Computer Support Forum

Infected with iLivid & Applications Won't Run. Hijacked Browser. Slow Computer

Question: Infected with iLivid & Applications Won't Run. Hijacked Browser. Slow Computer

Hi everyone. I did something very foolish which was installing a program which I knew nothing about on my laptop. Unfortunately, that program was iLivid. My computer has now been infected. My browser has been hijacked (redirecting to a weird search engine), my applications I need for work cannot be opened (Adobe Lightroom 3.4) and my computer is noticeably slower than usual.After researching about iLivid malware on the net, I have come to realize that this virus is far beyond my skills of tech know how. I greatly need the help of the tech wizards of this forum to solve my problem. Could any kind soul please aid me? I will be forever grateful to whoever does. I have read the Preparation Guide and I will now continue to post what is required. DDS.txt logDDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450Run by lenovo at 20:58:08 on 2012-11-14Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6048.3241 [GMT 8:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\windows\system32\nvvsvc.exeC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\SysWOW64\SupportAppXL\cdrom_mon.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Lenovo\Bluetooth Software\btwdins.exeC:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXEC:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\windows\system32\svchost.exe -k imgsvcC:\windows\System32\vds.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\taskhost.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\BisonCam\Monitor.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exeC:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exeC:\Program Files (x86)\Lenovo\Energy Management\utility.exeC:\Program Files\Mediafour\MacDrive 8\MacDrive.exeC:\windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\System32\igfxtray.exeC:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exeC:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exeC:\Windows\System32\igfxpers.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXEC:\Program Files\Lenovo\Bluetooth Software\BTTray.exeC:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exeC:\Program Files (x86)\Lenovo\VeriFace\PManage.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\windows\SysWOW64\RunDll32.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exeC:\Program Files (x86)\Cobian Backup 11\Cobian.exeC:\Program Files (x86)\Cobian Backup 11\cbInterface.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.comuDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENNmStart Page = hxxp://lenovo.msn.comuProxyServer = 127.0.0.1:80uProxyOverride = <local>;*.localmWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dllBHO: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Search-Results Toolbar: {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dlluRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [AdobeBridge] <no file>mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exemRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /smRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exemRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbyloginmRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Cobian Backup 11] "C:\Program Files (x86)\Cobian Backup 11\Cobian.exe"StartupFolder: C:\Users\lenovo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmDPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ph/en/SmartDownloading/cab/npdueng.cabTCP: NameServer = 10.132.96.15 10.132.96.22 144.210.230.22 144.210.199.9TCP: Interfaces\{3423B0CA-95EC-43B5-A837-A1C155EC5482} : DHCPNameServer = 10.132.96.15 10.132.96.22 144.210.230.22 144.210.199.9TCP: Interfaces\{3423B0CA-95EC-43B5-A837-A1C155EC5482}\0596E6F6974757E65627 : DHCPNameServer = 10.254.7.2 124.106.5.2TCP: Interfaces\{3423B0CA-95EC-43B5-A837-A1C155EC5482}\235384 : DHCPNameServer = 192.168.254.254TCP: Interfaces\{3423B0CA-95EC-43B5-A837-A1C155EC5482}\2656C6B696E6E233667336 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{3423B0CA-95EC-43B5-A837-A1C155EC5482}\D47574F51405F57457563747 : DHCPNameServer = 4.2.2.2 4.2.2.1TCP: Interfaces\{4C3871F8-AFC9-4BE2-AF21-F5C6676C115D} : DHCPNameServer = 192.168.254.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-mStart Page = hxxp://lenovo.msn.comx64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: DataMngr: {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dllx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [S_Monitor] C:\Program Files (x86)\BisonCam\Monitor.exex64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exex64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exex64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exex64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exex64-Run: [MacDrive 8 application] "C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe"x64-Run: [Getting started with MacDrive 8] "C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe" /autox64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htmx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-8-24 57952]R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-8-24 39008]R0 MDFSYSNT;MacDrive file system driver;C:\windows\System32\drivers\MDFSYSNT.SYS [2010-2-5 304232]R0 MDPMGRNT;MacDrive Partition Driver;C:\windows\System32\drivers\MDPMGRNT.SYS [2012-4-15 32352]R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-11 30056]R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-7-28 969200]R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-6-14 359464]R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-8-24 13408]R1 CBDisk;CBDisk;C:\windows\System32\drivers\CBDisk.sys [2012-4-15 70344]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-4-15 283200]R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-6-14 25232]R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-6-14 71600]R2 Autorun CDROM Monitor;Autorun CDROM Monitor;C:\windows\System32\SupportAppXL\cdrom_mon.exe --> C:\windows\System32\SupportAppXL\cdrom_mon.exe [?]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-9-22 44808]R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-11-14 67584]R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-7-30 205312]R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-1-8 218112]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-24 2655768]R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-26 29792]R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-12-5 31088]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-3-4 317440]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\usbvideo.sys [2010-11-21 184960]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-8-24 349224]S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-8-24 39464]S3 hwusbdev;Huawei DataCard USB PNP Device;C:\windows\System32\drivers\ewusbdev.sys [2012-5-24 113792]S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2012-5-1 11776]S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-8-24 311400]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-20 517096]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-16 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-15 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184].=============== Created Last 30 ================.2012-11-14 10:11:12 -------- d-----w- C:\Program Files (x86)\Cobian Backup 112012-11-14 04:52:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{912C60EF-74CF-4880-8108-32DFDC831715}\offreg.dll2012-11-13 05:48:25 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar2012-11-10 19:32:01 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{912C60EF-74CF-4880-8108-32DFDC831715}\mpengine.dll2012-11-08 13:48:49 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys2012-11-08 13:47:32 -------- d-----w- C:\Program Files\iPod2012-11-08 13:47:31 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692012-11-08 13:47:31 -------- d-----w- C:\Program Files\iTunes2012-11-08 13:47:31 -------- d-----w- C:\Program Files (x86)\iTunes2012-10-29 17:12:38 -------- d-----w- C:\Users\lenovo\AppData\Roaming\Smilebox.==================== Find3M ====================.2012-10-14 07:11:54 472576 ----a-w- C:\windows\AutoKMS.exe2012-10-02 19:51:15 3536817 ----a-w- C:\windows\System32\nvcoproc.bin2012-10-02 19:51:11 3293544 ----a-w- C:\windows\System32\nvsvc64.dll2012-10-02 19:51:04 6200680 ----a-w- C:\windows\System32\nvcpl.dll2012-10-02 19:50:57 891240 ----a-w- C:\windows\System32\nvvsvc.exe2012-10-02 19:50:57 866664 ----a-w- C:\windows\System32\nv3dappshext.dll2012-10-02 19:50:57 63336 ----a-w- C:\windows\System32\nvshext.dll2012-10-02 19:50:57 55144 ----a-w- C:\windows\System32\nv3dappshextr.dll2012-10-02 19:50:57 2557800 ----a-w- C:\windows\System32\nvsvcr.dll2012-10-02 19:50:57 118120 ----a-w- C:\windows\System32\nvmctray.dll2012-10-02 19:50:56 440168 ----a-w- C:\windows\SysWow64\oemdspif.dll2012-10-02 05:15:52 430952 ----a-w- C:\windows\SysWow64\nvStreaming.exe2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe2012-08-21 09:13:13 969200 ----a-w- C:\windows\System32\drivers\aswSnx.sys2012-08-21 09:13:12 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys2012-08-21 09:13:12 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys2012-08-21 09:12:33 41224 ----a-w- C:\windows\avastSS.scr2012-08-21 05:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll2012-08-21 05:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll.============= FINISH: 20:59:40.42 ===============Have also attached the attach.txt log from the DDSHave bypassed the GMER since I am running on 64 bit OSThank you very much to the wonderful volunteers of this site. It's rare to find people who willingly devote their time to help the less tech-literate people like us. Salamat!

