my homepage hijacked by something called start.search.us. That by itself didn't seem to be a big deal. I was proceeding through the steps and made it to step 8 (Create a GMER Log). Approximately 5 minutes into the scan my entire screen went all screwy. It looked like the GMER scan program filled the screen and scrambled itself.

Now my computer won't work at all. After a restart, the computer locks up on the black screen with the green progress bar (Microsoft Corp underneath). I tried a safe mode reboot but it stops loading at the following line of text, "Windows\System32\Drivers\avgidshx.sys" This was the same line of text that was being scanned during the GMER scan.

After another restart (so many I lost count) my computer reads the following, "Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:...." Several options are listed but even after inserting the original operating disc to repair, I can't get past the green progress bar thing.

Help!!! I'm moments away from turning this laptop into a very unaerodynamic flying brick.

(I'm typing this on my wife's Macbook, in case anyone was wondering how I could post)

More replies
Relevance 34.44%

Hi, I have been using PC tools for the last couple of years with no bother. However, when I wanted to put it on my laptop I lost the ability to access the internet. They told me (eventuallY) to reboot using my windows XP home edition disc. having done that I was initially able to access the internet, but I could not open links or download any thing, and now explorer won't open at all, I just get error reporting. Things have gone from bad to worse and I need some help.Thanks

Answer:going from bad to worse

sorry - spyware doctor

2 more replies
Relevance 34.44%

i now cannot access my e-mail since doing an update every time i click on the e-mail icon nothing happens its just blank, nutty norm again

Answer:its seems to get worse

What email icon?????????????

3 more replies
Relevance 34.44%

Ok my computer has been progressivly getting worse becuase before i wasnt able to enter my control panel becuase explorer would just crash. And now i started up my computer and restarted a couple of times and i cannot see my tool bar(the one with the start button) and my cousin is bringing my xp disk christmas.. what can i do in the meantime? oh and when i click my windows key it doesnt do anything.

Answer:it just got worse...

looks like a virus to me
what antivirus program are you using? and is it up to date?

9 more replies
Relevance 34.44%

 Can anyone help??? It all started when I installed a new game (well new for my old PC) the other day, when ever I tried to load it, once it got past the intro video it just returned to the desktop, most of the time, it did occasionally work. So I went to look on the web for advice and was told to update my sound and video drivers. My PC is an old PII 350 with windows 98. I went to ATI and downloaded what it said was the latest driver for my card, now when the game does play the colours are all wrong and blocky (I have also updated direct X above the one the game needs). So I tried a sligthly older driver, which was even worse, so I put the newer one back on. To add to this the company who made my sound card (Aureal) have gone out of business, so don't give drivers now. I have found on another page what was supposed to the the latest driver they did release, but when I load the diagnostic tool on my computer (some sort of direct X thing) when I test the sound, it says there is a fault there too. It seems that what ever I try to do, the thing just gets worse, I am starting to think about getting another PC, but when it works, it does everything I need. Does anyone have and advice how I should try and fix all this? Thanks James

Answer:It just keeps getting worse

Did you simply overwrite the videocard drivers? If yes, you may wish to thoroughly clean your computer by uninstalling them and running a program such Advanced System Optimizer V2 or Advanced Uninstaller Pro 2004 There is also a useful tool that removes drivers for you.. I'll get back to you on that once I recall the name. Even though your soundcard manufacturer has gone out of business, use Google to search for drivers. There is quite a high chance of still finding them.As for DirectX, see to it that you have the latest version from Mirosoft.Buying a new PC will not solve your problems. It is not the PC's fault, it is the users fault. Your problems will just start anew if you donot know what you're doing.

1 more replies
Relevance 34.44%

new note pad mesgwhen I boot up.
[.ShellClassInfo]
[email protected]%SystemRoot%\system32\shell32.dll,-21787

I get this on start up and firefox is giving me an error

Well, this is embarrassing.

Firefox is having trouble recovering your windows and tabs. This is usually caused by a recently opened web page
Can any one help me out?

