Computer Support Forum

PC slow, BHOs added, trojans and adware keeps coming back

Question: PC slow, BHOs added, trojans and adware keeps coming back

Hi, Iam having lots of trouble. Something is constantly adding BHOs, I disable them with BHODemon but more appear. I was having windows opening trying to get me to download winantivurus pro but this seems to have stopped for the time being. Adaware crashes so does spy sweeper. When I run spy sweeper in safe mode it finds virtumonde, I remove it but it comes back by the next scan.

I've run vundofix, this may have helped but my pc is still slow and AVG still keeps displaying that it is finding trojans such as Downloader.Generic4ZQI.

Panda activescan also found trojan Trj/Downloader.OZB.

Iam having trouble getting dss to work cos my cpu keeps going up to 100% usage and stalling for ages.

Here is my log not sure if I'll be able to get the extra bit from dss. Thanks for help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:26, on 05/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\Administrator.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A02FE62-B851-4E7F-94CD-7CF6D70887BC} - C:\WINNT\system32\awtsp.dll (disabled by BHODemon)
O2 - BHO: (no name) - {1FC4A69B-863D-4613-88E6-BDB001F2AEF0} - (no file)
O2 - BHO: (no name) - {2AA25A47-A1AA-43F0-BBAA-3FDC2F1B2A0F} - C:\WINNT\system32\awtqq.dll (disabled by BHODemon)
O2 - BHO: (no name) - {2BDA66AE-6A3A-4E68-AA71-B1A16829394E} - C:\WINNT\system32\awtsr.dll (disabled by BHODemon)
O2 - BHO: (no name) - {45AD60C4-C089-465C-A939-81C65680BFB8} - (no file)
O2 - BHO: (no name) - {46F45847-6DED-4F1E-A37C-8381FB86DB9F} - (no file)
O2 - BHO: (no name) - {47ECA933-29C0-4DCA-AB12-70B715CFA3B5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7C748AF2-4AC0-453D-9E86-BA8EEE53E5D6} - C:\WINNT\system32\vtsqp.dll
O2 - BHO: (no name) - {7F50393E-1C50-44B9-80A7-878627D49C8F} - C:\WINNT\system32\ssttu.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {C0172DF6-BEBC-481C-86E8-847D49556783} - C:\WINNT\system32\ddaby.dll (file missing)
O2 - BHO: (no name) - {E84F70C5-17E8-4C1C-B596-674B52E16549} - C:\WINNT\system32\pmkjk.dll (file missing)
O2 - BHO: (no name) - {F9887586-4D3A-4690-B398-C5CF97497A14} - (no file)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINNT\system32\njkgobfi.dll",sitypnow
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1151502492515
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37940.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: yayvuut - C:\WINNT\SYSTEM32\yayvuut.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6874 bytes

Relevance 100%
Preferred Solution: PC slow, BHOs added, trojans and adware keeps coming back

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: PC slow, BHOs added, trojans and adware keeps coming back

Please disable BHODemon before proceeding with this next step.

Then, download ComboFix
Save it to the Desktop

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please post the ComboFix.txt, and a new HijackThis log in your reply.

6 more replies
Relevance 98.4%

EDIT again: Added superantispyware log. EDIT: Added two of the malwarebyte logs. One being the orginal scan with a bunch of crap and the other being the most recent having only 2 items infected.I keep getting rid of it with Malwarebyte and Super Anti Spyware but it almost immediately comes back every time. Here's a hijackthis log. Also, most of the ads want me to download some sort of BS antivirus and stuff like that. edit: BTW I use windows XP service pack 2 and I use IE and FF interchangeably, and I seem to be getting more of the popups with IE.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:20:36 PM, on 12/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.17184)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\WINDOWS\system32... Read more

Answer:adware/trojans. Keeps coming back.

Sorry for the long wait.  We are VERY backed-up right now!  If you still require assistance, please post new logs and we'll see what we can do.

7 more replies
Relevance 96.35%

Hi,

My friend has this computer which was clearly infected with viruses and I know a little about security so I started cleaning it.
Very soon I realized I can't this alone so I asked an IT guy for help. He suggested I run ComboFix which I did.
It cleaned up some things but not everything.
I have tried other tools and it seems like each tools is discovering new things but the root cause still remains. The trojans keep coming

At this point, the machine works fine if it is not connected to internet but starts downloading stuff as soon as I connect it

Also, the following have been run already
ComboFix
MBAM
Microsoft Security Essentials
Norton Scan
Norton Power Eraser
Spybot Search and Destroy

And I am attaching the HiJackThis Log. Any help would be greatly appreciated.
The machine is in a state of Blue Screen right after I did a restart after installing HiJackThis.
And it is not performing a System Restore (which I know will remove the HiJackThis install) but not sure what else will happen.

Answer:Tons of Trojans, Adware, cleaned but keeps coming back

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459143 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

44 more replies
Relevance 95.12%

last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart. although there are no more popus like their were last night. any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!! here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{b4ea9b44-78f3-4bcf-b55d-51c... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello belezaj16.What antimalware programs are installed on this computer, please? Do you have an antivirus, or other program that provides realtime protection?I suspect you are being reinfected because you lack these.With Regards,The Panda

22 more replies
Relevance 95.12%

I accidentally posted this in "am I infected, what do I do".. but am new to this.. so I posted this one here.last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart.although there are no more popus like their were last night.any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!!here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello.I have replied to your topic in the Am I Infected Forum here. Please continue the discussions in the topic above. If we are unable to resolve your problem there, you will be asked to post in this forum.This topic is now closed.With Regards,The Panda

1 more replies
Relevance 94.3%

I have had three Trojan.BHO items showing up in Malwarebytes scan. Even after deleting the malware several times, they return. I've read a lot of posts on several blogs about ways to REALLY delete the malware and the most hopeful said to run Hijack This. But after running the program, I get a warning to have some expert help reading the log file to determine which files to delete. Can you help with this? Here's the log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:19:27 PM, on 10/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\Ra... Read more

Answer:Trojan.BHOs keep coming back

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 74.62%

The problem started about a week ago. A popup said there was an infection on the computer. I tryed to close the window but the popup persisted. I went thru the steps to remove malware one by one. It got rid of the popups about the infection but the other trojans that were found keep coming back after a short while. I have all the logs. Help Please!
 

Answer:Trojans keep coming back

cruiser1968 said:





I have all the logs. Help Please!Click to expand...

Then please attach them to your next reply.
 

19 more replies
Relevance 74.62%

I've been on the phone with Microsoft every day since last Monday.
It started with Norton detecting one trojan but not being able to fix it, and a full system scan found over 100 Adwares. After dealing with not being able to open Windows Exp or Internet explorer, I deleted a trojan and spyware in the registry and got adaware and spybot on the system.

However, I keep having problems. As of yesterday,
I have deleted and found again
/Pribi
Backweb
Kenston
two other trojans and a worm that I don't have the names for, but none of them are new.

While on the phone with Msft this morning, I ran a search for Exe files and found Spite6, Tigger, Backdoor and about 26 others that looked suspicious.

The problem is Norton, PestPatrolAV, AVG, Housecall virus scans are not detecting anything other than Adware, which I can't shake off the computer.

I have installed a new firewall and AV software along with pestpatrol.
I have run Adaware and Spybot and here is my hJT log
Logfile of HijackThis v1.99.0
Scan saved at 6:51:25 PM, on 1/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\Status... Read more

Answer:Have at least 10 trojans and they keep coming back

bump please
 

3 more replies
Relevance 74.62%

Hello all, I seem to have malware or viruses that I cannot get rid of. I am running Windows 7 currently on my computer. The problem I am experiencing is that fake virus protection programs will run on my computer and cause my computer to blue screen (not sure of the message but will consciously look if it happens again and post here). It also sometimes just goes straight to the blue screen. I run malwarebytes and spybot on my computer and they always eliminate a lot of trojans (trojanproxy.agent, trojan.fakealert, trojan.agent, trojan.agent.gma, rogue.fakeHDD). I also noticed that some are the svchost.exe that I see other people have mentioned. So I remove all of these and they all seem to come back. I also have restored my computer back to previous points when I get so bogged down by error messages that I cant even get to the malware removal tools. Thanks.

Answer:Trojans keep coming back

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

16 more replies
Relevance 74.62%

Hi -- my computer has been infected with several trojans that keep coming back even after I've repeated removed them by performing scans with numerous antivirus/antispyware programs. Please help!! Please see the highjackthis log below (I've also run combofix, but the log is REALLY long):

Logfile of HijackThis v1.99.1
Scan saved at 10:53:44 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Skype\Phone\Sk... Read more

More replies
Relevance 73.8%

Hi,Have run Zone Alarm, Avast, Dr Cureit and my computer is still incredibly slow. Dr Web found trojan.pws.panda.31 in system 32 folder, also found tojan.pws.chrome in several places. Ran in safe mode with system restore off but still very slow.The following is my log:Logfile of random's system information tool 1.04 (written by random/random)Run by PCarter at 2008-12-14 17:25:34Microsoft Windows XP Professional Service Pack 3System drive C: has 19 GB (37%) free of 52 GBTotal RAM: 511 MB (21% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:26:52 P, on 12/14/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\CyberLink\PowerDVD\DVDLau... Read more

Answer:Trojans keep coming back after removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to di... Read more

2 more replies
Relevance 73.8%

Hummm, maybe they like my PC a bit too much? Lately I have some trojans that keeps on coming back, no matter how hard I delete them... How can I get rid of these pests?

