Computer Support Forum

Worse than BSOD. Trojan or Virus. Urgent Help!!

Question: Worse than BSOD. Trojan or Virus. Urgent Help!!

Cause: Trojan or Virus. Unsure. Most likely contracted from an infected webpage/website.

I've never experienced anything like this before. There was no BSOD but this is so severe, I had to turn to the power off and am too scared to switch on computer.

Effect:
1. web browser (IE, version ?) couldn't function, except load homepage (which I have always set to Google). Error message:
Microsoft Visual C++ Runtime Library
Runtime error
C:\program files\internet explorer\IEXPLORER.EXE
R6025
-pure virtual function call

2.I tried to open Ewido. Error message:
Not enough quota is available to process this command.

3.Tried to open HijackThis but could not access hard-drive.Error message:
Not enough quota is available to process this command.

4.Tried again to open Ewido via shortcut. Error message:
This no longer exists. It might have been renamed, moved or deleted. Would you like to remove from list? (I pressed No)

5.Tried again to open Ewido. Error message:
Application failed to initialize properly (0xc000012d). Click to terminate application.

6.Tried to open Ewido again. Error message:
SecuritySuite.exe -Bad Image
The application or DLL C:\windows\system32\PSAPI.DLL is not a valid Windows image. Please check this against your installation diskette.

7.Opened Spybot, forced to download updates before scanning. Then couldn't find anything after scanning for only few seconds (unusual- scans always take over 5mins). Error message:
C:\windows\system32\SHDOCVW.DLL is not a windows image. Check this against your diskette.

8.Pressed scan button in Spybot to scan again but no response. Then when I tried to close it, Spybot started scanning (delayed response?). I kept trying to close Spybot because I thought it wouldn't work anyway. Then I tried to shut down computer but no response so I turned the power off. Computer is still off.

Thank you very much for reading this post. I'm sorry it was long, but since I don't know alot I put all the information I had. Help would be deeply appreciated.

Relevance 100%
Preferred Solution: Worse than BSOD. Trojan or Virus. Urgent Help!!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Worse than BSOD. Trojan or Virus. Urgent Help!!

Microsoft says this is a memory problem. Upgrade ram or increase your virtual memory, which assumes you have some free hard drive space.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/1495.mspx?mfr=true

If you have not done computer maintenance in some time, you might consider cleaning up unneeded files, startup items and doing a defrag (this would be especially a good idea if your going to increase virtual memory).
http://forums.majorgeeks.com/showthread.php?t=106650

1 more replies
Relevance 105.78%

Cause: Trojan or Virus. Unsure. Most likely contracted from an infected webpage/website.I've never experienced anything like this before. There was no BSOD but this is so severe, I had to turn to the power off and am too scared to switch on computer.Effect:1. web browser (IE, version ?) couldn't function, except load homepage (which I have always set to Google). Error message:Microsoft Visual C++ Runtime LibraryRuntime errorC:\program files\internet explorer\IEXPLORER.EXER6025-pure virtual function call2.I tried to open Ewido. Error message:Not enough quota is available to process this command.3.Tried to open HijackThis but could not access hard-drive.Error message:Not enough quota is available to process this command.4.Tried again to open Ewido via shortcut. Error message:This no longer exists. It might have been renamed, moved or deleted. Would you like to remove from list? (I pressed No)5.Tried again to open Ewido. Error message:Application failed to initialize properly (0xc000012d). Click to terminate application.6.Tried to open Ewido again. Error message:SecuritySuite.exe -Bad ImageThe application or DLL C:\windows\system32\PSAPI.DLL is not a valid Windows image. Please check this against your installation diskette.7.Opened Spybot, forced to download updates before scanning. Then couldn't find anything after scanning for only few seconds (unusual- scans always take over 5mins). Error message:C:\windows\system32\S... Read more

Answer:Worse Than Bsod. Trojan Or Virus. Urgent Help!

Some questions :- Which operation system you have Windows?XP?2000?- Is it upto date?- Go to START RUN and type dxdiag please tell which version of Direct X you have- Under Control Panel Software please tell us which version of Java you have- Do you have a legimite windows?- A work around to see what is causing the problem is to download Firefox here and install. In normal mode, run an online antivirus check from at least two and preferably three of the following sitesBitDefenderComputer Associates Online Virus ScanPanda's ActiveScanTrend Micro HousecallWindows Live Safety Center Free Online ScanThis scanner from Trend does not require an Active X to run. 1. Detects and removes malware ( viruses, worms, trojans, etc. ) 2. Detects and removes grayware and spyware 3. Restores damage caused by malware to your system. 4. Notifies about vulnerabilities in installed programs and connected network services. 5. Multi-platform support for: Windows, Linux, Solaris. 6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.Please try to run test nr.6 in Firefox and post the results to rule out any virus

1 more replies
Relevance 65.6%

I attempted running the tutorial for removing OpenCloud Antivirus. It was unsuccessful and Symantec keeps popping up about quarantined items. I've used this forums in the past and they were extremely helpful. Any help would be great or even a starting point. I've posted some of the error messages that pop up here.

Security risk detected: Trojan.Gen.2
File: C:\Users\ChrisV\AppData\Local\Temp\DWH316A.tmp

Security risk detected: Trojan.Gen.2
File: C:\Users\ChrisV\AppData\Local\Temp\DWH2D15.tmp
dds log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by ChrisV at 22:44:25 on 2011-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6389 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Wind... Read more

Answer:OpenCloud or worse Trojan Virus

attach.txt

31 more replies
Relevance 65.6%

Hi,

Last week I got a virus of some sort on my computer and ever since it hasn't been working properly and I keep getting a lot of pop-ups. Within the last few days I've also started getting warnings on my internet screens themselves. Everything is in red and it says Warning: You're computer needs to be scanned, viruses detected. I've been scanning it daily with avg, but it is never completely resolved. It may seem slightly better after the scanning but later it will be even worse than it was prior to the scan.

Please help! I don't know what to do....

Thank you!

Answer:trojan virus keeps getting worse on my computer

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through allthe steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 59.86%

My first post was
http://forums.techguy.org/malware-removal-hijackthis-logs/882018-random-pop-up-firefox-browser.html
which resulted in me waiting 25 days for a reply . . but to no avail.

I really hope someone can help my situation. Currently, my Norton Anti-virus corporation keeps finding a Trojan attack, with an infection in the file called A0007410.sys. Whenever I am inactive on this computer, the attack log comes up, showing that no action was taken to remove it.

I hope you can really help me - here is my latest hi-jack this log. Btw, Merry Christmas!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:24 AM, on 12/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Progr... Read more

More replies
Relevance 59.04%

my system is affected from "trojan win32 sirefef.o". it disables all my security softwares and makes my system too worse....i cannot find it in the task manager or registry.. so i dont know how to stop and delete this virus...please help me.....

guys i downloaded the malwarebytes and installed it. but the trojan ruined that in safe mode too..and also i cannot found any trojan win32.sirefef.o related process in task manager and no entriesi found in registry. now my system functions are malfunctioning one by one. even i cannot open a mp3 file. so please help me guys how to remove this trojan

Answer:Trojan virus...please help me...urgent pls...?

Hello, and welcome to TSF.

I am currently reviewing your topic. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

4 more replies
Relevance 59.04%

did a hijackthis scan and came up with this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:28 PM, on 5/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Compaq Connections\1940576\Program\Back... Read more

Answer:Need urgent help with trojan virus!

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
∑ Restart your computer
∑ After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
∑ Instead of Windows loading as normal, the Advanced Options Menu should appear;
∑ Select the first option, to run Windows in Safe Mode, then press Enter.
∑ Choose your usual account.
∑ Open the extracted SDFix folder and double click RunThis.bat to start the script.
∑ Type Y to begin the cleanup process.
∑ It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
∑ Press any Key and it will restart the PC.
∑ When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
∑ Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
∑ Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
==============

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!
... Read more

1 more replies
Relevance 59.04%

i've been out of the state for a month, and i come back to the computer which i think is infected with a trojan/key-logger.
my brother's been using it.

i havea windows xp professional, home edition, sp2
as much help i could get would be awesome!

thank you in advance
 

Answer:urgent: new trojan virus?

ONE of the viruses is the Trojan-Clicker.Win32.Tiny.h
 

2 more replies
Relevance 58.22%

I Don't know how to remove this Virus .

But Please help me remove this virus .. I have alot of imporant files in my computer please!

Answer:HELP! *Urgent* A Trojan.VBAgent Virus

Well, I'm no security expert but I suggest you to use your preferred Anti Virus application to scan your system. Once done, run 3 full scans of Malwarebytes Anti-Malware Free Download - Scan For Viruses Make sure to restart after each scan. Let's wait for the security experts to join in and give the more accurate suggestions.

9 more replies
Relevance 58.22%

Hi I need advice/ info/ help urgently.
Problems;
My laptop stared downwards spiraling over past two days. Anti virus has become slow/ non responsive. Access to internet has been blocked. Spam emails in email accounts.
And suspicious automated phone calls to my mobile phone about payment protection insurance, etc.
I cannot use Norton to resolve the issue and cannot download software from the internet.
Virus scan paused/ slowed down over these files;
Backdoor.Rustock.B
Backdoor.Rustock.A
Infostealer.Snifula.B
There are many other files also
The computer is a Hp Envy i5 running windows 8.
I have no experience with editing system files or removing viruses/ trojans.
I need urgent advice or help on what to do/ how to fix the problem?
Please help!

Answer:URGENT HELP NEEDED. Virus/ trojan. please help!

Welcome nick.. If you cannot use Safe mode with Networking then you must download from another system and run these from a Flash drive or CD.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode ... Read more

2 more replies
Relevance 57.4%

My computer is runnin extremely slow, my internet keeps tryna to sign on alone' an my viruse protector says sumthing like it can't find any viruses but knows sumthing isn't right... wat can i do to find a backdoor or virus an take it out? Please Help
 

Answer:Urgent... I know i got a virus or trojan backdoor how can i find it an get rid of it

11 more replies
Relevance 56.99%

i got problems with my pc. i got this trojan from msn called generic prockilla.a and my mcafee appears every 10 minutes saying it has been found and cleaned, but it is reproducing fast!
i need help soon to save my computer....please

Logfile of HijackThis v1.99.1
Scan saved at 7:07:37 PM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

Answer:Solved: MSN picture trojan virus!! Hijack This log! URGENT

9 more replies
Relevance 56.99%

Hi there,

I've got a computer running xp that has that horrible virus/trojan on it where you can barely use it because porno sites keep popping up. I'm not sure which it is or how to get rid of it. I ran trend micro housecall to scan it and spybot search and destroy, but it still hasn't gotten it off.

Here's my Hijack this log. Can you tell me how to get rid of it or what to check on the hijack this log that might do it.

Thanks

bluesy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:45 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1184376333\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\MATCO\BuzzSawService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.ex... Read more

Answer:urgent, virus/trojan with that porno popper thing, please help

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

===================

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
∑ It will ask if you want to update the program definitions, click Yes.
∑ Under Configuration and Preferences, click the Preferences button.
∑ Click the Scanning Control tab.
∑ Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
∑ On the main screen, under Scan for Harmful Software click Scan your computer.
∑ On the left check C:\Fixed Drive.
∑ On the right, under Complete Scan, choose Perform Complete Scan.
∑ Click Next to start the scan. Please be patient while it scans your computer.
∑ After the scan is complete a summary box will appear. Click OK.
∑ Make sure everything in t... Read more

1 more replies
Relevance 55.76%

Dear tech guru,

I got hit by the FBI virus a day and a half ago and later more viruses came in unexpected.
Here are the details of my computer and the viruses. I have already backed up my system, and ran the tdsskiller and otl. I would like to completely get rid of the viruses. Your help is greatly appreciated!!
I have a Toshiba Satellite U500
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3891 Mb
Graphics Card: Intel(R) Graphics Media Accelerator HD, 1721 Mb
Hard Drives: C: Total - 293220 MB, Free - 168130 MB;
Motherboard: TOSHIBA, JPTR
Antivirus: AVG Internet Security 2011, Updated and Enabled
I have AVG free edition anti-virus software 2013, and I kept getting messages that the computer has been infected with the following virus:
win 64/patched.A (AVG says it cannot be cleaned)
Trojan horse generic_r.BIO (AVG says it?s been removed but it keeps coming back like others)
Trojan horse downloader.Generic_s.E (AVG says it?s been removed but it keeps coming back like others)
Found Luhe.Sire fef.A (AVG says it?s been removed but it keeps coming back like others)
Logs:
OTL logfile created on: 10/22/2012 6:56:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessica\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Local... Read more

Answer:Urgent help needed to remove multiple virus :win64/patched.A and Trojan.