Thank you so much
 

More replies
Relevance 34.44%

I've had 10 for a few months now. During that time I've had several automatic updates. Most have been unnoticeable, a few others were anti productive. The first and the last (two days ago) have been horrible. When I first downloaded 10 I immediately lost my CD/DVD drive. No matter where I look my computer can't find the old one. It also disabled sound from anything I recorded. The latest update is making me log in if I leave the computer for more than a couple of minutes. It also makes me wait before the log in window pops up. I'm beginning to think that switching from 8 to 10 was not a good decision.

Answer:Just when you think it can't be worse!

Would you consider doing an in-place upgrade install, also known as Repair install ?
Repair Install Windows 10 with an In-place Upgrade

9 more replies
Relevance 34.03%

I have two PS3s in my house and a few months ago, they started to lag and disconnect altogether when we played at the same time. I thought it was the router, a Netgear, so we bought a new one, a Linksys. It was still lagging, so we decided to upgrade from TWC's Road Runner Lite to Road Runner Turbo. Of course the upgrade meant I had to upgrade all services and am now paying $60 extra. It didn't get better, instead, it's getting worse by the day. There is NO way to play the PS3s together now, it lags too bad and will disconnect quickly after. We called the router support and their advice didn't work. We bypassed the wireless aspect of the PS3s and plugged the ethernet cables directly into the router and it still lagged. So it has to be something with the ISP or the modem.

Now if I play the PS3 with the ethernet cable directly from the PS3 into the modem, which is the only way it won't lag, it dies after a few minutes and the modem doesn't send signals. That means my digital phone won't work and my Internet won't work. I unplug it and wait, blah, blah, blah. The only way I can get it to work is if I unplug the MAIN cable from the splitter, which means no cable TV and plug it directly into the modem. That doesn't even solve it, it STILL LAGS! It never lagged before a few months ago, we had two PS3s online wireless and we never had a problem. I called my ISP, Time Warner Cable, and they can't speak English and only say to unplug ... Read more

Answer:Lag, worse lag and disconnects

6 more replies
Relevance 34.03%

There is an ongoing study out now about the use of technology and the impact it has on the human condition. Always being available, whether it is through IM's or Email os TXT messaging, is a major source of stress... And IQ lowering. For people who spend all day on the computer, messaging peopel and emailing people, their IQ lowers (approimately) 10 points. To put that in perspective, smoking pot only lowers it 4 points.

This is for all you people out there who say that smokign weed is the worst thign in the world, but you spend all day in front of the computer. Bunch of hypocrites.

Stoners: 1, You: 0

http://www.sfgate.com/cgi-bin/articl....TMP&type=tech

Answer:Technology worse than pot?

I don't say smoking pot is the worst thing in the world, I just don't do it. Little would change with the legalization if it. Its not like they strictly enforce the marijuana laws now. Also, it is talking about using instant messaging services and email while on the job...not merely using the computer a little too much.

8 more replies
Relevance 34.03%

Hi,

I'm experiancing some very strange behaviour with my Asus V9280S-TVP and WINXP. If I load up a game or any software that's in any way graphics heavy my system performance decreases steadily, strange patterns start appearing on buttons and lables, textures become distorted and discolored, and then a drop out to desktop with an error message stating that "Windows has recovered from a device failure, blah blah". Screen resolution is set to something very low and color depth looks like 8bit or lower color. Shortly after the displaying of this message the system becomes unresponsive and I must power down(not much of a recovery). This problem takes a variety of differant time to manifest itself depending on the game. If I restart the system immediatly as the POST screen ticks over I can see out of place characters and similar graphics error to my ingame ones. However if I wait a few minutes before restart this does not occur and system starts up fine and runs fine untill I decide to try out another game or even 3dsmax. I've pretty much tried every driver there is for the card and found the vast majority of them actually decreased the performance of the card even further than the performance with the inbox driver (v31.40).I suspect overheating but I'm not sure if these problems are symptoms of overheating. I have considered redoing all the thermal connections to headsink with new thermal paste, but I've decided to put it off untill I get an opinion as the heatsink ... Read more

Answer:Overheating or Worse

have it being doing that before as well?

or u have just installed the card?

try newest version of forceware
2: if still doesnt works, some transistors might be faulty.

