Computer Support Forum

Please help me with my computer--very slow w/popups

Question: Please help me with my computer--very slow w/popups

Hi! I went to a site, and now I think I'm infected with something real bad. I can't access the internet through my normal settings, I had to go into safe mode. My computer is so slow in normal mode that internet pages won't load. I also get tons of popups. I ran McAfee Security, SpyEraser, SpySweeper and went onto Trend Micro's site to try to clear it up myself, but all of those programs detected nothing wrong. I'm right now running Kaspersky Scanner and need to go back into normal mode to get my HijackThis scan and Dss scan.

I will post Hijack This, Dss and Kaspersky's log below in a few moments. Thanks for your help!

Relevance 100%
Preferred Solution: Please help me with my computer--very slow w/popups

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Please help me with my computer--very slow w/popups

Here are the Kaspersky Deckard's System Scanner and Hijack this logs, both done in SafeMode (not sure if that makes a difference.


OK, here is the Kaspersky Scan:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 10, 2008 12:23:44 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/05/2008
Kaspersky Anti-Virus database records: 750724
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 97886
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:31:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\Family\Desktop\Recipes\TradewindsLegendsSetup-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Documents and Settings\Family\My Documents\Elizabeth\CruiseLinesTycoon.exe Infected: not-a-virus:AdWare.Win32.Trymedia.a skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\reSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Downloads\SkiResortTycoon_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Downloads\TradewindsLegendsSetup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\pfirewall.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1021\A0053873.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1023\A0054019.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1025\A0054279.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1032\A0055041.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1123\A0067287.exe Infected: Trojan-Downloader.Win32.Homles.bm skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1126\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_lh0AkL80miBYrJf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_5P2wXWSxg5dJBc4 Object is locked skipped

Scan process completed.


Deckard's System Scanner log:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-09 19:31:23
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
112: 2008-05-09 21:33:37 UTC - RP1126 - Restore Operation
111: 2008-05-09 21:29:23 UTC - RP1125 - Restore Operation
110: 2008-05-09 21:19:37 UTC - RP1124 - Restore Operation
109: 2008-05-09 07:19:24 UTC - RP1123 - Last known good configuration
108: 2008-05-09 06:56:09 UTC - RP1122 - Last known good configuration


-- First Restore Point --
1: 2008-02-10 02:14:09 UTC - RP1015 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-09 19:34:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\H0YO3QEN\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com" target="_blank" class="invilink">http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: {c2ff643e-f173-5f4b-a834-40f976770580} - {08507767-9f04-438a-b4f5-371fe346ff2c} - C:\WINDOWS\SYSTEM32\efcwcpmx.dll
O2 - BHO: (no name) - {9773F902-0920-473F-B48D-8F6F9AB791AD} - C:\WINDOWS\SYSTEM32\ljJYRJyW.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PDUiP6210DMon] "C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] "C:\Program Files\AntiSpywareMaster\asm.exe"
O4 - HKLM\..\Run: [bc195714] rundll32.exe "C:\WINDOWS\system32\rlqvlrui.dll",b
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdriver...ve/Install.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.grab.com/media/35f4a8/g...147/axhost.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} () - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: nnnlmmn - C:\WINDOWS\system32\nnnlmmn.dll (file missing)
O20 - Winlogon Notify: ssqpq - C:\WINDOWS\system32\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\McAfee\MWL\MwlSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 10535 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - "c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .js1
.reg - regfile - shell\open\command - "c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .reg
.vbs - VBSFile - shell\open\command - "c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .vb1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
S1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
S3 jnv4_mib - c:\docume~1\family\locals~1\temp\jnv4_mib.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-09 02:05:53 356 --a------ C:\WINDOWS\Tasks\Cleanup.job
2008-05-09 02:00:59 1638 --a------ C:\WINDOWS\Tasks\wrSpySweeper_L79A88FA47B93460A94B69F8B99E183EC.job
2008-05-01 01:02:02 360 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-03-15 01:22:50 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-10-20 09:18:50 340 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-04-09 and 2008-05-09 -----------------------------

2008-05-09 17:40:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2008-05-09 17:37:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-09 17:37:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-09 03:01:51 115712 --a------ C:\WINDOWS\system32\rlqvlrui.dll
2008-05-09 02:58:51 2048 --a------ C:\WINDOWS\system32\jlygrtqq.exe
2008-05-09 02:56:52 134144 --a------ C:\WINDOWS\system32\efcwcpmx.dll
2008-05-09 02:56:44 126464 --a------ C:\WINDOWS\system32\ndgmtmtk.dll
2008-05-09 02:55:50 1052553 --ahs---- C:\WINDOWS\system32\WyJRYJjl.ini2
2008-05-09 02:55:43 371712 --a------ C:\WINDOWS\system32\ljJYRJyW.dll
2008-05-06 21:41:16 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-06 21:41:14 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-04 21:24:40 38160 --a------ C:\WINDOWS\system32\LMRTREND.dll <Not Verified; Microsoft Corporation; Microsoft? Windows(TM) Operating System>
2008-05-04 21:24:38 182032 --a------ C:\WINDOWS\system32\dxtmsft3.dll <Not Verified; Microsoft Corporation; Microsoft? Windows(TM) Operating System>
2008-05-04 21:24:23 63488 --a------ C:\WINDOWS\system32\unam4ie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-05-04 21:24:16 10240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-05-04 21:24:15 194320 --a------ C:\WINDOWS\system32\qcut.dll <Not Verified; Microsoft Corporation; DirectShow>
2008-05-04 21:24:11 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft? Plus! for Windows? 95>
2008-05-04 21:24:11 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft? Plus! for Windows? 95>
2008-05-04 21:23:28 0 d-------- C:\Program Files\Sierra On-Line
2008-05-04 16:27:31 0 d-------- C:\Program Files\PowerISO
2008-05-02 09:22:44 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-02 09:22:26 0 d-------- C:\Documents and Settings\Family\Application Data\DAEMON Tools
2008-05-01 14:24:23 0 d-------- C:\Documents and Settings\Family\Application Data\Amazon
2008-05-01 14:23:12 0 d-------- C:\Program Files\Amazon
2008-04-30 22:47:14 0 d-------- C:\Program Files\EndItAll
2008-04-29 15:58:52 0 d-------- C:\Documents and Settings\Family\Application Data\ATI
2008-04-29 15:58:52 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-29 15:57:05 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-29 15:19:55 0 d-------- C:\Program Files\ATI
2008-04-29 15:18:20 593920 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-29 15:16:30 0 d-------- C:\ATI
2008-04-21 01:45:32 37888 --a------ C:\WINDOWS\system32\drivers\phmcd.sys <Not Verified; Phantombility, Inc; Phantom CD>
2008-04-17 21:34:59 0 d-------- C:\Documents and Settings\All Users\Application Data\3 Blokes Studios
2008-04-17 21:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-17 21:01:18 0 --a------ C:\Program Files\temp01
2008-04-17 20:58:30 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-04-14 22:52:30 0 d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-04-11 20:22:36 0 d-------- C:\Program Files\ReflexiveArcade
2008-04-11 13:23:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst


-- Find3M Report ---------------------------------------------------------------

2008-05-09 10:02:30 0 d-------- C:\Program Files\McAfee
2008-05-05 23:02:36 0 d-------- C:\Program Files\Google
2008-05-05 23:01:22 0 d-------- C:\Program Files\Corel
2008-05-05 23:01:22 0 d-------- C:\Program Files\Common Files\Corel
2008-05-05 17:42:45 0 d-------- C:\Program Files\Common Files
2008-04-29 15:19:39 0 d-------- C:\Program Files\ATI Technologies
2008-04-29 15:18:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-05 18:59:31 28 --a------ C:\WINDOWS\system32\vfw_32.reg
2008-03-27 17:22:43 0 d-------- C:\Program Files\iTunes
2008-03-27 17:22:32 0 d-------- C:\Program Files\iPod
2008-03-27 17:21:17 0 d-------- C:\Program Files\Bonjour
2008-03-24 14:25:04 0 d-------- C:\Program Files\QuickTime
2008-02-16 19:20:12 0 --a----c- C:\Program Files\pspbrwse.jbf


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08507767-9f04-438a-b4f5-371fe346ff2c}]
05/09/2008 02:56 AM 134144 --a------ C:\WINDOWS\system32\efcwcpmx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9773F902-0920-473F-B48D-8F6F9AB791AD}]
05/09/2008 02:55 AM 371712 --a------ C:\WINDOWS\system32\ljJYRJyW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 01:23 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
"P17Helper"="P17.dll" [06/10/2004 01:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 03:00 AM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [10/12/2004 06:54 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [11/16/2004 02:05 AM]
"PDUiP6210DMon"="C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe" [05/06/2005 07:28 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 02:59 PM]
"@"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 06:50 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/01/2008 12:13 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 11:33 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" [10/04/2007 06:38 PM]
"AntiSpywareMaster"="C:\Program Files\AntiSpywareMaster\asm.exe" []
"bc195714"="C:\WINDOWS\system32\rlqvlrui.dll" [05/09/2008 03:01 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 05:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/19/2004 08:51 AM]
"WinAVX"="C:\WINDOWS\system32\WinAvXX.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 3:04:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmmn]
nnnlmmn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpq]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ljJYRJyW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

*Newly Created Service* - TMCOMM



-- End of Deckard's System Scanner: finished at 2008-05-09 19:35:55 ------------



Hijack This log:


Logfile of HijackThis v1.99.1
Scan saved at 12:30:04 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PDUiP6210DMon] "C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AntiSpywareMaster] "C:\Program Files\AntiSpywareMaster\asm.exe"
O4 - HKLM\..\Run: [bc195714] rundll32.exe "C:\WINDOWS\system32\rlqvlrui.dll",b
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdriver...ve/Install.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.grab.com/media/35f4a8/g...147/axhost.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

3 more replies
Relevance 59.86%

This computer has been really slow at everything lately. Has lots of pop ups too and even the balloons in the bottom right corner that pop up.No real virus or malware protection has been on this comp, but we are ready to do what ever we need to! Thanks for the help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:32:36 PM, on 6/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC: ... Read more

Answer:New Log, very slow computer, popups, other on screen popups...