Answer:Viruses (trojans) keeps coming back...

What does it say if you click on "Show details"? It should say where it found them (Downloads or wherever).

1 more replies
Relevance 73.8%

Here's the HiJack THis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:34:25 PM, on 11/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Logitech\QuickCam\Quickcam.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\BitComet\BitComet.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Electronic Arts\EADM\Core.exeC:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\P... Read more

Answer:Trojans and Vundos keep on coming back

sorry for the bump, but I really need help. :/

39 more replies
Relevance 73.8%

Hello,

I have completed all of the steps from the READ AND RUN ME FIRST sticky thread, with the exception of trying the alternate scans. I still seem to have the recurrence of two viruses , which I delete after they have been detected by the AVG Free scan. They successfully delete, but still are found with each subsequent virus scan.

They are:

Trojan horse Generic.WYM
Trojan horse Downloader.Zlob.BMG

I have attached my Bit Defender and Panda Scan logs, as well as my HJT log, and AVG scan log. I'm not sure what the next step should be for permanent removal at this point, and haven't found any specific removal tools for these.

Also, I have not disabled system restore yet, as I still see these Trojan Horses. Hopefully I am correct that I should not have disabled it until the system is completely free of infection.

Thanks for your analysis!
 

Answer:Persistent trojans keep coming back...

I could only use 3 attachments, so here is the AVG log, in case it helps. Thanks in advance for your help!
 

4 more replies
Relevance 73.8%

A bit less than a week ago some spyware was detected on my laptop (I think it was called Spyware Protect 2009) which essentially wouldn't let me open anything and kept telling me I had a worm. I managed to get rid of it, but ever since then I've had a number of different things come through. What happens is a box will pop up saying that a program called "update.exe" needs permission to continue, and it messes up the computer no matter what you click. AVG says it catches them and removes them, but they still cause problems for my computer - I can only run programs as an administrator, and if I click on the file without specifying to run as administrator, it asks me what program I want to use to open it, and ultimately won't work. Running a scan with Malwarebytes will detect the problems, but they keep coming back, at least once a day.

Some of the ones that Malwarebytes keeps finding are Broken.OpenCommand, Hijack.ExeFile, Trojan.Dropper and Spyware.Agent, but there are also others.
Thank you so much for taking the time to look at this for me!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jill at 0:57:30.16 on Mon 04/25/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3573.1553 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-9... Read more

Answer:The same trojans/spyware keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Relevance 73.8%

I started with the [email protected] think i got rid of that from some of the posts on here.... but now have Win32.P2P-Worm.Alcan.a and starware on the machine maybe the picrate is still there as well, can any of ya'll smarter than me people advise.... would love a little tech help,.....PLEASE.....

Thanks For Any Help Rendered
In Advance
con0627
 

Answer:Solved: trojans keep coming back, Help Please

16 more replies
Relevance 73.8%

hello.

After clicking too fast through some sites and accidentaly downloding one of those fake Anti-spyware programs, my computer became heavily infected.
I followed the advice on this site and others (thank you).. and I thought I got rid of it, however it continues to come back.
I now have numerous helpful programs to find an eliminate the junk, (AVG, PREVX, SUPERAntispyware, SPYBOT, ETC) but when we check 12 hours later our system i covered again
please help!

enclosed is the log from HIJACK THIS and the SUPERantispyware. I have a trendmicro housecall scan currently going, but that is not finished yet. note: many of the trojans listed i know about and can quarantine/move to vault/delete. the problem is that they all keep coming back!

Thankyou for any assistance you can offer ...

=============HIJACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:46 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Network Associ... Read more

Answer:Solved: GRR.. trojans keep coming back! Please help!

14 more replies
Relevance 73.8%

Hummm, maybe they like my PC a bit too much? Lately I have some trojans that keeps on coming back, no matter how hard I delete them... How can I get rid of these pests?

Answer:Viruses (trojans) keeps coming back...

What does it say if you click on "Show details"? It should say where it found them (Downloads or wherever).

more replies
Relevance 73.8%

Ok, my son got into some uglies trying to find myspace layouts. Initially it was Antiviurs 2009. I did some research here and tried my best to get clean following directions from other threads. McAfee is all hosed up. I used SuperAnti Spyware and Malwarebytes to get clean, but then any I reconnect to the internet, I get reinfected. So then I figured out I needed to reset my router. Did that, reconnected and ran SAS and MWB and totally hosed again. So, I need help getting my computer back.Here is the DDSDDS (Ver_09-05-14.01) - NTFSx86 Run by Dave Jr at 21:18:42.85 on Thu 06/04/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2518 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmo... Read more

Answer:All kinds of Trojans keep coming back

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

4 more replies
Relevance 73.8%

Currently I am the sole owner of the only working computer among the small group of friends I live with. I allow them to use it, of course, I'm no computer nazi, but one of them must have tried to download something from some shady website because I've been getting a lot of Virus Alerts from Symantec AntiVirus telling me about Trojans and Adware and Keyloggers that keep coming back every time I delete them.

When i ran Spybot S&D it would automatically abort the scan itself telling me it was a user action. When i run the computer in safe mode, Symantec AV doesn't exist on my list of available programs.

So basically I'm at a loss. I'm not very well educated on the inner working of computers and I don't want to muck around myself if i'm not sure what i'm doing, so any help purging my system of these threats would be hugely appreciated, I use this computer for almost everything and I'd hate to lose it to viruses.

Thanks in advance for any help!
 

Answer:Solved: several Trojans keep coming back

16 more replies
Relevance 73.8%

Three sun java trojans come back everyday, I have turned off system restore, ran avast to delete the sun java trojans, deleted my old sun java, reinstalled the new one but alas they keep coming back. Here's my HJT log, any help would be appreciated thx. P.S. this log is after I deleted them, maybe I should run one before they r deleted??
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Micr... Read more

Answer:Trojans keep coming back..Have a HijackThis log

7 more replies
Relevance 73.8%

i have several spyware trojans and viruses that keep coming back after being removed. one is adware.maxsearch, another is one the causes winantivirus 2006 to pop up in my browser. another is one that is in my registry under hkey_local_machine/software/microsoft/mssmgr i'm sure there are more. if anyone can help me get rid of the spyware and trojans thanks

Answer:Spyware and trojans that keep coming back

i've also used several anti spyware and antivirus to attempt to remove these, i've used ewido, symantec, noadware, and xoftspy.

also, when i start windows in safe mode, explorer.exe doesn't start up and isn't listed under processes in the task manager, even after i start explorer.exe the desktop will appear for a short time then go away.

here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:13:38 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\re... Read more

1 more replies
Relevance 73.8%

Hello all.

I really need help.

I have been trying to clean up my computer using AVG/Malwarebytes/AdAware (my AdAware even got corrupted or something, it can't scan anymore without crashing).

I randomly get audio popups without a popup, all I hear is audio saying I won money or a free shirt, and then I also get the popups. My computer randomly exits applications, some of my applications get random errors forcing me to close it like IE. I really don't know what to do.

Here is my Hijackthis log.

Please someone help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:30 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Grisoft\AVGFRE... Read more

Answer:What in the world? I keep getting rid of trojans, but they keep coming back???

bump
 

2 more replies
Relevance 73.8%

Trojans are re-appearing over and over, my mcafee keeps on finding new ones. Sometimes programs freeze, my computer freezes, and im getting generic host process win32 errors. and also something keeps on trying to connect to explorer.exe, and redirected to other websites? heres my log, help appreciated, thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:07 AM, on 1/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDO... Read more

Answer:Trojans are coming back over and over!? HJT LOG INCLUDED PLEASE HELP?

Recently my computer has been affected with MANY TROJANS. more every day, talked to some guy from mcafee and he told me too run %temp% and delete all the folders, then run mcafee virus scan. didnt work...now my computer is shutting down by itself saying there is drive problems. ive gotten rid of many generic trojans, and something called VUNDO? please help me. im ready to do a harddrive wipe...please! ive posted so many times and no one helps me.
 

2 more replies
Relevance 73.8%

So I've been having this Adware for 2 weeks or so. I used every kind of program people recommended and yet it still comes back after a time. Creating shortcuts of Google Chrome and Mozilla Firefox on my computer. When I scanned with malwarebytes last night (And it was a whole pc scan even searched for rootkits took 2 hours to finish.) It showed 0 threats but when I woke up today there were 162 threats detected by Malware Bytes. I don't know I'm so frustrated about this but I don't want to reset my computer and lose all of my files and downloadings (since in my country I have a limited amount of data I can download and it would take me months to download them back.)
 

More replies
Relevance 73.8%

I've been getting nonstop ads/pop-ups for almost a month now, I ran spybot and it picked up things like Advertising.com Avenue A, Inc. and some others, It fixed the problem temporarily but everytime I start my computer and run spybot the problems come right back up again.Here's my HJT log:Logfile of HijackThis v1.99.1Scan saved at 2:56:02 PM, on 6/3/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Musicmatch\Musicmat... Read more

Answer:Spy/adware keeps coming back.

Hello Travis_C and welcome to the BC forums. After reviewing your log I see no signs of viruses or malware at this time. The log is clean.

I do see that you have Limewire installed. This applicaiton is known to have malicious programs included in its installation. I would recommend removing the program and deleting the folder. That should take care of any trojan issues you are having.

Cheers.