2 more replies
Relevance 34.03%

Hi, everyone....
A couple of weeks ago, someone overseas used my credit card number to buy themselves a free train ticket. Since I don't do much (and usually through PayPal anyway) Internet purchasing, there is only one other direct way they could have gotten it - by hijacking my Internet connection. (I could be wrong about this, but it's what I think anyway....)

I use AVG, but after this, I also installed Avast, which I allowed to do a full system scan. It found 4 Trojans on this system, all in the System Restore areas. Naturally, I deleted them.

Prior to this, I was having problems with MSI programs not loading right. After I scanned and got rid of a couple of viruses and those Trojans, this problem seems to have gone away. (In the midst of this, I also upgraded the system to SP3, which could have corrected the MSI problem anyway - no idea.)

What the system is doing now is breaking as I type, which implies that something may be making screen-shots in the background, and transmitting whatever to whoever is watching. This bugs me - what would be helpful is a raw logger that tracks everything transmitted or received via the Net, but I haven't seen such a tool for Microsoft. In Linux, sure, but....

System: 2.0 GHz HP Pavilion 533w, 512 MB RAM, Two 60 GB HDDs, USB 2.0 500 GB HDD, XP Home w/SP3, AVG, (Ad-Aware, Avast)

Here's my HijackThis log file:

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:56 PM, on 9/23/2008
Platform: Windows X... Read more

More replies
Relevance 34.03%

I am runing Windows ME operating system.Ever since a friend messed about with my computor (took files out moved some around) to try to help it run smoother, it has never run right..PROBS>>>When I switch the computor on I get an unusual start up sequence..Black screen, white words, headed Micresoft Windows Millenium Startup Menu.I an given 1-6 options and a timer is running 30seconds. If I let the time run out, it carries on as normal. The desktop opens as if all is well BUT ... I have Norton Systems Doctor that is very ill as it does very little. It just says things like Norton Intergrator could not initialize the currant class ect ect..an other things ...The screen freezes for 25 -30 seconds every few minutes sometimes but it can be ok for 30 mins...When I click on Launch Outlook Express, a dialog box tells me it cannot be started because MSOE.DLL could not be loaded...I have no sound what so ever from anything....The internet runs fine BUT ..I have no MSN Messenger or Hotmail...I have tried to run msnconfig from the run commandbut a dialog box pops up stating ...msnconfig cannot be found ... an I writing this in correctlyAlso System Restore will not restore anything, I have tried a number of dates...Should I put in the Recovery Disk or is this a last resort or am I there already ....I will check back every 20 mins or so...ThanksDerek

Answer:Problems now worse ..please help.

Well, for one thing, the command you are looking for isMSCONFIG

10 more replies
Relevance 34.03%

I have a friends computer that won't allow the internet browser to function properly and won't play youtube videos. I noticed the following in the task manager: (refer to screenshot060, screenchot090). In which the things that look a little fishy like csrss.exe I try to close them and it comes back as access denied. When I restart the computer it says "Unable to set hook?" with an Nvidia header.  Any help will be much appreciated!![recovering disk space, attachment deleted by admin]

Answer:Virus or something worse?

Sorry I ran out of room on the OP. Also sorry for the size I would use an image host but the virus(s) won't allow it.[recovering disk space, attachment deleted by admin]

14 more replies
Relevance 34.03%

Trying to help someone who needed to get on the net in a pinch, I put Zone Alarm on his laptop. It immediately caused slow downs, and wouldn't let me remove it with it's own uninstall because it was a demo. So, I used add/remove programs. Then I went to the ZA site and found out what might remain in the registry, searched for it, it wasn't there.
The whole system was paralysed. I used Advanced System Optimizer to clean the registry, and then the programs would work, but both startup and shutdown took about 8 minutes. I tried reinstalling ZA with my own reg code, just so I could do another uninstall, using the right tool. I did that, but there was no improvement. When I tried starting in Safe Mode, I got a screen saying something was "stuck" and was directed to a bios page. Here was my biggest stupidest mistake: I said restore default bios. Dumb, dumb dumb!!!
After that, it would boot (still 8 minutes), but do nothing. I mean, I couldn't click on a thing that would work. I have no start menu...wait, it just came up, it took about 10 minutes!
What can I do? He has important data on here. I can't just wipe the disk! Is there a way to put the bios back to where they were when I clicked "restore default bios"????? Does that even matter? If I can get the programs to work again with ASO, is there another way to get startup and shutdown to work? Have I ruined everything?
Seriously, I'm shaking...please help if you can!!!
 

