Computer Support Forum

I've been infected by some form of malware.

Question: I've been infected by some form of malware.

First of all Im running a dell computer with Windows XP Service Pack 3 installed on it.

Of late, whenever I try to run the computer in normal mode it crashes or freezes up and goes to a blue screen error message which says something along the lines of DRIVER_IRQL_NOT_LESS_OR_EQUAL. Currently I am running my computer in Safe Mode with Networking. I didn't install any new hardware or software prior to this error message, so I have no idea what is causing it. (Could it be malware?)

I also think that my computer is infected with something. I have done multiple scans using windows defender yet it doesn't come up with any viruses. Normally in the past Spybot Search & Destory has been most effective in removing malware, but whenever I right click the Spybot Search & Destroy icon in the system tray and select RUN nothing happens.
I don't know if I have malware that is blocking the program from opening.

In the past, I had malware called AntiSpyCheck installed on the system, which I thought I completely removed with SS&D. This appears not to be the case, as the other day SS&D came up with a Registry change warning, and the path of the program that was altering the registry was C:\\Program Files\ASpyC\.

My system started having problems shortly after the download of a Torrent from TPB. I use the BitTorrent client, and prior to the torrent that I downloaded the system was running perfectly fine.

Here is a Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 4:50:38 PM, on 10/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1 309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScIns t.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET P.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET P.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch. exe" -start
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86 \3\DLCFtime.dll,[email protected]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstud io.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\ BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\Googl eToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rian\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Tango Patcher 2600 Reloader.lnk = C:\WINDOWS\Tango Patcher 2600\Reloader.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Rian\Application Data\RssBandit\iecontext_subscribebandit .htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.D LL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.D LL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: eeekp - eeekp.dll (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dl l
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9883f6cb6b440) (gupdate1c9883f6cb6b440) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc. exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Any help would be GREATLY appreciated.

(Apoligies if this is in the wrong section or if I have failed to follow any rules.)

Relevance 100%
Preferred Solution: I've been infected by some form of malware.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: I've been infected by some form of malware.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies
Relevance 64.78%

hi my avast and mbam have been picking up a trojan.clicker.fms aswell as win32:malwaregen on avast 
i've located the hidden folder where it is coming from as well any ideas?
i also have logs from the 2 programs for scans.
 
http://i.gyazo.com/41d74805b9a9ec6cb7040ce8ff690cfe.png link to what it shows

Answer:my pc is infected with some form of malware but i'm not sure how to remove

Hello anthm8 and Welcome.
 
The IP that you suspect as being a problem, is actually a Weather Wiget on your desktop.
 
If you are concerned about it, please follow these directions..........
 
First -Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
List content of Hosts
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy and Paste the result. (result.txt)
 
 
Next -
Download Screen317 Security Check  and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document. Note 1:: If any security program requests permission to access the Internet, allow it to do (it is 100% safe)NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
 
Next :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button (only once)
AdwCleaner will begin...be patient as t... Read more

6 more replies
Relevance 63.55%

When using google links,I keep being redirected to other sites. Have tried using McAfee, ad-aware and malwarebytes to resolve the issue but to date this hasn't helped.

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 14:00:41 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3063.1559 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&#... Read more

Answer:infected with some form of malware that causes google links to redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 47.56%

I have an HDD bug, i used the rkill, then malwarebytes and they both worked, when i reboot though everything comes back, i tried this a couple different times and each time it comes back with the reboot. Im getting a windows no disk error as well.

here are my logs, any help would be appreciated.

DDS (Ver_10-12-12.02) - NTFSx86
Run by DBennett at 0:35:49.07 on Mon 12/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.67 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn&#... Read more

Answer:Infected with some form of HDD

Hello and welcome to Bleeping ComputerI'm judicandus and I'll be helping you out.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.Please post a DDS log and Gmer log. For instructions please read this post:http://www.bleepingcomputer.com/forums/topic34773.html

2 more replies
Relevance 47.15%

I keep seeing these three folders pop up in the AppData folder:
 
EmieBrowserModeList
EmieSiteList
EmieUserList
 
When I delete them they reappear when I reboot.  I ran Malwarebytes and McAfee and they both came back clean. I did some research and it recommended I post in a malware removal forum. Is this something you can help me with?
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE-ACER on 24-01-2015 02:12:30
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucatio... Read more

Answer:I think I have some form of malware.

Hey, What's with the Addition Log?

19 more replies
Relevance 47.15%

New PC: Built 31/01/2015
New Windows 8.1 Install
No Internet access yet
Believe it has picked up some malware from my external hardrive.
When I run exes I get this error "Windows cannot "C:\Users\Michael\Desktop\rkill.exe" find make sure you typed the name correctly then try again?"
Managed to get rkill to run in safe mode, here are the results.
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 02/01/2015 08:55:03 AM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 ... Read more

Answer:Seem to have some form of Malware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

1 more replies
Relevance 47.15%

My Laptop was on home while I was at work and when I tried to log to my Laptop via "Team Viewer" I found my browser open and the "PayPal" website, but there was no information to log in 'cuz I just changed my OS. But I used "LastActivityView" software and "Event Viewer" and I found that there was an action on my lap top in my work hours and no one home to do such thing.
Plz help me what should I do, Thx.

Answer:My Laptop act form itself "Am I infected?"

Hi to BleepingComputer
 
It seems you are a victim of the latest Security problem affecting TeamViewer that isn't exactly clear what happen.
 
 
There is a guide here about what you should do to secure your TeamViewer access.

0 more replies
Relevance 47.15%

Hello, as stated in the description I recently got infected with some malware/adware that redirects my search results to http://www.bestwebsearch.net/index.php?sea...mp;x=38&y=3, the redirects that. It also opens up false web-pages In IE and I do not even use IE much less open it!Help is much appreciated!Opens this page in IE as wellhttp://samebleepasiteverwas.com/traf/tds/default.cgialso in the scans nothing popped up, I use norton 360DDS (Ver_09-05-14.01) - NTFSx86 Run by Anthony at 14:40:22.83 on Mon 06/01/2009Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista??? Home Premium 6.0.6001.1.1252.1.1033.18.2038.978 [GMT -5:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\taskeng.exeC:\Windows\System32\spoolsv.exeC:\... Read more

Answer:Infected with some form of Adware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds.txt log, please.

2 more replies
Relevance 47.15%

One of my lovely children clicked something they should not have and I seem to have what looks to be a virtumonde popup hijack going on. If browsing with IE, various ads will pop up with the nasty little Antivirus 2009 being prominent. I see some stuff in my HiJackThis log that looks funny, but when I try to delete those entries, they pop right back. Here is my log;Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:20 PM, on 12/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exeC:\WINDOWS\arservice.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1... Read more

Answer:Infected with some form of Virtumonde

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 46.74%

Hey guys, hate to ask for help on my first post, but kinda in a bind here. My computer is running fine from what I can tell, but I was going to do a hijackthis log but it would only load, start the scan, and then crash and seemingly uninstall. I figured this might have been a configuration issue with my computer, so i tried using malwarebytes, runscanner, and rsit. All with the same result. AVG, ccleaner, avira, and avast work fine though, but don't come up with anything.Kinda at a loss here as to what might be causing this...hoping you guys could help.Thanks, WillEDIT: I was able to get a combofix log done thanks to some help on another forum..here's that if it helps.ComboFix 09-09-22.02 - Administrator 09/22/2009 20:22.1.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2736 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\HijackThis.exec:\program files\driverc:\windows\msa.exec:\windows\msb.exeInfected copy of c:&... Read more

Answer:Pretty sure I have some form of malware...

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

1 more replies
Relevance 46.74%

GMER & Combofix blue screens of deaths (yes i know realized i should not have done this)

TDSS finds nothing.

Computer runs fairly well, but randomly crashes sometimes. Avira finds a trojan daily in the system restore (not sure how to safely remove this)

any help would be great. Thank you.

Answer:Some form of malware/ seems undetectable

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue. Don't worry about the GMER log.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 46.74%

I appear to have the typical redirect virus, although this one appears to be very subtle. I can use google search with no problems, and I am redirected only occasionally to websites such as "askthecrew.net" and some search engine called "sour". Nonetheless, I am being redirected by something and want it gone for obvious security reasons. Mostly hits me on Tumblr.com, but I'm fairly sure that's just because I'm on there often.

I have windows 7 64 bit, and have attempted to use malwarebytes, Microsoft sec. essentials, AVG, and Ad-Aware. None have been successful.
I'll post logs of whatever you want, just tell me.

Thanks for whatever help you guys can provide.