Relevance 100%
Preferred Solution: Infected with iLivid & Applications Won't Run. Hijacked Browser. Slow Computer

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Infected with iLivid & Applications Won't Run. Hijacked Browser. Slow Computer

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

20 more replies
Relevance 74.62%

so my pc runs fine one day than bogs, cpu usage will spike to 100% with no applications running, i did not download anything that i know of, also it does not matter if i use ie or firefox my browser runs very slow, just typing this is taking forever i scanned with adaware, spy bot and use spyware blaster, i use all three on a regular basis, symantec antivirus is updated and used at least once a week. i used panda, bit defender and the third recommended scanner on this site. all to no avail. i am posting a hijack log in hopes of someone being able to help, thanksLogfile of HijackThis v1.99.1Scan saved at 4:28:45 PM, on 5/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AlienGUIse\wbload.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exeC:\PROGRA~1�... Read more

Answer:Computer Infected? Running Slow But No Applications In Manager

Hello mrhippopotamus and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.The HijackThis forum deals exclusively with virus and malware issues. HijackThis does not have the capability to analyze performance, hardware or application issues. For these types of issues I would suggest posting to the Windows XP Home and Professional forumThe techs in that forum specialize in matters pertaining to the operating system, performance and applications. Let them know that you have been to this forum and that no malware was found.When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.Also, when posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.Cheers.OT

1 more replies
Relevance 73.39%

Slow computer, I think browser (and more?) have been hijacked, I've never used hijack this before and want to be sure about what I am doing before I delete things.  Can someone please check this for me?  I ran Hijack This in safe mode (iregular mode Hijack This is prevented from writing a log) and here is the log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:46:18 PM, on 4/3/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
FIREFOX: 36.0.4 (x86 en-US)
Boot mode: Safe mode
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\OurJesterPC\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\C... Read more

Answer:Slow computer, I think browser (and more?) have been hijacked

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery... Read more

5 more replies
Relevance 72.57%

Here is my log. I already ran the latest ad-aware; it reckons I have problems with vx2.

Logfile of HijackThis v1.99.1
Scan saved at 11:16:31 PM, on 5/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\PSSVC.EXE
C:\WINDOWS\SYSTEM\3COM_DMI\3CDMINIC.EXE
C:\DMI\BIN\WIN32SL.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\APPIS32.EXE
C:\WINDOWS\SYSTEM\D3HA.EXE
C:\WINDOWS\APPND32.EXE
C:\WINDOWS\JAVAKE32.EXE
C:\WINDOWS\IEPG32.EXE
C:\WINDOWS\SYSTEM\ATLCG.EXE
C:\WINDOWS\SYSTEM\SDKFS.EXE
C:\WINDOWS\IELV32.EXE
C:\WINDOWS\SYSTEM\WINAG.EXE
C:\WINDOWS\SYSTEM\D3ZX.EXE
C:\WINDOWS\SYSMA.EXE
C:\WINDOWS\CRDF32.EXE
C:\WINDOWS\SYSTEM\CRPK32.EXE
C:\WINDOWS\SYSTEM\SYSAJ.EXE
C:\WINDOWS\MSSP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\DMI\BIN\DELLDMI.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\TWAIN_32\PAPRPORT\6100B\FLATBED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\MSNU.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\GREETINGS WORKSHOP\GWREMIND.EXE
C:\PROGRAM FIL... Read more

Answer:Browser hijacked... computer slow... you guys can help, right? Please do!

Greetings, and welcome to TSF!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).


===============

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean&q... Read more

3 more replies
Relevance 72.57%

I'm looking at a friends PC I built for them a while back. It seems their teenager using Limewire has caused a few problems...