Answer:Worse and scared after ZA!!!

6 more replies
Relevance 34.03%

Kept trying to power up the computer-see latest posts:   http://www.computerhope.com/forum/index.php/topic,87693.0.htmlAll of a sudden the motherboard started to power up, and the chip that reads "Nividia nForce" next to the graphics card started to smoke.  Shut down the system.Not good. 

Answer:Ouch---When bad goes to worse

The good news is we have a new suspect!  Sorry about the vid card.

4 more replies
Relevance 34.03%

What brought me here is a problem reinstalling my adobe CS1 - I had problems with acrobat and had to uninstall the entire suite.  I was unable to reinstall...it got just so far and then just 'hung'.  I spoke the the Dell cust. svc person who insisted I had to reinstall windows (which is a last resort).  I thought I may have an intruder on my computer so I followed all the directions or what to do BEFORE I post my question...all the downloads, scans and logs.  I am currenly running windows xp professional on a dell laptop.  I am posting my logs and hope someone can HELP ME!! [recovering space - attachment deleted by admin]

Answer:do I have a virus ...or worse?

Open Hijackthis and select Do a system scan only.Place a check mark next to the following entries: (if there)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)Important: Close all windows except for Hijackthis and then click Fix checked.Exit Hijackthis.I don't see anything malicious, have you tried to do any repairs to windows?Here are a few methods to try.Do you have an XP CD?If so, place it in your CD ROM drive and follow the instructions below:Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)Let this run undisturbed until the window with the blue  progress bar goes awaySFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.----------1. Download IEFix.zip and run it.2. Click the Apply button.3. You'll be prompted for the Operating System CD or the Service Pack Files location.4. Once finished Restart Windows. If you�... Read more

1 more replies
Relevance 34.03%

Ok I have several computers the one I am having a problem with now is a family computer used by me and my husband.
My AVG is saying I have a cryptor infection and that was four this morning tonight it is a whole list I downloaded Stopzilla but that did not really do anything.
I have no idea what Hijackthis is and am nervous about trying anything else without guidance.
Thank You!!!
 

Answer:Help... it is getting worse by the minute

I did the hijack this figured what the heck
 

1 more replies
Relevance 34.03%

is there an easy way to stop these pop ups invading my computer every time i go on to amazon to look for something, windows 7

Answer:pop ups getting worse from amazon

Have you enabled the inbuilt PopUP blocker in your Browser? and do you have an additional AdBlocker for your browser?

3 more replies
Relevance 34.03%

Using Windows7 and IE8 32-bit I am constantly finding that the program stops responding and I have restore the last sesion, or worse still start again. Happens on both my home PC and my office PC, so its not the PC at fault. For example, today, trying to post this discussion took 8/9 restarts.
Anyone else experiencing problems?

Answer:IE8 problem - is it getting worse

This issue may be caused by some 3rd party add-ons that you may have installed on both of your PC's. Try reseting the IE settings to disable add-ons:
Close any IE or Windows Explorer windows that are currently open.
Open a new IE window.
Click the Tools button, and then click Internet Options.
Click the Advanced tab, and then click Reset.
In the Reset Internet Explorer Settings dialog box, click Reset. When Internet Explorer finishes restoring the settings, click Close, and then click OK.
Close IE. (The changes will take effect the next time you open IE.)
After that, please open IE again to verify if the issue has been resloved.
If this doesn't help....
Can I suggest that you try another browser such as Firefox to see if the problem still occurs.
You could also try rolling back IE8 to a previous version.

10 more replies
Relevance 34.03%

Sorry to make another thread... but I think my computer is seriously in trouble. Everytime I click on my documents folder.. my computer refreshes itself and closes everything. So now, I cant even access my documents. I ran every scan possible and nothing is working. What's there left for me to do?
 

Answer:My problem got worse..