Hello and welcome to TSF.

I am currently reviewing your post. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification then click Subscribe.

Please be patient with me during this time.
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to continue with the cleaning, please continue with the following instr... Read more

19 more replies
Relevance 55.76%

--------------------------------------------------------------------------------

Dear tech guru,

I got hit by the FBI virus a day and a half ago and later more viruses came in unexpected:
I have AVG free edition anti-virus software 2013, and I kept getting messages that the computer has been infected with the following virus:

win 64/patched.A (AVG says it cannot be cleaned)
Trojan horse generic_r.BIO (AVG says itís been removed but it keeps coming back like others)
Trojan horse downloader.Generic_s.E (AVG says itís been removed but it keeps coming back like others)
Found Luhe.Sire fef.A (AVG says itís been removed but it keeps coming back like others)
I would like to completely get rid of the viruses. Your help is greatly appreciated!!

I have a Toshiba Satellite U500
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3891 Mb
Graphics Card: Intel(R) Graphics Media Accelerator HD, 1721 Mb
Hard Drives: C: Total - 293220 MB, Free - 168130 MB;
Motherboard: TOSHIBA, JPTR
Antivirus: AVG Internet Security 2011, Updated and Enabled
Thank you!
 

Answer:Urgent help needed to remove multiple virus :win64/patched.A and Trojan.

Hello deesw8!
My name is Gizzy and I'll be glad to help you with your malware problems.

Please note the following while we work:

The fixes are specific to your problem and should only be used for this issue on this computer.
Perform all actions in the order given.
If you don't know or understand something stop and ask! Don't keep going on.
Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
Please DO NOT run any tools or scans unless I ask you to.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use, Be assured, any links I give are safe.
The process is not instant, Please continue to respond to this thread until I give you the All Clean!. Absence of symptoms does not mean that everything is clear.
Topics not replied to within 3 days will be removed from my Subscribed Threads List.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your o... Read more

1 more replies
Relevance 52.07%
Question: Trojan and worse?

I discovered I had a problem when I couldn't keep "Show hidden files and folders" active in Folder Options. I re-download Avast AV and ran a scan and found some bad stuff. For the past 24 hours I've been reading info on the Web and trying to fix things on my own, but I need help, please. Thanks very much in advance!
Here's my DDS log and my attach.txt is attached.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Kiko at 4:08:53.71 on Wed 02/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.339 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090210-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAn... Read more

Answer:Trojan and worse?

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixDownload Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER.zip to your desktop from any of the links below:LINK1, LINK2Right click on GMER.zip and select "Extract All".Close all other open p... Read more

14 more replies
Relevance 52.07%

Hi, everyone....
A couple of weeks ago, someone overseas used my credit card number to buy themselves a free train ticket. Since I don't do much (and usually through PayPal anyway) Internet purchasing, there is only one other direct way they could have gotten it - by hijacking my Internet connection. (I could be wrong about this, but it's what I think anyway....)

I use AVG, but after this, I also installed Avast, which I allowed to do a full system scan. It found 4 Trojans on this system, all in the System Restore areas. Naturally, I deleted them.

Prior to this, I was having problems with MSI programs not loading right. After I scanned and got rid of a couple of viruses and those Trojans, this problem seems to have gone away. (In the midst of this, I also upgraded the system to SP3, which could have corrected the MSI problem anyway - no idea.)

What the system is doing now is breaking as I type, which implies that something may be making screen-shots in the background, and transmitting whatever to whoever is watching. This bugs me - what would be helpful is a raw logger that tracks everything transmitted or received via the Net, but I haven't seen such a tool for Microsoft. In Linux, sure, but....

System: 2.0 GHz HP Pavilion 533w, 512 MB RAM, Two 60 GB HDDs, USB 2.0 500 GB HDD, XP Home w/SP3, AVG, (Ad-Aware, Avast)

Here's my HijackThis log file:

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:56 PM, on 9/23/2008
Platform: Windows X... Read more

More replies
Relevance 52.07%

Hello everyone,

This is probably the very 1st time i have ever needed assistance this badly with malware removal...My spyware doctor picks up that i have a trojan called Trojan.Spambot, the file that it is in is called Rpcrt3.Dll, it is found in all of my Sv_chost prossesses as well, i have done safe mode, tried disabling everything that is Sv_chost related and i still cant delete this file...To my understanding what the trojan does is take up bandwidth and send spam e-mails....so the is not really a way for me to live with it, as i have tried, i would greatly appreciate any useful feedback...Thank you

Answer:Worse Trojan I Have Had

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.) If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.comWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An... Read more

6 more replies
Relevance 51.66%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:52:50 PM, on 11/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Azureus\Azureus.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll (file mi... Read more

Answer:Worse Trojan I Have Had, TROJAN.SPAMBOT

Ok......this is taking FOREVER

13 more replies
Relevance 51.25%

heres my HJT log thanks in advance!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:52:36 PM, on 29/11/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Trend Micro\Internet Security 2007\pccguide.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\ehome\ehmsas.exeC:\WINDOWS\System... Read more

Answer:Trojan Horse.. Or Worse!

Hello icesplinter and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Please also post the problems you are having.Thanks,Johannes

1 more replies
Relevance 51.25%

I'm trying to rid my work computer of a multitude of problems - a Dell GX620 running XP(SP2) with 1G ram. I get multiple popups, have trouble running acrobat, and it shuts down often. I've run various virus checkers, but most recently Ad-Aware and Spybot. Both had difficulty downloading updates. Ad-Aware found several cookies and win32.trojandownloader.zlob which kept returning after removing it and rescanning. Spybot stopped scanning 1/3 way through and got error during check! messages on coolwwwsearch and webdialer - neither of which I could "fix".

On startup, I get the following error messages:
*awtsq.exe - cannot access specific device
*could not run awtsq.exe c\windows\sys32\awtsq.exe
*error loading e\win\sys32\mlchivpu.dll
*during scan of files at system startup errors in sys reg found
p-07-0100 irql:1fSYSVER0xff00024
NT_Kernel error 1256
KMODE_EXEPTION_NOT_HANDLED

Here is the hjt file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:31 AM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\P... Read more

Answer:Suspected trojan just getting worse

After perusing some other threats, I've turned off all anti-virus (most of it was expired anyway), turned off the firewall, quit all programs, and logged off the internet, THEN run HJT and here's the log from that: (and actually, it's not my computer, it's a customers who I only have access to in mornings so I'll probably only have a few minutes longer on it today).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:27 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\tmw7\tmmail7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKLM\Software\Microsoft\... Read more

1 more replies
Relevance 51.25%

Spybot, Adaware and various other antivirus prog's get to a certain point and then just freeze.First thing i noticed was that my browser changed recently, then everythings slowed down. Here's the log.C:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\Program Files\Netropa\OSD.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Tyrone Carr\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM&... Read more

Answer:Maybe Trojan Infection Or Worse

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I apologize for the delay getting to your log, the helpers here are very busy.If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your Malware Problems.Make sure that you post the entire log, including the header information at the very top.If you have resolved this issue please let us know.

2 more replies
Relevance 50.84%

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

Answer:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

12 more replies
Relevance 50.84%

Today when i turned on my computer i was greeted to nothing after logging into my account as it just froze on my desktop screen for about 5 minutes. After 5 minutes or so then it slowly started to load( at extremely extremely slow speeds and do alot wierd things. A detection eventually popped up as being Trojan.Winup and has caused massive slow ups and annoyances all day. I thought i quarantinued the infection but it seems it still persists on. I really need this computer running normally again and really need help in fixing this problem. I have a Dell XPS 400 with Microsoft Windows XP Professional-------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:45:48 PM, on 2/17/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Clas... Read more

Answer:*Urgent*Trojan.Winup-Computer extremely messed up/virus detections=ETREMELY SLOW and unresponsive computer PLEASE HELP!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 50.84%

A few days ago I started getting a bunch of alerts from WinPatrol about new auto startup programs being detected with weird names (hajigira, etc.). Then I started get tons of popups... so many they would eventually crash my browser. I tried to disable the programs and remove them via WinPatrol, but they kept coming back. I think I got infected by having inadequate protection from an Anti-virus program that came with my ISP (which revealed nothing upon scanning) for the last month. So I uninstalled it and then purchased and re-installed the antivirus software I used for the past 3 years (Norton). Norton scan found 1 problem and removed it but I kept getting the WinPatrol notifications and popups. Then I tried SpyHunter which found adware and 2 trojans, but said it could not remove the trojans. I then bought SUPERanti-spyware, which found 130 problems (wow) and removed those. But now I am STILL getting WinPatrol alerts, browser popups (though fewer than before), and now errors when I startup and open programs because it appears some important files were removed or corrupted during the last removal. The system also seems very slow at times... I can barely get anything done. So, I hope you can help. Thank you in advance.

Here's my Hijack This file:
>>>>>>>>>>>>>>>>>>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:40 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7... Read more

More replies
Relevance 50.43%

this is getting worse and more intense. i cant load any drivers and when i go to check them it shows that they are functioning properly and up to date. and almost 1/2 my info in the system reads '0' in size. Whats that all about? and I cant get anything to recognize my mcafee, or a win32 document.
but now i have been wondering what could have happened to these few items....

(Task Manager)
escription
A problem caused this program to stop interacting with Windows.

Problem signature
Problem Event Name: AppHangB1
Application Name: taskmgr.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47918e94
Hang Signature: 81c8
Hang Type: 0
OS Version: 6.0.6001.2.1.0.768.2
Locale ID: 1033
Additional Hang Signature 1: 53f72d3f4124441cca0680ecd89a6848
Additional Hang Signature 2: db5a
Additional Hang Signature 3: 73b8e1bcf743f8e60d79d67d469cdb63
Additional Hang Signature 4: 81c8
Additional Hang Signature 5: 53f72d3f4124441cca0680ecd89a6848
Additional Hang Signature 6: db5a
Additional Hang Signature 7: 73b8e1bcf743f8e60d79d67d469cdb63

Extra information about the problem
Bucket ID: 342139870

(Genuine Windows Error)
"An unauthorized change was made to your license."
To keep your system stable, you must go online and validate that your software is genuine:
- Validate Online
- Close

Windows 6.0.6001 Service Pack 1

4/14/2009 4:19:13 PM
mbam-log-2009-04-14 (16-19-13).txt

Scan type: Quick Scan
Objects scanned: 69262
Time ... Read more

Answer:I am experiencing trojan difficulties, or possibly worse!

I also forgot to mention (not sure how i could forget) but I also wanted to make sure i mentioned that i had another Trojan about a week and a half ago that i thought mcafee deleted but apparently it didn't, and i also started experiencing media difficulties first.