OT

3 more replies
Relevance 73.8%

Hi...
 
Hope someone can help.  I have a Inspirion 910 mini that is super slow loading web pages in all browsers.  I usually use chrome and have seen things that it is waiting for on the lower left corner.  I googled some of them and found out they are adware tracking cookies.  One common one that shows up is g.doubleclick.net.
 
I ran several removers "super antimalware" "malwarebytes" ect. and they find them and remove them.  When I rescan after booting they are still gone.  However...as soon as I open a browser and start surfing they come back.  I can then rescan and find 30 to 115 at one point.
 
How do I get these to go away for good? 
 
Thanks..
 
Hartwa

Answer:Adware Keeps Coming Back

Hello hartwa

In Chrome check for and disable or remove any unwanted add-ons.
How to Disable Extensions in Google Chrome - How to Uninstall Extensions in Google Chrome

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
[list]Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next r... Read more

8 more replies
Relevance 73.8%

It's not just Browsers now, Steam as well, it shows up the adware and every time i click something i opens a new tab with more adware.
 

More replies
Relevance 73.8%

I have tried spybot, Ad-aware, even the purchased version of pest patrol corporate edition. This computer of one of my employees at work continues to have some spyware on it I simply cannot remove
11 Each program finds things, but I keep getting zestysearch, and popups. I tried doing them in safe mode with Sys res off. I manually deleted a directory called 64 32 Joy, after I killed a process that had something like love dumb..... now It says there are 2 dlls I need to remove, but I can't delete them. Here is a Hijack this log. Thanks to anyone that can help!!

Logfile of HijackThis v1.97.7
Scan saved at 7:10:48 PM, on 6/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\nancy.CCRS.000\Local Settings\Temp\Temporary Directory 2 for... Read more

Answer:Adware keeps coming back!

13 more replies
Relevance 73.8%

I can't seem to get this adware to go away! Can you help?

Logfile of HijackThis v1.97.7
Scan saved at 3:22:23 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\NORTON~1\NORTON~3\QDCSFS.EXE
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsea... Read more

More replies
Relevance 72.98%

Couple of days ago my computer got infected with loads of different trojans. I used AVG, CWShredder, online scanners, Spybot S&D, and ad-aware to clean it up. Yet, whenever I scan again, new trojans (such as the trojan horse downloader, various versions) keep on being found. Additionally, I can't open IE (an error message pops up). I tried netscape, but it doesn't work either. Here is my HJT file:

Logfile of HijackThis v1.97.7
Scan saved at 00:24:54, on 2004-06-23
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\System32\sfmprint.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RsFsa.exe
C:\WINNT\system32\RsSub.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\mqsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\winnt\temp\K.exe
C:... Read more

More replies
Relevance 72.98%

Well, I need some help. It is my first time coming here, and thank you for any help you can provide. I appear to maybe have a rootkit or something that is generating Trojans. It appears to be coming from the Google Install folder in Program Files (x86). I scanned with Malwarebytes and it found a rootkit, and maybe removed it, but it might be back, as the same Trojans (they were all being blocked by Avira) are being generated. Malwarebytes said it was Rootkit.0access. Should I just delete the folder or would that not help at all?

Answer:Constant trojans and rootkit that might be coming back

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

9 more replies
Relevance 72.98%

Both my Avira and Anti-Malwarebytes keep reporting trojans/viruses after I do a scan. Each time I do a scan, I have the programs delete the viruses, and then I'll do a new scan only to find new viruses. I'm sure there is something wrong because I was on a website today when all of the sudden one of those fake "your computer is infected" programs popped up out of nowhere. Below is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:24 PM, on 4/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
... Read more

More replies
Relevance 72.98%

I have Windows ME on a Sony Vaio. My AVG Anti-Virus has been popping up the last few days with 'Threat Detected' messages regarding the same trojans:

C:\\WINDOWS\SYSTEM\WWWW.exe
and
C:\\WINDOWS\SYSTEM\JBHOOK.dll
(both are described as "Trojan horse PSW.Generic2.TLV)

I run the anti-virus, and those two along with about 70 others supposedly go into the virus vault and are healed, but if I run it again, the same files will appear as a threat, and I continue to get the pop up messages. I have also now begun to receive small pop ups that say "runtime error 216", after which the computer usually freezes up.

An excerpt from the event history from the last run of AVG Anti-Virus is:

<history>
<!-- 01c73830de5a6440 -->
<rec time="2007/01/14 15:29:42" user="default" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\WINDOWS\SYSTEM\JBHOOK.DLL</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">PSW.Generic2.TLV</attr>
</rec>
<rec time="2007/01/14 15:30:24" user="default" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\WINDOWS\SYSTEM\JBHOOK.DLL</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2007/01/14 15:30:57" user="default" sour... Read more

Answer:AVG finds multiple trojans, but the same ones keep coming back

9 more replies
Relevance 72.98%

Trojan.winfixer AND adware.vundo keeps coming back on my computer. I've deleted so many files its not even funny. I ran safe mode, put all hidden folders to "unhidden" and ran SUPERAntiSpyware Professional, I deleted the vundo files and restarted my computer normally. BUT...SUPERAntiSpyware detected it AGAIN for some reason. I've also tried VundoFix, Symantec FixVundo, Ad-Aware 2007, The new Spybot Search and Destroy...
Everything is up-to-date...
I've been up since 4 am trying to fix this problem and I am really frustrated. Please Help!!!
I posted my HiJackThis Log below

Logfile of HijackThis v1.99.1
Scan saved at 5:35:27 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.e... Read more

More replies
Relevance 72.98%

Dear forum,
 
I don't know how this started, but I've tried so many things to just get rid of these adware showing up in these scans but they just keep coming back. They all appear to be SQLITE. I have no idea what SQLITE is and a lot of the times web searches say these are harmless. I could just switch off the computer cleaning off 64 of them on one day, and switch them off and have 100 in a scan on another day.
 
What started it? I think it was that last time I was trying to stream a movie and clicked on some faux link instead. I think that's what started it. I think.
 
I tried blocking it on Blocksite, and AdBlock. So far AdBlock detects these better, and I've actually been looking at the scan logs and finding the website names in the Adblock "Open blockable items" feature and blocking them. But I only frequent some sites, and I can't find them other SQLITEs anywhere. So far I only have histats.com blocked on Adblock. ||s4.histats.com/stats/* <--- They kinda look like this in the Custom Filter tab.
 
So far, I noticed that it opens "disappearing pop-ups" where you just click on something or just somewhere on a browser page and a pop-up seems to come up for 0.5 seconds and disappear into the moonlight, but I know that was a pop-up and disappearing pop-ups are a thing.
 
I've attached FRST, Addition, and the SuperAntiSpyware logs here so you can see what's going on.
 
If you can help me in a way that in the future I can also help myself if si... Read more

Answer:Many adware (SQLITE) keeps coming back

The adwares keep increasing with every scan. Should I be worried or delete them first?

11 more replies
Relevance 72.98%

hi, i'm new as i'm sure is obvious. i'm using spyware doctor from the google pack and it detects a high risk infection called Agent.Adware.Bn. I'll delete it but then it will come back after a few days. I am completely new to registry editing so here is the hijackthis scan. If there is anything I need to change please reply. Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:54 PM, on 14/10/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Windows\vVX6000.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Spyware Doctor\SDTrayApp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files&... Read more

Answer:Agent.adware.bn, Keeps Coming Back Help!

dude empireNot much showing up in your logRun an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"2. A new smaller window will pop up. Press on "Accept". After reading the contents.3. Now Kaspersky will update the anti-virus database. Let it run.4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.5. Then click on "My Computer". And the scan will start.6. Once finished, Select Save error report as Then in the file name just type in kasperskyUnder save as type Select text .txt Save it to your DesktopOpen the Kaspersky.txt file Copy and post the results of the Kaspersky Online scan==========Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

1 more replies
Relevance 72.98%

The adware wants to redirect to ourluckysites.com. It keeps creating files in windows 86 folder. Something to do with snarer.dll or kitty, whatever it is.
 

More replies
Relevance 72.98%

Hi,
Recently I've found this virus Purityscan popping up ads through IE. Symantec has detected and fixed it, but after a reboot, the virus just comes back and gets detected again. Also, the process msdtc.exe keeps taking 90%+ of CPU; I'm wondering if this process has anything to do with the Purityscan or not and how to fix this. Please help, Thanks in advance.
Following is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:44 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\TSKS~1\regedit.exe
C:\Program Files... Read more

Answer:Adware.Purityscan keeps coming back

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that ComboFix is saved directly to your desktop**

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. A quick guide is detailed below.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a guide to... Read more

6 more replies
Relevance 72.98%

# AdwCleaner v6.046 - Logfile created 03/05/2017 at 21:16:07
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-05-03.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : Vartotojas - ASUS
# Running from : C:\Users\Vartotojas\Downloads\adwcleaner_6.046.exe
# Mode: Scan
# Support : Customer Support & Help Center

***** [ Services ] *****

No malicious services found.
***** [ Folders ] *****

No malicious folders found.
***** [ Files ] *****

No malicious files found.
***** [ DLL ] *****

No malicious DLLs found.
***** [ WMI ] *****

No malicious keys found.
***** [ Shortcuts ] *****

No infected shortcut found.
***** [ Scheduled Tasks ] *****

No malicious task found.
***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\ScreenShot
Key Found: [x64] HKLM\SOFTWARE\InterSect Alliance
Value Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 9initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 36initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 23initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Local\Google\Chrome\User Data\Default\Web data] - 91initialpage123
Chrome pref Found: [C:\Users\Vartotojas\AppData\Lo... Read more

Answer:I can't delete Adware, it keeps coming back!