Answer:Some form of Redirect Malware

Hello diesmiley and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Admin... Read more

19 more replies
Relevance 46.74%

Dear TSG

I think I've been infected by a form of WinAd.exe. I've been getting advertisements when I don't even have Internet Explorer open. The adds are completely random going from poker advertisements to "This is the fart button.". Please Help!. Included are the processes running I found using Highjackthis. I've also tried using adaware SE and Spybot but somehow the spyware keeps reinstalling itself. It came along with an MSN Messenger virus that I have now gotten rid of by reinstalling the product. Anyways, any advice or help would be appreciated. PS. I also find it hard to type, is this because of the virus.?

Logfile of HijackThis v1.99.1
Scan saved at 7:47:46 PM, on 11/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\services.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert... Read more

Answer:Solved: HELP I think I've been infected by a form of WinAd.exe

12 more replies
Relevance 46.74%

In a moment of sheer stupidity, I managed to get a variant of the Windows Antispyware infection. I'm not quite sure exactly which one it was. The filename a random string of letters, and both Avira and Antimalware failed to spot it. When I Googled the filenames, I got absolutely no hits. Luckily, it wasn't very aggressive (would lock down programs after startup and start the warning popups, but I managed to get Task Manager up before it loaded and stopped the process), so I was able to remove (or at least stop it) it myself rather easily. However, now I'm not sure that my system is fully clean. I'm afraid there's some lingering malware. Would anyone be willing to take a look at my logs to help make sure? My System Restore was also disabled by group policy (despite being on Windows XP Home), so if anyone could pass along some instructions for how to reenable that, I would also be grateful. Thank you guys so much for all your help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Lauren at 1:45:47.81 on Mon 05/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.577 [GMT -5:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svcho... Read more

Answer:Infected with some form of Windows Antispyware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 46.74%

Logfile of HijackThis v1.99.1Scan saved at 1:08:42 AM, on 9/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5700.0006)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\PCODEC\isamonitor.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\mps\mscifapp.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\... Read more

Answer:Infected With A Trojan That Comes Form Isamini.exe

Hi adaletaDownload SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!

2 more replies
Relevance 46.74%

Hello everyone!

I am quite a newbie, and I am aware that previous posts regarding Antivirus2008 exist here, however I havent found anything related to the version I apparently have.

I have Windows XP Home.

My main problem in getting rid of it through the steps details out there, is that it has blocked and deleted every access for me to remove it or kill the process, since

a) It deleted the access to my C: drive
b) It deleted the Start menu access to the Control Panel
c) It deleted the Start menu access to Run
d) It blocks my Task manager
e) It apparently blocks me from installing Ad-Aware (upon install I get a message saying the process has been blocked from the Manager)

and all of this in my Safe Mode with Networking enabled. I even had a software for removing SmitFraud, but when opening it now it has got my computer stuck.

Any ideas how to start dealing with this horrible bug?


Kind regards from Chile
Germán
 

Answer:[Infected] Antivirus2008 Pro [Aggressive form]

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide
 

5 more replies
Relevance 46.33%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 46.33%

Hey Bleeping Computer,

I am running Windows 7 Home Premium, 64bit.
Someone logged into a few of my game accounts last night while I was sleeping which in turn got my accounts locked. The games were World of Warcraft, Guild Wars 2 and Star Wars: The Old Republic. I received emails stating that unauthorized persons logged into all 3 accounts. And each account has a different Email and Password. I am not sure if they logged into any of my other emails or anything since I haven't received any warnings from anyone.

My computer has been running well, but for the past week or so my browsers have been a little slower than usual. I use Mozilla mostly, but I tested IE as well and it was slow too. Also, every 20 minutes or so, my desktop icons refresh, and if I'm on a webpage, it does the same. I'm not sure how to word it exactly, it doesn't actually "Refresh as in F5" but it (blips)or reloads if that makes any sense.
When I woke up and found out my accounts were logged into from elsewhere, I immediately ran an Avast(Free) full scan, followed by a boot scan and the results came up clean. I then ran Spybot S&D, and again, the results came up clean. After that I ran Malwarebytes(Pro) and they came up clean as well. Then I ran all 3 in safe mode but got the same clean results.

I generally keep my computer pretty well maintained since I play a lot of games. Which includes defragging every night before I shut it off, running Avast and Spybot once... Read more

More replies
Relevance 46.33%

Hello,

I have recently tried using a oldlatop that was given to me. The first sign of problems, was the laptop unbootable boot volume. I manage to use the recovery option in a xp installtion disk to fix it. Once i boot into the system, the computer was very very sluggish. Startup would take extremly long time. At first i merely attributed this to the bloatware and crappy processor. Then I installed various antispyware and antiviruses programs. Lo and behold,avast caught about 30 malware objects with a boot scan. Malwarebytes caught an additional 3. Superantispyware caught another 3 infections. Lastly Avira caught 2 infections. At this rate. I know that there are still malware on my laptop, which may be regenerating itself, or be stealthed. Anyway if you want these logs, feel free to ask. Thank so much for reading this and here is my hijack this log at the bottom of this post.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:07 PM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:... Read more

Answer:Severe infestation of various form of malware

6 more replies
Relevance 46.33%

Hello, last week I did a deeply scan in my PC. I get two messages that make me feel uncomfortable...

from HAXFIX log:

"checking for matching services
matching services found
aspi 32"

from GetRunKey log:

"Looking for forms of Trojan.Haxdoor
------------------------------------------------------------------------
Haxdoor Trojan, pptp form found!

"DriverDesc"="Minipuerto WAN (PPTP)"
"Minipuerto WAN (PPTP)"=hex(7):31,00,00,00,00,00
"DeviceDesc"="Minipuerto WAN (PPTP)"
"DisplayName"="Minipuerto WAN (PPTP)"
"Description"="Minipuerto WAN (PPTP)"
"DriverDesc"="Minipuerto WAN (PPTP)"
"Minipuerto WAN (PPTP)"=hex(7):31,00,00,00,00,00
"DeviceDesc"="Minipuerto WAN (PPTP)"
"DisplayName"="Minipuerto WAN (PPTP)"
"Description"="Minipuerto WAN (PPTP)"
"DriverDesc"="Minipuerto WAN (PPTP)"
"Minipuerto WAN (PPTP)"=hex(7):31,00,00,00,00,00
"DeviceDesc"="Minipuerto WAN (PPTP)"
"DisplayName"="Minipuerto WAN (PPTP)"
"Description"="Minipuerto WAN (PPTP)"

I tried to fix the "problem" using Haxfix (step 1 firts, then 2 auto fix and also 3, manual fix, but couldn't include pptp key, haxfix doesn't accept it, and says ... Read more

Answer:Is my PC infected with a haxdoor form pptp trojan?

Welcome to Major Geeks!

The info from GetRunKey is false. GetRunKey was written for English based Windows PCs and did not recognize the format for your PPTP text formatting.

I doubt you have a Haxdoor infection.

If you really want to continue to check your PC for malware, you will have to follow the directions in the READ & RUN ME properly and completely.
You are using MSconfig to control startups and was requested that you not do this in step 0 of the READ ME.
You did not do step 2 of the READ ME.
You did not install and rename HijackThis as requested in step 7.
And you did not attach the other 3 requested logs from the READ ME
CounterSpy
BitDefender Online Scan
PandaActiveScan

I do suggest that you delete the below three files:

Code:

"C:\WINDOWS\system32\"
lap20n~1.dll 9 May 2007 18909 "lap20nh3l4dkszi4a.dll"
qke3ki~1.dll 9 May 2007 3521 "qke3kixfeflkszi4a.dll"
xkh1ud~1.dll 9 May 2007 28613 "xkh1udoe84fkszi4a.dll"

 

12 more replies
Relevance 46.33%

I went to dictionary.com of all places and the classic virus scan popped up. I reacted slowly and I had part of the virus transmitted onto my computer. I went through the steps I used in the past. Rkill, Hijackthis, Mbam and even combofix. The problem is that Mbam and Combofix wont even open. I don't have the annoying pop ups or anything of that nature. I do have minor browser hijacking.

How do I get Mbam to work? I have never used Combofix but I was willing to give it a shot to fix the comp, but that didn't work. All my attempts were from the networking windows safe mode.

---

I stumbled on to a post that recommended using TDSSKiller. I tried it and now Malwarebytes is working. I will keep you all updated on this.

---

TDSKiller removed one threat and one possible threat. I skimmed Malwarebytes over my PC and it managed to remove a trojan. I am currently applying an in depth scan to my PC. Is there anything else I should consider doing in order to make certain I managed to get everything?

Answer:Need help ASAP. My computer is infected with a mutant form of AV

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 45.92%

Our system seemed to act strangely beginning in early March. We use ZoneAlarm firewall and it seemed to auotmatically lock on occasion upon log-in, requiring a manual "un-lock" before the internet could be used. I was suspicious there was something trying to get in or out that ZoneAlarm was "catching" and locking the firewall.

To try to detect the problem, I downloaded the latest version of "MalwareBytes" and ran a scan. It found a few issues and I chose to quarantine a few of them, but not all as some looked legitimate to me.