First off the friend ran a NOD32 scan and it took AGES to complete. Removed "loads" of infections. I went round and it looks there is still a browser redirection happening. Sometimes Firefox doesnt load pages, whereas IE7 is fine! The computer is also running really slow.

I then installed BitDefender Total Security 2008 (I've been using it for a few weeks and found it excellent). This too initialy found over 10,000 infections (I killed the scan at this point). It appeared there was a folder in the Fonts folder called ' (single quote). Inisde it were literally thousands of files each 119k big, each a virus . I blew the single quote folder away as nothing but fonts should be in the Fonts folder. Ran another BitDefender scan - Deep Analysis. Still some infections. Installed and ran SpyBot, again more infections. Installed Avast (as one of the windows popping up is Vista Antivrus 2008 which looks highly suspect!), Avast found nothing(!).

Redirects still happening so I'm turning to HiJackThis and any help I can get cos I'm totaly stuck now...

I've followed as much of the "Before you post" thread, Panda online scan was back to front - I had to register AFTER it done the scan! Anyhoo, not surprisingly it found more infections...

Any help much appreciated. A format and rebuild is looking really tempting...

Answer:Browser Hijacked, computer real slow!

This machine is pretty well messed up as you already know. Sometimes a format/reinstall is the best way to ensure things are running well again.

That fonts folder you mentioned is usually associated with a password stealer. If the users of the machine do any online banking they should change passwords from a known clean machine and notify the financial institutions. In fact, any password accounts should have their passwords changed...email, Messenger, forums, etc.

Vista Antivrus 2008 is a newish rogue, so you're correct in being suspicious.

If you want to try to clean it....I require more information

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP... Read more

7 more replies
Relevance 71.34%

Hello,
I am running Windows XP on an e-machine. I am getting a huge amount of pop-ups, some are very vulgar in nature. I can only search from Windows Live Search. I cannot search from yahoo, google, etc. When I try to search from all others except Windows live search, nothing happens. The little green progress bar just doesn't go anywhere. Sometimes my start up page is being redirected. My internet searching is very limited. When searching from Windows live search, most of the time it won't let me download a program. It hangs up also. Any help is greatly appreciated. I have included a hijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:37:53 AM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.... Read more

More replies
Relevance 70.93%

I was browsing the internet when I noticed a popup warning me that I had a dozen or so infected files on my computer so I should download a antivirus program. I instantly 'x'-ed out of the widnow, but the pop up kept coming back. So I did the following:

1. I ran a complete scan on my regular antivirus (McAfee) but when that didn't find anything..
2. I next ran Malewarebytes anti-malware, which removed a couple files (trojans)
3. I ran Spybot search and destroy which removed about 73 suspicious files.

After all this I was so sure that my computer was clean again.
However currently when I browse the internet I see recurrent popups for the antivirus removal download and the browser opens up new tabs to www.google.com/webhp on its own! Worst of all, my computer is extremely slow. Please guide me as to what to do next. I hope we can resolve this without having to reformat my whole computer. THanks

Answer:computer still slow and browser hijacked after antivirus maleware infectoin

Download this file and save it to your desktop:http://download.bleepingcomputer.com/grinler/rkill.scrDouble-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

12 more replies
Relevance 70.93%

Referred from here: http://www.bleepingcomputer.com/forums/t/275726/computer-running-slow-browser-is-hijacked-redirects-or-opens-new-windows/ ~ OBMy computer running very slow and my browser is hijacked, redirects or opens new windows in IE 7, Google Chrome and Firefox. I have ran several malware removal programs including Spybot, Malwarebytes' Anti-Malware and SUPERAntiSpyware Free Edition. They usually find stuff, but I think whatever it is reinstalls itself or it isn't being detected. Please let me know what my first step should be in detecting the issue and solving this! Thank you!!! I tried running RootRepeal with no success. It says "intitalizing, please wait" and never does anything. I even tried doing it in safe mode. It kept telling me that I don't have enough virtual memory to run the application. I downloaded Rkill and ran it. Then I tried the RootRepeal again. A system information box comes up and says that I do not have enough virtual memory and it is attempting to shut down unneeded processes to run RootRepeal. I waited about an hour and it still locked up the computer.My computer is running on 512 MB RAM and an AMD Athlon XP 2400+ 2.00 GHz. I have an A-Bit NF7-S motherboard and am running on Windows XP Professional. I'm gonna pick up some more RAM, which I had planned on doing anyways, and see if I can run it after that. Win32kDiag:Running from: C:\Documents and Settings\Micah\Desktop\Win32kDiag.exeLog file at : C:\Documents and Settings\Micah\Desktop\Win32kDia... Read more

Answer:Computer Slow, browser is hijacked, redirects or opens new windows

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

9 more replies
Relevance 70.11%

My home page has been hijacked to about:blank and i cannot change it back to yahoo or google. My computer is slow and i get pop ups for how to remove spyware. I have run spybot and adaware and it doesnt detect the issue. I also ran Hijackthis and the output is as follows:

Logfile of HijackThis v1.97.7
Scan saved at 11:10:51 AM, on 5/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\Michae... Read more

Answer:IE browser hijacked, computer slow loaded with popups and home page taken over

Hi and welcome. I have moved you to the security forums for better assistance.
 

1 more replies
Relevance 70.11%

This is my first post, thanks your anyone's help in advance.

My computer running very slow and my browser is hijacked, redirects or opens new windows in IE 7, Google Chrome and Firefox. I have ran several malware removal programs including Spybot, Malwarebytes' Anti-Malware and SUPERAntiSpyware Free Edition. They usually find stuff, but I think whatever it is reinstalls itself or it isn't being detected. Please let me know what my first step should be in detecting the issue and solving this! Thank you!!!

Answer:Computer Running Slow, browser is hijacked, redirects or opens new windows

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.=====================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) ... Read more

6 more replies
Relevance 66.42%

Never mind.. You can delete this post. I was so frustrated I just restored my entire laptop back to default factory condition. I am starting fresh and new because I was beyond frustrated.