Edit: I added FRST and Addition files
 

1 more replies
Relevance 72.98%

The adware wants to redirect to ourluckysites.com. After a bunch of effort to purge it, it no longer seems to do changes to my browser, but it still install itself to my laptop everytime i try to remove it. The interval between the adware reinstalling itself seemed random. I usually use roguekiller to remove the adware everytime it comes back. It usually install files named ckafege_ and MIO to program files(x86) and an application named kitty though i'm not sure where it's located. It also used to say something like "snarer.dll cannot be found everytime" it crashes google chrome, though it no longer did that and i don't know why it doesn't show that anymore. Please bare with me here as i'm not an expert on computer and i'm new in this forum. thanks for your help.
 

More replies
Relevance 72.98%

I run Spysweeper at least 2-3 times per day. Right after running it, my computer does seem to get a little faster but within no time at all - it is back to being slow. Spysweeper continually finds things such as WebRebates, TwainTech, Winad, Vesbiz Downloader, BargainBuddy, etc., but most often it comes back showing WildMedia. Below is a copy of my hijack this log. Any help you could give me would be greatly appreciated.
Kelly
Logfile of HijackThis v1.98.2
Scan saved at 8:24:50 AM, on 10/7/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\lxamsp32.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\documents and settings\owner\local settings\temp\n1tKgyikn.exe
C:\WINDOWS\System32\uydtpjx.exe
C:\documents and settings\owner\local settings\temp\mS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.e... Read more

Answer:adware keeps coming back - log attached

Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.
***NOTE***A new version of Ad-aware has been released.
***ALSO***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.
Ad-aware SE download

Configure Ad-aware
First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.

From the main window, click Start then under "Select a scan Mode " select "Perform full system scan.

Next deselect "Search for negligible risk entries.

Click the "Next" button.

When the scan is finished mark everything for removal and get delete the selections. (Right-click within the window and choose "Select All" from the drop down menu and click Next)

Restart your computer.
SpyBot Search and Destroy download

Open SpyBot.

Click the button to "Search for Updates" Download and install the Updates.

Next click "Check for Problems".

Put a check mark beside the red entries.

Choose "Fix Selected Problems" and allow Spybot to fix the red entries.

I also highly recommend you install and update SpywareBlaster Click the link below, in my signature, to read a tu... Read more

1 more replies
Relevance 72.98%

A friend of mine who I THOUGHT knew about Adware and Spyware sent me a link. I clicked it, and now I'm infected (I have a link in my AIM profile, that's how I know I'm infected).

Here's where it get's to be a pain in the ***. I use Webroots Spysweeper (Adaware will NOT run on my computer for some stupid reason. I've installed and reinstalled it about half a dozen times, and it just will NOT run). When I run spyweeper, it takes care of everything, but when I restart my computer the f'ing link comes back to my AIM profile. Is there ANYTHING that I can do besides formatting? I just got everything on my computer patched and updated from a recent format, and I don't want to format it again. Please help!!

Answer:SpyWare/Adware Keeps coming back!

Have you tried uninstalling AIM (removing all AIM registry settings and AIM folders), getting rid of the worm with spyweeper and then rebooting? After you reboot, run it again and see if it's back. If not, re-install AIM and you should be good to go.

-Mike

9 more replies
Relevance 72.98%

I am having a major issue here. For some odd reason, I keep getting back the Trojans, Hijackers, and other Malware/Adware.

My computer's speed has been some what affected, especially internet browsing. Which reminds me, my browser redirects me to some random site.

I've tried running so many things, MBAM, SUPERAntiSpyware, but somehow, the things keep coming back after being removed - I even tried doing the removal processes both one after another and simultaneously, as well as with my internet cable unplugged.

Any suggestions?

Here's another thing I found off, thought I'd share it...

These are from my "temp" folder....

-130 (TMP File) - Unknown file type icon
-hxgmeu - Unknown file type icon
-jar_cache8144

None of these files were there before, they just got thrown in there... And ever since the infection, my task manager and "temp" folder both show files with names such as:

-asam.exe
-daltvqntssd.exe

and other randomly generated names such as hxgjjkl92m11.exe or ht9llnm32yckm.exe. the number of characters is always changing - and they keep coming back after every virus scan.

Thanks guys.

More replies
Relevance 72.16%

Well for weeks now ive been running scans from an assortment of programs, deleted Virtumonde/trojans just to have then come back >_>
Sometimes when browsing i am redirected to different links. And iexplore.exe is always running even though i never use internet explorer.
Please Help!

Thanks in Advance!
DDS (Ver_09-05-14.01) - NTFSx86
Run by Keagan at 21:36:41.51 on Sat 05/16/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.354 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C: ... Read more

Answer:Virtumond, Trojans, Browser woes- keep coming back!

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

2 more replies
Relevance 72.16%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 4
RAM: 8187 Mb
Graphics Card: AMD Radeon HD 5700 Series, 1024 Mb
Hard Drives: C: Total - 953766 MB, Free - 116578 MB; D: Total - 114463 MB, Free - 3720 MB; M: Total - 476937 MB, Free - 80761 MB;
Motherboard: Gigabyte Technology Co., Ltd., P55A-UD3
Antivirus: Microsoft Security Essentials, Updated and Enabled
As mentioned in the topic, I'm getting repeated prompts to remove 'Ropest.G' or 'Ropest.J', Simda.AT by Microsoft Security Essentials at least once almost every day. Sometimes it's a success, other times MSE tells me that the file 'cannot be found' even when I've clicked on 'remove' the moment I'm notified of it.

Appreciate the help in advance.
 

Answer:Trojans and Viruses keep coming back (Ropest & Simda.AT)

10 more replies
Relevance 72.16%

Hi,It started with the Trojans and others like Internet security 2010 coming back after being cleaned by spyware doctore from PC Tools. I also use Symantec anti spyware. After what it seems to be all cleaned (full scan) if I turn the network again they all come back.In addition I try to instal malwarebyte, and after installation which seems to go fine, I start the application but it can't locate the exe file, so I go to the directory where it is and start from there and nothing happens.The last issue is Google redirects for all links.I feel that the computyer has been hijacked.I do have combox fix on my desktop but I have not run it yet.I would appreciate any fedback or help in solving these issues.ThanksTomRemoved e-mail address to protect from spambots. ~ OB

Answer:Trojans, Internet security2010 keeps coming back [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 72.16%

A few days ago I downloaded a bad file and my computer has been infected with all sorts of malware and trojans. I used AVG free edition, Spybot, and Ad-aware and I have got most of my problems gone, but I keep getting Trojan Collected.11.B, and Trojan Generic3. When I'm just using my computer normally, AVG pops up saying a threat has been detected, and it's either Collected 11 B or the Generic3. When I'm surfing the web, I sometimes get redirected to another website. I've tried AVG and Spybot countless times and I can't fully recover my computer. They just keep coming back every day! Please help, and I really don't want to reformat my computer again.

Here is my HijackThis log after using AVG:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:13:46 PM, on 4/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\iTunes\iTu... Read more

Answer:Solved: Please Help! Trojans Keep Coming Back! (Collected.11.b, Generic3.uub)

11 more replies
Relevance 72.16%

Please help!!! I'm at a loss to keep vicious stuff off my computer after deleting it. Norton found W32.allim after my daughter clicked on Hey check this out! in AOL AIM. I think I got if off the computer because Norton doesn't find it anymore. However, I'm getting a dozen other things that I get off only to come back after restart such as Esyndicate, Aproposmedia, the stupid Hunt Bar constantly comes back, and upon restart, I get the message that C:/windows/system332/gmi4i9ir.exe is causing Runtime to terminate in an unusual way. I've run Microsoft Antispyware, Adaware, Xoftspy, Spybot Search & Destroy. It seems to be affecting my web browser--changing the URL home page and pop-ups are occurring. The following is my Hijackthis log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:44:41 AM, on 5/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msaccrt.exe
C:\WINDOWS\Sy... Read more

Answer:HELP!! virus/malware/adware keeps coming back!!

16 more replies
Relevance 72.16%

My Google Chrome has an adware extension that keeps repopulating everytime I close out and open it back up. The extension (called "BeistSaveForYou) makes an ad window pop up everytime i click something on my browser window. Im having to go to my Extensions in google Chrome and "remove" it everytime i open my browser before i do anything else in order to be able to use my browser without ad windows popping up. The extension repopulates everytime i open the Google Chrome browser.
 

Answer:GOOGLE CHROME ADWARE KEEPS COMING BACK

Hello, missing Additional.txt report.
 

8 more replies
Relevance 72.16%

Hi,
I had my laptop tested by Bleeping Computer a few weeks ago. No threats were found at that time. The laptop still becomes very slow with time. I keep cleaning it using SUPERAntiSpyware every few days and I see a number of adware. After these are removed, the laptop is faster again. I think some hidden adware roots are still in the laptop. I wish you could help me one more time.