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

7 more replies
Relevance 56.99%

This is my first time posting a question on bleeping computer. We are so thankful that you are out there to help us and not rip us off. I think my computer is infected. My desktop starts up very slowly, my internet connection is slow (it's slow in pulling up websites and some never come up). I'm getting lots of pop ups (even though pop up blocker is enabled). When I go to open the control panel, a flashlight pops up as if it is looking for it (it eventually does open but it takes a while). I had a problem at one time with a lot of POS.TMP files and followed advice from posts on this site to get rid of them. Well, my current problems started when a friend downloaded a music program. I believe it was called Soundman. When I noticed the computer acting funny, I went into the control panel and deleted it along with some other programs I found (PPC Booster, P2P Max, Ron Tool Adsoftinc, Wyzo, Eco Bar). Any help will be greatly appreciated. Here is my Hiijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:23:41 PM, on 12/24/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\Sy... Read more

Answer:COMPUTER LOADING SLOW,INTERNET SLOW,POPUPS

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.At first glance I see that you have quite a bit of infection on there.It appears that someone has been doing file sharing on that computer, so the fact that it is infected is understandable. Please remove P2P (file sharing programs) before I clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state.There is a list here: http://spywarehammer.com/simplemachinesfor...php?topic=110.0Following that I will need to see some information about what is happening in your machine. Please perform the following s... Read more

1 more replies
Relevance 54.53%

so, i was recently infected with spyware doctor 2006, i deleted its program files folder with killbox, but my computers still slow, and i was having trouble with pop-ups before even thatLogfile of HijackThis v1.99.1Scan saved at 5:19:06 PM, on 11/28/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:... Read more

Answer:Slow Computer, Popups, Etc :(

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

1 more replies
Relevance 54.53%

hi,
my system is running slow and i have frequent popups.
sometimes xp auto updates dont take.
can you please help?
i ran the programs suggested and it found some malware and virus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:57 AM, on 3/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Portrait Displays\HP Display Assistant\dtsslsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Portrait Displays\HP Display Assistant\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search &... Read more

Answer:slow computer with popups

please help. see my post

3 more replies
Relevance 54.53%

I ran the Hijack this and below is what was outputted. I then ran getservice.bat and got the getservice.txt file from that. I have some popups and seems to run slower than normal. Any help will be appreciated.

Logfile of HijackThis v1.98.2
Scan saved at 4:20:56 PM, on 11/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\imyhcchy.exe
C:\windows\msbb.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\desbyhdw.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\PSD Tools\ChannelUp.exe
C:\PROGRA~1\AWS\WEATHE~1\WEATHER.EXE
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Default\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=2c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dev.ntcor.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http... Read more

Answer:Computer slow and popups

Go here and download Ad-Aware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.

Then go here and download Spybot Search & Destroy.

Install the program and launch it.

Before scanning press Online and Search for Updates .

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.
 

3 more replies
Relevance 54.53%

hey guys
recently my computer has been running really slow, especially when i have internet explorer on
ive found out that by terminating windows explorers things speed up a bit, but not by much
also, theres been several popups lately, most of them start with an address that looks something like: 65.107.204.1
i just made up that number, because it changes everytime, but it always starts with either a 64 or a 65

anyways, i did a hijackthis scan, and i was wondering if you guys can help me out
so here it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:13 AM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvkoenoh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctf... Read more

Answer:popups and slow computer

Closing duplicate thread to: http://forums.techguy.org/malware-removal-hijackthis-logs/634548-popups-slow-computer.html
 

1 more replies
Relevance 54.53%

Hi, I came here a few months ago and remembered the great help I got here.

Today I was browsing a site I've been to numerous times before and know it's a trust-worthy site. Anyway, I was going along as any other internet surfer would and I was suddenly attacked by some sort of Malware that automatically downloaded and installed itself, and I couldn't stop it in any way. Accompanying it were many Internet Explorer popups(Not my main browser).

I couldn't do anything to stop the program from downloading or installing, and it began a "virus scan" automatically. I stopped it, deleted it, and went back to the internet. Popups continued, and then the whole process started again. I rebooted(It hasn't tried to download since), and downloaded a 3-month trial of Panda Internet Security. I also did a scan with SpyBot Search & Destroy and came up with some problems, and deleted them.

After Panda Internet Security(PIS) finished scanning it asked for a reboot, I complied, and it did another quick scan at startup. PIS then notified me of a spyware/malware threat in my system32 folder, and blocked it. After that an error popped up (literally) every 5 seconds saying C:\WINDOWS\system32\jkhhi.dll(I can't quite remember the filename, I should have written it down) is unaccessible: Access is not allowed.

Then it seemed that PIS crashed, and stopped blocking the .dll file in the process, stopping the incoming spam of errors. Now, in it's current state, my computer seems t... Read more

Answer:Slow Computer and Popups

Also here is the HijackThis Log I forgot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:49 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc... Read more

13 more replies
Relevance 54.53%

Hello all,

Another desktop computer is extremely slow (takes a significant amount of time to just load windows explorer). There have been a couple of popups, but a Spybot scan didn't find anything and Avira is running as an active scan, which also didn't find anything. Part of the problem is that there's no firewall (which I will install after the system is clean).

Anyways, I made a HJT log; hopefully someone super nice could help me find out what's wrong with the computer! Also, are there any recommendations for free, CPU-light firewalls? Thanks a bunch!
 

Answer:Computer slow, sometimes odd popups

6 more replies
Relevance 54.53%

Hey i was wondering if anyone could help me out. I have been geting a great amount of pop ups lately, and their really annoying. I ran malwarebytes and it got rid of alot of stuff, but i dont think its everything. Please help if you can. Im begging YOU
DDS (Ver_09-03-16.01) - NTFSx86
Run by Kristian at 18:55:47.14 on Wed 04/29/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.760.384 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090429-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D: ... Read more

Answer:wow.. slow computer with popups **HELP**

Does anyone see any problems?============Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to b... Read more

13 more replies
Relevance 54.53%

Recently, I've been getting random popups. Also, my computer started running considerably slower, taking up to 5 minutes to open up an internet browser. My antivirus software has been picking up funny things every two minutes and when I get rid of the threat it gets found again. ><

I have no clue what's wrong or why this is happening, since I just reformatted my computer.

Here is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:12 AM, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifie... Read more

Answer:Slow computer + popups

Also.. I'm not sure where to ask about this.. but I've been trying to install East Asian languages, and it keeps saying I need a Windows Professional XP Servive Pack 2 CD. I've installed the languages before and this never happened, so I don't know why it's happening now. How can I fix this/Where can I get the SP2 disk?
 

1 more replies
Relevance 54.53%

Hi guys, i dont know that much about computers and recently my computer has been running really slow, a million pop ups are coming up and when i try to run some programs it comes up with the window that says it has encountered a problem and needs to close. I need help please!!!!

Hijack this logfile is below. Thanks guys.

Logfile of HijackThis v1.99.1
Scan saved at 12:34:42 AM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Catia\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinAble\winable.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program ... Read more

Answer:Slow computer and popups

i dont see 2 much wrong glancing over your hijackthis file.. if your computer is running slow then it could be a couple of things..i take it SUPERAntiSpyware is not helping..are u using the full scan option.

next are the popups coming from firefox or explorer: if there firefox pop ups try using adblock from firefox: Tools > Add-ons > get extensions > Add block Plus > download

if your still getting popups then try an antivirus program or a different spyware program.A different program might find spyware that superANTIspyware cant. i have spyhunter v2.9 which is really good. u can download the trial version for free to see what infections u got.

and finally your pc might be running slow because your running too many programs from startup. follow these steps: Start > Run > "msconfig" > Startup > only uncheck those u are certain of and Apply.

hope this helps
 

2 more replies
Relevance 54.53%

My computer has been slow for the last few days and there have been loads of popups, my norton has blocked spysheriff and a trojan from downloding to my computer can someone help. thanks, i dont know what to do
 

Answer:Slow computer and popups , HELP

Sounds like your Norton has missed Spyware/Adware.