Upon re-booting the next time, everything went bad. A pop-up came up with the windows installer and then it said it was trying to install HPPhotosmartEssential. The system became very sluggish and the hard drive was constantly being accessed. After numerous "Cancels" to the install, it finally stopped trying to install. However, the hard drive continued to be accessed non-stop and the system was very slow. I became very concerned something was going on in the background so I shut the system down.

I tried to re-boot in safe mode and it would not boot, it either hung or gave a disk error suggesting c:\windows\system32\wbem was corrupt or unreadable and chkdsk should be run. I immediately felt I needed to do a system restore back a couple of weeks to clear off the issues. Upon trying to run the restore I received a message that the application failed to start because framedyn.dll was not found and that re-... Read more

More replies
Relevance 45.92%

Hello.

Im new here, I have been looking for information about 2 applications called "Home Cloud" and "Form1".
When I go to my Alt+TAB menu I can see these applications there, but I cant acces them.
Also in my Task Manager I can see both applications.
I dont know why there are running and how work these applications.
It could be something normal but since im a noob in this things I cant tell if they are not a malware or not.

Can anyone explain me what are these applications for and why their are in my PC?
Can I remove it both or they are some kind of essentials for my PC?

I got a capture of my Alt+TAB menu:
Selected one is Home Cloud, the one on the rigth is Form1.

Regards and thanks.
 

Answer:Home Cloud + Form 1, Malware? Virus?

I'm moving this to appropriate forum.
 

1 more replies
Relevance 45.92%

When I first fire up my computer, the following message pops up as Windows starts:

Microsoft Networking
The following error occurred while loading protocol number 0.
Error 38: The computer name you specified is already in use on the network. To specify a different name, double-click the Network icon in Control Panel.

I'm sure others have experienced this. I am not on a network, and this has happened for the last couple of days. I am running 98SE (I know...way past time to upgrade.) My Hijack log follows. I appreciate any help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:18:41 AM, on 1/9/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ajc.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO... Read more

Answer:Error message - Is this some form of malware at work?

hi there,

Did you run this scan from safe mode as there isn't much in the log?

I don't see anything in your log, have you gort an anti virus programme? if not download anti vir from below?
Anti-vir

http://www.free-av.com/
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!

Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710

you have spysweeper, update it and runn ascan from that post it's log if it finds anything?
go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again
With CWshredder close all browsers and programmes and select the FIX button.
All tools can be downloaded at the link below and found on that page!

. Trend micro CWShredder
. SpyBot search and destroy
. AdAware SE personal
http://www.majorgeeks.com/downloads31.html

*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destin... Read more

3 more replies
Relevance 45.92%

Help still needed very badly,After finally eliminating AV Security Suite I still have problems with the computer Freezing, Hanging when opening normal programs, Extreme Scrolling problems, Removing programs, Getting online and a lot of other headaches that didn't exist before. I have enclosed both DDS Logs and the GMER or ark.txt as it was instructed. I couldn't get my WinZip program to rezip the file for posting, it froze. I hope they are the correct log files. I also really hope they will allow someone to help me get my computer working again. Thanks to all again. Sincerely,TQUADDDS (Ver_09-02-01.01) - NTFSx86 Run by TOM at 16:13:50.85 on Sat 02/21/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT -6:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\system32\nvsvc32.... Read more

Answer:Malware Removal Request Form Per Instructed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.51%

I have inadvertently allowed a malware that creates infinite popups and has hijacked my web browser. I am continuously redirected to their website offering to sell me a virus protection program.My son directed me to open in 'safe' mode and contact BleepingComputer. He thinks you can help someone as old as I am!I would appreciate any assistance, I have tried to follow your guide to complete the scans, etc. before posting for help.Thanks,Lynne

Answer:Malware in the form of popups claiming a virus infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

6 more replies
Relevance 45.51%

Ok, I'm a graphic artist, and use my computer for my work, but other than that, i'm pretty much "out of the loop" on terms, virus names etc...

so a short while ago i switched from firefox, to google chrome. to see what it was like. and while i love the browser, i seem to have acquired some form of virus or malware while using it.

does anybody have any idea firstly, how to get rid of it? because every time Avast says it's been deleted, i'll get a message about 10 minutes later saying "it's back loser" (not those words exactly, but i feel my machine is mocking me...)

and secondly, whether chrome actually has massive security risks? or if it's just coincidence that i've gotten this stuff while using it.

here is the HJT log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:53:40, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program File... Read more

More replies
Relevance 45.51%

 

by Dan Goodin
Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers.
The "isolated heap for DOM objects" made its debut with last week's Patch Tuesday. Just as airbags lower the chance of critical injuries in automobile accidents, the new IE protection is designed to significantly lessen the damage attackers can do when exploiting so-called use-after-free flaws in the browser code. As the name suggests, use-after-free bugs are the result of code errors that reference computer memory objects after they have already been purged, or freed, from the operating system heap. Attackers can exploit them by refilling the improperly freed space with malicious code that logs passwords, makes computers part of a botnet, or carries out other nefarious behavior.
Source

More replies
Relevance 45.51%

OK I've followed all the steps in the 5-step process. Here's the problem, when I'm typing or even just scrolling in the current window of IE it will de-highlight and become inactive. Sort of like what happens when you get a pop-up but I'm not seeing the pop-ups. Here are my logs. First Active Scan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-29 16:51:17
PROTECTIONS: 1
MALWARE: 76
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 10.1.0.394 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================... Read more

Answer:[SOLVED] Current window keeps de-activating...some form or spy/malware?

Welcome to TSF.

I don't recommend using file sharing programs like Limewire as they can contribute to malware infections.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {1530C3A4-CA76-4F11-B091-C3B77565A91B} - C:\Program Files\ComPlus Applications\fojeru66225.dll
O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - C:\Program Files\QdrDrive\QdrDrive16.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "... Read more

7 more replies
Relevance 43.87%

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.
 
The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.
 
No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.
 
Just need to know how i can stop the svchost.exe from creating connections.
 
dds attached

 dds1.txt   9.67KB
  1 downloads

Answer:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

15 more replies
Relevance 43.87%

I have a mild adware infection that is affecting every computer that goes through my network. Superantispyware can find and remove ONE file(no active, no registry) that is associated with this attack and the problem is resolved (ie. it does not come back unless i log into this particular network, it's still gone when I restart the computer, etc). The adware does not affect any of my cleaned computers unless I am logged into MY network. A clean load of windows XP with service packs loaded will immediately be infected on my network without so much as going anywhere aside from google.com.

As best I can tell my hijack this log is clean, but here it is for those of you who are far superior at this than I am. This is from the machine I am using which is currently infected.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:43:09 AM, on 12/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJ... Read more

More replies
Relevance 43.87%

Hello,

I was contacted by some friends last Sunday who said they received lots of wierd emails from my email account. The emails contained nothing but a link. I did not send any emails over the weekend so I don't know how this happened. This must be a virus, right? I noticed my antivirus (avast!) began (a few days back) blocking a couple of malwares when downloading emails to Outlook 2007 on my laptop. It identified a infection called "Win32-Malware-gen". It now does this everytime I try to download emails and I now have duplicate emails in my Inbox. My antivirus identified the infected emails having subject "DHL Express Delivery" or "FedEx Service Notification" and a document.zip attachment which I think contained document.exe if I'm reading the Avast! log correctly. I did not open any of these emails. The antivirus moved them to chest but it seems the problem wasn't resolved. I then get a microsoft message saying Outlook encountered a problem and cannot exit. It offers me an "End Now" button, but it seems to get into a loop and the whole scenario happens again whereby Outlook reloads and I get the malware messages again.

Another problem I noticed which might be connected is that in IE8, whenever I attempt to login to any site it blocks and reloads webpage with "This tab has been recovered - A problem with this website caused Internet Explorer to close and reopen tab" message. Then it asks me t... Read more

Answer:Infected with Win32-Malware-gen - Emails (Infected?) spammed from my email account to many recipients without my knowledge etc.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

13 more replies
Relevance 43.87%

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

Answer:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

2 more replies
Relevance 43.46%

If it wasn't for bitdefender i would even get pop ups, i constantly get a message that a malware infested page was blocked and that my system is "safe"... I don't know if this helps but the name of the site that it keeps blocking is called mnh.winnershed.info/ and then a whole list of random characters.

I have tried several things as you can see above and nothing helped. Although yesterday i was hopeful after installing hitman pro, it found a few things and deleted it. I then opened up around 50 links and never got redirected. Then today i start my pc up and there it is again.

There is not much more to say besides the info i have given so far. I hope someone has any idea what i can do to get rid of it, because this is one tough sob...

Thanks
 

Answer:Infected with rootkit or virus that redirects me to malware infected pages.