Answer:Browser/Internet INCREDIBLY slow all of a sudden. Think my computer may be infected.. :(

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

1 more replies
Relevance 65.6%

HI there,
please help restore browsing ability. I'm not tech-literate but I'll adapt. Something called ChangeIcon seems unremovable. But I'm sure that's the least of my pc's problems. Essentially, I can't browse without being hijacked by pop-up ads rendering the search engine immobile. Thanks in advance.
 

Answer:Browser Hijacked by "Infected Computer Warning" Pop-up Ads

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 64.78%

My computer is locking up as I type this and I dont know how to fix it. I've tried downloading the suggested Spyware and Scans but Ive had no success. Im not a computer whiz obviously, so I need some suggestions on how and where to fix this problem. I do believe that I have some sort of virus but I have no idea how to remove them. I'd appreciate any help I can get ! Thanks

Answer:Slow Slow Slow Browser, Applications Failing

How long has it been since Windows was installed? Have you done any regular file maintenance, like deleting old files you don't need anymore, deleting temp files, uninstalling programs you don't use anymore, deleting months-old system restore points, etc, and then running scandisk, and lastly, running defrag? Maybe it's not a virus. You may just be running out of room on your hdd.

3 more replies
Relevance 63.14%

Hiya... new kid on the block here. I'm suddenly experiencing multiple problems. My yahoo messenger was hijacked yesterday, I received a server certificate error today that claims someone may be eavesdropping on me, the comp is getting slower and slower, and the startup and shut down is getting longer and longer. This is a used laptop that I received with issues to begin with. I thought the issues were resolved, but instead, they keep getting worse. I'm not familiar with HJT, and don't know where to start. Any help would be greatly appreciated! Thanks in advance! ~Jesica

The puter is an HP Compaq 6730s
Running Vista Home Basic SP2, Build 6002
I'm using Trend Micro Internet Security Pro
I normally use Opera, but also have Firefox and IE

The error I received in Opera today reads in part: "The server's certificate did not match it's hostname. Accept?" The security tab says "The server's name does not match the certificate's name. (webpage and server info) Somebody may be trying to eavesdrop on you."

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:09:56 PM, on 3/4/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Activ... Read more

More replies
Relevance 62.73%

I am running with Windows XP. My IE browser and applications such as Itune or Piccassa slow down and then they completely hang up. Everything works again when I reboot, but then it slows down and hangs again.

Thank you for looking into this problem.

Elie.

Here's the LOG RESULTS of HIJACK :

Logfile of HijackThis v1.99.1
Scan saved at 7:01:25 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Fi... Read more

More replies
Relevance 62.32%

Hi,I don't know what exactly is wrong with my laptop but every time I search something on a search engine, the links re-direct me to some bogus site. Occasionally, pop ups show up when I'm just browsing the internet as well. I've posted the dds.txt below and attached the attach.txt and ark.txt documents as well. Please help me figure this out. Thanks!DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 0:22:54.21 on Mon 06/07/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.80 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\... Read more

Answer:Infected with a possible hijacked browser

Hello and welcome to Bleeping Computer. *Please Subscribe to this Thread to get immediate notification of replies. See HERE*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.*You must reply within 5 days otherwise this topic will be closed.===============================================One or more of the identified infections is a Rootkit/backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft,... Read more

6 more replies
Relevance 62.32%

I had a problem with my browser - google results were being redirected to ad pages, norton parental security was bypassed and kids could get into inappropriate sites. I followed all the steps you had listed and here is my Hijackthis log now. I want to make sure it is all removed.. All the results from the spyware software you have listed look clean. Thanks in advance for all your help !! This site is wonderful !!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:10:25 PM, on 10/7/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\cisvc.exeC:\WIN... Read more

Answer:Infected - Browser Hijacked

Hello Looking for Help,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 62.32%

Help?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:02:23 PM, on 1/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\kbdhu132.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\kernel32... Read more

Answer:browser hijacked and infected but don't know what it is

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

4 more replies
Relevance 61.91%

hello, i am running windows 7. my firefox browser was hijacked by ilivid. when i would do a google search several windows would open directing me to download ilivid. i viewed a tutorial and checked firefox proxy settings to "do not use proxy." it was set to "use system proxy." disabled all unnecessary add ons and plugins on my browser and reopened firefox. the problem is gone now. i dont know if it is actually gone, but for the moment it is. they tutorial also instructed to remove registry items but did not want to get into that. internet explore did not exhibit the same problems btw.

i was also recently infected with a sweetim/deals virus that i deleted through the add/remove programs feature in windows. im sure my registry is pretty screwed up now because the browsers is running slow, slow to open, videos crash, etc. i was wondering if anyone could give me any advice as to how to repair this. thank you.

Answer:ilivid browser hijack

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log in your next reply
Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log in your next reply.

Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.


Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and post the result.

Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http... Read more

5 more replies
Relevance 61.91%

Running older PC Clone 2.0 Ghz Dual CPU Pentium, 1GB Ram Win XP Home Edition system.

While navigation on Internet Explorer or Google Chrome, system runs extrememly slow and/or crashes. When using applications such as Itunes, Email, or simply opening up Word and other applications, it runs very slow and almost seems to stop. The IE7 that was on the computer had changed to an operate with add-ons off as a result of the infection. I downloaded and reinstalled IE7 and this seems to have fixed that problem for the time being. MalwareBytes and SuperAntiSpy icons dissappeared from my desktop. When trying to use them from the Start / Menu options the programs no longer worked. I reinstalled them and they appear to work fine now. However, the system still seems to run very slow over all and its performance is greatly hindered.