I reccomend Adware SE or Spybot S&D.
 

2 more replies
Relevance 54.53%

Hello all, thanks for the help in the past.

I run Windows XP. I keep getting popus, and my computer is very slow. A lot of times when i click on links to a website, it takes FOREVER, and there are usually a lot of red X's. Also many times it gets the unable to connect to site screen.

I run Spybot, Rogue Remover and Super Anti-spyware. I also have Avast anti-virus.

Any help is appreciated.

Luke

Answer:Keep Getting Popups, Computer Is Very Slow

Hello there and welcome to BleepingComputer.Take a look at the following page to make sure that malware is to blame for the problems you are experiencing:Slow Computer/Browser? Check Here First; It May Not Be MalwareIf this does not solve the problem for you, please follow our Preparation Guide For Use Before Posting a HijackThis Log; running all of the scans before posting your HijackThis log. Do not post your log here, but instead use our HijackThis Logs and Analysis Forum.After posting a log you should NOT make further changes to your computer except those that are advised by a member of the HijackThis Team; doing so can cause system changes that may not be visible in your log. Please be patient whilst waiting for a response, our HJT Team is currently very busy, and as we try to deal with logs on a "first come first served" basis, you may have to wait a short while.

2 more replies
Relevance 54.53%

so the problem i am having with my computer is that for the past week or so it is starting to get slower especially when turing on and i am also having radom popups open even thought i have a popup blocker they are not all going to one site in particular but to a variety such as 888 casino, antivirus solutions, dating sites they are just a couple that i can remeber.

so i followed the 5 steps to do before posting so hopefully i have done everything correctly and thanks in advance for the help.

Deckard's System Scanner v20070729.57
Run by Jenny on 2007-07-31 at 21:28:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
110: 2007-07-31 20:28:47 UTC - RP299 - Deckard's System Scanner Restore Point
109: 2007-07-31 17:02:13 UTC - RP298 - System Checkpoint
108: 2007-07-30 16:25:00 UTC - RP297 - System Checkpoint
107: 2007-07-29 16:20:50 UTC - RP296 - Installed DirectX
106: 2007-07-29 16:16:54 UTC - RP295 - Installed Secret Files Tunguska


-- First Restore Point --
1: 2007-05-03 16:30:03 UTC - RP190 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Jenny.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:... Read more

Answer:slow computer with popups

Hello and welcome to TSF.

Disable realtime scanners, especially AVG Anti Spyware.

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply and a fresh HijackThis log please.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

5 more replies
Relevance 54.53%

Hello,

My log file is below. My computer has been running very slow of late. I've had my laptop for about two years and haven't had any major issues until recently it took much longer to startup. Once I started up I've noticed pages on the internet load much slower and when I watch videos on youtube the sound skips.

I haven't had any odd popups and my home page is the same. I haven't had any pages added to my bookmarks either. I use firefox as my regular browser, but I keep IE downloaded for sites I come across that don't look so hot on firefox.

Let me know if any other information would be helpful. Thank you in advance for any help you can give.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:59 PM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawse... Read more

Answer:Computer very slow, no popups though

6 more replies
Relevance 54.53%

Hey, i've noticed that my computer has started being a lot slower than usual lately and i've been getting a lot of popups all the time. These popups are usually prefixed with 'CiD:'.

If somebody could help me get rid of them I guess that'll help my computer get a bit faster again.

Here's my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:24 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewle... Read more

Answer:Popups and slow computer

16 more replies
Relevance 54.53%

I don't know what happened, but suddenly I've been getting tons of popups that say "CiD: *insert whatever the pop up is about here*" and my computer's been going slow. My Internet Explorer also freezes occasionally too... I have the HijackThis log below for anyone that can help. Thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:41:19 PM, on 03/09/08Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSche... Read more

Answer:"cid: " Popups And Slow Computer

Hi raincarlove and welcome to BleepingComputers Forums.My name is Trevuren and I will be helping you with your problem.A. I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player?s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.V... Read more

11 more replies
Relevance 54.53%

Logfile of HijackThis v1.99.1Scan saved at 5:37:09 PM, on 5/18/2007Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cain\Abel.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\WINDOWS\System32\svchosts.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\HPAware.exeC:\Program Files\Common Files\{3D0B1A01-01F2-1033-0122-030928190001}\Update.exec:\progra~1\intern~1\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Chris\Desktop\WC3 - D2 StealthBot\StealthBot v2.6R3.exeC:\Documents and Settings\Chris\Desktop\SC - WC2 Stealthbot\StealthBot v2.6R3.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Chris\Desktop\HiJackThis\HiJackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/... Read more

Answer:Computer Popups And Very Slow

C:\Program Files\Cain\Abel.exe

I do not know how to get rid of that.

5 more replies
Relevance 54.53%

Hi all i can use some help working on a computer i cleaned up most of it but i am still getting flash full screen popups please help here is my highjack this log.....the computer is an HP mini running vista

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:25:26 AM, on 10/4/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Hewlett-Packard\HP QuickSync\QuickSync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
C: ... Read more

Answer:slow computer and popups

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)Delete the folder in bold.C:\Program Files\PriceGong\Restart the computer normally.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse... Read more

7 more replies
Relevance 54.53%

Logfile of HijackThis v1.99.1
Scan saved at 11:47:49 PM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\s... Read more

Answer:Slow computer and Popups... HJ Log!!

Update: Here is the new Log after i deleted some stuff...

Logfile of HijackThis v1.99.1
Scan saved at 1:02:55 AM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Fil... Read more

2 more replies
Relevance 54.53%

My parents have contracted something. They are over 1000 miles away so this may be a bit challenging, but I can get access to thier computer. Here is a copy of a hijackthis log I just ran on their machine. Can anyone tell just how bad is it? Any help would greatly be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 12:08:36 PM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\SYSTEM32\USRsh... Read more

More replies
Relevance 54.53%

There are porno popups and gambling popups and all sorts of things that come up on my computer even when I am not on the internet.I ran Norton and a couple other ones but It couldn't find anything.here is my log:Logfile of HijackThis v1.99.1Scan saved at 11:44:57 AM, on 2/17/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exeC:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXEC:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXEC:\Program Files\Comm... Read more

Answer:Computer Is Slow And Keeps Getting Popups

Hello and welcome to the forum, please follow the directions.1) C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Look at the links:http://www.clickz.com/news/article.php/3561546http://www.greatis.com/appdata/u/v/viewmgr.exe.htmhttp://www.spywareinfo.com/newsletter/arch...4.php#viewpointThis is optional but I suggest you use Add Remove progam to uninstall this junk.2) Thanks to Atribune and any others who helped with this fix Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will shutdown your computer, click OK.Turn your computer back on.Please post the contents of C:\vundofix.txt and a new HiJackThis log.We will have more to do.Thanks...pskelleyBleepingComputer

3 more replies
Relevance 54.53%

Logfile of HijackThis v1.99.1
Scan saved at 2:41:47 PM, on 11/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\kvqeuyb.exe
C:\Documents and Settings\XcEpTiOnAL 1\My Documents\hjackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Se... Read more

Answer:help...computer has popups/slow/etc...

9 more replies
Relevance 54.53%

hey guys
recently my computer has been running really slow, especially when i have internet explorer on
ive found out that by terminating windows explorers things speed up a bit, but not by much
also, theres been several popups lately, most of them start with an address that looks something like: 65.107.204.1
i just made up that number, because it changes everytime, but it always starts with either a 64 or a 65

anyways, i did a hijackthis scan, and i was wondering if you guys can help me out
so here it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:13 AM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvkoenoh.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctf... Read more

Answer:popups and slow computer

16 more replies
Relevance 54.53%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:16 AM, on 4/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\... Read more

Answer:IE popups, slow computer, etc.

Just thought I'd bump this to make sure it doesn't get lost in the shuffle since it's been 4 days
 

1 more replies
Relevance 54.53%

hey, i'm new to these forums but i really need help with my computer
i think it started with me downloading a keygen on April 16, which when at the time of me posting is 3 days ago.
i used it, deleted it and logged off. later in the day, i noticed that my computer was going really slow.

when i pressed ctrl alt del, in the processes tab it would keep on showing rundll32.exe even when i ended it. also in the performance tab my cpu usage would always be changing from between 1 to 65%.

this is making a lot of my programs run very slowly and also i seem to be getting the occasional popup from partypoker or imvu, which would never happen before i downloaded the keygen

when i was in a desperate search for a solution to the problem i download spybot and adaware and used them to delete things that im guessing were slowing down my computer, but one thing that would always come back even when i deleted it was something called virtumonde.

this is really bothering me and i'm thinking about doing system restore but i have a lot of files that i would like to keep.

i would also like to make note that the norton antivirus protection that i have on my computer has been expired since last year sometime which i think might have made a difference in stopping whatever malware or spyware or anything else that has infected my computer.

anyway, I know the people on this website probably have their own lives to worry about and are probably busy, but i hope that someone could at least t... Read more

Answer:popups and computer really slow

16 more replies
Relevance 54.53%

Hi,

In the past couple of months my Dell Desktop Computer has become REALLY slow. I tried to delete all the files I don't need, and all the programs I don't use, to try and make it work faster. But it hasn't really made much difference. The computer is still really slow and it lags a lot- when clicking on a program it only opens about 30 seconds later. In Internet Explorer, popups keep appearing, and then when I try to close them down, the computer freezes and "Ends the Program immediately". I have now downloaded Firefox, and it's giving me less problems, although it's still a bit slow.