This topic will be closed due to presence of pirated content.

Piracy policy
 

1 more replies
Relevance 43.46%

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies
Relevance 43.46%

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pa... Read more

Answer:Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

17 more replies
Relevance 43.46%

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

Answer:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

4 more replies
Relevance 43.46%

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

Answer:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

6 more replies
Relevance 43.05%

Hi,My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out. It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back. I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.Criminal hacker gangs are locked in bat... Read more

Answer:Infected by 36 Viruses/Trojans/Malware - Infected My Professor

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 43.05%

Hello members (: Thanks in advance for helping me.
 
So, the first time I realised something was amiss was when searches in the Chrome Omnibar were redirecting to Yahoo. If I went to google.com to conduct a search, the ads at the top of the results page would flicker, and then seemed to change (font, size etc.).
 
I uninstalled and reinstalled Chrome, I signed out, I removed all my addons and extensions before reintroducing each one. I couldn't get to the root of the problem. After a quick search, it was suggested to use SpyHunter or Malwarebytes to resolve the problem. 
SpyHunter dropped a massive list of threats after scanning only 1%. When it finally finished, there were many Red Threats, but there was the stinger: I would have to pay for the advanced version, or a license, or whatever it wanted, before removing these threats. As a poor student, I turned to an alternative. That's where Malwarebytes came in. I did a scan, it found some problems and asked me to proceed, which I did, and it claimed the problem was fixed.
Certainly, Chrome doesn't redirect at the minute, but I managed to stop it redirecting it before now; only for it to start again. I ran another SpyHunter scan, and it found all the same threats as before, which, it would seem, Malwarebytes had missed. Now, I haven't bequest any windfall since yesterday, and still can't afford SpuHunter's ransom.
So far (6%), SpyHunter has found 216 threats including Blekko (192 infections), searchinternet-a.aka... Read more

Answer:Infected with Malware which redirects from omnibar, plus other found malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

2 more replies
Relevance 43.05%

 Hi all,
 
 I am Pousoidis and I would like to thank you for the services you provide. I am pretty sure that I have a virus in my laptop. My system is an Ideapad U410 with Intel® core ™ i5-3317u 1.70ghz, 8gb ram memory, 64 operating, with windows 7.
 
 At some point I could not click on my start menu button without windows explorer notifying me that it had stopped working and that it was checking for a solution to the problem. I went online trying to read about what I could do. Eventually, I restarted my pc with the option of cheking for disk errors and that seemed to fix the start menu problem; now the windows explorer does not crash. But after that I noticed that I could not open certain programs such as skype and picasa 3 (and μtorrent which since then it has been uninstalled from my pc).
 
 It is then that I became more suspicious and decided to download and run anti-malware programs such as mabm and spybot. None of these can install itself on my pc, always some error message such as "privileged instruction". Was not sure how to proceed from that, so i searched online and came across your site. Thank you again for your help. I apologize in advance, I am not really well versed in the ways of technology. I did run 1 system restore before I visited this site.
 
so I am copy pasting my dds files: 
 
Run by Pousoidis at 13:46:22 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8053.5... Read more

Answer:Infected with some malware. Not allowed to install and run anti-malware.

Hello Pousoidis I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

16 more replies
Relevance 43.05%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 43.05%

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

Answer:Infected w/Malware that doesn't let you run anti-malware apps etc.

16 more replies
Relevance 42.23%

Hi!

I seem to have been infected with some particularly vicious malware..

I get a red bubble with a white 'x' on my taksbar. The message 'your computer is infected! WIndows has detected a spyware infection! Click here to protect your computer with spyware!'

Anti - Vir is going nuts over it (It keeps on picking up trojans and worms) Malwarebytes' Anti-Malware can't get rid of it, and neither can spybot. It has turned off Windows firewall and won't let me turn it back on.

I use Windows XP, have automatic updates turned on, am running SP2 and update Antivir, Spybot and Malwarebytes' Anti-Malware regularly.

It won't let me run ad-aware or spybot.

If you require any further information, let me know!

Many thanks in advance for any help you can give me

Rob



DDS (Ver_09-07-30.01) - NTFSx86
Run by admin at 11:14:16.37 on 02/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1023.453 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.ex... Read more

Answer:I'm Infected with 'Your computer is infected' taskbar malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

13 more replies
Relevance 42.23%

Hello! I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log: DDS (Ver_09-01-19.01) - NTFSx86 Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033... Read more

Answer:Computer Infected/Possibly Infected With Various Malware

Hi,Your system is severly infected. I can see more malware present than anything else... Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all...From the log I see:AV: Authentium Antivirus *On-access scanning enabled* (Outdated)AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)FW: Verizon Internet Security Suite Firewall *disabled*What's the point in having a security Suite / Antivirus present if it's outdated and disabled.Most probably the sub... Read more

7 more replies
Relevance 42.23%

Hiya,This computer started being very slow all of a sudden yesterday. And today, I have "Malware Defender" messages popping up at me. It's pretending to be AVG, which I do have installed, by using the same colored logo.After running RRT v4.8.0.3, got a message saying "system restrictions and/or r-media malware detected! RRT needs your urgent attention!" Yup.The DDS is pasted below, and I've attached the "Attach" file. Sure do appreciate your help! - Barbaraa.k.a. WidgetWomanDDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 22:03:05.60 on Tue 03/31/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.74 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\Drivers\WTSRV.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8... Read more

Answer:Infected with Malware Defender (and r-media malware?)

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 41.82%

I sent to look at my Sent Items tonight and to my surprise I saw another email apparently sent yesterday that I definitely didn't send.

I was astonished to find this as I have just upgraded to Vista in the last 2 days and have sent minimal emails.

The subject is "Form posted from Microsoft Internet Explorer." & is sent to a Hotmail account. The attachment is a POSTDATA.ATT. When I look at this file in txt format it has info such as one of my email addresses, my website & description - as if I had filled out a web form & pressed Submit.

Now, thinking about it, shouldn't IE let you know that it is about to send data?

One strange thing is that the email is dated yesterday evening in the Sent list, but when I open the email to view it, it will always have the current date & time - seemingly from the Windows clock.

I am thinking that either

1) this is due to a bug in the new IE & yesterday I visited a website which submitted data via email without my knowledge or

2) this email is an old email that I Imported from backed up email (PST format) from a form I ACTUALLY sent that Internet Mail has redated - maybe something went

Sorry for the long post but I'm just wary, hope it makes sense! I was liking Windows Vista so far!
 

Answer:Sent Items: Form posted from Microsoft Internet Explorer. - I didnt submit any form!

I have moved this to vista forum as I believe it is more likely to be a vista live mail issue
 

3 more replies
Relevance 41.82%

Hi all

I have a simple Access (2003) db which has a single form view with a subform. The main form is a record based upon a physical case file the subform only details actions past and future, a sort of event log.

I also have a continuous form which displays all upcoming actions sorted by date on all cases for a particular user so they can see just how busy they are likely to be for a particular period. What I would like to do is have an on click() property for the detail of the continuous form so that it opens the main form filtered by the record in the continuous form that was clicked. User can then update or add new events for that case before closing form and returning to the continuous form

Hope this makes sense
 

Answer:MS access open single form filtered by selected record in continuous form

coasterman, welcome to the Forum.
It makes perfect sense.
If you add a Command Button to the Continuous Form and after selecting the mainform select the "Open the Form and find specific data to display". This will give you the code that you need to add to your On Click or On Double Click property or of course leave the button and use that.
 

2 more replies
Relevance 41.82%

Hi All,

Noob first-time poster I'm afraid!

I'm new to Access 2007 (but have used 2003 & 2000 reasonably extensively).

I'm building an App and have created all the necessary tables, as well as creating the relationships in the Database Tools area (which I know are correct - I'm a SQL Server DBA in my day job)!

Anyway, it's an almost text book example of an employers and employees database; one employer having many employees (employerID is the foreign key on the employee table).

I have created an employer form (using the wizard) which is fine, but then when I add a button to open the employee form (selecting 'Open the form and find specific records', matching employerID on the Employer table with EmployerID on the Employee table) it doesnt work. Instead, I get a popup box asking me for the EmployerID! Even if I manually enter the correct employerID when the popup box appears it actually displays all records, so I'm sure that the problem is more fundamental (and therefore, probably my fault)!

I'm hoping that I've just overlooked something REALLY stupid, but would apprecaite any suggestions!

Cheers,
Ian.
 

Answer:Access 2007 Form Button Wizard - Form does not open with the correct records

I have seen this kind of problem with Access 2007 VBA code which does not work when it dod in 2000-2003.
It can be a Syntax problem which you may be able to get around, if not you can get around the problem bby using a Criteria in the Query that supplies the Employee Form.
Although I would have thought it would be better design wise to have the Employees as a Subform or Tabbed Subform on your Employer Mainform.
I do not have Access 2007, only 2003 so I can't help with the VBA, but you could post the code anyway.