Next, I ran free version of SuperAntiSpyware and all it detected was a couple Adware cookies. Secondly, I ran free version of Malware Bytes Anti-Malware and it detected PUP.GamePlayLab infections located in the Registry Key: HKLM\SOFTGWARE\Microsoft\Windows.... These files were removed and quarantined by MWB. Thirdly, I ran Old Timer's TFC and then rebooted the computer and it appeared to run a little faster, but still sluggish while using IE7. So, finally, I ran ESET Free Online Scanner, and it detected "Win32/Toolbar.Babylon and Win32/TopMedia.a" virus infections. Scan took about 2 1/2 hours. I set it to search the drives/ar... Read more

Answer:Computer runs Slow, Internet slow, Applications slow

Hello, lets look a bit more.Please DownloadTDSSkillerLaunch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>>>>>Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>>>> Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Finally...MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of Hos... Read more

15 more replies
Relevance 61.91%

Picked up a browser hijacker. Ran spybot, adaware, and stopzilla. Stopzilla says that I had vundo.bib and it took a few times for it to be removed (according to stopzilla). However, my browser is still getting hijacked. On top of that, I cannot boot into the safe mode. Also, I just lost the ability to get into outlook express. When I click on the short cut, it takes me to the security page of IE. Strange.I took the advice off the internet and disabled system restore when running the last stopzilla scan and now have no restore points. Here are my log files..... I am also attaching a hijack this log to the bottom of this message. Thanks so much!DDS (Ver_09-11-29.01) - NTFSx86 Run by Steve at 9:24:57.89 on Mon 11/30/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.137 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC... Read more

Answer:infected with Vundo.BIB (i think) browser is hijacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 61.91%

Hello,Recently I accidentally infected my home computer with a Trojan that I think was disguised as a Flash player update. I do not know the name of the Trojan. After this my browser (Firefox) would redirect to various commercial sites when I clicked on a link. Internet explorer would also display pop-up advertisements even when I wasn't using internet explorer. I tried various software such as SuperAntiSpyware, AVG, SpyBot, Malwarebytes Antimalware, and Windows Defender, to try and fix the infection. These software detected the infection and removed it but the infection would return and my browser continued to be redirected. Eventually I tried HighjackThis and removed some entries that others had reported as bad. My browser no longer redirects and I can no longer detect the infection with the above software but I'm not convinced that I have fixed the problem entirely as this is way beyond my computer knowledge. I have followed the directions in "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and would like to ask if someone could please look at my attached logs and tell me if my computer is still unsafe or infected. I'm concerned that my online security (banking etc) might be compromised by 'backdoors' even though I don't know what they are. I'm also concerned that I may have removed something I shouldn't have, causing stability issues. Thank you very much for your time.DDS (Ver_10-03-17.01) - NTFSx... Read more

Answer:Infected with Trojan, hijacked browser

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 61.91%

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

Answer:Infected with malware? Browser hijacked!

Hello.Due to Lack of feedback, this topic is now ClosedIf you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.This applies only to the original topic starter.Everyone else please start a new topic.With Regards,Extremeboy

2 more replies
Relevance 61.91%

As of Friday night my Mozilla Firefox browser kept on opening inthis page (

file:///C:/ProgramData/Utatitys/snp.sc) and Chrome in (http://search.safefinder.com/?publisher=defaultsf&feedid=infospace&dpid=yhs&hspart=Lkry&hsimp=yhs-SF01&type=YHS_SF_14300&opublisher=APSFWakeNet&co=AR&userid=3b20abd6-4f98-8652-5799-8d238a24b2ad&st=sc&barcodeid=51198003&channelid=3&av=eset&odistributer=APSFWakeNet&installdate=28/07/2016) I ran a Kaspresky scan (

KASPERSKY REPORT
·
· Trojan-Downloader.MSIL.Agent.alqaC:\ProgramData\Utatity\Overit.exe
·
· HEUR:Trojan.Win32.GenericC:\Users\JOSE\Downloads\CTU Marine Sharp Shooter\CTU- Marine Sharpshooter.rar//CTU: Marine Sharpshooter.exe
·
· HEUR:Trojan.Win32.GenericC:\Users\JOSE\Downloads\CTU Marine Sharp Shooter\CTU- Marine Sharpshooter\CTU_ Marine Sharpshooter.exe
·
· Backdoor.Win32.Clampi.cC:\Users\JOSE\Downloads\[PC] Silent Hunter 4 v.1.1 [PROPER] [RIP] [dopeman]\SH.4.7z//Silent Hunter 4/sh4.exe

Otros problemas
· 7 problemas de otro tipo detectados
Más detalles
· Microsoft Internet Explorer: el almacenamiento en caché de los datos recibidos por canales cifrados(cache storing of data received by encrypted channels is activated) está habilitado Si un atacante toma el control del sistema, podría acceder a información confidencial del usuario almacenada en la caché (datos de banca en línea, datos personales, mensajes de correo electrónico, etc.),... Read more

More replies
Relevance 61.09%

For the last month or so, I've been receiving ads in the right corner of my screen that say Recommended For You. When clicking the X, they minimize, but do not disappear. Occasionally, when I am on a web site, I am redirect to a malware site. Luckily my antivirus program stops it.

As of today, I started seeing new ads in the right corner called ilivid. They are trying to get me to download a video plugin.

How do I go about getting rid of these things?

Answer:Recommended For You Ads, ilivid Ads and Browser Redirect

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

15 more replies
Relevance 60.68%

It takes forever to pull up Interent Explorer... and still everything is very slow in terms of reaction time to my clicking/typing. If I leave my computer on overnight, it takes a few minutes it seems to "warm up" once I try to access an application.

Any suggestions? I know this is a vague description. Thanks.

My HijackThis log:

Logfile of HijackThis v1.96.1
Scan saved at 8:36:33 PM, on 8/19/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~2\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:... Read more

Answer:My computer is painfully slow after a few hours of inactivity. Applications VERY slow

Anything look familiar?
 