I would really appreciate help! Please tell me whether you need any more details. I have posted the HiJackThis log below:
Thanks,
Leon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:45, on 14/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\TGVvbiBTdGV2ZW5z\command.exe
C:\Program Files\De... Read more

Answer:Computer REALLY slow. Popups in IE. Please Help : )

Hi,

Is there anyone out there willing to help me?

Thanks,

Leon
 

1 more replies
Relevance 54.53%

HELLO EVERYONE I HAVE ANOTHER POST IM WORKING ON A FRIENDS COMPUTER SHE WAS COMPLAINING OF A SLOW COMPUTER AND MANY MANY POPUPS AND NOT BEING ABLE TO GET ONLINE. WHEN OPENING INTERNET EXPLORER DOES NOT CONNECT TO ANY WEB SITE. ON HER DESKTOP SHE NOW HAS A YELLOW TRIANGLE THAT SAYS CLICK TO FIND AND FIX ERRORS WHICH WE KNOW IS NOT GOOD. I INSTALLED AND RAN SPYBOT IT DID FIND FILES AND DID DELETE ALOT ALSO RAN VUNDOFIX IT DID FIND ABOUT 8 FILES THAT IT ALSO DELETED. WHEN SPYBOT IS RUN THERE IS A PROCESS I BELIEVE THE COMMAND.EXE OR SOMETHING CLOSE TO THAT EFFECT THAT IT STATES IS POTENTIALLY BAD AND SHUTS IT DOWN AND RUNS SPYBOT WHEN WINDOWS STARTS. I INSTALLED AD-ADWRE 2007 BUT THE COMPUTER HAS A HARD TIME STAYING ONLINE THAT I CAN NOT UPDATE THE DEFINITION FILES.....I DID RUN A HIGH JACK THIS LOG AND CLEANED UP WHAT I KNEW HERE IS A COPY OF THE LOG I HAVE NOW......I WILL BE USING MY COMPUTER TO GET ONLINE AND CARRY OUT ANY INSTRUCTIONS BEING HERS IS UNABLE TO CONNECT AND STAY ONLINE........THANKS FOR YOUR HELP ONE MORE TIMEP.S SHE DOES HAVE NORTON INSTALLED ON HER COMPUTER WHICH DOES NOT START AT WINDOWS LOAD I WILL TRY AND UPDATE AND DO A SCAN ONCE I DO GET ONLINE I WILL RUN BITDEFENDER ONLINE TO CHECK FOR ANY VIRUSESLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:16:12 PM, on 10/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WIND... Read more

Answer:Many Popups Slow Computer

Please download FindAWF:http://noahdfear.net/downloads/FindAWF.exeSave the file to the Desktop Double-click the FindAWF icon.If a Security Alert shows, allow the program to run.As instructed, press any key to continue.Use the following option: Press 1 then Enter to scan for bak foldersThe scan may take a while, please be patient.When done, a text file, Find AWF report is produced.Please provide Find AWF report in your reply.

14 more replies
Relevance 54.53%

My computer is running slow with a lot of pop ups. I have ran (all updated first) Ad-aware (cleaned up 401 problems), Spybot & destroy (cleaned up 12 problems) & CWShredder (no problems) all was run in Safe Mode. I have also ran McAfee virus scan which came up clean. Here is my HiJackThis log; could some one please have a look at it to see if they can suggest anything else???

Thanks,

Logfile of HijackThis v1.98.2
Scan saved at 8:03:10 PM, on 12/14/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\jetsuite\J... Read more

Answer:Computer is slow with popups

6 more replies
Relevance 54.53%

My mother-in-law asked me to look at this laptop to see if there's any crud on it that would account for it being so slow and for the pop-ups. I wan't able to get any really specific info out of her, so I just want to see if anything stands out.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618
Run by rac at 17:42:00 on 2013-07-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1876 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutr... Read more

Answer:Slow computer, popups.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
When prompted to download the latest Avast! virus definitions, please choose Yes
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
Click Save log, and save it to your desktop.
Click Exit.
Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file to your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu... Read more

17 more replies
Relevance 54.53%

i think i have a virus. there are lots of popups and it keeps freezing. i am not that great with computers all the time, so could you tell me how to report a hijack log to you so you can see what the problem is. thanks

Answer:Popups And Slow Computer

please help me!

2 more replies
Relevance 54.53%

Just started getting constant popups including a "Microsoft Explorer" popup that tells me my system is slow and I should download some antispyware program. I have also been getting a "buffer overrun detected" error. I have updated Windows and installed spyware blaster but wasn't able to run a successful panda scan (it only checked about 40% in one hour, I left, and when I came back I didn't even have a windows explorer window up).

The following is the Deckard log.

Deckard's System Scanner v20071014.68
Run by Jeff Rosner on 2008-05-13 16:33:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-05-13 20:34:51 UTC - RP1027 - Deckard's System Scanner Restore Point
75: 2008-05-13 15:01:37 UTC - RP1026 - Software Distribution Service 3.0
74: 2008-05-13 10:34:34 UTC - RP1025 - Removed MSXML 4.0 SP2 (KB936181)
73: 2008-05-12 18:05:54 UTC - RP1024 - Removed RIA-Media Viewer
72: 2008-05-12 17:38:45 UTC - RP1023 - Removed RIA-Media Viewer


-- First Restore Point --
1: 2008-05-12 13:48:17 UTC - RP952 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackTh... Read more

Answer:popups and slow computer

Ok.We need to download ComboFix.exe. This will give me a better view to the files that are running and also the ones that are hidden on your computer.It may also remove some,but not all, of the infected files if found.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Disregard Windows Recovery Console if you have SP3 for Home,XP or are running W2k and Vista.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:[list=1][*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use ca... Read more

10 more replies
Relevance 54.53%

My computer has been running slow all week, and this morning I got a popup for Windows Defender. Please help. I've attached the DDS log.

Answer:Slow computer and popups

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download DDS and save it to your desktop.Disable any script blocking protection Double click dds.scr to run the tool. When done, DDS.txt will open. A second report, Attach.txt will open next.Save both reports to your desktop.Please copy and paste both logs into your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

7 more replies
Relevance 54.53%

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Fi... Read more

Answer:Slow computer, popups

Hi and Welcome to TSF!

Here's what you can do....

Please subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please click here. On the proceeding page, make sure Instant notification by email is selected, then click Add subscription.

In the meanwhile, I suggest that you stop using Interent Explorer until we've fully disinfected your machine. Please download & use an alternative browser like Firefox.

After reviewing your log I found a few items that requires our attention.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

During the course of disinfection, I may ask you to fix a program that you wish to retain. Please post back to inform me.


WARNING
You are running HiJackThis from an inappropriate location. It should be run from a permanent folder. This program creates backup files which we may need to use later. If the program is in a temporary folder, important backups may be accidentally deleted.
Please go into Windows Explorer
Click on C:\
Click on File > New > Folder
Call it HJT, or another name of your choice.
Move all files to the newly created folder.


P2P - I see you have P2P software installed on your machine. We are not here to pas... Read more

1 more replies
Relevance 53.71%

This is my 2nd computer used by my son. 512MB, 80GB Hard Drive, Windows XP SP2, IE 7.0. Everything runs extremely slow, even downloading HighJackThis. Some stuff on his computer I feel is highjacking and adding malware, spyware, etc. An example is PalTalk. You guys did an outstanding job on fine tuning my main computer and would appreciate any help you can give me on computer 2. Thanks in advance. Here the log file:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:16:34 AM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\1147838733\ee\AOLSoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1147838733\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.... Read more

Answer:Computer Very Slow With Popups And very slow

7 more replies
Relevance 53.71%

Heya all! Tryin' to fix up my sister's laptop. Internet Explorer is being wacky and because or apart from that, I cannot run many of the programs in the first 5 steps--specifically panda scan, IE-spyad, and DSS (sad face). She gets all the automatic updates for Windows, but I could not double check if she had them all as I got an error whenever I tried downloading. Any help would be appreciated! :)

Here is the HJT log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:07 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicm... Read more

Answer:Slow Computer,Lots of popups

www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

11 more replies
Relevance 53.71%

When a Google search is attempted, no links can be clicked - they are all redirected. The computer itself runs slowly, sometimes freezes, and pop-ups sometimes appear. I use NoScript, so I am unsure of the content of these popups and redirects, but I can disable it and see if it is necessary.