Did you use a Wizard to create the Employee Form, if so check the Record Source SQL it may be preventing your EmployerID from working.
 

1 more replies
Relevance 41.82%

Hi all. I do have another post going but do not want to cram so many questions in one post. (Hope that this is an acceptable practice )Anyway, my Sony desktop crashed the other day. I had a new Hard Drive installed and recovery disks were used. PC is good to go. Trying to tweek it back to the way I am used to having it.QUESTION:I had a form filler program called ROBOFORM on this PC before it crashed. I had MANY years of passwords and stuff saved there.When I brought this PC to the Geek Squad at Best Buy the other day to see if the PC could be repaired, I was told the hard drive went. They were, however, able to make a disk with my ROBOFORM passwords. I can not get the disc to open the list of passwords. It asks me where I want to open the and give me a list of choices. (Paint, notepad, adobe etc.) None of them will run/open the files so I can see them.This was a program that I paid for. How can I make the disc start to fill my forms again when I am at certain sites? (Gee, hope I am making sense)I just realized I never downloaded the ROBOFORM program onto this pc.  Does that have anything to do with the disc not opening??If I go and download ROBOFORM, how does it know who I am. How will it know about the disc full of passwords? How do they recognize each other?HELP PLEASE..........My Passwords are VERY important to me.Thanks!!

Answer:ROBO FORM / Form Filler - Help Needed Opening/Running a Disc

Yes. I know the website but what do I do? Will they know my info or do I need to pay again. I am lost.(Sorry)Dee

6 more replies
Relevance 41.82%

Hello,
thanks for taking a look at this thread, any help will be greatly appreciated by a complete Noob.

I've been given a LOT of help by members of this Forum (especially OBP) with a DB I'm making as a first look at any type of IT product, and I'm very grateful, so thank you all.

Recently, I was advised to take a look at the "Tabbed" style of "MainForm" instead of the "Switchboard" style I originally used. I must say, I really like the tabbed style much more than the switchboard but I've hit one hurdle that I can't seem to overcome.

In the Switchboard style, I was able to set a form to load in either DATA ENTRY = YES or DATA ENTRY = NO mode depending on which sub-switchboard the user selected. For example, I had a ENTER NEW sub-switchboard that all forms would open in DATA ENTRY = YES mode & I had another EDIT EXISTING sub-switchboard that all forms would open in DATA ENTRY = NO mode.

However, with the new tabbed style, I cannot set the form load type for separate tabbs, it will only accept the LAST type as the GLOBAL type. Example, on the ENTER NEW tab, I set the form to load as DATA ENTRY = YES & sets the form to open in DATA ENTRY = YES on both tabs, then I go to the EDIT EXISTING tab & set the same form to DATA ENTRY = NO & it sets the form to open in both tabs in DATA ENTRY = NO mode.

So, my question is:
Can I set the same form to load differently on different tabs on the same MainForm?
If so, w... Read more

Answer:Solved: MS Access - Tabbed MainForm - How to make a form open a form in multiple mode

I would just copy the Subform, so you have version 1 for data entry with the Data Entry set to "Yes" and version 2 set to "No".
The only thing you need to do then is to Requery the Editing form each time you make an entry in the data entry form.
Although I prefer to just have an Edit form with a "New Record" button for the data entry.
 

2 more replies
Relevance 41.82%

My multi item form isn't letting me add new records, only update and delete current ones.

My guess it that this is because the form is based on a multi-table query. That's fine, I can make a new form specifically for adding new records, but I'd like to be able to salvage this form if possible. Is there any way to either force this form to accept new records in the bottom row, or is there any way to get rid of the "add record" bottom row completely so it's not misleading users into thinking they can add records here?

Thanks in advance.
 

Answer:Solved: Access 2007 - multi item form (continuous form) trouble adding records

16 more replies
Relevance 41.82%

Hello

I have a subform which on its own - works beautifully but fails under the mainform. I use a main form to select the record that the end user wants to update. Upon update event on main form, the sub form opens, presenting fields for possible updating. The Sub Form also present 2 buttons - Save & Close or Cancel and Close (Undo). When the main form opens, the code set AllowClose as False. When the sub form is opened as a result of the update on the mainform, the issue is the Close command /code gets canceled. (Error 2501). I have tried: 1. setting AllowClose (true and False) on both forms, 2. only the main form and 3. only the subform. None of these 3 configurations resolves the issue. Also, I tried moving the buttons to the mainform instead of the sub form but that failed as well.

The application has a dozen forms and all of them utilize AllowClose functionality so the end user MUST use the buttons on the forms to force background queries (updates, deletes, perform calculations, recalc control totals etc). This is the first time I have tried to use Allow Close on a subform with buttons.

XP and Access 2007

KEY ELEMENTS OF THE CODE:

Private AllowClose As Boolean

Private Sub Form_Load()
AllowClose = False
End Sub

Private Sub Form_Unload(Cancel As Integer)
Cancel = Not AllowClose
End Sub

Private Sub SaveChangeandCloseForm_Click()
AllowClose = True
DoCmd.Close

Private Sub CancelAddingNewRecord_Click()
If Me.Dirty Then
Me.Undo
End If
If Not Me.NewRecord Then
En... Read more

Answer:Action Canceled - Using AllowClose on Form and Sub Form - Access 2007

Why not just use a listbox to display the records based on the selection on the main form? I don't think you can actually close a sub-form on a main form since it is tied to the main form.
 

2 more replies
Relevance 41.82%

Morning Guys.

I am having a problem with Access 2007. I am not good with code, so would like to resolve this without using code if possible?

I have a form "A" that I have created. I want to be able to select a row on form "A" press a button and it will open a form "B" based on the selected record in form "A".

I have had a look at the button wizard, and it lets you have the option, but when you go through the wizard, it gives you an empty box on the left and a box on the right showing all the fields in the form "A". Nothing to relate to?

Any ideas?

Thanks
AJ
 

More replies
Relevance 41.82%

I have a database which ultimately will have a couple of thousand records. The primary table has 30+ fields. I have lots of queries and connected reports to show various subsets of the data needed from the table. However, there are times when what is needed is all fields for a specific subset. Because the records sought often need to be filtered by several criteria, I've found the "Filter by Form" option to work well. I have a button on the main dashboard marked "Find Record" that automatically opens a search form in the "Filter by Form" mode. This allows me to enter information into as many controls as necessary, and returns exactly the right records after clicking on "Toggle Filters" on the ribbon. The problem is that ultimately I need to make this "Access-free". The goal is to create an application from the database without ribbons. I've created a button to run the filter, and another one to print the results, but when the search form is open in the "Filter by Form" mode, it greys out the buttons. I understand that there is a GotFocus command or something similar. Can anyone help with specifics, both the syntax of the command and where the command needs to be typed? Thanks a bunch...I look forward to your reply.
 

More replies
Relevance 41.82%

Hi All,

I need some help to figure out how to do a project.
i was given a sample tax form from the government that i have to re-create in electronic format. I have to build the form to match their specifications exactly. I've tried to do it in MS Word 2003 using a table, but the when i try to ensure that the tables cells are the same size as that on the paper - the tables keeps either changing the dimensions of the cell or changing the dimensions of other table cells.

the major thing is to ensure that the form i build matched that paper sample exactly - for example i cannot be off by even a millimetre.

In addition to that, my company has extracted the tax data for its 400-500 employees into an Excel Spreadsheet. I have to use the excel spreadsheet to make the "form" i created fillable.

The previos analyst used ms word 2003 and created the form using the drawing menu and text boxes and then mail merged the info in the excel sheet to the word doc.

can someone suggest an easier to do this? i wold be grateful for any help i can get.

Regards,
Ariane
 

Answer:Create Electronic Form to match sample paper form

Ariane,
Welcome to TSG

If I got your meaning correctly, then yes, ther's an easier way.
I'm almost sure that you can create the form in Excel, though setting the exact sizes and positions could be difficult.
I'm absolutely sure that you can create the form in Powerpoint, and with this latter, setting the exact sizes and positions should be much more simple.
Automatically filling the Powerpoint form is also possible.

If you only need to print out the filled forms, or create PDF-s, this Powerpoint-Excel duo might be good for you.
If you need to do further calculations with the filled forms, then I strongly recommend to stick with Excel.

I'm also curious what others can say.
 

2 more replies
Relevance 41.82%

I have a form Third party Invoice.I need to calculate taxes for GST like as it done for Purchase order,sales order.
so please help me how to calculate taxes for my customized form  ????

More replies
Relevance 41.41%

I am a new user to Access 2010. My operation system is Window 7.
I have created a data base with two tables. The first table contains a list of students and their personal information. The second table contains student subjects and has many subject records with a relationship to the student record. The relationship key is the student id.