Below is the latest scan result:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2012 at 11:49 AM

Application Version : 5.5.1012

Core Rules Database Version : 8912
Trace Rules Database Version: 6724

Scan type : Complete Scan
Total Scan Time : 00:21:44

Operating System Information
Windows 7 Professional 32-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 785
Memory threats detected : 0
Registry items scanned : 35769
Registry threats detected : 0
File items scanned : 8408
File threats detected : 17

Adware.Tracking Cookie
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZLHUIPX.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\0IUOMUXD.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\Roaming\Microsoft\Windows\Cookies\Low\IOBJ2KD7.txt [ Cookie:[email protected]/ ]
C:\USERS\MKAKBAR\AppData\... Read more

Answer:Adware keeps coming back in laptop despite cleaning

Hello makbarThese are CookiesHere part of our quitman7's post on this.See the rest at post 5 here [email protected]@KCookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.

6 more replies
Relevance 72.16%

A week or so ago, I got a Chrome Adware extension. This seems to have come from some torrent which my dad accidentally clicked (I am not totally sure). The only signs of the infection is that a Chrome Adware extension keeps coming back and it populates ads over every website I visit.

Currently, if I remove the extension, the ads are temporarily gone. However, if I restart the PC and open up Chrome again, the extension comes back. The extension keeps appearing under different names including "PoriceMenus", "TheAdblock" and "Block the Ads". Here is a screenshot of the extension: http://i.imgur.com/ZbaT4wj.png

Tried scanning with Malwarebytes and Kaspersky. Kaspersky found some adware and removed it. Malwarebytes seemed to find a whole lot of stuff (30 or so threats) and remove it all, but the problem still keeps coming back.

Please help! I was planning to do a whole reinstall of the OS before I found this forum.
 

Answer:Chrome Adware Extension Keeps Coming Back

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled befor... Read more

1 more replies
Relevance 72.16%

Win 7 Home 64bit
WD primary drive C: D: E: F:
Maxtor second drive G:
WD10EZEX new drive installed, but not formatted, and no drive letter
 
I am installing a new larger hard drive in my desktop to be my primary drive. In order to clone the drive I started to download the free Macrium Reflect, but didn't like all the stuff it wanted to add, and the things it wanted me to agree to, so I did not continue with the process. But, there is a Macrium folder on my C: drive.
 
Next, already having EaseUS on my machine, I decided to download the newer free version of Partition Master and Todo Backup. This I did.
 
Now I have Wander Burst adware on my computer and can't get rid of it. Adwcleaner will find it, and I tell it to delete it, but it comes back when I restart my computer. I disable it in FireFox Extensions, but it is enabled again upon restart. Adwcleaner doesn't find much, but I don't let it delete everything it finds because I'm not sure what some of it is.
 
I've also run Microsoft Malicious Software Tool and scaned with Bitdeferder. Bitdefender has twice found and quarantined Gen:Variant.Adware.Graftor.205480 in what must be a hidden folder ProgramData.
 
I may now have other junk on my computer. I'm not sure.
 
Often, but not every time, when I restart the computer, Bitdefernder says it is disinfecting.
 
Thanks,
Harry
 

 Addition.txt   44.88KB
  6 downloads

 FRST.txt   260.01KB
  6... Read more

Answer:Have Wander Burst adware and it keeps coming back.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Common Files\fccb0821-00ee-466c-acb5-2a5cec258511\updater.exe
() C:\ProgramData\fccb0821-00ee-466c-acb5-2a5cec258511\PluginContainer.exe
URLSearchHook: HKU\S-1-5-21-4197695769-2084072578-523761739-1001 - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF Extension: Block site - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\2y67u4nl.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-30]
FF Extension: Wander Burst - C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\2y67u4nl.default\Extensions\{5eeca95e-41fc-41a2-83b1-b1156bc20be4}.xpi [2015-07-31]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
R2 Service Mgr Wa... Read more

5 more replies
Relevance 72.16%

Hi, so here is my problem: This virus (I guess its adware? not completely sure) keeps coming back. It hijacks my proxy settings and when I browse the web ads popup in different browsers.
 
I have looked up countless forum posts on here, have followed other directions (run adwcleaner, junkware removal, minitoolbox, malwarebytes, etc, etc).
I run them, they get rid of the virus, and everything goes smoothly from there on out. Heres the thing: 2-5 days later, it comes back out of nowhere! (and its the same virus)
 
From my observations the obvious virus/adware that keeps coming back is:
"Jelbruss secure web"
and "PrivoxyService"
 
I delete them with the antivirus' listed above, and then re-scan and they say everything is great. Then, like I said before, 2-5 days later they come back.
 
Any help would be appreciated, thank you 

Answer:Adware keeps coming back even after complete removal

Hello twiggle and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do ... Read more

5 more replies
Relevance 72.16%

A few days ago, I have opened up my browser and entered a site, clicked randomly on the page, it redirects me to some adds, "register to some game online", "you are a winner of 1 milion$", stuff like that. I tried removing with a bunch of antimalware software and it keeps coming up, I've run ADW Cleaner and it finds "HKCU/Software/Conduit" as a tracing key, I've deleted it, rescan the system after restart, it says it's not there anymore but after I enter on a random site it appears again.
Please help.
 
Here's the Farbar Recovery Scan Tool logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by Sergiu (administrator) on SERGIU-PC (28-12-2015 13:10:25)
Running from C:\Users\Sergiu\Desktop
Loaded Profiles: Sergiu (Available Profiles: Sergiu)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(ESET) C:\Program Files... Read more

Answer:Infected with adware, tracing key keeps coming back

Can't anyone help? Maybe point me in the right direction. I've runned Hitman Pro and it founded this:
HitmanPro 3.7.12.253
www.hitmanpro.com
 
   Computer name . . . . : SERGIU-PC
   Windows . . . . . . . : 10.0.0.10586.X64/2
   User name . . . . . . : SERGIU-PC\Sergiu
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (26 days left)
 
   Scan date . . . . . . : 2015-12-29 14:12:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 82
 
   Objects scanned . . . : 2.782.958
   Files scanned . . . . : 185.558
   Remnants scanned  . . : 1.037.389 files / 1.560.011 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Sergiu\Desktop\FRST64.exe
      Size . . . . . . . : 2.370.560 bytes
      Age  . . . . . . . : 1.0 days (2015-12-28 13:09:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 302FE238A077E891B39A3DA34C25E74AA2716B5272CDA2955386041D0A540132
      N... Read more

8 more replies
Relevance 72.16%

Hello,

First my superaitispyware found this (please see the following):
Generated 07/15/2009 at 10:09 PM
Adware.MyWay
HKU\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}
HKU\S-1-5-21-2104054462-3242262833-941974269-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
Then superantispyware found all these one after another, I kept on doing scan and delete, and they just kept on coming back (please see below):
Generated 07/17/2009 at 00:21 AM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][1].txt
Generated 07/18/2009 at 10:09 PM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
Generated 07/19/2009 at 12:09 PM
Adware.Tracking Cookie
C:\Documents and Settings\Others\Cookies\[email protected][2].txt
C:\Documents and Settings\Others\Cookies\[email protected][2].txt

Please help,
Thanks,
Tom

Answer:Adware.Tracking Cookie, keep on coming back, please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:26 PM, on 7/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\reliz\akeys.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pr... Read more

2 more replies
Relevance 71.75%

I got a problem. Started out with a "windows xp total security" popup. I run avg and also downloaded adaware to try and deal with the prob. Adaware won't update and I can't get it to manually download the update. Downloaded bhodemon, says that a file it needs wasn't downloaded, won't update, it says" this is curious."... Can't stop my browsers from redirecting, if they go at all. Avg keeps finding things but there keep being more probs. Any help at all would be greatly appreciated. Thank you.

Answer:Keep finding trojans, Other Problems. Bhos

Hello, Chris248Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they... Read more

2 more replies
Relevance 71.34%

Hi,

I?m going to have to give fair bit of info so that you can get as clearer picture as possible, so please bear with me.

I?ve got Windows XP with Kaspersky Internet Security Suite 2010.

I was on a couple of Football streaming sites yesterday and soon after my PC and Kaspersky was all over the place.

I get a couple of Kaspersky Alarm messages that say:

1)

Object:
C:\WINDOWS\system32\msbyylfy.dll

Trojan program:

Trojan-GameThief.Win32.OnLineGames.wjk

& 2)

Object:
C:Windows\system\User.dll

Trojan Program:

Trojan.Win32.patched.gq

I keep on getting prompts from Kaspersky about Trojans in the system, the PC has really slowed down, Internet browsing (which may not be recommended) is very slow, programs like Microsoft Word freeze.

Kaspersky isn?t scanning properly either, when I try to it just stops. Its automatic Threat Detection feauture that
is suppose to Delete & Disinfect Viruses and Threats isn't working, and whatever it does do,
the Trojans keep on coming back even though Kaspersky says that after Restarting PC Threats
will be Removed!

Here is Kaspersky's Threat Detection Log:


Status: Detected (events: 1)
31/03/2010 01:15:59 Detected Trojan program Trojan-Downloader.Win32.Delf.zyx http://download.xwche.com/setup.exe?t=0.470785//2//ASPack
Status: Detected (events: 2)
31/03/2010 00:15:02 Detected malicious URL http://... Read more

Answer:PC Infected Full of TROJANS......Can’t Delete & Keep Coming Back!!

you need to go ...

http://www.bleepingcomputer.com/



 

3 more replies
Relevance 71.34%

hey their, im posting from my friends computer, as the log will be of his computer. Adaware always finds problems, so he deletes them, but they keep coming back. could you guys analyse this log? :)

Logfile of HijackThis v1.99.1
Scan saved at 7:50:55 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\... Read more

Answer:hijackthis log, adware always finds problems, but they keep coming back

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
* * * * * *
Then download & Install - http://downloads.subratam.org/Fixwareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

FixWareOut will produce a logfile, report.txt located within the C:\fixwareout folder
* * * * * *
After running FixwareOut & rebooting ...