Quote:




"Well first thin was, i couldn't get office live update to install. and then next problem(1 day ltr) I was trying to get some songs off my friends iPod ant it wouldn't let me. so i went to see if there was any up dates, and there was so i made sure they were compatible and i installed them. and then it still wouldn't work so i just went to the int. and downloaded some. while doing so i installed a flash player and Codec Pack - All In 1; cause my wynamp and windows media player wouldn't play some of them. and so forth. now i have two net frameworks 3.5 and programs hang, stop, and shut down unexpectedly.. But just so you know my sons dad was on the comp off and on for 3 days, and only god knows what he downloaded he thinks he knows his stuff. And although this isn't all I hope this will help you understand.
I am worried about a Trojan downloader or virus (last week I had one get blocked by mcafee)
I also haven't been able to locate drivers or completely uninstall things or open half of my files. Oh and i have limited administrative access and i am the main user. To anyone that reads this i am hoping you might be able to help me, any and all suggestions are welcome."

... Read more

1 more replies
Relevance 50.43%

As per the help from boopme, I'm moving this thread to this area for help.The original thread and story of how I got to this point is here:http://www.bleepingcomputer.com/forums/t/322967/cant-get-rid-of-nasty-trojan-horse-backdoorircbotlwm/Briefly, AVG free v.9 can find the Trojan Horse (but cannot remove it) at -- "C:\WINDOWS\system32\svchost.exe (1424):\memory_00400000";"Trojan horse BackDoor.Ircbot.LWM";"Object is inaccessible."& at "C:\WINDOWS\system32\svchost.exe (1424)";"Trojan horse BackDoor.Ircbot.LWM";""& although the number in parentheses changes with each running of the AVG.No other virus software I've tried -- including Norton, Malware, Spybot -- even note its presence.Since then, Norton also found & removed wdh2.exeAlso, the first time I open a browser (Firefox 2 or IE 7) and surf for anything, my browser gets hijacked to some random(?) site.Intrusion attempts after that, like the ones I described in the thread above, continue, but appear to be blocked by Norton.GMER and DDS logs below; the "attach" file from DDS is attachedThanks in advance for any help anyone can give me-- chicagoexpatMy computer/ops info:Dell Dimension 3000 ? Desktop/Tower modelProcessor Intel? Celeron? CPU 2.40GHz Processor Speed 2.34 GHz Memory (RAM) 2048 MB Operating System Microsoft Windows XP Home Edition Operating System Version 5.1.2600Service Pack 3I was originally running AVG anti-virus, I'm now running Norton Security SuiteVersion: 4.2.0.12 & AVG is uninstalled.Under... Read more

Answer:Trojan horse BackDoor.Ircbot.LWM or worse/more

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 50.43%

Dear friends, The other day I stupidly clicked on this link which purported to show a video of the LHC startup (how much of a nerd does THAT make me?):Link removedI was prompted for a Flash update which I stupidly assented to all the while thinking, "something's not quite right."Soon after I noticed that google search result links in Firefox were being redirected to various commercial sites. I switched to Chrome which didn't have a problem at first but soon developed the same problem If I requested that the link open in a new tab there was initially no redirect, but now it opens multiple empty tabs as well as the link and sometimes crashes Chrome.I was running AVG internet security (the pay version) at the time of the initial infection. Adaware, Malwarebytes etc. failed to find anything. I now have Kaspersky internet security installed and it has found nothing on the scan.My Hijack This log is below and also attached. Any help will be greatly appreciated.NickLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:48:31 PM, on 11/27/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32 ... Read more

Answer:Redirect Trojan---geting progressively worse

Have since been working on this a lot, following various advice. In case something's changed I've attached a new combofix log and SD report. Thanks for any help. The redirects continue to happen on almost all google links.

Nick

15 more replies
Relevance 50.43%

I've got a very strange problem that occured after I did a trojan removal. Surprising enough my computer worked fairly well while the trojan was busy doing whatever it pleased. I ran my weekly scan with malwarebytes and naturally it found the trojan, asked to remove and reboot. I allowed it to...reboot occurs. I'm feeling hunky dorie..and then I log in. For some reason some programs open just fine like before. Others only open after a solid 6 minutes. And others take even longer. I have not a clue what happened. I did a clean boot with all of the non microsoft services turned off to no avail. What in the heck happened?! any ideas?

Answer:Computer is working even worse after trojan removal?!

Welcome, I am moving this from Win7 to the Am I Infected forum.Please post that MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Also run these..Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

1 more replies
Relevance 50.02%
Question: BSOD getting worse

Hi,

I had problems with finding my laptop recovering from a crash. This has been going on for the past 6 months. I have no idea about these things, so I'm hoping, you could provide my some usefull information about what's wrong and how can I solve this issue(s).

Data is attached.

Thank you

Answer:BSOD getting worse

Additional information is required - not just the .dmp files.

1. Download the DM Log Collector application to your desktop by clicking the link below

DM Log Collector.exe

2. Run it by double-clicking the icon on your desktop, and follow the prompts.
3. Locate the .ZIP file that is created on your desktop, and upload it here in your next reply.

5 more replies
Relevance 50.02%

I have an almost new HP Pavilion dv7.

A week or so back I turned on my machine only to find it booted to an error screen which suggested Windows has failed to start then offering a 'Normal Restart' or 'System Repair' NO OTHER OPTIONS.

A Normal Start eventually brought me back to the same screen mentioned above. Next I selected 'System Repair'. The ONLY option now offered was 'System Restore'. With 'System Restore' selected a box appeared with about seven restore points. I tried them all in turn as each one I tried brought me to a screen stating that SYSTEM PROTECTION needed to be turned on for drive 'C'. Then returning me to 'Select a Restore Point'.

Intending to turn on 'System Restore' through 'Safe Mode'. I tried to get into 'Safe Mode' using 'f8' on a reboot to no avail. The above action takes place. 'Safe Mode' is NOT available.

At present the machine has decided on its own to boot up in 'HP Quick Web' which works. I don't even get any error messages now (re above), the 'Return to Windows OS' button goes through a process including 'Starting Windows' before returning to 'Quick Web'. NOW I can't even get out of Quick Web.

I feel sure that I could get the machine to boot into 'DOS' (where I first learned computers) IF I manage that, does anyone know how to edit the registry IN DOS to turn on 'System Restore'? The registry is a complete mystery to me anyway.

I would like to add, that I NEVER run my machine with retore turned off, it has saved me many times. ... Read more

Answer:WORSE than the BSOD

Maybe here? Need Registry to Turn On System Restore (Win 7)

Can you open a command prompt or open run? http://www.ehow.com/how_6536140_use-...p-created.html

6 more replies
Relevance 50.02%
Question: Bsod got worse

Hello, my laptop is not turning on after this error. I used to see this error almost every other day. I thought it's nothing serious.. I even don't see any battery light (on laptop) when I connect it with the charger. I really don't understand what's the main problem.. I bought the laptop 9months ago. I can't say if I need to change the battery. It's aspire v17 nitro. One last thing I want to add is I'm having this error after upgrading to Windows 10 from Windows 8.1. Please someone help me

Answer:Bsod got worse

Hi Zarminaehsan,

This sounds like a bug due to the upgrade.
I suggest to perform a clean install and let me know how it goes.
Windows 10 - Clean Install - Windows 10 Forums

1 more replies
Relevance 49.61%

PLEASE Help Me!
I contracted the trojan.vundo virus and have tried to use pocudures in this forum and others to remove. I have not been successful. I have tried VundoFix, VirtumundoBeGone, Adware, Spybot, and Spysweeper. I have gone into Safe Mode before running and installing these. Spybot said that it clean the virus, but I am still getting the Symatec AntiVirus Notification window that I still have the Trojan.Vundo virus. Symantec recognizes it, but cannot quarrantine or clean it. The virus file location is C:\WINDOWS\system32\vtsqp.dll. I have been using Symantec for several years with no problems, but now it does not automatically load.

On top of all that, by running AdAware and Spybot, I have rendered other desktop icons unusable.

Please help me! I thought I could fix this, but obviously not. I appreciate some expert help. I can follow instructions - I promise. Thanks in advance.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:45 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\C... Read more

Answer:Cant remove Trojan.Vundo, now I've made it worse, HJT log incuded

bump
Update - My desktop is back in business. I deleted the downloaded VundoFix, VirtumundoBeGone and spysweeper. I removed and reinstalled symantec. it found a few things and cleaned two of them. Still running slow and still getting picked up by symantec. 2 could not be cleaned or quarrantined.
- trojan.vundo
- w32.trats!inf

Happy to post new HJT log. I appreciate a response! Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:10 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Sony\VAIO Media... Read more

1 more replies
Relevance 49.2%

I've been having occasional BSOD for about a year now. It has gotten worse in the past week or two, to the point where the computer will get a BSOD before reaching the desktop sometimes. I don't do any gaming, mostly just browsing the web and work related things (excel etc..). My computer won't stay on long enough for me to complete SysnativeFileCollectionApp. I ran it twice, zipped teh folder, and attached what it could fix. I've tried updating the all the drivers, even used a less recent display driver The computer will even BSOD in safe mode.  In the perfmon report it says the audio drivers needed updating, I updated those and am still getting BSOD.
 
Any help would be greatly appreciate! 
· OS - Windows 8.1, 8, 7 or Vista? Win 7 Ultimate· x86 (32-bit) or x64 ? x64· What was the original installed OS on sthe ystem?Win 7 home upgraded to Ultimate · Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)?Custom computer purchased Ultimate from my university. · Approximate age of system (hardware)5 years old · Approximate age of OS installation (if you know)4 years · Have you re-installed the OS?No · CPU AMD Phenom II X6 1100T · Video CardATI Radeon HD 4200 · MotherBoard (if NOT a laptop)T-Series · Power Supply - brand & wattage (if NOT a l... Read more

Answer:varying BSOD's every 15 min or worse

I'm suspecting an AMD device - maybe an ATI video card?Also, lot's of video errors in the WER section of MSINFO32 You have a NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter:I do not recommend using wireless USB network devices.These wireless USB devices have many issues with Win7 and later systems - using older drivers with them is almost certain to cause a BSOD.Should you want to keep using these devices, be sure to have the latest Win7/8/8.1 drivers - DO NOT use older drivers!!!An installable wireless PCI/PCIe card that's plugged into your motherboard is much more robust, reliable, and powerful.Memory dumps also point at hardware.  Please start with these free hardware diagnostics:  http://www.carrona.org/hwdiag.htmlStart with the video tests, as that's what I suspect is the problem. AMD OverDrive (AODDriver2.sys) is either a stand-alone application, or a component of the AMD VISION Engine Control Center.  This driver is known to cause BSOD's on some Windows systems.NOTE:  these symptoms were from the previous release of OverDrive.  The new release uses the same driver name, but is dated from 4 November 2013.Please un-install all AMD/ATI video stuff from Control Panel...Programs...Un-install a programThen, download (but DO NOT install) a fresh copy of the ATI drivers from http://www.amd.com (in the upper right corner of the page)Use this procedure to install the DRIVER ONLY:  http://www.sysnative.com/forums/showthread.php/668-A... Read more

6 more replies
Relevance 49.2%

Second thread I've made, first one went unheard and the problems are getting worse.
Google chrome now randomly gets the 'grey aw,snap screen', and BAD_POOL_HEADER
BSOD are more frequent. Computer works fine most the time, just when using chrome/installing things the PC crashes. Minidump files are attached, PLEASE HELP!!