I have created a form that populates with the student information and contains a subform that populates with that students subjects. All of this works great for existing students. I can edit the student information and and new subject records.

Now here is my problem. I would like to create a form that preceeds my current form. The user would input a student number and click search button. If that student number exists on the student data base then the form that I created should open populated with the student data and their subjects and allow the user to update it. If the student number does not exist, then I would like that same form (or a form with the same layout) to open and the only data populated is the student number that was input on the search form. The user should be able to input all of the student data and course information and hit a save button that would insert the records into the correct database tables.

I have tried many methods to create the intitial search form that would open the correct version of the student form without any progress. Could someone provide me with the macro that would open that correct form, or set t... Read more

Answer:Access query to open Add form or Edit Form

needaccesshelp, welcome to the Forum.
First a couple of points, you do not need to "save" the record, access does so automatically. Also when creating a New record the subform should be automatically populated with the Student Number, this is controlled by the master child links.

The combo you need is a Find combo which can be created using the combo wizard, that combo can have it's Not In List Property set to yes, which can then be used to trigger adding the student that to the table and then to the form (and combo).
 

1 more replies
Relevance 41.41%

Here is what I'm trying to do.

For lists Equipment in drop down box.
Whatever equipment that is select, the equipment type field needs to be updated from a table.

Is there a way to get a value from SQL statement?

SQL = "SELECT [Equipment Type] FROM OrderDetails Where " _
& " Equipment = '" & Me.Equipment & "'"
[Forms]![OrderDetails]![Equipment Type] = SQL
 

Answer:Help with access form (insert table value into form field)

Mhouser, if you are trying to "display" a value related to the Combo selection you can have thta value as an extra column in the combo and refer to it with simple VBA.
You should not populate a Field's actual value with that from the combo as that is duplication.
Can you tell me which one you are trying to do?
 

3 more replies
Relevance 41.41%

I have this small database I am converting from A97 toA2010. I created a new A2010 db and pulled over objects I needed. Everything is tested out and working fine.
I also added a drop down box to the main switchboard toselect a "user". Its purposeis so the filter through all the records and pull up only the list of drawing #for that specific drafter.
So I have a table called tblSign_In which has UID autonumber, and the employees name. Thiswill be the user names for the drop down of the Main Switchboard.

I have a table called SHEET LIST that list all the data Ineed to display. This will end upholding tens of thousands of records of information about drawing. I added to this table a field called theLogInID field (UID) to link back to the tblSign_IN, and the correct number andcombination.
I also have a query called qrySHEET LIST which selectsall SHEET TABLE and inner joins to thetblSign_IN to pull the Employee Name linking on a LogInID field.

What I was trying to do is filter SHEET LIST form (my outputform) by the user selected on the MAIN SWITCH form in the drop down box Icalled cboSignInEmployeeName.
For example:
Sheet List (tbl) might contain information like: Sheet# 22a6; description Dryer; buildhours:12; drafter #4.

qrySHEET LIST (also my ouptut data) is pulling all theabove, but replace 4 with actual drafter’s name, John Smith.
To filter, I have two methods:
The query is my record source for my form SHEET LIST, so Iadded

WHERE (((tblSIGN_IN.[Employee Name... Read more

Answer:Filtering a form using selection of a combo box on a another form (user ID)

13 more replies
Relevance 41.41%

Can someone please help. I'm I can't seem to figure out how to keep an imported Excel file open to my users once I lock the Word form that I imported to. I need for my users to be able to be able to fill out the form as wellas open that Excel file if they need to. Any help would be greatly apreciated.
 

More replies
Relevance 40.59%

Unable to convert Word form to Excel form. Tried screenshot of Word form, pasted to Excel sheet and filled-up by text but the text itself always mis-arrange.Kindly help me please...

Answer:Convert Word form to Excel form

Rather my cherry picking and copying a few how to... suggest you follow the results here:http://tinyurl.com/zxfccfrIt's a google list found using:convert excel document to wordas the search term...

2 more replies
Relevance 40.59%

Ok guys, I can give a really easy example of this problem I'm having right here on the message board. If I place my cursor in between these two words (this) (that) and then click on a smiley, it SHOULD insert the smiley face in between them. I'll do it now.

See how it put it at the very end of the line? When I'm finished typing this whole thing, I'll try to insert a confused smiley here ( ) .

The same happens for ANY auto-insert stuff, whether it be the hyperlink or the quotes button, anything here. Its annoying . Anyone know how to fix this? No matter where my cursor is, it always inserts the auto-text into the end of the post.
 

Answer:Firefox - Form auto-insert always at the end of form

I imagine it's a quirk of the javascript in VBull. IE has added a lot of nonstandard code that makes editing windows more robust, and I expect that's what VBull is using. If so, there is no workaround.
 

1 more replies
Relevance 40.59%

Hi all. I have different table for each type of inventory that we have. I would like to design one master form that would ask what type of inventory that the user would like to enter. Depending upon what the user selects, it will change the fields to the categories in the pertaining table. Is this possible?
 

Answer:using a form field to select display of a form

12 more replies
Relevance 40.59%

I inherited this Excel document and have been asked to modify it so that when a selection is made from a drop down list a Form pops up for them to enter the reason. I put this code into Private Sub Worksheet_Change(ByVal Target As Range)

If Len(Trim(Range("$H$" & Target.Row).Value)) = False Then
Exit Sub
Else
If Len(Trim(Range("$H$" & Target.Row).Value)) <> "" Then
ProcessReasonForm.Show vbModeless
End If
End If

Which worked fine on three machines that I tested it on locally. However in the 2 remote location there it was tested it the Form would pop upwhen ever any changes were made to the spreadsheet. I need the form to only come up when a selection from the dropdown list in column H is made. As no personal data is in it I'll post a copy with this. To view code use "amber". Any ideas would be great as I'm lost as to why it's happening out there but I cant recreate it.

Thanks
WT
 

Answer:Solved: Form call is causing the Form to pop up everywhere!

File is attached. Code to unlock code is amber.
 

2 more replies
Relevance 40.59%

Hi all.
I have a form word document that looks ok when viewed but when printed there are the words "formdropdown' in areasthat should contain names, addreses, etc.
Running XP Pro.
The form works ok when printed from other pcs.
Having the same prob with other forms.

Please help.

Thanks

Thee

Answer:Word Form Doc Printing Crap Instead Of Form.

?

3 more replies
Relevance 40.59%

I have my form sending to my e-mail so it prints out my data line by line. Can anyone give me some pointers on how to get this data into a nice form that can easily be read.

E-mail from From Looks like this.

jnum=12345
jtitle=blah
fname=nick
mi=d
lname=johnson
ssn=1234
[email protected]
oname=
address=123321
 

Answer:Form to E-mail back to a Viewable Form

6 more replies
Relevance 40.59%

Actually, it makes sense because it's in the middle of the form where the cursor is sitting and the user will first enter their data. But first they need to read the instructions at the top of the form.

Is there a way to set it to load the page scrolled to the top rather than to the middle where the data is to be entered?

Thanks, Peter
 

More replies
Relevance 38.95%

Hey I am still having trouble taking info from a form to a printable page. Now I want to take the simple add it up form that I have and transfer all the items they add up and the total to a printable page. Are cookies the way to go. Should I set a cookie and retrieve it, and how do I set a cookie to the javascript that calculates my total?

Here is my add up form.<FORM NAME="MyForm">
P>Size<SELECT NAME="size" SIZE="1" ONCHANGE="totalPrice()">
OPTION VALUE="0" SELECTED="SELECTED">-- Select --/OPTION><OPTION
VALUE="2400">4' x 4'</OPTION><OPTION VALUE="3550">4' x 6'/OPTION><OPTION VALUE="4125">4' x 8'</OPTION><OPTION VALUE-"4700">6' x 6'</OPTION>
OPTION VALUE="6300">8' x 8'</OPTION><OPTION VALUE="7900">8' x 12'</OPTION></SELECT>
/P>
P>Ceiling Height-(at least 8'?)<SELECT NAME="ceiling" SIZE="1" ONCHANGE="totalPrice()">
OPTION VALUE="0" SELECTED="SELECTED">-- Select --/OPTION><OPTION
VALUE="0">Yes</OPTION><OPTION VALUE="0">No</OPTION></SELECT>
/P>
P>Door Hinge <SELECT NAME="hinge" SIZE="1" ONCHANGE="totalPrice()">
OPTION VALUE="0" SELECTED=... Read more

Answer:Its me again Can you set a cookie to any type of form, ie: add it up form

7 more replies
Relevance 38.95%

Hi! I got this problem!