Download & install CleanUp.exe (not recommended for WinXP64) http://www.greyknight17.com/spy/CleanUp4.0.exe

Download Ewido Anti-Malware - http://www.ewido.net/en/download/Install Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the m... Read more

3 more replies
Relevance 71.34%

Hi there, I have had a problem with my internet connection for as long as i can remember. Basically, whilst using the internet for games and browsing, the little Monitor (bottom right) goes black and the connection is lost or refreshes. The connection takes about 30 seconds to return back to normal. This seems to happen regularly at times and not at all at other times (no loss of connection). it seems to possible happen when more that 2 computers are using the internet and or running azeurus.The adware problem only started recently, i run adaware se and spybot which removes it but it bery quickly comes back. Basically when i click on a link it takes about 7 seconds and gets re-routed to a crappy site, changes every time.I hope that someone can help me out.I have a Bullfrog AirStation WYR-G54 router and virgin media broadband.Many Thanks CorpusluteumLogfile of HijackThis v1.99.1Scan saved at 21:49:40, on 30/08/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32�... Read more

Answer:Keep Losing My Internet Connection + Adware Keeps Coming Back

Hello,You're dealing with several different types of malware, so perform next steps in the right order...* Please download FixwareOut from the following site:http://download.bleepingcomputer.com/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.Then we'll do the rest...

8 more replies
Relevance 71.34%

For a couple of months now, every time I run Panda Security Scan, I get a message about an infected file in my C: drive (C:/Documents and Settings/USER/Local Settings/temp/blank.gif). I delete it, clear my Recycle Bin, turn off system restore, then turn it back on, but the file keeps on coming back - sometimes within a few minutes, sometimes after a few hours!!!! Malwarebytes doesn't ever detect anything. TrendMicro doesn't either.

Also, when I run the free Panda Security Active Scan 2.0 online, it tells me that the infected file is known as adware/exact.searchbar, so the program then disinfects it. But that keeps on coming back too! I can't find any folder with that name in my hard drive or in the Add/Remove Programs list in my Control Panel. I don't get redirected to different websites because of this malware...although occasionally I experience a slow Internet connection with both IE and Firefox...

I just want to get rid of this thing once and for all! Thank you to whomever can fix this!!!!!!!!!!!!!!

I have Windows XP. Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:52 PM, on 3/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program File... Read more

More replies
Relevance 71.34%

adware.vundo keeps coming back + windows keep shuting down
not a clue can someone help please i think removed adware.vundo
but still windows keep shuting down

here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20:16, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\W... Read more

Answer:adware.vundo keeps coming back + windows keep shuting down

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Relevance 70.52%

Hey Guys! Recently I've been attacked numerus time by exploits Java/CVE-2010-0094.FN and JS/Blacole.O when I automatically updated Java; these were removed by Microsoft Security Essentials. I know that I maybe infected by a variant of about:blank, and have some BHO, trojans, and tracking cookies that can't get rid rid of with my scanners. Also I have problems with IE & Firefox when I switch from full to normal screen using F11 - the menus and url bars don't fill in properly and I can't minimize the windows on the first try. Clicking links doesn't work on the first try sometimes. I use IE more often because of the built-in security features but it's become more unstable lately maybe because of the infections my netbook has. I have performed a number of FixIt's through the microsoft support site but still feel there's some processes slowing my netbook down. This is my netbook info:

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz, x86 Family 6 Model 28 Stepping 2
Processor Count: 2
RAM: 1523 Mb
Graphics Card: Mobile Intel(R) 945 Express Chipset Family, 224 Mb
Hard Drives: C: Total - 146632 MB, Free - 857 MB;
Motherboard: Acer, , Base Board Version, Base Board Serial Number
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated: Yes, On-Demand Scanner: Enabled,
Microsoft Security Essentials

FYI the GMER site is u... Read more

Answer:BHOs Trojans Malware & tracking cookies Problems. Please Help!

I forgot to add that the words "waiting for about:blank" appear in the bottom left corner of IE after I click a link, and I also get a rapid blinking cursor in some online form/search fields, and when i go to save something from the internet, the words in the left pane such us my computer, my documents, etc. are in bold. I'm worried about checking email and logging into my various accounts and I would like to solve this issue for good. Hope this helps, thanks again.

I checked GMER again and here's my scanlog
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-29 11:55:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: g7xv3uvc.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fglyrpob.sys

---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[596] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JM... Read more

2 more replies
Relevance 65.6%

This is my first post and I have read others and read the rules so I hope I can be clear enough that someone might be able to help me. I can manage on my computer and am a wiz at the software apps I know but I lack greatly in the technical department. But I do know that over the last several weeks my system has come almost to a halt. Yesterday I fell asleep waiting for a page to load... So it is time to get some real help.

I have a Dell Latitude E6500 Intel Duo Core 2 2.8 GHz with 3.48 GB of Ram. Have about 80% of my hard drive free, running WinXP Pro SP3. I was keeping it updated but now my updates are failing.
I purchased McAfee Total Protection with Site Advisor with the system but now my computer tells me I don't have an antivirus software. So today I installed Symantec Edpoint Protection. I had super anti-spyware (free version) and reg cure, and ran ccleaner regular but things just seemed to keep getting worse. So I bought adware professional v5.0 because I scanned my system online and it said I had a "severe" danger present. Well I scan my computer with this Adware software and it finds a bunch of cookies and then this thing called Amber.Velletta danger. It couldn't get rid of it but I guess Symantec did when it found the other different threats to my computer. There is Adware.NDotNet, Adware.OneStep, about a dozen Trojan Horses detected, and most were quarantined but not all. But the problem is that my system is still sooooo slow.
I defragged my ... Read more

Answer:System & Internet slow...trojans, adware, spyware...HELP

bump
 

2 more replies
Relevance 64.37%

I have read many posts and have tried many of the suggestions that you guys have giving. I have run ewido security, spyware removal, and anti-virus. They all take things off my computer. I can run of the programs remove stuff and re-run the program 2 minutes later and have the same and new things to remove. My internet is slow because of pop ups opening and trying to open. I have pop up blocker but that stops none of thing. The pop that seems to come up every two seconds has the title THE BEST OFFERS. I ran HIJACK THIS and here is the file.
Logfile of HijackThis v1.99.1
Scan saved at 2:57:48 PM, on 10/11/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.d... Read more

Answer:Slow Computer, virus keep coming back

http://www.noidea.us/easyfile/index.php?folder=2

download Nailfix.zip
Unzip it to the desktop but do NOT run it yet.

Restart in safe mode

Now in Safe Mode:
Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
==================

Boot

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log If the Ewido log is too large attach it.
 

2 more replies
Relevance 63.96%

Trying to clean and speed up system + get rid of BHOs. Log created with HJT Alanyzer.
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - S... Read more

Answer:Constant BHOs & Very Slow

Hello and Welcome

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please disable Spywareguard, as it hinders the removal of some entries. You can re-enable it after you're clean. Right click the running icon of Spywareguard located in the system tray
Go to Menu > File > Exit and confirm the programs close.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


* * * * * * * * * * * * * * * ... Read more

16 more replies
Relevance 63.14%

Hi!
So, last Friday my OfficeScan software found a couple infected files that it couldn't clean off. So I ran Ad-Aware and Spy-Bot and RegistryCC and cleaned things up as best I could. But the pop-ups didn't stop. In fact it got worse. I turned the TeaTimer off on Spybot because it kept popping up telling me about registry changes and the virus started looping and creating new files when I denied the changes.

I've been reading replies to other people's messages that have similiar problems and tried to do what I could. I updated all my anti-virus software, I updated my Java (which was probably the weakness that let it in in the first place). I've been running Malwarebytes frequently. Sometimes it finds something, sometimes it doesn't. I've run VundoFix and it cleared a couple files off too. One I wrote down because it took a couple tries to get rid of : system32/uljeuf.dll Malware identified a few files as TrojanVundo.

It keeps coming back and I'm not sure what to do next. I used the add/remove to get rid of IE because I never use it anyway and I naively thought that might stop the pop-ups. But now they just come in streams of empty IE pages and system errors that say "An attempt was made to reference a token that does not exist."

Also there's a program in my add/remove called Mirar. I googled it and it doesn't sound good. I can't get that off either.

I don't have the knowledge to go deeper into my sys... Read more

More replies
Relevance 63.14%

I also have this problem.
 
Lenovo Part #: 59421845
Model: 20378
Purchase from: Replacement/Exchange from Lenovo
 
I wish I saw this thread before I did a factory restore. Ohh well, atleast its somewhat comforting to know I'm not the only one having this issue. I initially blamed the problem on my Razer Orochi 2013, but turns out that wasn't the issue.
 
And I agree a proper fix is needed, wether is be some kind of BIOS or Driver update, but not some 3rd Party work around. For a $1,200+ laptop, this shouldn't be something that just get's swept under the carpet with a "temporary fix".
 
Please keep us up to date on the status of this issue Lenovo.
 
EDIT: Using this post as the first in the thread for escalation purposes - Amy_Lenovo













Solved!

Go to Solution.