EDIT: Added Driver Verification files,

BSOD screens are more and more frequent now, during bootup, opening internet tabs, and just idle.
Thanks for the help so far Yowan
Please help me

Answer:Problems worse - BSOD

Are you using League of Legends? It appears that its launcher is causing issues on your system
Run Disk Check and a scan of Malwarebytes

Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 19, {20, fffff8a0090587a0, fffff8a0090587d0, 503010a}

GetPointerFromAddress: unable to read from fffff800030fe100
Probably caused by : Ntfs.sys ( Ntfs!NtfsRemoveHashEntry+e2 )
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the current request.
This may or may not be due to the caller.
The internal pool links must be walked to figure out a possible cause of
the problem, and then special pool applied to the suspect tags or the driver
verifier to a suspect driver.
Arguments:
Arg1: 0000000000000020, a pool block header size is corrupt.
Arg2: fffff8a0090587a0, The pool entry we were looking for within the page.
Arg3: fffff8a0090587d0, The next pool entry.
Arg4: 000000000503010a, (reserved)

Debugging Details:
------------------
BUGCHECK_STR: 0x19_20

POOL_ADDRESS: fffff8a0090587a0

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

PROCESS... Read more

9 more replies
Relevance 49.2%

Hi everyone.
I built a custom gaming PC a week ago and unfortunately haven't been able to get peace ever since. I've been seeing "KERNEL_DATA_INPAGE_ERROR" or "CRITICAL_PROCESS_DIED" BSOD, and my games have been randomly freezing 1-3 secs randomly (sometime never in several hours, sometimes twice every minute). Other than the freezes (where PC wont respond to alt-tab etc.) the games run butter smooth at around 55 fps. I play system intensive games such as Crysis 3 and Shadow of Mordor. After the freeze the game continues running with 55 fps , no micro stutters or anything. The GPU and CPU temperatures seem normal. What I've done:
- Ran CHKDSK - no error found
- Installed games on a different HDD and ran them from there to make sure the problem was not with the SSD - issues not resolved
- Ran memtest86 for one hour (4 cycles I think) - no error found
- Removed one of the two RAM sticks to try each of them out alone in different slots. Interestingly using a single ram I get significantly less frequent BSODs, but still do with each of them. This makes me think the issue might be with the MoBo?
- Ran Hot CPU Tester Pro diagnostic overnight. In the morning I saw that the PC had crashed and restarted and the screen displayed the warning "Your PC ran into an Error and had to restart".
After running the Hot CPU Tester Pro, my games are freezing at least 3 times more often and for longer periods, making them unplayable. Just now I had Mordor freez... Read more

Answer:BSOD and freezes that keep getting worse

Update: Wow...major WTF moment. It seems like I found the culprit. I connected the SSD (where Windows OS is installed) to another sata port with another sata cable. All issues disappeared. So from the looks of it either the SATA port is defective or the cable is. Will test tomorrow as I'm currently exhausted.

How on earth can this have caused so many issues?! So if there is an issue with the hardware where the OS is installed:

a) your PC gets several different types of BSODs (btw had another different error today: " KERNEL_DATA_INPAGE_ERROR (luafv.sys) " and "System Thread Exception Not Handled"
b) You get these errors only when playing games, and games keep on freezing randomly 1-20 seconds
c) this happens even when the games are run from external drives...

Seriously what the hell... Will change as solved tomorrow after further testing. I would be happy if an expert could still check the DMP files to be sure.

6 more replies
Relevance 49.2%

I have been getting the BSOD almost every time i use my laptop. Been getting worse over the last few months. Any help would be appreciated!!
I have zipped and attached the dump files..

Answer:BSOD Getting worse over months

Hello and Welcome !

Seems like the Dumps are pointing to igdkmd64.sys i.e. Intel Graphics Kernel Mode Drive go to this website and download appropriate drivers including chip set drivers and install it http://downloadcenter.intel.com/Default.aspx.

Run a Hardware Diagnostic (Memory and Hard Drive) follow this link for instructions Hardware Diagnostic !! ? Captain Debugger

Run SFC /SCANNOW Command - System File Checker

Update the Following Drivers:


Code:
SiSRaid2.sys Wed Sep 24 23:58:20 2008
nfrd960.sys Wed Jun 07 02:41:48 2006
mdmxsdk.sys Tue Jun 20 02:57:26 2006
lsi_fc.sys Wed Dec 10 04:16:09 2008
arc.sys Fri May 25 02:57:55 2007
adpu320.sys Wed Feb 28 05:34:15 2007
adpahci.sys Tue May 01 23:00:09 2007
adp94xx.sys Sat Dec 06 05:24:42 2008
Bugcheck:


Code:
INTERRUPT_EXCEPTION_NOT_HANDLED (3d)
Arguments:
Arg1: fffff80000b9c0c0
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: fffff880044b8f59

Debugging Details:
------------------
CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3D

PROCESS_NAME: System

CURRENT_IRQL: 8

EXCEPTION_RECORD: fffff80000b9c858 -- (.exr 0xfffff80000b9c858)
ExceptionAddress: fffff880044b8f59 (igdkmd64+0x00000000000b3f59)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: ffffffffffffffff
Attempt to read from address ffffffffffffffff

TRAP_FRAME: fffff80000b9c900 -- (.trap 0xfffff80000b9... Read more

4 more replies
Relevance 49.2%

Blue Screens have been getting more and more common with my current setup.
My build is about 8 months old, and all the parts were bought from new.
Ive got a feeling that its either linked to my graphics card or my memory (theres a possibility that my memory may not be compatible with my MB) but would like a second opinion before i put it on ebay and buy some different memory.
The OS is retail and 64bit.
Gonna run memtest now to see if anythin occurs and will post if anything happens.


Any help is as always greatly appreciated!


cheers

Ben

Answer:BSOD's are gettin worse!

Your RAM may be the cause, test it with Memtest
RAM - Test with Memtest86+

Remove Sensorview from STV Software - Home, its driver is old and not compatible with Windows 7

Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: fffffa8206414988, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
bit 0 : value 0 = read operation, 1 = write operation
bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff80002f80077, address which referenced memory

Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80003107100
fffffa8206414988

CURRENT_IRQL: 2

FAULTING_IP:
nt!MiIdentifyPfn+317
fffff800`02f80077 488b4118 mov rax,qword ptr [rcx+18h]

CUSTOMER_CRASH_COUNT: 1

DEFAULT_... Read more

3 more replies
Relevance 49.2%

Hello,

since beginning of 2011 I have system shutdowns that partially come with a BSOD. It happens randomly and is not depending on specific programs running. It also might not happen for a week or so and then out of a sudden several times within an hour.
I tried to solve the problem by formatting my C-Drive and do a fresh reinstallation without success. Updating graphics drivers did not help either. Running Memtest+ and hard drive diagnosis tools did not show a hardware related problem.

Anyone who can help?

I added dump files and system information to this post:

Attachment 146739

Attachment 146740

Answer:BSOD over the last 3 months, getting worse

Hi and welcome,
Run Driver Verifier: Driver Verifier - Enable and Disable

Dean

Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck D1, {1c, 2, 1, fffff880018e787e}

Probably caused by : tcpip.sys ( tcpip!TcpBeginTcbSend+33e )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 000000000000001c, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000001, value 0... Read more

5 more replies
Relevance 49.2%

In interest in providing enough information:
I have no pending updates and updated nvidia drivers yesterday to see if it would help the game at all. I believe it had no effect on the BSOD issue.
Also, I noticed the Health Report says I have no anti-virus but that is incorrect as I run Avira and just updated. The security center knows this so not sure why report doesn't.
This error is not always recorded and I had some .dmp files that were corrupt.
It has become worse over the past two weeks with no hardware changes to the pc.
More obvious when playing a game like Skyrim but even last night, crashed just idling.
The game last week was hanging, everything slowed and even if I could get a clean shutdown, it would usually bluescreen right after. Many of those were not recorded as there were about 10 in the past week.

Next, when rebooting today, I received the "C: Volume is corrupt message and can't be fixed. Please run autochk." I could get into safemode. However, running repair pc from Advanced Options allowed me to finally boot so I guess the dirty bit was reset.

Finally, historically I have had issues when rebooting where I have to change the SATA port to get around the "Disk Error Press Ctl Alt Del" to restart. Recently, I have also had the reboot give the "no bootable media" message.

I put my specs in profile, I hope that helps. I'm really just trying to narrow down if it's the hdd, motherboard or windows. i don't want to reinstall yet if ... Read more

Answer:BSOD: KERNEL_DATA_INPAGE_ERROR 7A: getting worse...

Typically caused by a bad block in the paging file or disk controller error. Please run chkdsk

Disk Check

1 more replies
Relevance 49.2%

Please help!!!! My computer has been encountering various issues, the most severe has been the uninstalling of all installed printers. The issue first occured when we were not able to print using our photo printer, shortly after the photo editor application would be force closed everytime the "Print" button was clicked. Now all printers have been uninstalled without our doing. McAfee occassionally finds PrcViewer but cannot fully delete it.

Last scan came up with three detections (the two cookies were automatically deleted):
Cookie-Advertising
Cookie-Insightexpres
PrcViewer
HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:42 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGR... Read more

More replies
Relevance 49.2%

I have a friends computer that won't allow the internet browser to function properly and won't play youtube videos. I noticed the following in the task manager: (refer to screenshot060, screenchot090). In which the things that look a little fishy like csrss.exe I try to close them and it comes back as access denied. When I restart the computer it says "Unable to set hook?" with an Nvidia header.  Any help will be much appreciated!![recovering disk space, attachment deleted by admin]

Answer:Virus or something worse?

Sorry I ran out of room on the OP. Also sorry for the size I would use an image host but the virus(s) won't allow it.[recovering disk space, attachment deleted by admin]

14 more replies
Relevance 49.2%

What brought me here is a problem reinstalling my adobe CS1 - I had problems with acrobat and had to uninstall the entire suite.  I was unable to reinstall...it got just so far and then just 'hung'.  I spoke the the Dell cust. svc person who insisted I had to reinstall windows (which is a last resort).  I thought I may have an intruder on my computer so I followed all the directions or what to do BEFORE I post my question...all the downloads, scans and logs.  I am currenly running windows xp professional on a dell laptop.  I am posting my logs and hope someone can HELP ME!! [recovering space - attachment deleted by admin]

Answer:do I have a virus ...or worse?

Open Hijackthis and select Do a system scan only.Place a check mark next to the following entries: (if there)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)Important: Close all windows except for Hijackthis and then click Fix checked.Exit Hijackthis.I don't see anything malicious, have you tried to do any repairs to windows?Here are a few methods to try.Do you have an XP CD?If so, place it in your CD ROM drive and follow the instructions below:Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)Let this run undisturbed until the window with the blue  progress bar goes awaySFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.----------1. Download IEFix.zip and run it.2. Click the Apply button.3. You'll be prompted for the Operating System CD or the Service Pack Files location.4. Once finished Restart Windows. If you�... Read more

1 more replies
Relevance 49.2%
Question: Worse Virus EVER!

I am running Vista on my HP Pavilion e9150t and got a bad virus. I logged onto my computer and all my picture files are there and I can access them, however, when I go to save them onto thumb drive etc. everything is shut down. My internet is wiped out, as well as my Dvd drive. It will not let me open or send anything to my thumb drive, external hard drive or bluetooth. I can still use my camera cards though.

My Avast has been shut down and so has my security center. It wiped out Spybot and hackthis, Malebytes still scans (unsuccessfully). It will not let me boot in Safe Mode of any find. Firewall is shut down too.

This is one of the several error messages I get. "the dependency service or group failed to start"

I back-up my files once a month, but have about 100 pictures that have not been backed up and I have to try to save them. Please help!
UPDATE: Malware bytes completed a scan and this time found 2. They are Malware.Generic (file) and Disabled.Cryptsvc (Registry Data)
 

Answer:Worse Virus EVER!

You'd be best posting this under the Security & HJT section mate. Use "Report" at the bottom of your message and somebody will move it for you.
 

2 more replies
Relevance 49.2%

Hi there! While I've been lurking here in the shadows learning from all of you, a nasty virus has decended upon my computer. It's the dreaded FBI virus, even though the pictures do not look exactly like the ones posted on this site, it's a moneygram, pay up or this will stay on your computer forever virus.