You need to reply to this thread: http://forums.techguy.org/malware-removal-hijackthis-logs/774556-spyware-keeps-coming-back-log.html where you are being helped.

Please do not start new threads for the same problem.
 

1 more replies
Relevance 34.03%

Got a PC here that the lights on the MOBO come on, when you hit the power button, it clicks like it should, the green light comes on, but when you release the button, it goes back off. Initially I thought this was a PSU problem, but now I'm thinking maybe the power switch itself.

Answer:PSU, switch, or worse

Check the front panel header, to make sure the power switch wire is connected properly.

2 more replies
Relevance 34.03%

So my computer seems to have this trojan. All google/yahoo/etc. searches gets redirected to ads. I've read around and yesterday i ran a full scan using Malwarebytes' Anti-Malware which took 8 hours and if found 4 files but did not take action. Today i am still trying to fix the problem but Malwarebytes' Anti-Malware nolonger loads up.

It will not let me view antivirus software websites aswell as basically any place that would help me fix this problem, ie. techguy.org, i am using my noninfected laptop atm.
My infected computer also will not allow me to download programs suggested, ie. hijackthis, combofix, etc.

I fear the problem has gone way to far and the only way to solve it is for a full on reformat. I even tried downloading the file on my laptop and transfering it over by flashdrive, but after double clicking the file (hijackthis) it does nothing. Will not load up along with Malwarebytes' Anti-Malware.

Please help!!
 

Answer:go.google.com.....but worse..

bump

Can someone check out my thread and help me out?

- Did a scan with eset and trojanhunter, both found nothing. Scans run under quick and full and also in normal mode and safe mode.
- Google searches opens new tab (FF3) and redirects by go.google.com to advertisement.
- AV websites such as norton, mcafee, etc do not work (blocked by trojan).
- Previously installed software like Malwarebytes' Anti-Malware has stopped working as time goes by (work of the trojan?).

Someone suggested http://siri.geekstogo.com/SmitfraudFix.php to me, but it always gets an error and unexpected program termination when it is double clicked.

I am truly lost and really would like some help with this problem, it just gets worse the longer its been.
 

2 more replies
Relevance 34.03%

I'm pretty sure my Toshiba Satellite laptop (Windows XP, has Spybot and Symantec AV) has been hijacked by some hidden malware. It has started wreaking havoc on it. First it was keeping my internet uploading and downloading in the background. And now it won't allow my firewall to startup or give me access to the web through any browser.
I know other apps can access the web because I've updated Spybot and Symantec to try to clean this mess, but that has only partially helped.
The following is my Hijack this log. I'm hoping you can point my in the right direction on how to clean this. Hope to hear from you soon.

Thank you
Wizard Raz, Miami, Florida

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:00 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symant... Read more

Answer:Hijacked and getting worse

16 more replies
Relevance 34.03%

ok....i give up LOL
 

Answer:Problems are getting worse = new log

oh and also, the nortons "clean sweep/smart sweep log" picked up this
=
File 'C:\HP\KBD\PS2.DLL' added.
=======
and a lot more things, but the log is way to long to add here. Is the PS2 ok?
 

3 more replies
Relevance 34.03%

Before when i had a different monitor i had 250-300 fps on CS:GO on max settings, now i just get 20-120 fps and it usually drops to 60 fps. Could this be a problem with the monitor or just the hardware.(I have checked VSync and also this problem applies to other games)

Answer:Got a new monitor but now my fps is worse???

Monitors have very variable response times - some just a few milliseconds, others much higher. It might be worth checking out the specs of your old and new monitors. In theory, though, that shouldn't affect fps - monitor response time would only affect how quickly what's on screen reacts to any action you take (e.g. shooting).

1 more replies
Relevance 34.03%

Hi, I was wrestling with an infection of W32.trats!inf on a laptop - Windows XP home.

Norton Antivirus keeps finding it and has been unable to get rid of it, so I was attempting to remove it manually.

vtstr.dll is in the Windows/system32 folder along with various registry entries related to it

I just tried to boot into safe mode, and it now will not log in and says "Unable to log you on because of an account restriction" in both safe and normal boot modes

Any suggestions?

Thanks!
 