I have attempted to run MalwareBytes, but it will not start, even after a reinstall and in Safe Mode. Spybot S&D will not install; it claims it cannot connect to the server. Avast is unable to update, and while scans find some viruses (I am told - I have not run it personally yet), they are not really removed; they supposedly are, but if a new scan is run immediately afterward, they are still there.

The operating system is Windows XP. Any other information needed I will gladly provide.

HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:48:35 PM, on 8/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Ylr.exe
C:\WINDOWS\eHome\ehRecvr.exe
... Read more

Answer:Redirect, popups & slow computer

9 more replies
Relevance 53.71%

Yesterday my Kaspersky anti-virus detected a trojan and I believe it is in quarantine now. I am still getting random popups and my computer has slowed down from before I had the virus. I don't have any knowledge on the removal or viruses/malware etc. so I would really appreciate any kind of help. I would like to get my computer back to normal.

Thank you.

Answer:Random popups and slow computer

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 53.71%

Logfile of HijackThis v1.99.1
Scan saved at 2:16:01 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media E... Read more

Answer:Please help!! Popups and computer running very slow!

12 more replies
Relevance 53.71%

Heres my log,

Logfile of HijackThis v1.99.1
Scan saved at 11:14:23 AM, on 4/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.... Read more

Answer:advetisement popups, slow computer

help soon would be nice..I know you guys are probably busy but yeah

2 more replies
Relevance 53.71%

This is actually my mother's computer that I'm trying to assist her with fixing. She tried to create an account on here, but her computer is being so slow that it wouldn't allow her to add it.

I've been here with you guys for over 7 years and I tried to use the information I learned from my past experiences with malware and viruses, but it wasn't working.

So anyway, she's got a Windows Vista Service Pack 1 running CPU on a desktop computer (not a laptop) She's got a lot of different tabs that open when she goes to Google Chrome to do whatever on the internet. Whenever she clicks something, it shows that something called Setup(7).exe wants to download, but she hasn't pressed to download anything.

The computer is running really slow. A few months ago, I did use Malwarebytes to remove over 600+ virsues/worms/malware from her computer. I'm not sure what happened to it, but she said it's been removed and I don't think she removed it.


One tab that keeps opening is sw.eboom.com

It's late so I didn't go to the preforum post sticky thread to see what anyone would want posted. I'll get back to you tomorrow, though, and see what needs to be done in order to fix these issues.

Answer:Slow Computer, Random Popups, etc.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

19 more replies
Relevance 53.71%

Hi there,

Just today, I started getting a lot of popups and my computer has slowed down A LOT. I followed your steps, and it looked like the culprit was Vertrimonde. Anyway, I did the basic steps, and also did VundoFix.exe, but I'm still hearing the popup "noises" as well as popups, and my computer is ridiculously slow now. Please help! I have attached my HJT log below:
 

Answer:Vundo? Popups and slow computer

Welcome to Majorgeeks!

You have not followed ALL the steps in the READ ME!

You have no protection software installed on this PC. This is a very dangerous way to run.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

.
 

10 more replies
Relevance 53.71%

I got a few JAVA popups and now the computer is so slow that it takes all day to check e mail or anything eles. Please Help!
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.6.2
Run by Rudy at 2:02:12 on 2013-06-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.200 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\AOL\1170309358\ee\aolsoftware.exe
C:\Program Files\AOL Desktop 9.6\waol.exe
C:\Program Files\AOL Desktop 9... Read more

Answer:Java popups and slow computer

Hello broskeeper I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

20 more replies
Relevance 53.71%

Good afternoon,
I am getting a lot of pop up ads and my computer has been slowed down greatly, mostly the WinAnti virus ad pops up. Here is my Hijack this log. Any help would be greatly appreciated. Thanks.

Answer:Winanivirus Computer Popups And Slow

Welcome to the BleepingComputer HijackThis Logs and Analysis forum golfer10383 My name is Richie and i'll be helping you to fix your problems.Download SDFix.exe and save it to your desktop:http://downloads.andymanchesta.com/RemovalTools/SDFix.exe* Double click on SDFix on your desktop,and install the fix to C:\ Please then reboot your computer into Safe Mode by doing the following:* Restart your computer* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;* Instead of Windows loading as normal, a menu with options should appear;* Select the first option, to run Windows in Safe Mode, then press "Enter".* Choose your usual account.* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.* Type Y to begin the script.* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.* Press any Key and it will restart the PC.* Your system will take longer that normal to restart as the fixtool will be running and removing files.* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.*NOTE*If you have previously downloaded ComboFix,please delete that version and download it ag... Read more

5 more replies
Relevance 53.71%

Problem first started with an attempt to download att suggested norton antivirus for online protection, as an update to the previously downloaded computer associates protection.
Couldn't complete download, then got popups, slowed speed, and muliptle windows popping up stating i have myzor virus, trojan, spy.win, networm etc. Click to download etc. norton antivirus has been uninstalled, per att help people.
They suggested you as a help, maybe you can suggest something to "clean up" the computer.
Please
 

Answer:popups, viruses, slow computer..HELP

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 53.71%

Hello. I am having a serious problem. I am having a popup problem and I've noticed that when I go to the cmd part of Vista, my computer freezes up. I've ran McAfee, Stinger, SpyBot Search and Destroy, Spyware Blaster, and so far I haven't been able to fix the problem. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:09 AM, on 2/19/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16609)Boot mode: NormalRunning processes:C:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\SiteAdvisor\6066\SiteAdv.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee\MPS\mpsevh.exeC:\Program Files\Yahoo!\Messenger\YahooMessenger.exeC:\Windows\system32\Dwm.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Windows\explorer.exeC:\Program Files\Trend Micro\HijackThis\Crusty.exeC:\Users\Hornes\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G03V1501\stinger[1].exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU�... Read more

Answer:Popups And Computer Starting To Run Really Slow

Hello Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.Ken

2 more replies
Relevance 53.71%

Hello,
I hope you can help me with this. My computer is openeing popups and I can't block them. After that started, it became very slow. I have run AVG, Adaware, and Spybot Search and Destroy. Thae last one found some treads but the computer is still the same. I'm sending my HijackThis bellow.
Thank you,

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18:36:11, on 04/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPo... Read more

More replies
Relevance 53.71%

Here is my Hijack Log File. Hopefully someone can help me get this computer back into tip top shape. I have plenty of memory and I have a 100 gig hard drive... My computer should not be running slow. Any help you can offer would be great! Thanks....

Logfile of HijackThis v1.99.1
Scan saved at 12:12:47 PM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Common Files\AOL\1159396935\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program... Read more

Answer:Solved: CID Popups and Slow Computer!! Help Please!

6 more replies
Relevance 53.71%

hi...please help!!

Logfile of HijackThis v1.97.7
Scan saved at 6:38:57 PM, on 28/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\zivjzu.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Progra... Read more

Answer:annyoying popups and slow computer

6 more replies
Relevance 53.71%

I'm not sure if I'll get help here because I had already ask for help twice at another website but I can't get rid of the popups! I keep getting the virus, Smitfraud and others but mostly that virus. Here's my log:Logfile of HijackThis v1.99.1Scan saved at 9:35:37 PM, on 4/28/2007Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\System32\DRIVERS\WtSrv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN... Read more

Answer:Popups And Pretty Slow Computer

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Nana1 Before we can provide you with any further assistance,you first need to go here and install Service Pack 1;http://www.microsoft.com/windowsxp/downloa...p1/default.mspxThis will patch numerous security vulnerabilities in Internet Explorer and the Windows operating system. As your machine stands right now it's exremely vulnerable to infection. You need to get these updates installed first before we can proceed or we?ll both be wasting our time.Note:Do not install Service pack 2.If you install SP 2 on an infected machine it will cause serious problems within the operating system.When you've finished post a new Hijackthis log into your next reply please.

1 more replies
Relevance 53.71%

About four days ago I started receiving alerts from my Anti-virus software that something had come up. It had success cleaning up some of the malware, but others it couldn't do. My computer then basically slowed down to a halt and I decided to restart. When I booted it back up, the desktop had no icons or start menu, it was totally blank with just the wallpaper. For the past couple days I have been on this computer I have been receiving popups such as:

"Powered by ZEDO"
about:blank
Windows Installer trying to install Microsoft Office 2000
among others

These popups show up about once every five minutes and my computer has clearly slowed down because of it. I have run many scans with anti-virus software, but the problem still persists. Sometimes when I close a popup the bottom bar with my windows and system tray disappears.

My computer is a Dell Inspiron laptop with Windows XP, and I have Ad-Aware, McAfee VirusScan and AVG.

I'm new to this site, so I don't really know the processes needed to get you guys to help me, so leading me in that direction will be appreciated! I had a similar problem in the past and it led me to reformat and I would like to not do that again, so please help!
 

Answer:Help with popups and slow computer, virus?