3 more replies
Relevance 60.68%

I was instructed to start a new toping to seek further help in getting rid of this pop-up at the bottom of my screen.  Here is a link to my previous topic.
 
http://www.bleepingcomputer.com/forums/t/492362/infected-with-ilivid-virusmalware/#entry3033135
 
 
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.21.2
Run by Matt at 17:44:24 on 2013-04-26
Microsoft Windows 7 Ultimate N   6.1.7601.1.1252.1.1033.18.3839.1953 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Supp... Read more

Answer:Ilivid / ad.reduxmedia.com popup at bottom of my browser

Hello kabel69 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

24 more replies
Relevance 60.68%

As described above I am really hoping to get this problem fixed, as it is annoying and I guess also harmful for my pc.
I keep on getting a new tab pop-up redirecting me to a page of iLivid web site to install some video download helper.
I did a bunch of stuff, hope I did not ruin my chances of resolving this!

I can provide, if requested logs generated after scans performed with the following: MalwareBytes Anti-Malware, RogueKiller, tdsskiller, spybot S&D (besides the FRST, aswMBR and AdwCleaner, I already attached to this post).

Thanks a lot for any help!

P.S.: I am also attaching a print screen of the web page i am getting those nasty redirects.
 

Answer:iLivid redirect problem every 15-20 min or so, on the default browser

I forgot to mention to the whole story, I did tried to block that URL address using Chrome's extension AdBlock, with no success at all .
 

22 more replies
Relevance 60.27%

Hi All, my girlfriend wanted a new font so she downloaded an .exe from some strange website and ran it. Now I have no idea what kind trash might be infecting her laptop. Both IE and FF were redirecting to some russian search site, I've fixed them both by doing a browser reset. I've uninstalled browse2Save, and anything else that looked suspicious. Can you please look over these logs and let me know if theres anything more sinister I may have missed. There are no adverse symptoms I'm noticing now, but I'm just worried since she ran .exe from an unkown sorce it could have done anything.
Anyways I'm sorry I don't have anymore details but nothing seems to be happening, I'm just terrified since she committed the ultimate sin of run strange executables on her system.
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by jenni at 0:27:15 on 2013-03-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4014.2129 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C... Read more

Answer:Infected After Font Install via Strange .exe, Browser Hijacked, What Else??

Hello JRed5000 Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at y... Read more

14 more replies
Relevance 60.27%

All my browsers are hijacked by this link    http://istart.webssearches.com/?type=hppp&ts=1413114616&from=adks&uid=WDCXWD3200BPVT-75JJ5T0_WD-WXJ1A81H6553H6553 
 
I was able to remove it manually from IE and Firefox but unable to do so in Chrome, I installed MAMB on my system and did a scan and it showed lots of infected items, but I didnt remove those yet just wanted you run it through you guys first....Pls help me get rid of webssearches.com
 
 
DDS LOG
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by pc at 0:28:38 on 2014-10-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1911.351 [GMT 5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkSer... Read more

Answer:Browser hijacked/infected by http://istart.webssearches.com

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.    HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs i... Read more

3 more replies
Relevance 60.27%

All my browsers are hijacked by this link    http://istart.webssearches.com/?type=hppp&ts=1413114616&from=adks&uid=WDCXWD3200BPVT-75JJ5T0_WD-WXJ1A81H6553H6553 
 
I was able to remove it manually from IE and Firefox but unable to do so in Chrome, I installed MAMB on my system and did a scan and it showed lots of infected items, but I didnt remove those yet just wanted you run it through you guys first....Pls help me get rid of webssearches.com
 
 
DDS LOG
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by pc at 0:28:38 on 2014-10-13
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1911.351 [GMT 5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkSer... Read more

Answer:Browser hijacked/infected by http://istart.webssearches.com

Hello Ashleshy,
Welcome to Bleeping Computer!
My name is Cody and I'll be helping you clean up your computer.
I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.
Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.
==========================================================================Some points for you to keep in mind:
Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. 
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who a... Read more

4 more replies
Relevance 60.27%

I have just recently been getting browser redirects and very slow startups. I "junior" family memebr has been using the computer and I suspect he may have downloaded something suspect.

Here is the HJT Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:21:42 PM, on 19/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\AVG\AVG9\avgchsvx.exe
D:\Program Files\AVG\AVG9\avgrsx.exe
D:\Program Files\AVG\AVG9\avgcsrvx.exe
D:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
D:\WINDOWS\system32\LEXBCES.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\LEXPPS.EXE
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\ATKKBService.exe
D:\Program Files\AVG\AVG9\avgwdsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\runservice.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Program Files\AVG\AVG9\avgnsx.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\TomTom HOME 2\TomTomHOMEServic... Read more

More replies
Relevance 60.27%

Hello Tech Support Guys,

I am using e-machines with Windows 7. Mozilla Firefox 9. When I click on the Firefox icon, it begins to load my home page and then goes right to a Facebook Zynga page! Or it goes to a FaceBook Cityville registration page. Hotmail keeps giving me trouble and my whole system is slow.

I have already run Malwarebytes, Comodo, Kapersky free online version, Spybot SD and Microsoft Malicious Software Removal tools and found nothing.

Here's the HJT log and the dds logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:05:07 PM, on 1/10/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Carrie\Downloads\carrieshelp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=17360910m206p0415v165r4542s20n
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa...tp://uk.my.msn.com/?lc=2057&lc=2057&id=254014
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1333g&r=1736091... Read more

Answer:Slow PC and hijacked browser pages

16 more replies
Relevance 60.27%

UPDATE... Ran Anti-Malware and it fixed it

Hello,

I have a problem with my browser connecting to some sites very slowly. I have noticed that when attempting to sign up for this fine site, Firefox would stall trying to connect to ad.doubleclick.net

I also noticed that when trying to update definitions for AVG and SuperAntiSpyware, it was not able to connect. Also, I attempted to run SuperAntiSpyware scan, but it did not do anything.