Answer:Re: Y50 Windows 8 : Keyboard response too slow after coming back from hibernation

There is a topic on lenovo forum from someone about this problem with Windows 7. But this time I experienced it with windows 8.1 on a brand new machine .
 
Simply put, In keyboard properties , the Repeat delay is default at maximum (eg, holding down a keyboard button and how fast it generates the key strokes). When the system is put in hiberanation, then turned on again to come back, the Repeat delay some how gets decreased to about 2/3 of what it originally is.
 
I verified this. So if anyone can replicate please reply. Very easy test.
 
My Machine : Y50 , windows 8.1 64 bit (all windows update up to date). Lenovo updates up to date.
Thanks!
 
Moderator Note; subject edited; system type added

9 more replies
Relevance 62.32%

I've got the same issue as outlined in this thread for a Y50 - there seems to be a BIOS update to solve it, but what about TP Yoga 15?
 
Quote:
Simply put, In keyboard properties , the Repeat delay is default at maximum (eg, holding down a keyboard button and how fast it generates the key strokes). When the system is put in hiberanation, then turned on again to come back, the Repeat delay some how gets decreased to about 2/3 of what it originally is.
 
https://forums.lenovo.com/t5/Lenovo-P-Y-and-Z-series/Re-Y50-Windows-8-Keyboard-response-too-slow-aft...
 
 
Mod's Edit:  Your duplicate posting was removed in the link you have posted.  The accepted solution for the Y50 was a BIOS update which wouldn't apply to your model.

More replies
Relevance 61.09%

Logfile of HijackThis v1.99.1Scan saved at 8:30:36 AM, on 6/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Citrix\ICA Client\ssonsvr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Dell\QuickSet\quick... Read more

Answer:Computer Freezing / Suddenly Slow / Recurring Viruses Found By Adaware, Etc., But They Keep Coming Back

Here is my Hijack This log as requested. I ran the other programs to remove what could be removed. My computer has been super slow and it is actually freezing thus requiring me to remove the battery to unlock. Also, I think someone at my company may be monitoring what I am doing--any suggestions on how to figure that out? Thank you so much for your help. TonyLogfile of HijackThis v1.99.1Scan saved at 11:42:03 AM, on 6/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\Program Files\Citrix\ICA... Read more

9 more replies
Relevance 57.4%

I hope that this is in the right section but I am having a problem with my computer. I can constantly hear programs running in the background. I currently have two anti spyware/malware installed on my computer. One is SpyHunter and the other is CyberDefender. They both are picking up on some virus called Vundo and everytime I delete it, it just comes right back. It is so frustrating surfing the internet because it freezes or moves extra slowly. Figured I'd ask you guys before I take a hammer to it lol.

Thanks

Answer:Windows XP SP2 running slow, virus protection catches it but the virus keeps coming back

Hello,i am moving yjis to the Am I Infected forum from XP.Please disable those apps while we do this.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the St... Read more

9 more replies
Relevance 56.17%

Greetings. My operating system is Windows XP, service pack 3.

I usually use SuperAntiSpyware nightly when I quit the computer. Usually it either finds no threats, or finds spyware. I skipped it night before last. Yesterday morning,the computer was moving very slowly, keystrokes not appearing, etc., so I decided to run it. It both trojans and spywares. I removed all threats and rebooted (as I was instructed).

When the system was back up, it was telling me (via a balloon in the lower right of monitor) that the networks were not working. This is not a message I usually see. I'm not on a network. I tried to log onto the internet using IE, and the system wouldn't connect. Ran IE's diagnostics, and was told to check router connections (all fine -- I'd just been on the 'net before stopping to do the scan), router was showing all the appropriate green lights.

I did a system restore to a point about 24 hours earlier, and that worked. Used the computer a good part of the day, on and off the 'net. Ran the usual scan at the end of the day, and no threats were detected.

Used the computer today, was just wrapping up, ran the SuperAntiSpyware scan, and right away it found 3 trojans, and within 5 minutes, found a total of 7 trojans(plus 12 spywares).

It listed the trojans found as:

Trojan.Agent/Gen-Sirefef [7 Items Found]
HKLM\System\ControlSet001\Services\AFD
C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
HKLM\S... Read more

Answer:Trojans removed. Reboot. Can't get on 'net. Restore. Trojans back.

Please do not run any other scans when I'm helping youStop scanning with super antispywareDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

24 more replies
Relevance 55.35%

help!

on the reference of a co worker, i downloaded azareus, a bit torrent program, which, as i understand, circumvents the need to file share, as it is all but extinct now. i was downloading some movie files, and my pc all the sudden was inuntated with trojans and adware trying to access my pc. my pc shut down and re booted, and when it did, there were new icons on my desktop, poker icons, babe of the day icons, get free epedra online icons. i did a sweep of my system with all the anti spyware and adware programs i have, and they removed a great deal of problems, but the problems kept coming. each time i would use my anti spy/adware programs, they would uncover multiples of 10's of problems. it would only stop when i shut down my internet. what have i done? and how can i stop it?

[email protected]
 

Answer:Solved: unwanted software/adware added to my pc!

16 more replies
Relevance 55.35%

I've been having a a problem with the back left corner hinge since October of last year I poisted to another board about this problem hving been told that this issue would be passed onto support in my region. I'm currious as to weather I'll hear from these people in this lifetime or the next. I enjoy my Laptop and would like to continue using it but as time goes on it keeps seperating more and more and I have to snap it back into place to keep in together. I'm hoping to actually hear back from someone this time that will be able to help me in fixing this issue.

Answer:Back Corner coming from the back left side by the hinge

@jmb1313

 

I have brought your issue to the attention of an appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post personal information (serial numbers and case details).

If you are unfamiliar with how the Forum's private message capability works, you can learn about that here.

Thank you for visiting the HP Support Forum.

1 more replies
Relevance 54.94%

Several weeks ago this computer was infected by the ADWARE Trojan. I'm unaware if this computer had any active anti-virus software running but my wife fell prey to the MALWAREREMOVERBOT pop up and actually paid for it. Since installing she has had an issue with Advance Virus Remover and the Windows Security alerts icon in the notification bar. I installed Malwarebytes and after a scan and following recomended actions, I'm able to use the computer without many problems. I still have that Icon in the notification bar. Computer still seems sluggish.

A further note of interest. This laptop is several years old and has had numerous programs installed and uninstalled. Again, I'm unaware of any antivirus software. Thank you in advance!!!

Scott

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:10 AM, on 8/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\... Read more

Answer:ADWARE Trojan has added Advance Virus Remover

Bump.
 

1 more replies
Relevance 53.71%

Hi. I"m running windows xp and using ewido security suite. I've gotten 2 trojans detected (at different times). They are under c:\windows\downloaded progam files\1082008.exe (a trojan diamin). Can someone tell me where I am getting these viruses? I would appreciate any help you could give me. Thanks!
 

Answer:Where are these trojans coming from?

Hi Just Lori
Welcome to TSG!

It's possible your computer isn't fully secure enough.
Files like that can sneak in through your ActiveX controls.

You should post a Hijack This log.

Get Hijack This: http://thespykiller.co.uk/files/hijackthis_sfx.exe

Let it extract to C:\Program Files

Close out any open browsers
Launch the program
Hit "do a system scan only"
When that finishes, hit "save log"
The log will open in Notepad
Copy & paste that log into this thread

Do not fix anything yet
 

1 more replies
Relevance 53.71%

I already posted in How to remove Windows 10 upgrade updates in Windows 7 and 8
In this thread after the starting post from Tookeri other updates that had to be deleted were mentioned. I made a list in post 841
I did not have all these updates on the pc but those that were on it I hid.
Some of them came back and I hid them again.
Now today they are back - with some that I had not seen before.

I made an attachment that shows them and also shows that I hid them again

Will I have to check Windows Update for the rest of my live?????

More replies
Relevance 52.89%

Hello,
I have a problem ,which ive tried to fix serveral times but it keeps coming back.
This virus is located in Systems 32 folder, Pc Cilling 2005 identified it as TROJ_ROOTKIN.N . Ive gone
to safe mode, deleted it, returned to windows and the virus reapeared, wats more it clogs up Pc Cillin, so now under quarantine i have 100+ instances of this virus, and its increasing.
The virus is labelled hpr34k8

Im sure my Hijack Log is fairly clean... -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:53 PM, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin... Read more

Answer:Virus that keeps coming back and back and back, so on

bump, hopefully someone takes notice

19 more replies
Relevance 52.48%

Hey

Recently my computer has suffered a complete virus and popup infestation. I am using McAfee Security Centre and Ad-Aware SE. The viruses i recieved actually shut down my McAfee program somehow so i had to reinstall it.

Im doing scans with that and Ad-Aware frequently but the bad files just keep coming back. McAfee seems to be prevent them from operating but i know they are still there. I need to get rid of them for good.

Ive only got dial-up internet and when im not online the computer keeps requesting me to turn on the internet, like some program is trying to access it or something. Also, when i do go on the net, ive noticed in my history that im automatically being sent to a suspect IP address 88.80.5.21, no window comes up or anything it just accesses it audtomaticaly.

So Im also pretty sure that there are still some bad files on my computer.

Here is the HijackThis file, any help you could give would be awesome...


Logfile of HijackThis v1.99.1
Scan saved at 3:03:40 PM, on 10/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.e... Read more

Answer:Trojans/PUP's keep coming---- HijackThis file

BUMP

someone please help me out?