So I did some research here on what to do, but it's getting worse. Here are the steps I've taken:

Using Windows 7, Premium Home edition
Boot in safe mode with networking.
Downloaded Rkill and ran it.
Downloaded emsisoft antimal and ran it.
It quarantined 7 threats - 6 high risk, 1 medium risk.
I selected for it to quarantine, but it gave me a message that there was an error and it could not quarantine 3 of the files.
I tried to delete the items out of the recycle bin and it gave me the message that my recycle bin was corrupt.
I was trying to figure out what to do next when the white FBI screen took over in safe mode.
I rebooted in safe mode again, and every time, the FBI screen appears.
I'm also getting the message that emsisoft has encountered an error and it cannot load.

Please help. I'm at my wits end.

Answer:FBI Virus - getting worse!

Can you boot into safemode with networking?

Do not run any other tools when you are being assisted.

11 more replies
Relevance 49.2%

Hello and thanks for your time and help in advance... My wife was on Facebook on my school laptop and got hit with a Trojan complex. I am farely computer savy and ran the laptop in safe mode and ran Malwarebytes, it found and removed 8 things, I have the original log and will post it. When I restated in normal mode, I reinstalled symantec endpoint protection and the active scan quarantined a trojan. Also, as requested, I will attach the dds.txt and attach.zip logs from dds.scr. I also have a hijackthis log that I will attach if you need that as well. Once I had run Malwarebytes in safe mode, I also installed and ran Spybot S&D, unhide.exe(all my shortcuts from the desktop were made hidden, and all shortcuts within folders on the start menu are still gone, unlike the destop shortcuts after running unhide.exe...it also fixed right clicking on the desktop and choosing "next destop background". Also, right clicking on my computer and clicking "Manage" says the file is not found! I am not sure what else is screwed up but was hoping the logs and a fine computer savy buddy can help... . I will give as much info below and hope that it will be all you need, if not pleae ask:

Initial Virus attack descripton: multiple popup message boxes opened and said something like "Warning! Hard disk failure, fix now..." I immediately shutdown the computer and rebooted to safe mode and ran the above programs. I believe that the Symantec Endpoint protection... Read more

Answer:Trojan erased my start menu shortcuts and possibly worse

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427787 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 48.79%

Having an issue playing steam games, which results in a BSOD code 116. Has been occurring for about 2 months, and it has been progressively getting worse (usually steam games, and once after watching about 6 hours of videos). I have used this forum multiple times in the past, and really appreciate the help I have received, thank you all.

Initially I could play a game for several hours before the computer died, then it was several minutes, now its several seconds.

Tried updating graphics driver and reverting to an old driver, neither seem to have helped.

I am probably due for a reformat and new components, maybe a totally new computer at this point, but I would like to get this up and running again. Not opposed to either of those things being part of the solution.

Please see attached BSOD files (per forum instructions) and below system information. Ran the Driver verifier, and (classic) figured I could ignore the backup step and had to restore to a backup from last week.

Thank you all for your help. Please let me know of any additional information I can provide regarding this issue.


Best,
triman

OS - Windows 7
? x64
? What was the original installed OS on sthe ystem? - Windows
? Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? Bought it from my university, so "full retail"
? Approximate age of system (hardware) Built th... Read more

Answer:BSOD Code 116. Issue seems to be getting worse

Had another BSOD this morning. I have attached the dump file.

After doing more research, this seems to be a hardware issue, but I don't know how to troubleshoot it. Any help is much appreciated.


Quote:




Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: 116
BCP1: FFFFFA80068EC390
BCP2: FFFFF8800FBFA2BC
BCP3: FFFFFFFFC000009A
BCP4: 0000000000000004
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\032915-11559-01.dmp
C:\Users\Citadel\AppData\Local\Temp\WER-22308-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

2 more replies
Relevance 48.79%

At first it seemed my girlfriends computer would only BSOD when she was playing World of Warcraft, but after 3-4 times of her taking it to the staples where she purchased it, I've decided to just come here.

She was going to buy a whole set of crap that I really don't think her computer needs/ wouldn't solve the issue. At this point I've tried everything I can think of but these crashes have become increasingly random and I'm beginning to suspect they actually have nothing to do with WoW, but since she plays it all the time it looks like the obvious culprit. I think it's a damned red herring! So now I come to actual experts in the hopes that you fine people could help. Hopefully I have correctly attached the files

Answer:BSOD issues running WoW gotten worse.

Hello and welcome to Sevenforums!

The problem is memory corruption, run MemTest86+.

RAM - Test with Memtest86+

3 more replies
Relevance 48.79%

Hello everyone!


This is my first custom built computer. I have had it for 3 years. About a year ago very seldomly I was getting the BSOD. I have dual monitors and attributed it to the new graphics card. I went back down to one monitor but have been seeing the BSOD more frequently. I was not using my computer for the past 6 months as I was out of the country... when I got home my husband told me about the frequency and what it was doing. Randomly I get a CPU overheating message but I have 4 fans in proper flow and when I check the temperature it reads fine. It is also set on energy saving not perfomance so I know it is not straining my system. I uploaded my mini dump file. I appreciate any help. I need my pc for work. THANKS!

Answer:BSOD completely random and getting worse

Code:
BugCheck 1000007E, {ffffffffc0000005, fffff88002f23314, fffff880037382c8, fffff88003737b20}

Probably caused by : athurx.sys ( athurx+100314 )

Code:
Usual causes: Insufficient disk space, Device driver, Video card, BIOS, Breakpoint with no debugger attached, Hardware incompatibility, Faulty system service, Memory, 3rd party remote control

Code:
CONTEXT: fffff88003737b20 -- (.cxr 0xfffff88003737b20)
rax=0000000000000000 rbx=fffffa8012189050 rcx=00000000ffffff8f
rdx=0000000000000018 rsi=0000000000000028 rdi=0000000000000000
rip=fffff88002f23314 rsp=fffff88003738500 rbp=fffff8000342f280
r8=0000000000000003 r9=00000000000000c5 r10=00000000000157c8
r11=fffff880009b3101 r12=fffffa80124399f0 r13=0000000000000001
r14=0000000000000000 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00010246
athurx+0x100314:
fffff880`02f23314 8b1490 mov edx,dword ptr [rax+rdx*4] ds:002b:00000000`00000060=????????
The device driver has caused a address violation exception, by using a null pointer.


Code:
4: kd> lmvm athurx
start end module name
fffff880`02e23000 fffff880`02ffe000 athurx T (no symbols)
Loaded symbol image file: athurx.sys
Image path: \SystemRoot\system32\DRIVERS\athurx.sys
Image name: athurx.sys
Timestamp: Wed Jul 28 13:01:39 2010 (4C501C23)
CheckSum: 001DD606
ImageSize: 001D... Read more

2 more replies
Relevance 48.79%

So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost.

I thought I had everything under control until today when I changed from Norton internet security to my Iolo System Mechanic anti virus. I decided to swap so I can use a special firewall that gives me very user friendly control over everything that goes in or out of my pc. That's when it happened.

When I clicked block all traffic to stop the misc connections that svchost was trying to make, I ended up getting around 20-50 error messages, a pop up fake virus scanner that ive never seen before, and everything on my computer was "gone". Odds are it was just a fake overlay or it turned everything to read only and invisible, but I decided to say F-it and did another format. Now I will provide the data that I have so that hopefully someone can aid me in fighting this thing.

After my format, the very first thing I installed was my mobo driver to connect to the internet. the MOMENT I had internet access again the svchost issue came back. that is it starts to eat up huge chunks of memory as well as cpu usage.

With the windows process explorer I can clearly see what the drain is from.
Under the tcp/ip connection tab, there are tons and tons of random IP's trying to connect to the internet, and as some are closed new ones open up. While this is not the cause of t... Read more

Answer:svchost virus, or something even worse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 48.79%

I downloaded a Demo called spamfighter. It seemed to work ok but it just puts the files in a special folder. I let the time run out and tried to delete it.
I used add remove because it didn't have an Un Installer. To my amazement it connected to the webb and asked me why I didn't want it. I tried to tell them I didn't need it and could find no place to click to erase it. I left the site. Itied several times to remive it, and always ended up on the webb.
I persisted in erasing all the files associated with it and could not erase a file called Proxy.dll, It always comes up access denied so I renamed it Fart.sssss!
How ever since then I can not get email or any webb pages when connected to the webb. What can i do? I'm running XP Home edition!!
 

Answer:WARNING I got something worse then a Virus.!!

Sounds like a nasty bit of software if it does that to your pc.
First I would run anti virus then spyware like spybot and ad-aware, these are good spyware killers not like what you downloaded.

Before you do anything make a restore point so at least you can get back.

Then go to START>RUN>type MSCONFIG then go to the startup tab and uncheck it if it is there.

Then I would look for any registry entries do this>

start>run> type regedit>go to the edit tab>select find> then type in the name of that file, delete all found files>.

WARNING**** make a backup of any file you delete from the registry, just in case you damage the registry.

Reboot and see what happens, If you still have the prob you may need to repair your registry and windows xp.

to repair registry go here

To repair xp go here or do this>
How to go about Repairing Windows XP
1. Put your Windows XP Install CD into your CD-ROM drive.
2. Reboot your computer.
3. Let your system boot off of the CD.
4. Let the Setup go through the first part of the Installation procedure.
5. When you come to the screen in which it says "Welcome to Setup." press Enter to Setup Windows XP.
6. Press F8 to agree to the End User License.
7. Let the Setup search your system for previous versions of Windows.
8. When the Setup is finished searching your system, select your Windows XP Installation and press the R key on your keyboard to start the Repair Procedure.

This is the part that might m... Read more

1 more replies
Relevance 48.79%

I have started this topic before, but was not able to finish. Now the rediredct is getting wors all the time to the point my casual computer use is very difficult.

My kids *(grand kids) playing games are probably the cause.

I get redirected when doing searches and get a virus scan occasionally that tries to say I have problems - which i do.

I have ran the defogger and created the gmer scan. My computer locks when doing the gmer scan so I will give the dds.txt . and then run gmer. I don't see how to atach the Attach.txt file so if you need I have it on my desk top.

Thanks Philby
DDS (Ver_10-03-17.01) - NTFSx86
Run by Tad Ackerman at 11:55:43.28 on Sun 08/08/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1084 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.... Read more

More replies
Relevance 48.79%

Something is eroding my system. Trojan.W32.Generic!BT continues to pop up in Vipre scans. It redirects me on the internet, and does not allow other security software to run. Please help. I can post a HiJackThis log.

Answer:I have a virus that keeps getting worse Troj

please send me the full detail about what the virus doesThanksThe Wiz

3 more replies
Relevance 48.79%

Elsewhere a while ago I posted in this forum that I was getting odd logs in Norton with messages of it blocking constant attacks, but I thought that was all there was to it. Wondered what it meant. The computer froze but I didn't seem to have any other problems at the time.

Since I had not heard I;ve done a little more digging, and it's worse than I thought. I can't boot into safe mode -- I get a blue screen of death. And I can't use system restore, it's been disabled and if I try to restart the service it gets stopped almost immediately. So there's likely a virus in there.

I ran malwarebytes and superantispyware (something I'd do in this situation anyway), which found a couple of issues that I deleted but the computer still has the same issues -- and I'm waiting for it to freeze.. so either the virus is still there, or it's done enough damage that I won't get my safe mode back. And none of the programs -- norton, malwarebytes or superantivirus find anything wrong any more.

I did not want to run combofix until someone from the bleeping side responded...but I'm beginning to think maybe I should try it since otherwise my option is to backup and then wipe the drive and reinstall windows? Please let me know....if that makes sense? I kind of need to get this computer back....

Incidentally, thanks to all of you on the bleeping team. What godsends you are. I know you've got a lot on your plates..so understand your... Read more

Answer:It's gotten worse. I have a virus but I can't find it....