15 more replies
Relevance 53.71%

Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 4:45:26 PM, on 3/18/2007Platform: Windows XP SP1 (WinNT 5.01.2600)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\System32\svchosts.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exec:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\WINDOWS\smss.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\{04E92E4E-09BB-1033-0716-030224200001}\Update.exeC:\WINDOWS\System32\ctfmon.exeC:\DOCUME~1\Owner\APPLIC~1\PPPATC~1\wowexec.exeC:\Program Files\Ipwindows\ipwins.exeC:\Program Files\iPod\bin\... Read more

Answer:Computer's Real Slow And Has Popups! =[

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. I'm afraid I have some bad news concerning your computer: one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.You are using TrendMicro's HijackThis which is still in the testing process at the moment, so there may be some problems with it. Therefore, please download version 1.99.1 of HijackThis from the following link:HJT v1.99.1Then post back a new log,ThanksCharles

14 more replies
Relevance 53.71%

Hi I ally need help cleani my computer from all its viruses and trojans. t running slowly and I constantly get random popups. Please help me.

Here is my Hijakhs log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:48 PM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Progr... Read more

Answer:Need Help! Computer has popups, virses and is really slow

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

2 more replies
Relevance 53.71%

This is a coworkers computer that is having issues. Its running Windows XP. It runs really slow and IE popups occur frequently. Often times when you go to one site, IE will direct you to a totally different site. Every time IE is opened we get a popup that ask if we want to open the previous browser or open our homepage, like we closed IE suddenly. I have ran Malwarebytes, Super AntiSpyware, SpyBot, AVG, and ad-aware on this PC with no changes. I have downloaded Rkill and when we run it a file in the Application Data folder shows up many times (as many as 82 times once). This file changes its name every time we delete it. the last time it appeared it was xL3F5aC2.exe, I googled it and found it in a post on this site included in a HiJackThis file. My boss thought we needed a paid software so he downloaded CyberDefender. I think it was a rogue program but he is the boss. I have downloaded HiJackThis and I do have the log file when it would be requested. I am at wits end, I do not know what else to do. We would just restore this computer but we have some programming that an outside source has downloaded on it so we can perform certain task relevant to our line of work. To have this reinstalled and set up would be a major investment, a larger cost than just to replace the computer. I will be honest with you, I know my way around a computer, but I am not an expert. If you choose to help me, I would be thankful if you give me step by step directions, please don't just assume I ... Read more

Answer:IE popups and redirects, slow computer.

Anything would be helpful. Just wondering why I never got a reply for this issue? I understand I am new on this forum, and I want to make sure I didn't cross a line or break any rules. Thanks,Thom

11 more replies
Relevance 53.71%

Logfile of HijackThis v1.99.1
Scan saved at 7:03:28 PM, on 11/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\etb\pokapoka79.exe
C:\Documents and Settings\sunil\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ads1.revenue.net/r?site_id=13414&pplacement_id=1
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedUpMyPC] C:\Program... Read more

Answer:computer 2 slow, and unneccessary popups...

10 more replies
Relevance 53.71%

for the past few weeks, my computer has been filled with spyware, but adaware and spybot don't seem to be taking much off. my computer is slow, i have resorted to using mozilla because using ie give me a popup a minute, and all my fonts are messed up in aol instant messenger. i downloaded hijackthis and my logfile is posted below, please help me to get this junk off my computer!- mnsdgLogfile of HijackThis v1.97.7Scan saved at 4:54:36 PM, on 6/1/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\aol\ACS\acsd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\WINDOWS\System32\sdpasvc.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\Common files\WinTools\WToolsS.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\Program Files\Messenger Pl... Read more

Answer:slow computer, many popups, please read my hjt log

C:\WINDOWS\wxrxhmjv.exe - done a virus scan lately?Make sure you do the update function for Ad-aware and Spybot. (In Ad-aware, your reference file should be denoted as 5-30, tho they come out with new additions almost daily). Most of these should be detected with the latest definitions.The links to Ad-aware, Spybot, and some free online virus scanners can be found here:http://www.closedsocket.com/links.htmlRun those, then repost your log and we'll give it another look.

6 more replies
Relevance 53.71%

I keep getting unwanted popus and my computer has slowed down tremendously. Can you review my Hijack log and help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:50 AM, on 11/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program F... Read more

Answer:Unwanted popups and slow computer - HELP

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
If you are not sure how to disable see this help page.

Download ComboFix from one of these locations:

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to ... Read more

1 more replies
Relevance 53.71%

Hi guys, my Kaspersky anti-virus detected a trojan yesterday and put it into to quarantine. Soon after I have been getting random pop-ups appearing about every 5 minutes or so. I am not at all computer savy and really need your help to get my computer back to normal. I would really appreciate if someone can guide me step by step on how to fix this problem.

Thank you!
 

Answer:Random popups and slow computer

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

3 more replies
Relevance 53.71%

I'll just start off by giving the HijackThis log. I've scanned with AVG, Ad-Aware and Spybot - Search and Destroy, I'm pretty sure I've got rid of baddies that those 3 programs entail.

Thank you for your assistance.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:24:10 AM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Belkin\PCI F5D7000\Wireless Utility\Belkinwcui.exe
C:\Pro... Read more

More replies
Relevance 53.71%

Windows xp home. Excessive problem with popups. I ran spybot and adaware before running hijack this.
 

Answer:annyoying popups and slow computer

Please go to www.spychecker.com/program/hijackthis/html

Please note: When you download HijackThis put it in its own permanent folder like My Documents for example. DO NOT download to a temp folder or the desktop.

Launch program and click on the SCAN button. After scan click on Save Log . It should save to Notepad.

Click on Edit, then Select All. Then click Edit again then Copy. Then paste log back here in a reply.

DO NOT have HijackThis fix anything yet. Most of what it shows will be harmless / needed stuff. Wait for an expert to review it and advise you.
 

3 more replies
Relevance 53.71%

Hi...I am using xp ....I downloaded IOBit security 360, and also have the advanced system care, Run scans with both programs. I use Avira Antivir personal which many times during the day will give alerts to trojans or unwanted programs. At times I have to restart because the computer is running so slow. When it reboots, I get a rundll error. I still think there is something going on that needs to be fixed. Here is my hijack this log. Could someone please take a look and tell me what I need to do? Thanks

Logfile of IObit HijackScan v1.0.0.0
Scan saved at 13:1:10, on 2010-2-10

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Corel\Core... Read more

Answer:computer slow with random popups

16 more replies
Relevance 53.71%

Hello.

Recently, my computer (a laptop) has been running slowly, and been getting pop-ups showing up even when I don't have a browser running. I'll be gone from my computer for a couple hours, and come back to it to see a 20+ pop-ups on the screen. The problem isn't too serious right now, but I want to make sure it doesn't grow into anything worse.

I remember anything specifically I did that may have given me this possible virus, although there was a moment when I was browsing the web that my computer froze up for a bit. That's when it started, I think.

I'm using Windows XP.

Thank you.

Answer:Possible Infection, Popups/slow computer

Welcome to the forum.There are so many ways to get infected nowadays.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in... Read more

17 more replies
Relevance 53.71%

my girlfriends computer is running really slow and is getting lots of popups, can anyone help? shes running windows xp.
 

Answer:slow computer and lots of popups

download hijackthis - install it to its own folder on her pc, run it and post the log here

http://www.spywareinfo.com/~merijn/downloads.html
 

2 more replies
Relevance 53.71%

My laptop is running so bad that it is hard to do anything on it please help thanks


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 1
RAM: 3002 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1309 Mb
Hard Drives: C: Total - 223918 MB, Free - 176899 MB; D: Total - 14251 MB, Free - 2348 MB; E: Total - 99 MB, Free - 92 MB;
Motherboard: Hewlett-Packard, 1484
Antivirus: avast! Antivirus, Updated and Enabled
 

Answer:computer running slow popups

15 more replies
Relevance 53.71%

----------------------------------------------------

PROBLEM: My computer has regular popups, about every 2 minutes, that say the same thing. and lead me to AVSystemCare. The computer is slow. I cannot access the Properties tab from My Computer because it has been disabled by AVSystemCare or something else.

The computer was functioning fine 2 days ago. The computer is about 18 months old. It is a Dell Inspiron 9300 laptop, Windows XP SP2. I think that it is running an older version of Java - 1.4.1??

I cannot access the Control Panel from the Start menu. That has also been removed by AVSystemCare or something else.

I tried fixing the problem with Spyware Doctor, AVG Anti-Spyware 7.5 and AVG Anti-Virus. So far nothing has touched the problem. I did hours of research that finally led me here.

----------------------------------------------------

This is what is stated in the pop up box that leads me to AVSystemCare:

Windows Security Alert

Warning! Potential Spyware Operation!

Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unauthorized access to your files! Click YES to download spyware remover ?

----------------------------------------------------

Deckard's System Scanner (DSS)

I am not able to post a log with this because I get an error message when running dss.exe

Here is the error message:

dss.exe has encountered a problem and needs to close. We are ... Read more

Answer:AVSystemCare - many popups, computer very slow

Any help would be greatly appreciated as I have been struggling with this now for 3 days. Thank you in advance!