I have 2 forms. A main form and an extended form. I want to pass data from a field in the extended form to main form and save it in the main table. So the field's name in the extended form is: txtBDiluentLot, the name of the main form: BondSparF and the name of the extended form is BondDiluentF. I have written a code:

Private Sub StängKnappen_Click()
Me.Refresh
If IsNull(txtBDiluentLot) Then
'do nothing
Else
Forms![BondSparF form].Form.[BondDiluentF].Form.txtBDiluentLot = Me.BDiluentID
Forms![BondSparF form].Form.[BondDiluentF].Form.txtBDiluentLot.Me.SetFocus

End If

DoCmd.Close

End Sub

.... But when I run it it says: Run-time error: 2450

Microsoft Access cannot find the referenced form "BondSparF form".

Why I can't run it???

Thanks a lot!
 

More replies
Relevance 38.95%

This ought to be pretty simple to do. I have a small table that contains contact information for a number of businesses: name, address, etc. I have an “ID” field that is an auto number and is the PK. I have created another table that contains the business name, date of a donation and a memo field to hold the donation info (since it’s stuff instead of money.) In the second table, “ID” field is also an auto number and is PK. I have related the tables with a one to many: theoretically one business with many possible dates/donations which is the basic premise. I created a main form to input the business data and created a sub-form for the donation data based on their respective tables. Each business will be unique but a business may give multiple donations, say one each month or more – whatever.

I can’t get it to work. I’ve got that big, honkin’ Access 2000 Developer’s Handbook but am still getting up to speed using it…. but I’ll keep looking until I hear from someone!

Thanks.
 

Answer:Access 2000 Form/Sub-form

9 more replies
Relevance 38.95%

I have a 256 meg mp3 player can anyone sudjest a program where i can convert the songs from cds to mp3 form , i foiund some but it can only convert 5 song from each cd. ( IT NEEDS TO BE FREE ) THANKS!!!!!!!
 

Answer:problem converting cda form to mp3 form

perhaps a trial version like this? http://www.audiotool.net/
 

14 more replies
Relevance 38.95%

Hello all,

I am creating a school database, and I'm having trouble with the register students part.
i have the form for new course, and the form for new student. so how do i create a button on the course form so that when i click add new student, the new student forms pops up and is linked to that course.
thanks again!
 

More replies
Relevance 38.95%

In access, I have a field that connect to a popup form for selection and after selecting the data required, the data did not print in the field. How can I have the data in the popup form to be printed in the field.
 

Answer:Transfer data from a form to another form

aattas, welcome to the Forum.
Can you explain a bit more about what you are trying to do and why you are using a pop up form?
 

3 more replies
Relevance 38.95%

I am new to Outlook forms so my apologies in advance for the silly question. I bought a book to support me with my outlook 2007 and found that you can do forms. I have created a form and saved this in my personal folder. when I send this it looks ok, when this is received all the form content has gone and a normal email shows up at the receiver's end. I cannot find anywhere why this does not work. I delete the cache file but that did not work. Any help really appreciates, Kind regards, JBS
 

Answer:Not form content when form is received

If its a HTML form and you're settings are set to send Text only then that is why.
You need to be sending HTML formatted email which might I add is frowned upon by many email providers.
Plenty big businesses won't accept HTML email for security reasons. text only.
 

3 more replies
Relevance 38.54%

I want to create a form in a sort inbox style so i ahve a list of records at the top in a datasheet and then by clicking on the list the details should show up in colunmar view below.

Sound simple its not.

I can get it to work the other way round by having a datasheet subform in my main form but thats not much use.

What i need to do is to somehow reverse how the form subform relationship works.

Any ideas?
 

Answer:Access: Form with subform datasheet. Selecting record on datasheet shows in form.

12 more replies
Relevance 37.72%

Hello I found an answer to this question but it was specific to his form. I have several Excel Logs (Tables) that contain information that is also entered into a separate form. Some forms are in excel and some are in word. I would like to hit a button that transfers a row of data to the form so i only have t enter data once. The forms will have additional information that will be entered. The forms are saved as a specific file type and are also printed so the answer that i found on this site may work but it puts the data into a different spread sheet in the same workbook and i need to send the data to a new workbook and in one case to a word doc. Can someone help me out. I have attached a couple examples of what i currently do.

Thanks for the help
 

Answer:Solved: Populate Excel Form and Word Form from Excel Table

16 more replies
Relevance 37.72%

Ok so I regularly download stuff and once downloaded a trail program. I went on another website and stupidly downloaded the "serial" for it and instead installed a bunch of viruses/worms/trojans (whats the difference between these anyway?)

The anti-virus I had at the time (CA) immediately popped up and told me this and I closed the installer as fast as I could. Anyway for the next couple days I battled Voodoo (I think thats what it's called) and countless other things I don't even remember. Then I found this website uninstalled CA and underwent the Vista Cleaning Procedure to a te.

Of course the damn summabitches are still lying in the depths of my poor computer. :cry

For some reason AVG couldn't create reports of the scans so I used the online Kaspersky instead.

Computer: Dell Inspiron 1501
Memory : 1918 MB
Edition : Windows Vista Home Premium

Thanx in advance
 

Answer:Please Help Infected with Malware

Hi Swarthy Geek!
Welcome to Major Geeks!

Were you able to run CCleaner? Your logs show that you have temporary files that are infected and should have been deleted but weren't. Please run CCleaner in the default position. Double click on the icon to open it. The windows tab will be the one on top. Just click on Run Cleaner in the lower righthand corner and say okay to the warning. When it's finished, the Run Cleaner button will be active again. Just close the window.

abri
 

15 more replies
Relevance 37.72%

I'm using a Dell desktop with Windows XP Pro, and I got hit by a bunch of malware while cruising the interwebs. It completely locked up my computer, so I restarted it, but for some reason it wouldn't recognize my USB keyboard, even though everything else (my USB mouse, ipod, etc.) still worked fine.
After fiddling around, I discovered that it worked fine during the initial startup (when you can press F2 to get to the boot menu and such), but not after XP started and I needed to input my password to log into Windows. After even more messing about, I found that it works fine when I boot up in safe mode, so I did, downloaded malwarebytes and thought I got rid of the infection. Unfortunately, my computer still only recognizes the keyboard when in safe mode (which is where I'm typing this from). Anyone have any idea as to what's wrong / how to fix it?

Answer:Infected with malware...

You have posted about the same issue here http://www.bleepingcomputer.com/forums/t/333140/infected-with-malware-now-keyboard-wont-work/ in Am I Infected.That post was made on July 19th, and I see that it has not been responded to.In order to help you, it's best to keep everything related to the issue in one place. Since I am not a malware removal expert, the best thing I can do is ask for someone who is to take a look at your AII post AND have this one closed.edit to add: I've put out a call for someone to look at your topic in AII.Those who are dedicated to helping people with malware issues do their best to respond in a timely manner. Unfortunately, due to the number of HELP posts, some get overlooked. Hopefully one of them will respond to you very soon.

2 more replies
Relevance 37.72%

HelloAfter the success of cleaning out the problems that i had on my laptop, thanks to the BC team, i decided to do the same for my PC. I wasn't sure whether ir not to use the same topic or not but i created a new one just in case.I was tempted to repeat the steps that 'boopme' gave me for my laptop but then i realised that its a different machine and that i would have to post logs in my reply.My PC is running extremely slow, many pop-ups, most applications take minutes just to open, among many other errors such as windows minimizing without any prompt and programs/files that i've never downloaded or seen before.I would appreciate if someone would give me the steps to resolve this infection.Thanks

Answer:Infected with Malware! Help!

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

7 more replies
Relevance 37.72%

I gues my PC is infected with some kind of malware. My Sister unknowningly installed the Webfetti Toolbar and since then my PC has slowed down considerably and also internet speed had reduced drastically. I have a software called Cports which you must be aware of. There are 15-20 unknown processes accessing ports on my PC. I have original Windows XP SP3 and Norton Antivirus 2010. Please help me in disinfecting my PC.I hope my method of posting is correct.Thanks in advanceRavi LaguDDS TEXTDDS (Ver_10-12-12.02) - NTFSx86 Run by Pradyunma at 16:53:36.35 on Tue 01/25/2011Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_21============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKxdm605YYIN&ptb=dzenwcpIjveHo0mOPwHsJguSearch Page = hxxp://www.google.comuSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}uSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/iemStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Settings,ProxyOverride = www.gadima.com;*.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: ... Read more

Answer:Infected with Malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

35 more replies
Relevance 37.72%

Problems:
-if i double click on my drives C: and D: it ask me what program to use.
-some programs take idk(long) minutes to open.
-i cant use system restore on safe mode.
-hidden files cannot be unhidden.
-had reports of malware by my AV, stated recommended action: move to chest... but still comes back out.
-overall: degrades my pc's performance.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Miguel at 12:06:33.07 on Sat 04/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.580 [GMT 8:00]

AV: avast! antivirus 4.8.1335 [VPS 090403-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:&#... Read more

Answer:Infected with malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

13 more replies
Relevance 37.72%

Hello,
 
I am happy I found your site and I hope you can help me diagnose my problem and possibly fix it. I think I have a conficker worm on my computer. I tried opening a video online from a site I have never been to (should have known better ;( I also forgot the name) and all kind of different pop-ups came up. Ever since then, my computer has been acting weird. Some keybord functions are not working any more. I cannot access certain sites on the internet and the internet explorer and firefox crash frequently, the computer runs slower than usual. I have completed all steps as noted in your "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and so now I am posting the DDS log below. I hope you can help. Thank you much in advance.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 1.6.0_30
Run by Eva at 20:06:26 on 2013-02-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.34.1033.18.4095.2157 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Micros... Read more

Answer:Infected with malware?