It would help if you could post the logs from those scans:If you do not have those logs then perform the following:Download the following:Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to sc... Read more

7 more replies
Relevance 48.79%

We have two laptops in the house, both of which use the same router. One of them has come down with a redirect virus, but unfortunately I haven't been able to find either the name of the particular program that it has nor a removal program guaranteed to remove it. Not for free, anyway, but at this point I'd probably even pay for it.

What I've Done:
Scanned with AntiMalwarebytes. -Can't detect virus.
Restored System to Date- System doesn't store a late enough date to remove virus.
Run another Antivirus Program that removed it, only to have it reappear a few days later.

Symptoms:
Redirects to unwanted sites from links.
Disabled all practical use of Firefox, had to download Chrome.
Attempts to alter system files from program files location. (This caused tons of popups and forced me into safemode.)
Occasionally, as in nearly once a day, the internet won't work for either laptop even though the router has full bar reception. It stands only like, ten feet away from where we use the laptops, so it usually isn't a reception issue. The resulting error detection says something about the DNS and server location of the website. This has led me to suspect the virus is in the router.

We can still use the internet on the infected laptop, for now. I'm worried it might spread from the router to my laptop, though I'm not sure that's possible. Both computers have DNS lookup problems on a fairly regular basis that last for a few minutes and then stop. ... Read more

Answer:Redirect Virus-I Really Need Help Before It Gets Any Worse!

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

9 more replies
Relevance 48.79%

well... don't think anyone needs backstory so here it is...Something changed my background to a red active desktop picture that says your privacy is in danger download privacy protection software now. Online porn icons keep appearing and task manager, registry editing, and My Computer are disabled. Here is the hijack this log... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:55: VIRUS ALERT!, on 7/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Progr... Read more

Answer:Started With Vav Virus Now Its Worse

Hello Kyle and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

4 more replies
Relevance 48.79%

can someone please tell me how to get rid of the norton antivirus subscription notification? I had a trial version and that damn renewal notification pops up all the time. Thanks
 

Answer:Solved: Worse than a virus

You will have to remove the trial version from Add/remove programs in control panel.
You will still need an antivirus program of some sort.
 

1 more replies
Relevance 48.79%

Hello,I have a pretty crazy problem and I have no idea how to resolve it.I was reading financial articles online today, when suddenly the entire computer shutdown unexpectedly. Upon start-up, the screen showed a warning that recommended a system restore, so I went ahead and did it.Once I re-started, I noticed that I couldn't access anything through the search engine, Google. Once I realized that every other site worked fine, I did some research and discovered that it was likely the result of a virus.However, I tried searching for "TDSSserve.sys" which is normally associated with this problem, and found nothing.To make matters worse - My Trend Micro is spazing out like crazy. In the last 7 hours, I've received over 80,000 "web threats" from some ( http://) x-web.in /(followed by several random alpha, numbers)...I had to turn off my router to stop these threats from racking up.Thank goodness Trend Micro blocked every single attempt so far!!Any idea what's attacking my computer? I can't access Google and this x-web.in thing keeps attempting to penetrate.Please help!Note: I'm running Windows 7 on an HP G-62 model.

Answer:Possible Google Virus or Much Worse

It seems to be a rootkit..Try runnning malwarebytes free version and hitman pro.

2 more replies
Relevance 48.38%

I was having BSOD crash episodes several time a day. I followed the advice to setup Driver Verifier to discover what the issue was.  That is where the problems got worse
:
Now every every boot fails because of a DRIVER_VERIFIER_DETECTED_VIOLATION.
 
I tried to reconfigure driver verifier so that it would not check anything... the error still happens at boot. I cot to cmd and tried verifier /bootmode resetonbootfail and also verifier /reset.  No Joy.
 
Through the Windows 10 BSOD menus I am able to get into the Safe Mode, but that's about it.
 
I'm attaching the latest dump file.
 
Any suggestions?
 
Thanks!

Answer:BSOD crashes - Tried Driver Verifier, not it's much worse. Win 10

Do you have a backup of any files/documents/pics/music/important stuff  etc etc etc  ?

0 more replies
Relevance 47.97%

It think I have some sort of virus on my computer but i cant find it! I have tried using like 3 or 4 things but nothing, whenever im on the internet sometimes pop up will come up and i exit them out and it also redirects the links i click on google, one time i didn't exit it out fast enough and i got like 20 more viruses. And I think its starting to do other stuff, just now I got a error report about norton and i looked, it says Auto-protect is malfunctioning. I really really really could use some help!
also sometimes i hear noises like when something fails, its that noise thats not very happy

Answer:Can't Find virus (I think its starting to gt worse)

So i'm trying the "waiting and hoping it will go away" approach, so far its not working :(

9 more replies
Relevance 47.97%

So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost.

I thought I had everything under control until today when I changed from Norton internet security to my Iolo System Mechanic anti virus. I decided to swap so I can use a special firewall that gives me very user friendly control over everything that goes in or out of my pc. That's when it happened.

When I clicked block all traffic to stop the misc connections that svchost was trying to make, I ended up getting around 20-50 error messages, a pop up fake virus scanner that ive never seen before, and everything on my computer was "gone". Odds are it was just a fake overlay or it turned everything to read only and invisible, but I decided to say F-it and did another format. Now I will provide the data that I have so that hopefully someone can aid me in fighting this thing.

After my format, the very first thing I installed was my mobo driver to connect to the internet. the MOMENT I had internet access again the svchost issue came back. that is it starts to eat up huge chunks of memory as well as cpu usage.

With the windows process explorer I can clearly see what the drain is from.
Under the tcp/ip connection tab, there are tons and tons of random IP's trying to connect to the internet, and as some are closed new ones open up. While ... Read more

Answer:[SOLVED] svchost virus or something worse

Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.

Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.
If Malicious objects are found, ensure Cure is selected (it should be by default)

Click Continue then click Reboot now

Once complete, a log will be produced at the ... Read more

10 more replies
Relevance 47.97%

Hello,

I'm used this forum as a resource before, and now I have a pretty crazy problem and I have no idea how to resolve it.

I was reading financial articles online, when suddenly the entire computer shutdown unexpectedly. Upon start-up, the screen showed a warning that recommended a system restore, so I went ahead and did it.

Once I re-started, I noticed that I couldn't access anything through the search engine, Google. Once I realized that every other site worked fine, I did some research and discovered that it was likely the result of a virus.

However, I tried searching for "TDSSserve.sys" which is normally associated with this problem, and found nothing.

To make matters worse - My Trend Micro is spazzing out like crazy. In the last 7 hours, I've received over 80,000 "web threats" from some ( http://) x-web.in /(followed by several random alpha, numbers)...I had to turn off my router to stop these threats from racking up.

Thank goodness Trend Micro blocked every single attempt so far!!

Any idea what's attacking my computer? I can't access Google and this x-web.in thing keeps attempting to penetrate.

Please help!

Note: I'm running Windows 7 on an HP G-62 model.

Answer:Google Virus And Possibly Worse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 47.97%

Hello,

I recently had some sort of virus/malware attack my laptop which meant I was unable to access the internet. Its not a problem with the wireless as far as i'm aware as other people have been able to connect. The windows connection diagnostics said there was a winsock catalog error but sometimes it gives me different messages.

I attempted to try and fix it, firstly by running norton goback and then attempting to use DrWeb but think I've made it alot worse (did that before reading the first 'DO NOT FIX YOURSELF' page on the forum - schoolboy error).
A few virusy type things that have come up in the scan are 'trojan.swizzor' and 'adware.xbarre' and 'tool.killproc.3' - Think they are quarantined but not entirerly sure. i have the scan results saved if you require them at a later date.
i'm writing this from another pc as the laptop cannot connect to the internet.

Here are the reports of the scans as requested:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Tim Abraham at 0:23:39.92 on 27/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.583 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtSe... Read more

Answer:Virus problem... made worse

Bump, please.

6 more replies
Relevance 47.97%

Since a few days ago I've been harassed by a redirect virus that redirected Google results and other websites to odd places. The primary site was Infomash, but there were other websites I was redirected to.

I used a .exe file called Rkill in conjunction with Malwarebytes Anti-Malware and turned internet off to try to get rid of the virus. After 5 futile attempts I decided to follow the steps in NEW INSTRUCTIONS Removal Help thread.

Running DDS.SCR was as expected. I saved the two log files onto my desktop. When attempting to scan with GMER.exe, three disastrous things happened:
1. First attempt resulted in computer going to the Blue Screen mode out of a sudden. The computer then restarted itself.
2. The second try resulted in an odd computer freezing where the monitor showed only zig-zags. I took a picture from my phone if the visual is needed. I had to press the restart button on the CPU.
3. The third and fourth tries ended in the program simply freezing and turning off. The third try's crash happened pretty quickly after the GMER scan began; the fourth try's crash happened a long while after GMER had been scanning.

I cannot get GMER to run properly, so I am assuming that the virus is much more malicious than I thought it was. Here are the logs from DDS.SCR, but I could not finish the GMER scan.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 21:57:51 on 2012-07-20
Microsoft? Windows Vista? Home Premium ... Read more

Answer:Redirect Virus is Worse than I Had Thought

Hello kkj1116,

You are infected with ZAccess also known as Sirefef and several other names depending on the AV company. I'll want to gather a bit more information before we begin.

Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

19 more replies
Relevance 47.97%

Greetings, This week, I suddenly started to get the Security Warning virus, so I did a system restore to the previous day to get that settled. But later that day, I started getting weird search results every time I searched from my toolbar, but not from the Google page directly. Then I started getting strange results intermittently from each search attempt. I'm hoping I can get some help with the Google redirect thing, which I can't find a name for. It seems to be pretty ominous. I followed directions. One glitch with that was GMER kept giving me blue screen crashes, so I ran it in Safe Mode. Thanks for any help available. P.S. I loaded a number of servers on my computer but they aren't running and haven't been since school ended in June. DDS (Ver_10-03-17.01) - NTFSx86 Run by Sandra at 18:23:38.07 on Fri 08/20/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.354 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exeC:\WINDOWS\system32\spoolsv.exe... Read more

Answer:Search redirect virus getting worse

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below a... Read more

17 more replies
Relevance 47.97%

Please review the FRST text files. Unfortunately the Trojan Adclicker seems to be back.
 

Answer:DLL.exe adclicker virus has come back worse than before

Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe

When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.


===========================


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desk... Read more

5 more replies
Relevance 47.97%

A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers...This is the third time in less than a year that Symantec's Norton products have caused severe damage to computers running CYBERsitter software offerings...pcmag.com

More replies
Relevance 47.97%

The virus is on an old desktop that is running MSXP Version 2002 Service Pack 3. I have tried to check for updates but the MS Site says it can't get my information. I have deleted all users on the pc and their files - except for me and mine. I tried to download updates for Norton, (after running rkill)which appeared successful, but after the install while updating my definition files, the pc froze. After a reboot, here is what I see.
First I get a popup with "Application failed to initialize 0x80070006. The handle is invalid"
Next popup I get is "Old Virus Definition File"
Third popup is "The ordinal 1109 could not be located in dynamic link library WSOC32.dll"
Then a large WINDOWS RECOVERY screen comes up and tells me it is Analyzing my pc and ends with telling me there were 5 errors detected, all of which are critical errors and to click to "fix". (I'm assuming this is still the virus).

What is my best path forward to attempt to get rid of this?

Thanks,

Dinx

Answer:Windows Defender Virus - or worse?

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Relevance 47.97%

I first noticed that I had a redirect virus on the computer and tried to fix it myself with anti-virus/spyware programs. After several weeks and no progress, my entire system crashed and I could not log int Windows. I do not have the disks, but I was able to reinstall Windws from the company I purched the computer by using F3. I wiped the computer clean, or so I thought. I decided to use Avast antivirus instead of AVG (what I was using before) and every couple of minutes there is a new threat detected from malicious URL's. The addresses on the websites appear to be colleges, insurance, and credit card companies, but Avast shows them globalroot / systemroot / svchost. I also had to stop using google completely because Avast was blocking everything. I am now using Avant browser which helps a ittle, but I'm still being attacked left and right.