16 more replies
Relevance 52.07%

Hello im having a problem with my web browsing. I had a virus and it seemed like a hacker was attacking me as well because a program kept trying to run itself called follower and it looked like a devil head lol any=ways I got avg free and Malwarebyte antimalware and ran them both they took off alot of the problems but one that stayed is that im being redirected when i go searching for sites in browsers like bing or yahoo or google. For example I want to go to wells fargo or the petco site and I get redirected to another site. So I dont know what to do. I ran DDS and Attach but gamer sis not work it would start the scan then stop or get stuck on a certain file like unable to continue the scanning then crash.2 times the screen turned blue one time windows just told me to close it why a gamer scan is not here. Here is my DDSDDS (Ver_10-03-17.01) - NTFSx86 Run by Frank at 12:54:53.84 on Thu 09/09/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.1344 [GMT -7:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k L... Read more

Answer:Hello web browsing being redirected coming from virus trojans

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 51.66%

I've managed to get rid of a lot of trojans and viruses during the post two days but there is only one thing left. I have no clue how to get rid of it at all and it just seems to be adware but it gets blocked each time by Malwarebytes. I really need help now as its starting to get really annoying and I feel unsafe actually using my computer because of it.
http://imgur.com/mvs8uKV Link to what it looks like.
 
Anyway my FRST notes.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
Ran by Jake (administrator) on JAKE-PC (31-12-2015 00:21:05)
Running from C:\Users\Jake\Downloads
Loaded Profiles: Jake & DefaultAppPool (Available Profiles: Jake & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(... Read more

Answer:Strange adware coming from regsvr32.exe

bump

11 more replies
Relevance 51.66%

Whenever I turn my computer on I get a Norton Spyware warning that Adware Adroar is present but doesn't let me get rid of it. When I run a virus scan, it shows my computer is clean. Whe I run other spyware programs there are no threats present. How do I get rid of this treat that Norton says is serious?

Answer:Adware Adroar warning keeps coming up

Hello and welcome to TSF.

Apologies for the long delay in response. If you still require assistance, please provide us with the required set of logs in a new topic as this one shall be closed.

New Instructions - Read This Before Posting for Malware Removal Help

1 more replies
Relevance 51.66%

can someone read my hijack this log file and help if they can? my eamil is [email protected] and my name is angela

Logfile of HijackThis v1.99.1
Scan saved at 11:56:13 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:... Read more

More replies
Relevance 51.25%

I've had some problems with Trojans and Adware on my computer. I have AVG Free Edition and have run Ad-aware, Spy-bot Search and Destroy, and other virus and adware scans but nothing seems to help. Here's my Hijack This logfile. Any help would be much appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 4:10:50 PM, on 2/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\PROGRAM FILES\DELL\ACCESSDIRECT\DADAPP.EXE
C:\WINDOWS\DOCKAPP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\COMMON FILES\KODAK\HYDRA_DR\DCFSSVC.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOF... Read more

Answer:Help with Trojans/Adware

Hi kylita, Welcome to TSG!!

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50220
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50220
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\TOOLBAR\TOOLBAR.DLL/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll (file missing)
O2 - BHO: SDWin32 Class - {202EDC9A-9F8D-4CBB-B5E5-17F0D6EEA011} - C:\WINDOWS\SYSTEM\ESIZR.DLL
O2 - BHO: SDWin32 Class - {755C36B2-C06D-4CFC-80C2-9CC143CF7923} - C:\WINDOWS\SYSTEM\VRXFX.DLL
O2 - BHO: ohb Class - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - C:\WINDOWS\SYSTEM\IC2_WIN.DLL
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZSERV.DLL
O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325}... Read more

3 more replies
Relevance 51.25%
Question: Trojans & Adware

Hi i noticed on my bit defender that i have some Trojans and some Adware infected files, it doesn't look that bad compared to what i have seen in the past heres my hijack this log, please help me thank you so much



Logfile of HijackThis v1.99.1
Scan saved at 1:15:34 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\W... Read more

Answer:Trojans & Adware

Hi zipzappy,

You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Do you happen to have the log, which states exactly where and what virus' we are dealing with?

--------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C206~1\Bar888.dll (file missing)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C206~1\Bar888.dll (file missing)



Please remember to close all other windows, including browsers then click Fix checked.



--------------------------------------------------------------



Download combofix from here



**Save it directly to your desktop**



Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log in your ne... Read more

7 more replies
Relevance 51.25%

I have McAfee Security Center and it has been picking up this generic pup that I can't remove fully. At first I didn't think anything of it until suddenly the other day Security Alert Center messages started popping up every 25 minutes stating there was a sinowal trojan on the computer being blocked and asking if I want to block this suspicious software. Being suspicious myself, before I clicked Enable Protection, I wanted to look up this sinowal on the internet. The google load up screen was replaced by a warning saying I'm not protected, and it gave me the option to protect myself or proceed without. I reloaded the page and it went back to the normal google homepage. I then knew something was up and searched for a good virus scan. I found kaspersky free scan and used it. It detected 5 trojans (C:\WINDOWS\system32 and C:\RECYCLER), 1 adware (C:\RECYCLER), and 4 backdoors (C:\WINDOWS\system32). Also a couple of the trojans are in the Svchost.exe file. All I have is the free McAfee right now and I'm afraid to purchase anything better online for fear of a third party. Hopefully there is an easy solution to my predicament although I am not very computer savvy. Please send what advice you can to help and it would be much appreciated. Thank you for your time.
 

Answer:Trojans Adware HELP

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide


If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:


If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.



plus a guide on how to attach the logs HOW TO: Attach Items To Your Post
 

1 more replies
Relevance 51.25%

I need some help... I have never had a problem quite like this one before. I have run AVG and SpyBot - Search & Destroy and they find viruses and adware and delete them.. but I restart and they keep coming back. They have also turned off my automatic updates on my windows security alerts. One thing that keeps popping up is Virtumonde.dll it will be removed but it always comes back. And there is a fatal application exit involving W?nSxS. I don't know what to do anymore.. please someone help me. I'm attaching a copy of a Hijack this log. Please someone help me.

*NICOLE*

Answer:Trojans, Pop-ups, And Adware That Won't Go Away

Hello Tygerpaw925,

I apologise for the delay, the forum is busy.

If you still need help post a new HijackThis log.

Please post it normally and not as an attachement.

2 more replies
Relevance 51.25%

A few days ago, Internet Explorer started to act extremely weird. It was much more susceptible to freezing up, and then Antivirus 2009 popups and other related fake antivirus program popups started appearing, even on Firefox.

It even affected the Windows Live, particularly Hotmail. My family and I could not access our e-mail without either the page freezing up or adware popping up.

I have run the Super Anti-Spyware program at least 4 times in the past two days, it comes up with at least 40-50 instances of either Trojan.Fake Alerts or various types of Adware. I have figured out that it has something to do with Internet Explorer, and I have briefly removed it to see if it really was the case. Now I can go onto Firefox without adware popping up, but I still get annoying popups about dating and streaming sites even though Firefox is set to block them.

Windows Live is still acting up. I cannot open up Windows Live Messenger (either through double-clicking the desktop icon, clicking on it in the Programs menu, or through the Task Manager). I can go to my inbox without a problem, but if I click on a new message, it takes a long time to show up. A hypothesis I have come to is that Windows Live's servers are having trouble, or something that Super Anti-Spyware didn't catch is causing the trouble.

Usually about this time I am able to fix problems on the computer, but at this point I'm stuck. Help, please?

ETA: After installing HJT, here is the log:

Logfile of Tre... Read more

Answer:IE, MSN, and Various Adware & Trojans

7 more replies
Relevance 51.25%
Question: Adware, Trojans

I use Windows XP and have run multiple AVG scans that say it detected malware & trojans. I can't seem to get rid of them. Also IEXPLORE.EXE sometimes has high CPU usage and i have about 10 svchosts running in my task manager. Here's my Hijack This log.. Please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:17 PM, on 8/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\AIM\aim.exe
C:\Program F... Read more

Answer:Adware, Trojans

10 more replies
Relevance 50.84%

My computer has a bunch of popups that eventually freeze the computer. I tried running Spybot but they came up the next time I rebooted. Here is the HJT log. I noticed a bunch of things in there that I probably aren't supposed to be there, but figured I wouldn't do anything until you tell me to. Thanks in advance for the help.

Logfile of HijackThis v1.99.1
Scan saved at 5:46:27 PM, on 5/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wnsinttr.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://nkvd.us (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com?s
R1 - HKCU\Software\Microsoft\In... Read more

Answer:Popups and Spybot is coming up with a bunch of adware

Hi Eclipse2003 and Welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst. I will be back with a fix for your problem as soon as possible.

Please be patient with me during this time.

We recommend that you subscribe to this thread so you'll be notified as soon as we post your fix. To do this, please scroll up to the 1st post of this thread. Click Thread Tools and then Subscribe to this thread; on the next page, make sure "Instant notification by email" is selected, then click Add subscription.

Thanks.

5 more replies
Relevance 50.84%

I hope I am following instructions as you have posted. I have been trying to fix the virus on my pc for a month with no luck. The virus is definitely in my windows explorer. When I shut it off I am able to navigate around internet but very very slow. Also I have no access to my skype since it happened. I have backed up everything I want to my external.
thanks Technos, Cant wait to hear from you
Bec1256

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:10:33 PM, on 10/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\real\... Read more

Answer:audio adware coming from my windows explorer

14 more replies