Since the last post I have run Ad-Aware 2007 and CWShredder. This has done nothing to affect this problem.

I am presently running Trend Micro HouseCall 6.6 as an additional scan beyond the Panda online scan.

I could not get the dss.exe file to work on the computer. Should I run a HijackThis and post the log?

Thank you!

19 more replies
Relevance 53.71%

Somehow, my PC was infected. I've got tons of tmp files, a red x on my C drive, tons of popups, computer lags, very slow. I've run ComboFix and it gave my the following log. Any help would be GREATLY appreciated. Thank you!!!!!!

ComboFix 08-04-10.5 - Mona 2008-04-10 2050.1 - NTFSx86
Running from: C:\Documents and Settings\Mona\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Mona\Application Data\AVSystemCare
C:\Documents and Settings\Mona\Application Data\CROSOF~1.NET
C:\Documents and Settings\Mona\ResErrors.log
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\temp\tn3
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\system32\adult.txt
C:\WINDOWS\system32\bkmoopob.exe
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
... Read more

Answer:Red X on C Drive, slow computer, PopUps...HELP!

Hello! You are infected with some nasty stuff!

====================================================

You don't have Window's Recovery Console installed. Whilst it may not be needed at this time, current infections tend to patch a lot of critical system files now, these often result to multiple problems and sometimes, they can cause unbootable machines. Having Window's Recovery Console installed on your machine will help you and I in case something goes wrong while we are in the process of cleaning your machine.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

====================================================

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon... Read more

3 more replies
Relevance 53.71%

Good Day,Having an awful time with this PC. Last a screen popped up saying I had a virus and asking me to click on the window to get software to disable the virus. Ran AVG and Spybot and at least the screen is gone, but computer runs very slow and will not access my hotmail account. Please take a look at my hijack this log, and if you have any suggestions to get me back running, I would be most grateful. Worldspan and Booking Builder are OK.Thank you - MikeLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:58:34 AM, on 10/13/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Winpopup Server\WinpopupServer.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\igfxtray.exeC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\system32\PROMon.exeC:\Program Files\Analog Devices\SoundMAX\Smtray.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\Rundll32.exeC:&#... Read more

Answer:Popups, Malware, Slow Computer

Hello, mikegru. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We Need to Run ComboFixNote to readers of this post other than the starter of this thread:ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.About 1 in 100 times the computer will not longer be able to boot after running Combofix. This requires experienced hands to restore the system to bootability.There are several malware infections that "target" Combofix. Experienced Helpers are aware of these infections, and take steps to remove them prior to the use of Combofix. If you do not, various things can happen depending on the infection -- from Combofix being unable to run, to the delet... Read more

14 more replies
Relevance 53.71%

I have a windows XP professional service pack 2 pc that is starting to act slow. I also get random popups from internet explorer even when I am on Mozilla firefox. I am not sure what would be the problem but I want to fix this before the computer gets really slow and eventually freezes. Thanks.

PandaScan log:

Incident Status Location

Adware:Adware/Seekmo Not disinfected C:\Program Files\Seekmo\bin\10.0.406.0\Srv.exe
Adware:Adware/Zango Not disinfected C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
Adware:adware/seekmo ... Read more

Answer:HELP!!Slow computer and Random Popups....

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please post a fresh Hijack This log to this thread.
I will be notified and I will get back to you ASAP.

Please include a description of your current problem/s

Click here to download HJTinstall.exeSave HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
Click I accept
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

CCleaner
Please download CCleaner from here to clean temp files from your computer.Double click on the ccsetup.exe file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the defaul... Read more

7 more replies
Relevance 53.71%

Hello,
My brother?s computer is running slow and constantly getting popups. I ran Adaware on it but it crashes after a certain point . I ran spybot and it finds a bunch of junk and it deletes it but when I restart the spyware just keeps coming back. If i try to run it in safe mode it will freeze. I tried to save a log with Hijack this but it will shut HJT down when i try to save a log file. I see all kind of junk in tools> manage add- ons. And in task manager there is a bunch of junk running.
If I try to run online scan it will shut down the browser.
I was able to get all the latest updates for Windows XP
I ran dss.exe but it doesn?t show an extra.txt only the main.txt
Here is the main.txt:


Deckard's System Scanner v20070318.32
Run by Administrator on 2007-07-27 at 08:01:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 08:01, on 2007-07-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WIN2\System32\smss.exe
C:\WIN2\system32\winlogon.exe
C:\WIN2\system32\services.exe
C:\WIN2\system32\lsass.exe
C:\WIN2\system32\svchost.exe
C:\WIN2\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WIN2\Explorer.EXE
C:\WIN2\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-... Read more

Answer:computer slow and tons of popups

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

You don't seem to have an Anti-Virus software installed. We'll be taking care of that once we get some control of your system.

---------------------------------------------------------------------------------------------

Download combofix.exe to your desktop. We'll use this shortly.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the fi... Read more

19 more replies
Relevance 53.71%

here is my hijack this log file, i have tried running ad-ware but computer restarts everytime i run it.

Logfile of HijackThis v1.99.1
Scan saved at 4:43:21 PM, on 9/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe... Read more

Answer:trogans??? IE popups, slow computer....

9 more replies
Relevance 53.71%

Warning messages that my computer has "worm.win32.netsky".
Three icons keep reappearing after being put into recycle bin 1)Spyware&Malware Protection, 2)Error Cleaner, 3) Privacy Protector.
I have read the 5 steps before posting a log, but cannot run the Panda Activescan since it says that it must use IE. I am running Mozilla Firefox browser.

Answer:IE7 not working;very slow computer w/popups

Hello and welcome to TSF.

Please skip the Panda scan and post the DSS main.txt and the extra.txt.

18 more replies
Relevance 53.71%

My Mcafee went crazy telling me that my computer had a vundo virus. I ran symantics vundofix, ddnt work. still getting popup and my computer is slowas hell. cant even type this.

below is my highjack this:

Logfile of HijackThis v1.99.1
Scan saved at 3:29:41 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\T3JsYW5kbyBSaW9z\command.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\MozyPro\mozyprobackup.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.... Read more

Answer:PopUps, Slow Computer, Vundo?

just tried another vundofix removal program.. still popups.
 

1 more replies
Relevance 53.71%

PLEASE HELP!!!

My computer got infected with some sort of vrus or trojan... and its very annoying... any help is appreciated!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:16:30 PM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ... Read more

More replies
Relevance 53.71%

I'd appreciate any help I could get with this. I have the annoying web buying pop up problem on this computer...I've spent days trying to download assorted spyware stuff, deleting spyware stuff, googling the problem to death. I did the panda scan, nothing found, so nothing to post for tht. windows appears to be updated, but as it is running so slow, I never got a response from the update page, but I ahve no alert showing it is time to update. I did the hijackthis (deckards) from step 5 and this is what I really hope someone can help...thank you

Deckard's System Scanner v20070819.64
Run by Administrator on 2007-08-21 16:11:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:14 PM, on 8/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcm... Read more

Answer:web buying popups and very slow computer

Please download the OTMoveIt by OldTimer. Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\Program Files\Web Buying\v1.8.1\webbuying.exe
C:\WINNT\system32\uekwusk.dll



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========================

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.1\webbuying.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Open Windows Explorer and delete the following highlighted file/s
Also delete the following red folder/s

C:\Program Files\ Web Buying
c:\program files\ viewpoint

Reboot and post a new HJT log..

5 more replies
Relevance 53.71%

Hello,
I'm a first time poster. I've searched this forum for similar cases, most times vundofix is suggested. VundoFix picks up nothing for me. I've done an AVG scan, it has deleted some infected files but computer performance hasn't improved much.

I'm getting popups when I'm surfing the net along with what is now a snail-paced computer. Sometimes it will take a very long time to load a page, if it loads at all.

A pop up I receive constanty appears to be a google search bar, it states
"Oops this seems to be a broken link" along with the following url:
http://82.98.231.93/?source=venus_r...fff&rid=upa100001&ver=21115&m=lg20&b42=0.0032

My HijackThis Log is attached.
Thank you very much for your help!
I'd really like to get this headache off my system.
 

More replies
Relevance 53.71%

Hello all.I am pretty much computer illiterate, so I don't really have an idea of what's wrong with my computer.I use Trend Micro PC-Cillin as my virus protection, and every so often I get a message saying that it found spyware on my system. It is usually virtumondo or something else that I thought I'd already removed.I also get a lot of popups that try to come up when I'm not even online. The address I saw on one of them was something like: www.anaema.com. I also received one (about a minute ago) about WinAntiVirus Pro 2006.I'm sorry if this is vague and confusing, but I'm really not sure what it going on.Here is my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 1:49:49 AM, on 5/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\P... Read more

Answer:Popups And Slow Running Computer

Hello and welcome aboard Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YES.Once you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

28 more replies
Relevance 53.71%

Recently Ive been getting many popups and my computer has also drastically slowed down. Also, many programs freeze and malfunction. Im assuming that the cause of this is a p2p networking program I downloaded called BitLord. I've already deleted the program and have done a Panda scan, Webroot Spysweeper scan, and a Norton Antivirus scan. If you could help me fix my computer back to normal I would very much appriciate it!!! Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:11:27 PM, on 7/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dl... Read more

Answer:Popups, slow computer, possible trojan

Please rename your copy of Hijackthis.exe to HJT.exe and post a new log.