Here is the DDS File:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by colortyme at 11:16:52 on 2012-02-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.915 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF4... Read more

Answer:Started as redirect virus, now worse

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Download TDSSKiller.exe to your desktop
http://support.kaspersky.com/downloa...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.7.17.0_date_time_log.txt
Attach that log, please.

Please download aswMBR.exe and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Allow it to download the definitions from the internet.

Click Scan

* Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
* You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

19 more replies
Relevance 47.97%

After visiting what should of been a normal website (I believe it may even of been the XNA creators club website) I got a pop up from AVG saying it had found a trojan and dealt with it. Silly me I thought that was the end of it. The next day I'm getting what looks like the google redirect virus. AVG, adaware and spybot all find nothing wrong with my system so I start hunting online for a fix. I found this website and started working through this topic before I posted here. I ran defogger with no issues and turned off any emulators, and then went on to download DDS. Mid way through DDS was running, my PC decided to throw up a BSOD and restart, so there are no logs from DDS. I then went onto GMER. Half way through the first run the program went non responsive and I had to restart it. Mid way through the second run, it threw up another BSOD. I have a partial log from GMER (attached), though I don't know if it will be of any use.To me this sounds worse than just the google redirect virus, however I have yet to see any other issues with my PC except the original trojan. Think I may have to reformat, but figure I would come here first for a last ditch try at fixing my PC! Am running Vista.

Answer:Google redirect virus (Maybe worse?)

Hello Steve772Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

1 more replies
Relevance 47.97%

I posted a while back for some help on this, but now the issue is getting worse. With any browser I use, and any search engine I use, I get redirected to another site. If I am quick enough I can use the back button to navigate back to the intended site. It is starting to get to the point where searches are REALLY slow and redirect constantly. I've tried running Malware Bytes, SUPER anti spyware, and ad-aware. Everything says ok. Cleared all my temp folders/files and tried adjusting my startup cfg through msconfig. About the only other thing I notice is that every time I start my computer, there is a screen that pops up and closes so quick I cannot even tell what it is. All I can tell is that the box is a blank white.

My System:
Windows 7 64bit
intel i3-550
6gb of ram
Its an Oe Dell inspiron 580 with a cheap aftermarket gpu card.

I use the computer mostly for gaming, but I also read e-mails, browse the net, and use it for media purposes.

As per the first sticky post in this sub-forum, here is my HiJack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:01:20 PM, on 2/26/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Games\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Progr... Read more

Answer:Search Redirect Virus - getting worse.

16 more replies
Relevance 47.97%

Please don't tell me I have to reformat my whole computer...

Ok, so basically I think I was infected with a really bad form of that go.google.com redirecting virus (mine used web-analytics.google.com) that also made my explorer.exe constantly crash and reboot itself (it actually seemed like it was being closed while functional, as no error message ever popped up, and I could access my desktop/folders for like 5 seconds or so between each crash/reboot). When I manually closed explorer.exe in Task Manager, it stopped rebooting.
Since I couldn't access any anti-virus downloads (redirected to ad sites by the virus), I went with the only solution I could find that didn't require accessing a 3rd party program, which was to disable some "TDSSserv.sys" in Device Manager. Once I did, and restarted, my internet stopped working. I then tried to access Safe Mode (with and without Networking) to no avail. It freezes somewhere around the login screen (sometimes it freeze before I click which user to log in, sometimes it freezes as far as after I say "yes" to continue in safe mode and not attempt system restore, but it ALWAYS freezes. I tried at least 20 times).
To sum it up, my explorer.exe closes/reboots every 10 seconds, my internet doesn't work (can't even access router through Firefox), and I can't start in Safe Mode. Oh, and logging in normally only works like once every ten tries (freezes like when I attempt to start in Safe Mode... Read more

Answer:Go.google.com redirecting virus--except worse

Welcome to Major Geeks!


Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for TDSSserv.sys
Let me know if you find this or not.
If you do find it, right click on it, and select Disable. Do not try to uninstall it!!!! It will just reinstall and make removal more difficult.
Also if this is found and you disable it, then just immediately reboot.
After doing the above, please immediately follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and i... Read more

1 more replies
Relevance 47.97%

I'm very, very scared and I need some help. I have had a LOT of trouble with my computer over the last few months. I've run everything from Avast Virus removal to other stuff and every time I've managed to make the computer run. However, this time the problem isn't with the computer crashing or running so slowly it's impossible to use. This one is some sort of encryption virus that is encrypting things on my computer. I have about 100 links to a page that shows me this long message about going to a site, entering my "personal code" that is provided and paying money to have my files decrypted. I've read online that this is just another scam to get money (no kidding) and will not help to decrypt the files. I need to get rid of this FAST before it infects any of my other files. Can someone please, please help me? I have run Avast again and it found 10 infected files, yet the virus is still present. Please help me.

Answer:I have a serious infection that's getting worse? Encrytpion Virus

Greetings NINTR and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problem... Read more

3 more replies
Relevance 47.97%

Symantec Screwup Is 'Worse Than Any Virus'

A recent update from Symantec Security Response incorrectly tagged a company?s program as a virus and cut off the Internet access of its customers. Needless to say the company and its customers weren?t happy.

Symantec on Monday released a virus definition update that incorrectly identified Solid Oak's CyberSitter filtering program as a virus. Depending on the version of Symantec's Norton Antivirus product that Solid Oak customers were running, CyberSitter files were either deleted or banned from use by Norton, according to Solid Oak.

Answer:Symantec Screwup Is 'Worse Than Any Virus'

Speaking of symantic screwups. We have LC5 which is a password hashing program MADE BY SYMANTEC. 2 weekends ago, norton antivirus flagged it and deleted it. Symantec is retarded sometimes.

1 more replies
Relevance 47.97%

Hello and thanks for any and all help! I was trying to find a good program to make it easier to take notes on a pdf file and in the process downloaded a virus. I changed a bunch of my browser settings (eg changed the default search and home page) to fantastigames metacrawler. I ran scans and only found something using malware bites. It deleted two files but the problem persisted. Using some online guides, I found some more files with the fantastigames name in it and deleted them. But the problem persists and my computer is slowing down. Also, if I try to do a system recovery to restore to a previous point, it says the restore can't be completed. There are two possibilities: the virus is still hiding on my computer or I deleted something I shouldn't have. I know I should leave it to the professionals, I've now learned that lesson, so I don't need chastising. But I am desperately in need of help and appreciate any help and time taken. Let me know what to post, etc etc. Thanks!

Answer:Infected with a virus, may have made it worse

Have you only tried getting rid of the virus with Malwarebytes? I would suggest downloading another one just so you can always do a secondary scan to be sure of things. I would recommend the free version of AVG. Trying running AVG and see if it finds anything.If the problem persists. Restart your computer and hit F8 to enter the boot options menu. From there, choose Safe Mode. When you're in safe mode, try running the anti virus programs again.Another solution, maybe one you should try before the previous one, is to open up task manager. In the process tab, do you notice any processes that is consuming a lot of Memory? If so, do you recognize the program at all? If there is a process in there with the same name of that virus you had, right click it, and select open file location. Once there, delete it. Only do this if you are sure that it is the virus. I've looked at task manager enough times to recognize what should be there and what shouldn't. So if you are not sure, please ask because if you delete the wrong thing, you might mess up your computer worse.

3 more replies
Relevance 47.97%

Hi all,

I'm currently running windows 7 Professional N 64bit. I've recently been experiencing my google links being redirected to strange websites, including bts.scour and other ad websites. I feel like i've seen quite a lot of posts concerning the same issue, but it has been 2 days and the redirects are getting much more frequent. I have run hitman pro, AVG pro and Spyhunter 4 countless times but they all come up clean. I really have no idea where to go from here, any help would be greatly appreciated,

Answer:Google Redirect Virus getting worse

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

23 more replies
Relevance 47.97%

Okay, been gone from here a long time, and wonder now how I ever got along without this site, it is the best out there!
I am about to purchase a new computer in the near future. I am not computer savvy at all, mostly use it for surfing and emails, etc. Anyway, have had this one for a few years now, and I am getting spyware one it that I cannot get rid of, about blank for one! Okay, when I do get a new computer, what protection software should I buy and install on it? What is the best out there in other words? Any body have some ideas...or what you use that works? Thanks a lot!
Gary
 

Answer:Spyware is worse then Virus problems?

My personal opinion, Windows XP Home Edition or Professional Edition with Windows XP Service Pack 2 is a start for security. For software I would suggest Norton AntiVirus 2005 for the antivirus. For spyware I would highly suggest SpySweeper, this program has worked wonders for me as in protecting me from spyware infections. If you have WinXP, SP2, NAV, SpySweeper you should stay clean from malware and worms. However you can still be infected if you visit unsafe sites. Hope this helps. Browse Safely!

Also please see this thread How to Protect yourself from malware!
 

6 more replies
Relevance 47.97%

MyPublisher sunk its claws into your system and won't let go? You've come to the right thread.

There were two separate threads on this already, both are wrong / not solved. (might want to link to this one, or remove the other threads, @TechSupportGuy)

-

MyPublisher really screwed things up with a no-uninstaller program (who does that?)
If you're not a software company, it's best to avoid making software.

To all of you who must suffer the idiocy of MyPublisher - here's my solution so far:

UNINSTALLING MYPUBLISHER

1. Remove program files @ "\Program Files (x86)" (The entire "MyPublisher" folder)
2. Remove Roaming app data (click the start icon, type %appdata% & hit Enter), here you must also remove the entire "MyPublisher" folder
3. Remove icon from desktop (right click > delete)
4. Remove icon from start menu (right click > delete)
5. Clean up registry (click the start icon, type in regedit & hit Enter) here you must use Find (F3) to search for MyPublisher. I've found 6 (!) MyPublisher folders in my registry, and 4 "new shortcut" keys. Delete all of this crap.
As a final thought, I might sound upset in the above message. I am.
I care about my PC, and don't appreciate it being crapped on by impotent programmers & clueless companies.
 

More replies
Relevance 47.97%

HOW to remove the virus ?
I am a newbie can anyone help me how to solve my problem.
The problem I met is that the window sercuity alert kept popping up and it written that window has detected an internet attack attempt. somebody's trying to infect your PC with spyware and harmful virus. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection and then it leds me to the website : safewebnavigate.com
On top of that, the spyware alert kept popping up and it written that the TROJAN W.32.LOOKSKY is detected in my machine. which is a VIRUS!!!
Currently I am using window XP.
How should I go about in removing this virus asap cos I am in need of rushing my project?
Furthermore I did alot of my virus scan and here are the two name virus that I can scan in my Mcfree software.
JS/Downloader-AUD and Exploit-ByteVerify Trojans
Appreciating your help !!!
 

Answer:did I get virus attack ? HELP HELP URGENT VERY URGENT!!!

7 more replies
Relevance 47.97%

HOW to remove the virus ?
I am a newbie can anyone help me how to solve my problem.
The problem I met is that the window sercuity alert kept popping up and it written that window has detected an internet attack attempt. somebody's trying to infect your PC with spyware and harmful virus. Run full system scan now to protect your PC from internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection and then it leds me to the website : safewebnavigate.com
On top of that, the spyware alert kept popping up and it written that the TROJAN W.32.LOOKSKY is detected in my machine. which is a VIRUS!!!
Currently I am using window XP.
How should I go about in removing this virus asap cos I am in need of rushing my project?
Furthermore I did alot of my virus scan and here are the two name virus that I can scan in my Mcfree software.
JS/Downloader-AUD and Exploit-ByteVerify Trojans
Appreciating your help !!!
 