Good evening.
Is there any reason why you have specified conficker as the infection?

2 more replies
Relevance 37.72%

HI,
 
 
 
I've had malware on my computer for awhile.When I visit some websites,I get popup ads related to buying,they say Random App on them.
Also,a webpage will sometimes come up,saying something like : Warning - your computer is infected (usually  someone's voice saying this and a number to call 
for help).
Two sites that are often blocked by Malware Bytes are : trafficonlinestorage.in  and  superguide.work ,the notice that these are blocked comes up several times 
each time I use the computer.
 
A webpage that has come up before is http://privilegesbox.net/passthrough?&url=
 
Also,when I visit some websites,words in capitals are highlighted,there is a green  arrow to the right of the word.
 
Sometimes, a webpage I am on will be unresponsive.
 
I've tried System Restore before and it has worked,up until recently. 
I've also used some programs to try and eliminate the  malware,but it is still there.
 
 
 
 here are the logs :
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Danny (administrator) on OWNER-HP on 22-07-2015 17:36:58
Running from C:\Users\Danny\Downloads
Loaded Profiles: Danny (Available Profiles: Owner & Danny & Barbara)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan T... Read more

Answer:Infected with Malware

hi,
 
Iam only on this site once or twice per day so you may not get a reply back from me until the following day.
Chrome is hosed. You will have to completely uninstall it then reinstall. You can export the bookmarks first to save them.  And reinstall any extensions you had.
 
Uninstall Chrome in Windows Vista/ Windows 7/ Windows 8 
Close all Chrome windows and tabs.
Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
Click Programs and Features.
Double-click Google Chrome.
Click Uninstall from the confirmation dialog.  --->  delete your user profile information, like your browser preferences, bookmarks, and history, select the "Also delete your browsing data" checkbox.
Install Chrome link:
https://support.google.com/chrome/answer/95346?hl=en
 
Do you know what this is:  C:\Program Files (x86)\Strong Guest\Strong Guest.exe
Dosnt appear in your add/remove programs panel. Iam guessing its malware. We can remove it with FRST. Want to make sure you didnt install it.
 
If you didnt install or know what it is-- it you can do this:
Copy whats below in the code box into notepad. Save it as fixlist.txt in the same location you have FRST. Start FRST like before except this time click on the fix button once.  Machine may reboot to finish. You will find a fixlog.txt in the same location as FRST. Please post the fixlog.txt

R2 Strong Guest; C:\Program Files (x86)\Strong Guest\Stro... Read more

8 more replies
Relevance 37.72%

Have complete the detailed instructions in the users guide with no success.
Problem started after trying to download video from the internet.

Malware is showing up in the icon tray as a yellow trianglular alert, telling me that I am infected, and directing me to purchase software at www.aflgate.com.

Log files are attached. I think I did everything as instructed.

Thanks in advance for your help.
 

Answer:Infected with Malware - Please Help

additional log files

(Also.....note that even though I removed "video access activeX object" using program add/remove, the folder is still present under "C:/programs files/........I'm sure this is my problem, but I can't seem to get rid of it.)

Thanks again.

Bonaroti
 

6 more replies
Relevance 37.72%

Symptoms: random slow down/stalling out/usage up to 99%; lots of chrome processes running,at 32 bit instead of 64, Custom Google Search opens in firefox automatically. I've run every malware anti-virus program I can and it hasn't found anything but I know its there. I followed all the directions for uploading my logs and they are attached and copied below. I hope someone can help me! Thank you! 
--
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by margoo at 11:33:04 on 2013-12-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.2167 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32... Read more

Answer:Infected with Malware-Help!

Hello MargeeAK I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

17 more replies
Relevance 37.72%

The virus seems to do two things:
1. It replaced ads in trusted sites (ie BBC) and replaces them with other content.
2. It redirects me to incorrect web pages when I do an internet search.
3. It stops anti-malware software from being used or updated

I tried Malwarebytes Anti-Malware and had to re-name it to scan. It found some minor worm, but not the source of this virus. My logs are attached, I would be extremely helpful for any advice or help.

Answer:Infected with serious malware - not sure of the name

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 37.72%

Hello,

My computer has become infected with malware. I first started noticing problems when software I had installed stopped working or lost functionality.

A few specific examples: my Deltek Vision stopped working entirely until I updated Windows. Once I updated Windows, my sametime stopped working. Adobe Acrobat also started hanging very regularly. When I tried to update Acrobat, it kept repeatedly trying to install the version that it already was at (10.0.3). When I tried installing Symantec, the software wouldn't install.

I attempted to follow the instructions "Read this before posting for malware..."

I don't think the DDS.SCR file worked correctly; I only got one output file that opened in notepad. I saved the output file as .txt and have included it here. I didn't run the gmer file because I have a 64-bit system.

Any assistance would be greatly appreciated.

Thanks.

Answer:Infected with malware, need help please.

I wanted to post a follow-up item to provide additional information. My browser is also occasionally redirecting me to random sites.

I also see ads hovering over the website I'm actually on, in the bottom right corner of my screen, when my browser is open. The ads are to random things. Currently displayed is an ad from ilivid that has a large green "download now" button and a large purple "play now" button.

I tried rerunning my dds.scr but keep getting jibberish. Please see a small sample below.


Code:
MZ?   ?? ? @ ? ? ? ?!?L?!This program cannot be run in DOS mode.

$ 1??:u??iu??iu??i??iw??iu??i???i??id??i!??i??i???it??iRichu??i PE L ??K ?   P  * 0? ?  @        ?  ?      `    ` UPX0 *   ? ?UPX1 P ? F  @ ?.rsrc    J @ ? ... Read more

1 more replies
Relevance 37.72%

When searching on Firefox, will get directed to different sites.Can't update my CA anti-virus, can't run any removal/scan tools for malware.I have no idea how to fix this so please help!DDS (Ver_09-06-26.01) - NTFSx86 Run by SarahAndrew at 17:18:27.49 on 21/07/2009Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.2038.922 [GMT -4:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}============== Running Processes ===============C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k rpcssC:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exeC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k GPSvcGroupC:Windowssystem32SLsvc.exeC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k NetworkServiceC:Program FilesCASharedComponentsHIPSEngineUmxCfg.exeC:Windowssystem32Dwm.exeC:WindowsSystem32spoolsv.exeC:Program FilesCASharedComponentsHIPSEngineUmxPol.exeC:WindowsExplorer.EXEC:Program FilesCASharedComponentsHIPSEngineUmxAgent.exeC:Windowssystem32svchost.exe -k L... Read more

Answer:Infected with Malware I think

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.Do also this:Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

2 more replies
Relevance 37.72%
Question: Malware infected

I have 2 of 3 logs you seem to need. DDS would not give me a log sheet, just scans and disapears.If anyone can help, that would be great.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:33:40 PM, on 11/22/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Bell\Bell Internet Security Services\Fws.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeL:\Turbine Download Manager\TurbineMessageService.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Alcohol Soft\Alcohol... Read more

Answer:Malware infected

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

2 more replies
Relevance 37.72%

Everytime I open a browser or try to load a new web page I get a pop-up that says something along the lines of," Warning! a dangerous threat on your computer has been found download this program now to clean out your computer before your files are lost." Everytime I try to search on Google I get some obscene pornography at the top of my searches. I have never encountered anything like this before and I didn't realize a trojan was being downloaded onto my computer. As of right now no damage Is done to the computer that I am aware of other than the things I have already mentioned. Also when I ran the DSS program it only gave me a main.txt page. Here it is:Deckard's System Scanner v20071014.68Run by James on 2008-04-11 01:09:28Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as James.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:09:32 AM, on 4/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files&#... Read more

Answer:Infected With Malware

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: FLW Viewer - {2B53C730-8A79-4E13-A35F-3E41CA13E12F} - C:\WINDOWS\cndr32a.dllO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabClick on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!Open hijackthis, click 'config' (bottom right) Choose the tab 'misc Tools' on top.Choose 'delete a file on reboot'. In the field, copy and paste the filepath a few lines below.Click open. Hijackthis will tell you that this file will be deleted on next reboot and if... Read more

3 more replies