Hoping someone can help !!! Thanks for looking!

Below is my hjt log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:13 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\... Read more

More replies
Relevance 60.27%

Somewhere along the line picked up something that caused adult website links to appear on my kids computer desktop.

While websurfing I am not able to connect to numerous websites (including this one). Also noticed that my AVG antivirus was no longer able to connect to the update site.

I had to download the DDS & Gmer tools from my other computer as I could not get to those websites either.

I have included the specified log files below --
DDS.txt (posted)
attach.zip (attached)

Please note that I ran the Gmer utility in safe mode, as all attempts to run it in normal mode resulted in a CPU reboot shortly after initiating the scan as directed.

Any help is appreciated!

---------------------------------------
DDS.txt
---------------------------------------

DDS (Version 1.1.0) - NTFSx86
Run by Owner at 6:48:43.31 on 01/03/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.253 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\PROGRA~1\AVG\AVG8\avg... Read more

Answer:Browser Hijacked / Slow Connection

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Use the same method to transfer tools to, and logs from, the affected machine as you've just done. After running ComboFix, you may well find that the machine is able to directly visit this site again.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

7 more replies
Relevance 60.27%

Ran hijack this and below is the text file generated. Sorry if not posted properly.

Browser was hijacked a couple of weeks ago ... cleaned system with various free programs and hijacking seems to be gone but now google chrome won't work, google installer error pops up every hour or so, and everything is much slower.

Appreciate any help.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:25 PM, on 01/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDO... Read more

Answer:Browser Was Hijacked - System Very Slow

Hello dglennsmith and welcome,

If you still require assistance, we require a more comprehensive set of logs to determine the presence of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

2 more replies
Relevance 59.86%

It appears I have been infected with the Ilivid virus or malware.  I am running Windows 7 Ultimate N on an HP Pavilion dv9000 4gig ram.  Whenever I visit any webpage I get an annoying popup at the bottom of my screen.  I am using Mozilla Firefox 20.0.1.  If you have any other questions let me know.  Thank you in advance for your help.  I have attached a picture of the popup when visiting google for your reference.
 
Matt
 
 
 
 
 

Answer:Infected with Ilivid Virus/Malware

Hello and welcome.I moved this to the "Am I Infected" forum for now.Please run these next. Tell me how it is after. Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.>>>>>>>>>>>>Please download AdwCleaner by Xplode onto your desktop.•Close all open programs and internet browsers.•Double click on adwcleaner.exe to run the tool.•Click on Delete.•Confirm each time with Ok.•You will be prompted to restart your computer. A text file will open after the restart.•Please post the contents of that logfile with your next reply.•You can find the logfile at C:\AdwCleaner[S1].txt as well.

7 more replies
Relevance 59.86%

Hi guys, I've followed all the intructions outlined in the 'Preparation Guide for use before posting a HijackThis Log'The first signs of something wrong was through google. Everytime I clicked on a link, it would redirect me to a random site.I've tried using Ad-ware etc and nothing worked.I've followed the guide:RESTARTRUN - Ad-ware - found 2 new critical objects - I've saved thea copy of the scan results RESTARTRUN - Ad-ware - found 2 new critical objects - I've saved thea copy of the scan results RESTARTRUN - Spybot - found 1 - Pipas.A. - I've saved thea copy of the scan results RESTARTRUN - Spybot - found 1 - Pipas.A. - I've saved thea copy of the scan results RESTARTRUN - BitDefenderRESTARTDOWNLOAD - Zone Alarm FirewallRESTARTRUN - HijackThisAfter every restart, prior to installing the new firewall, Windows Firewall would always turn off. I'd turn it back on, but it would turn off after restarting.Logfile of HijackThis v1.99.1Scan saved at 6:00:02 PM, on 25/04/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS�... Read more

Answer:Browser Hijacked, Potentially Infected With A "goodie Bag" Of Other Viruses, Trojan Etc

Hello,You really don't have to worry about your Windows Firewall here. This is normal it is getting disabled, because you have Zonealarm installed. Zonealarm disables it. Because it's a bad idea to have two firewalls active and it can cause problems.You are using Download Accelerator - DAP Be informed that it delivers popup/popunder ads, and tracks your internet usage. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlmanI suggest you remove it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove it. * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.vroomsearch.com/O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)O4 - HKLM\..\Run: [SSER] sser.exeO4 - HKLM\..\Run: [StopHS] stopHS.batO4 - HKLM\..\Run: [dmnhx.exe] C:\WINDOWS\system32\dmnhx.exeO8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htmO8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htmO9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXEO16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cabO17 - HKLM\System\CCS\... Read more

30 more replies
Relevance 59.86%

Hello,I hope someone can help me. My friend's computer is infected with a nasty virus and/or spyware. I scanned it using malwarebytes and it quarantined 21 items, but I'm still having problems with the browser being redirected to other sites. And it also will not let me update my virus scanner or any anti spyware programs. And when I try to visit a forum that helps with viruses, it redirects me to a different site and tries to get me to buy the software. During the scan something called Rogue.PersonalSecurity showed up and also Worm.KoobFace.Any help would be appreciated.Thanks in advance!DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:01:09.85 on Wed 03/24/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.124 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\ALCXMNTR.EXEsvchost.exeC:\Program Files\Hp\HP Software Update ... Read more

Answer:Infected with Personal Security, Koob Face, Browser Hijacked

Problem solved, you can close this thread. Thanks!

2 more replies
Relevance 59.45%

Hi, I noticed when I was clicking a link from a search the page was being redirected, I ran Malware Bytes to try and fix. I then found out there were random audio ads. The computer is very slow opening web pages and loading other applications/programs. I am running Windows 7 SP1 64 bit.