Answer:W32/Trats!inf gone from bad to worse

16 more replies
Relevance 34.03%

I have recently assembled a new system and it was working fine until a week ago i noticed that sometimes when i am not at the system it had restarted and now its getting worse. It turns off and turns back on with a very little gap sometimes hours sometimes just after i turn it back on after the shutdown (it turns off immediately without any warning or shutting down screen). When it turns off, the pcs power turns back on like as if it restarts but nothing would happen, even after holding the power button to force shutdown and then turn back on it wont start but twice or so it loaded up till the boot menue i guess but thwn it would go blank. i would have to cut the power and turn the power back on so that it turns on. It happens when i watch video and even when i play games also while the pc is idling. Few days ago before it was this worse when i was using my system, a bluescreen appeared and it said critical process died or something like that..
My system spec is:
Asus Z170 pro gaming
Intel core i7 6700 3.4GHz
Power supply Cooler master 600w
Asus GTX960 2GB black
Kingston HX426C15FB Hyperx 8gb x2
Cpu cooler fan cooler master 120v

Answer:pc keeps turning off and getting worse

Run Bluescreen view
post the results back on this page.
Its possibly a bad driver
1]: [click here

10 more replies
Relevance 34.03%
Question: Worse than Crabs

Bismillahir Rahman ir Rahim

I can't get rid of this adware. i purchased mcafee, i've run adaware in safe mode with this and that and still the popups and desktop links and toolbar installs return. here is my hijackthis log -- HOWEVER i am getting several error messages when i start scanning, included below:

An unexpected error has occurred at procedure:
modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #62 - Input past end of file

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred - scanning
* How you can reproduce the error - um, scan again
* A complete HijackThis scan log, if possible -- see below

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.0

This message has been copied to your clipboard.

An unexpected error has occurred at procedure:
modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=run)
Error #55 - File already open

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2800.1106
HijackThis version: 1.99.0

This message has been copied to your clipboard.

An unexpected error has occurred at procedure: modMain_CheckNetscapeMozilla()
Error #55 - File already open

Please email me at [email protected], reportin... Read more

Answer:Worse than Crabs

Why is this "worse than crabs"?
What are crabs worth?
Sorry, had to ask.....Have you done a trace back to the source?
Do you have a firewall? And, does it have logs and dates?
 

2 more replies
Relevance 34.03%

I have a Toshiba Satalite laptop (from around 2001) running Windows XP Pro. I bought it 2nd hand. About a month ago, we came down with a few viruses because my Windows Live One Care subscription ran out so I was naked for awhile...a friend bought Webroot, after installing program...within a couple of minutes every thing was back to good. Within 2 weeks, Total Security was making more of a mess than ever. So much so that I uninstalled Webroot and figured I would go with CA security suite only for it to load with errors, therefore it wouldn't do anything...Now it will let me connect to the internet but if I try to access my e-mail it says access denied. I am wondering if I am going to have to erase my hard drive (which might br harder than anything I've thought about doing. I have another computer that I am using for now but it's very slow! Can I download anything, put it oin a disk and run it on my laptop to clean it up? I don't know how to go about erasing/ (re/formatting). I have a disk that I made that says back-up from 2007. Would that have all numbers/files neccesary as I didn't get an original disk. I also found a 'registration number' file...Any and all help will be greatly absorbed.   

Answer:2nd time is far worse!!!

do you have your xp install disk and cd key?if not do not reformatdo you have anything important on it?did you try malware bytes super anti malware?also try avria and or AVGp.s. i am tring to use free soultions()

14 more replies
Relevance 34.03%

You may remember my post not that long ago about my having a trojan horse, well after getting help to clean it up everything was running prefect for about 3 days and now it has come back and it is now worse than what it was before I hope I can stay connected longer than 2 mins
 

Answer:Its back & worse than ever

9 more replies
Relevance 34.03%

I did a scan with Aol spyscanner and it found Coolwebsearch and AdminMagic 1.0 any idea what this is cause i ran CWS Shredder it didn't find any Coolwebsearch.I also ran ad aware and it only find cookies
Logfile of HijackThis v1.99.0
Scan saved at 12:59:31 PM, on 2/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Sy... Read more

Answer:I may have spyware or worse

6 more replies