11 more replies
Relevance 53.71%

For the past 2 or 3 days my computer has been extremely slow and flooded with popups. I've used avg, avira, spybot, atf-cleaner, superantispyware. I'm not sure what to do next. I'm posting my HijackThis log. Thank you.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:34:49 PM, on 5/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\CFusionMX7\runtime\bin\jrunsvc.exeC:\CFusionMX7\db\slserver54\bi... Read more

Answer:Computer Is Slow/inundated With Popups

Hello nailzfan and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do not ... Read more

6 more replies
Relevance 53.71%

Working on hubby's computer now, he is running IE10 on Windows 7.  Has strange video ad popups on regular basis, slow overall, had a redirected home page.  I ran a full malwarebytes scan and it picked up and removed one item.  I have also updated Java and removed old version.  Running Mcafee thru the AT&T Security Suite.  Would welcome any advise on how to proceed from here.

Answer:video popups and slow computer

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Ant... Read more

9 more replies
Relevance 53.71%

computer is running very slow somtimes freezes and lots of browser popups i ran trend online housecall it fixed some thingsDeckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Core™2 CPU 6400 @ 2.13GHzCPU 1: Intel® Core™2 CPU 6400 @ 2.13GHzPercentage of Memory in Use: 24%Physical Memory (total/avail): 2045.85 MiB / 1541.17 MiBPagefile Memory (total/avail): 3937.67 MiB / 3580.39 MiBVirtual Memory (total/avail): 2047.88 MiB / 1931.32 MiBC: is Fixed (NTFS) - 232.82 GiB total, 142.76 GiB free. D: is CDROM (No Media)E: is CDROM (CDFS)F: is CDROM (No Media)G: is CDROM (No Media)H: is Fixed (NTFS) - 149.05 GiB total, 117.14 GiB free. \\.\PHYSICALDRIVE0 - SAMSUNG SP2504C - 232.83 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 232.82 GiB - C:\\.\PHYSICALDRIVE1 - WDC WD16 00JB-00GVA0 USB Device - 149.05 GiB - 1 partition \PARTITION0 - Installable File System - 149.05 GiB - H:-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is disabled.FirstRunDisabled is set.FW: Norton AntiVirus v2007 ... Read more

Answer:Browser Popups And Slow Computer

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.

You posted the wrong log. Please post the text from main.txt

4 more replies
Relevance 53.71%

Hi
My computer has gotten so slow, it is unusable at times. It seems like the virus software spends so much time running I can't use the computer. I have eliminated as many unneeded programs from auto start up, as I could. I know I don't need all the crap that is always loaded on the system.

I also lost the boot sector recently very abruptly while in the middle of using the computer. After this I have did a check using other virus software and turned up 2 spy ware programs, which were deleted. I have not replaced the boot sector yet, but booting from a recovery CD.

I have had Mcafee spy, virus and firewall running since new. I have blocked the web site for b.casalemedia.co yet it still pops up!

Thanks in advance!
Steve

HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:38 AM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\11311... Read more

Answer:HijackThis log 4 slow computer w/ popups

Any Ideas on even one of the problems?
 

1 more replies
Relevance 53.71%

Hi there,

A few months ago this computer started getting slow and internet pop ups and i havent been able to get rid of them and I've forgotten about it since I use a laptop mainly.
I'm guessing there is quite a bit on here still but I've run about 3 anti-virus programs to get rid of stuff and Im still getting pop ups and and quite a slow computer.

Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:18 AM, on 16/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.... Read more

More replies
Relevance 53.71%

Hello,

I have a Sony Vaio VPCS125FH (about a year old) and it barely moves. I get ad popups in the lower left corner and when trying to browse, it is extremely slow. I just downloaded and installed MBAM and ran a quick scan. The scan found 8 infected files up to a certain file and then it got stuck. I ran it twice and it got stuck around the same place (not sure if it was the same file, though). The file it seemed to freeze on the second time around is: C:\USERS\VAIO\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini I greatly appreciate any help you might be able to give. Thank you!

Answer:ad popups computer extremely slow

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

60 more replies
Relevance 53.3%

Hello,

My computer has recently started slowing down and as I browse the interent annoying ads constantly popup. Also, my memory then increases to 99% and at times I get warnings that tell me my memory is to low. Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:32 AM, on 10/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe... Read more

Answer:Slow computer w/popups and maxxed out memory

I'm also running Windows XP SP 2, in case that helps any.
 

1 more replies
Relevance 53.3%

Hello. I'm brand new to this forum. I apologize beforehand because i have read the rules on posting, but i'm very strapped for time because I'm a med student with a test coming up on monday and only knew how to run hijack this! i had used it in the past but im afraid ive become a bit rusty. somehow norton found a trojan when i was going on one of my usual sites and im getting popups whenever i use google it seems. I could really appreciate any help if possible.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:34 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Pro... Read more

Answer:help with spyware - popups and slow running computer

Please follow the instructs from this webpage (sticky):

http://www.techsupportforum.com/secu...oval-help.html

You shall have a proper set of logs for us after that. Someone shall be along shortly

* Kindly note that threads without the proper logs is likely be ignored.

2 more replies
Relevance 53.3%

Well basically I have been having a lot of pop-ups lately and i don't know whats causing it.So thanks in advance for any help given.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:57:14 PM, on 04/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\PnkBstrB.exeC:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\WINDOWS\system32\iesvcmon.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ppcbooster\ppcb_32.exeC:\DOCUME~1\TERRANCE\LOCALS~1\Temp\csrss... Read more

Answer:Computer Running slow and lots of popups

Hi,Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all though... I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete every... Read more

8 more replies
Relevance 53.3%

I have been working with Boopme and they have been helping me. I have run SAS, MBAM, and ATF. I bought a used computer and it has had some issues with running slowly and getting popups. Also have problems with not being able to access my email or the tsn.ca websites on occasion. Here are my logs.DDS (Ver_10-03-17.01) - NTFSx86 Run by Apollo at 7:24:54.25 on Mon 06/07/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.248 [GMT -5:00]AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Norton Ghost\Agent\GhostTray.exeC:\Program Files\Common F... Read more

Answer:Unaware of problem... Slow computer, Many popups

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 53.3%

About a week ago our home computer got infected with the Windows XP 2012 Security virus. I used he guide I found on here and successfully removed it. Within the last couple days my computer has been acting up again though. After the fake security virus I could not get Windows Autmoatic Updates to turn back on, and a svchost.exe would run and take up all the CPU and im pretty sure that was related to the Automatic Updates problem. Yesterday I downloaded a program called Dial-a-Fix and it managed to turn the updates back on and it seemed to have fixed the Automatic Updates problem. Now I havea google redirect problem and sometimes when I open IE8 a popup will just appear. I have used Malwarebytes and removed some trojan that shows up when it scans, but it keeps coming back. I have the free version of Avira on the computer and it always tells me it has detected Malware but when I tell it to remove it, not much happens. It scans then nothing really happens. The operating system is XP. Thanks for any help.

Answer:Slow Computer with Google Redirects and Popups

Please post the complete results of your last MBAM scan for review (even if nothing was found).To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-ddPlease download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!Be sure to print out and follow the instructions for performing a scan. Alternate instructions can be found here.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped fi... Read more

9 more replies
Relevance 53.3%

Hey I'm running Windows 8.1 and lately I've been having strange browser popups - this usually doesn't bother me too much, until it starts affecting speed and connectivity to League of Legends. Please help, my ranked play is suffering :'(

Answer:Computer running slow, strange ads and popups

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

Lau... Read more

3 more replies
Relevance 53.3%

Im trying to fix my dads computer. He has lots of popups occuring almost constantly. In the bottom right corner, there is constantly a Warning bubble poping up saying I have a security problem!. Whenever I click on it it takes me to ffhdghdgh.com ( I haven't actually seen what this is since I turned hte wireless off on his computer ) I've run an AVG scan on it and it comes up with userload.exe trojan horse SHeur2.ZKM. I haven't been able to get rid of that either.

I have done a Hijack this here. Any help would be awesome.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:32 PM, on 4/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP... Read more

Answer:computer acting slow and lots of popups.

I've noticed now when it restarts it comes up with a screen that says
"NTFS Volume Maintinence Utility has encountered a prolbme and needs to close" This happens before explorer even opens and any of hte processes start.

also when I hit don't sent (the error report) the message goes away and then nothing happens. It shows the desktop background image and nothing happens. I have to manually load explorer by hitting control alt del and then run process > explorer.

I'm really baffeled by this whole situation
 

3 more replies