Answer:Did I get virus attack ?? HELP!! HELP HELP!!! URGENT VERY URGENT !!!

It is a trojan rather than a virus. The file gets stored on C:\ root as an .exe called Sys<something>.exe. Before deleting it, disable System Restore to clear that out and then delete that file, and then run a full scan of HD.

See http://vil.nai.com/vil/content/v_139961.htm
 

3 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 47.97%

So...

I'm running Windows 7 (64bit) on
HP g62-222US Notebook

I can give any other stats you want, just ask.

Recently I decided to be incredibly stupid and open a file without first running it through a virus scan,
and of course, the one time I did, I did SOMETHING to my computer... (really it serves me right)

What happens;
Loading Windows takes forever, then it says there is an Failure configuring Windows, reverting...
IF I get to log in, I don't get any further than that, I am met with a BSOD and the computer does a memory dump - reboots.

Currently I can get the computer operating in safe mode, with a command prompt up. From there i can bring up explorer.exe
and start searching for the problem, I can bring up my registry and search through that but I honestly don't know what I
would be looking for. I've cleaned up a registry manually before but searching for a trojan/virus when you don't know the
tell tale signs or what it's coming from is near impossible to me.

Also, the file/application that i clicked on that started this whole shebang? it dissapeared after I clicked on it! Yikes!

Please let me know if there is anything that can be done for my baby, I don't want him to be broken, he is a great computer!

-Ally

Answer:Windows7 BSOD - Possible Virus/Trojan ?

UPDATE:

I was able to get it to boot past log in by using a system recovery from a day and ahalf ago...

But now I only have a few moments before the BSOD shows up again.. I'm trying to discern what
I should do to (delete, scan, what have you) before it BSOD's me again so that this problem is
remedied. Clearly it can't be completely lost, as I'm able to access files, it's just incredibly
slow before (what I assume) the registry error loops so much that it crashes!

Is there a good method to use to figure out where an error might occur or common paths to check?

11 more replies
Relevance 47.56%

Ok for the last month or so I have been dealing with a BSOD that will pop up randomly. At first I thought it was a RAM problem but have run memtest and replaced both sticks of RAM. I'm leaning towards it being a video card problem because I was getting a Memory Parity Error BSOD, and also an atidiag BSOD. Those 2 BSOD's would alternate. Well now I just get random BSOD's that could be almost anyfile name.

The main problem I have now is I can't get by the windows boot screen, and if I do, no more than 2 mins later I get another BSOD. Occasionally I don't even make the windows boot screen. I have tried to do a windows repair by booting off the CD, but it crashes while the windows CD loads all the drivers or whatever, so I can't even reinstall windows if I wanted to.

I also have recently reformated the hard drive, done a clean install of windows and have not solved this problem. I'm still leaning towards it being a video card problem, but now my question is could the video card cause a crash before windows even starts up? Or am I looking more towards a motherboard problem? I'm lost as to what to do, it's not like I could run diagnostics on it (which would be pointless cause I've done all tests possible.)

I would appreciate any help that can be offered. I'd be more than happy to give you anymore information if you need it. Thank you guys in advance.
 

Answer:BSOD has gotten worse, can not figure out the problem, I turn to you guys.

Random BSODs that point to nearly everything is either memory or motherboard problems, in my experience. If you have access to other systems and components, replace everything in your computer except the motherboard. If you still have problems, it's your motherboard. If the problems stop, add your own components back one by one until the problems return. Whichever part you added just before that, is your guy.

Good luck!
 

20 more replies
Relevance 47.56%

For around two or three months the system has been crashing on a weekly or biweekly basis and wasn't so much of a problem as to interfere and warrant investigation on my part. Within the past few days, however, it has gotten much worse and now crashes at least once daily. I have done what I can with my limited computer skills and determined ntoskrnl.exe is the culprit and followed some potential solutions found on this forum as well as other sites but to no avail. Although it may be mere coincidence, I feel it is worth noting that the vast majority of crashes (90%+) occur when the computer has been left on but I am not currently at the desk working on anything. Any help would be much appreciated, thank you!

Answer:BSOD problem for months, getting worse, caused by ntoskrnl.exe

Welcome to SevenForums.

A BCC F4 is common when SSD's are present.

Code:
Model OCZ-SOLID3 ATA Device
Is the firmware for your SSD up-to-date?

Check for one and see if the stability returns.

What security software do you use?

Perform a System File Check:Click on the start
Type CMD on Search
Left click and Run as Administrator
Type SFC /scannow
Full tutorial here:SFC /SCANNOW Command - System File Checker
Disk Check on your hard drive for file system errors and bad sectors on it:Disk Check
Reduce items at start-up. Nothing except anti-virus is required:Startup Programs - Change
Troubleshoot Application Conflicts by Performing a Clean Startup

SUMMARY:

Code:
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck F4, {3, fffffa800e057b30, fffffa800e057e10, fffff80003bcc460}

----- ETW minidump data unavailable-----
Probably caused by : csrss.exe

Followup: MachineOwner
---------
*******************************************************************************
* *
* ... Read more

7 more replies
Relevance 47.56%

My computer is a custom build, it is a bit old now, at least 5-6 years. But for the most part it has worked well and is still viable for most gaming. I have always gotten some BSODS while gaming in the past, like maybe one a week, but i always just chopped it up to probably bad drivers or some fluke and it wasn't a big deal.
But more recently, like in the last 6 months, it has started to get worse. It was happening to me about 3-4 times a week a few months ago; and now in the last month or so its been BSODing on me about everyday, and only while i am playing games, never while browsing the net or watching youtube or anything else.

Starting about 6 months ago as well, i notice my computer started to fail its POST. Which means "Indicates a video error has occurred and the BIOS cannot initialize the video screen to display any additional information."

At first i was worried about my video card, but upon further research i realized just because it cannot initialize video doesn't necessarily mean its a GPU problem.

I often have to turn my computer off and on and off and on several times (sometimes up to 10-20 times) before it will pass the POST. It seems that if i Power Cycle my computer, i get more success at booting. (Turning if off and then back on again as quickly as possible before the power completely leaves my PC.)

So, as of the last week or so, i can only play a game for usually between 10 minutes and an hour before the game either randomly crashes or my enti... Read more

More replies
Relevance 47.56%

my husband had a window to mini clip games opened and we believe our daughter clicked on one of their websites by accident while we were in the other room and some how got a virus on his laptop and now the virus has shut him out where he can only operate in safe mode...and he also gets errors when he can get in but we cant get into the laptop the regular way there is just a black screen but he can get in safe mode but we cant install the virus programs like avg once he's in we were lucky to get the tgs exe it was rejecting it at first to even recognize that that we can use the scan disk but somehow he got through to open it up and get the info for you
we are sending you this message from my account i'm his wife and we put tsg sysinfo on a sd card and got this on his laptop in safe mode:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3002 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1309 Mb
Hard Drives: C: Total - 225436 MB, Free - 94422 MB; D: Total - 12836 MB, Free - 2145 MB;
Motherboard: Hewlett-Packard, 306B
Antivirus: Norton 360, Disabled

how can we begin to get these viruses out when we can not access the computer the regular way? please help you have always been successful before i believe you can help again.
 

More replies
Relevance 47.56%

Like other users, I have had the symptom of redirected searches for a while. Now my computer will be OK for a few hours, then desktop links will disappear and it becomes too groggy to use - I need to restart. Sound is also very garbly. It's very ill. Ran dds logs but gmer gets stuck. Here's what I have - thanks for any help you can provide.

Answer:Google Redirect Virus is Worse Than It Sounds

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 47.56%

So a couple weeks ago, I started getting redirected to ad sites whenever I clicked on a google search result. I was able to get around it by clicking my address bar after choosing the result and hitting enter. However, it's gone and messed with my system. Windows Firewall has been broken (impossible to turn on anymore), my internet won't work anymore, and my ArchiCAD program won't start up. None of my antiviral programs could find anything, even ones that I put on from a flashdrive that were meant to work on an already infected system. Since I researched this some, I ran the DDS, and here are my results.http://uploading.com/files/633b1267...http://uploading.com/files/cd643a24...

Answer:Google redirect virus turned worse

J_K,Thanks for the reports.Let's see if we can make more progress...Please run rhe following OTL ScriptDouble-click OTL.exe to start the program.Copy/Paste ALL the following text into the Custom Scan/Fixes textbox::otl
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
DRV:[b]64bit:[/b] - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
:files
C:\windows\SysWow64\vswmi.dll
C:\windows\SysWow64\vsxml.dll
C:\windows\SysNative\drivers\vsdatant.sys
C:\windows\SysWow64\vspubapi.dll
C:\windows\SysWow64\vsdata.dll
C:\windows\SysWow64\ZoneLabs
C:\Program Files (x86)\Zone Labs
C:\windows\SysWow64\vsutil.dll
C:\windows\SysWow64\vsinit.dll
C:\windows\Internet Logs
C:\ProgramData\CheckPointClick the Run Fix button at the top.Click: OKOTL may ask to reboot the machine. Please do so if asked. If not asked, reboot anyway.A report should appear in Notepad.Please Copy/Paste the new OTL report and upload it. Then, provide the link in your next reply.Now, run the following once again:Click Start > Run, type: notepad and press Enter.Once Notepad is open, copy/paste ALL the text below into Notepad:@echo off
echo.Please wait...
ping localhost >log.txt 2>&1
ping 192.168.1.82 >>log.txt 2>&1
dir /a/b/s c:\qoobox >>log.txt
notepad log.txtClick: File > Save As...Save to th... Read more

55 more replies
Relevance 47.56%

Hi.
First of all, my I am running a Windows XP OS. My computer was weird in that it had the virus where any search inquiry would be redirected to some bogus websites. I tried finding a program that would help fix this, but I think I inadvertently downloaded a malignant antiviral program (i think it was pc tools, because popups would keep occuring, and sometimes it was from them). Avast starting bringup warning signs of a trojan, but as soon as I tried to delete it, another warning would come up.
this was the warning..
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\Q0B87V23\flist[1].js [L] JS:FakeAV-G [Trj] (0)
File will be deleted during the next system start...

i ran combofix, but that was before i came to this forum and read that we really shouldn't have. for now my computer seems to be running without any popups, but I wanted to make sure my computer was completely purged. if there is any other information that you guys need, don't hesitate to ask.

Thanks.

Answer:google redirect virus turned into something worse

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Clic... Read more

4 more replies
Relevance 47.56%

Hi,

I have read the post about Antivirus xp 2008, I have this thing on my other computer and i have tried doing what the mod suggested, i am not having any luck because when i run malwarebytes (installed from a cd because i cant access the site) it crashes after about 25 mins when it is scanning firefox folders. I have tried scanning in normal mode and safe mode.
The computer is doing all sorts of weird things ie

The Web browser will only load google and a few other pages and when i try to go to an antivirus web site it just says cant connect
It also redirects to stupid selling sites

google also says analytic checks at the bottom left hand side when searching

The computer sometimes crashes at log in

Every so often the bubble comes up on the task bar saying i have 1164 viruses

Also every now and then i get the blue stop screen which means a restart
Could you please help me, i have pulled most of my hair out, i would just format and reinstall but i need to try and recover my files.

Cheers
Acestu

Answer:Worse Case Of Anti Virus 2008

Please print out and follow the generic instructions for using "SmitfraudFix". -- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If using Windows Vista be sure to Run As AdministratorMake sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.The tool will go through a series of cleanup processes and automatically start the Disk Cleanup program to remove Temporary files. Wait for it to complete and Disk Cleanup to finish.-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.If you're using Windows 2000/XP, please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to re-enable you anti-virus and and other security programs before conn... Read more

11 more replies