Below is the DDS.txt

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Ran? at 12:00:56 on 2012-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1978.806 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG... Read more

Answer:Please Help: Audio Ads/Hijacked Links/Very Slow Web Browser

Hello, and welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
Please reply within 3 days. If I do not hear back from you in that time f... Read more

18 more replies
Relevance 59.45%

Hello, I have gotten a virus of some kind, I think from a flash drive my gf uses to store homework on. She brought home the flash drive from using it at work (in a hospital for pete's sake!) and the files were all hidden. I figured out how to unhide them thanks to the internet, but I think I got a virus of some sort in the process. Since then my browser has been being hijacked, my computer is super slow, random ad pop-ups show up, and even when I use google to search the results come back with a whole list of crap that is not even applicable to my search. I have tried AVG (the free version) and also Malwarebytes (the free version) and both have located threats and "removed" them, but the problems persist. I don't know what to do next. I have a Dell laptop with windows 8.1. Please help!

Answer:Hijacked browser, Slow speed, Windows 8.1

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

7 more replies
Relevance 59.45%

Hello all. My computer has been infectedfor about a week ago and I m going crazy because I cant remove the malicious files. My background was hijacked, my web browser was hijacked, the "run" prompt would pop up and run random applications on its own. Eventhough I had no activity, the network would show it is having activity. I have used Lavasoft (AdWare SE Personal) to detect and remove the infection but it seems to remove some,not all. I have tried to run Norton Antivirus and it detects some malware, just as lavasoft does but some files remain and cause my computer to run slow. I have tried to remove some of the files that have installed by themselves on the "Add/Remove" programs but no luck there. I seem to have control of my background, to say the least. But I am afraid to go online, then po-ups come up. I have run "hijackthis" and below is the log. Advice what to remove. Thanks.Logfile of HijackThis v1.99.1Scan saved at 8:17:59 PM, on 12/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\sdkcu.exeC:\Program Files\Common Files\Syma... Read more

Answer:My E-mail Browser Is Hijacked And Runs Slow

Do not post duplicate posts - there are many seeking help - your time will come

1 more replies
Relevance 59.45%

Hello all. My computer has been infectedfor about a week ago and I m going crazy because I cant remove the malicious files. My background was hijacked, my web browser was hijacked, the "run" prompt would pop up and run random applications on its own. Eventhough I had no activity, the network would show it is having activity. I have used Lavasoft (AdWare SE Personal) to detect and remove the infection but it seems to remove some,not all. I have tried to run Norton Antivirus and it detects some malware, just as lavasoft does but some files remain and cause my computer to run slow. I have tried to remove some of the files that have installed by themselves on the "Add/Remove" programs but no luck there. I seem to have control of my background, to say the least. But I am afraid to go online, then po-ups come up. I have run "hijackthis" and below is the log. Advice what to remove. Thanks.Logfile of HijackThis v1.99.1Scan saved at 8:17:59 PM, on 12/21/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\sdkcu.exeC:\Program Files\Common Files\Syma... Read more

Answer:My E-mail Browser Is Hijacked And Runs Slow

DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"Download About:Buster from:http://www.majorgeeks.com/AboutBuster_d4289.htmlDouble click aboutbuster.exe, click Update, click OK, click Start, then click OK.==========Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)? Install ewido.? During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".? Launch ewido? It will prompt you to update click the OK button and it will go to the main screen? On the left side of the main screen click update? Click on Start and let it update.? DO NOT run a scan yet. You will do that later in safe mode.Restart your computer into safe mode now. Perform the following steps in safe mode:(Start tapping F8 at the first black screen after power up)Run Ewido:? Click on scanner? Click Complete System Scan and the scan will begin.? During the scan it will prompt you to clean files, click OK? When the scan is finished, look at the bottom of the screen and click the Save report button.? Save the report to your C: DriveThis will take some time to run!Boot to normal modePost that log and a new HiJack log

1 more replies
Relevance 59.45%

hi, i am having a problem while browsing with firefox with search results being hijacked to various ad sites as well as slow page loading and was looking for some help. i will also mention that my outdated norton antivirus has recently stopped auto-protecting and i can't enable it as well as a notification in the system tray that windows automatic updates is turned off(which i want, but the notification itself is new). these symptoms all appeared at about the same time.

thanks in advance.

Answer:hijacked browser and slow page loading

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

4 more replies
Relevance 59.45%

I have been infected with malware that produces inline popups and sometimes redirects the webpage either in the tab currently using or the page in a different tab. This occurs in IE8, FireFox and Chrome. In December 2010 I was infected with malware with the Trojan:Win32/FakeSysdef which I removed manually pursuant to instructions from ThreatExpert.comI am running WIN7 64 Bit (so I have not done a GMER scan as per your instructions). Below are the contents of the DDS.txt file. I have also attached the Attach.txt file persuant to your instructions as well.
 Attach.txt   15.21KB
  2 downloads
 Attach.txt   15.21KB
  2 downloads-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514Run by Raymond at 17:39:56 on 2012-09-28Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.3999.2063 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32&#... Read more

Answer:Infected with iLivid inline popups and redirects

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

23 more replies
Relevance 59.45%

I am so very careful in what I click on/download, but unfortunately my children are not.

I have a fairly new computer that is infected with a virus. Every time I get online, it redirects me seth.avazutracking.net or ilivid. I've ran several virus scans and nothing picks it up. Firefox has been blocking the sites as "reported web forgery!" when they do pop up. It seems only certain sites cause the pop-ups (Facebook being one). I don't get them on every website, but when they do pop up they pop up in mass and over and over.

I've read all the posting info and I hope I've done everything required. I downnloaded defogger and ran the other software required. I would greatly appreciate the help. My info is as follows:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.7.2
Run by Mandi at 15:05:02 on 2012-11-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6052.4183 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32�... Read more

Answer:Infected with seth.avazutracking.net and ilivid virus

And the other file.. thought I attached it before.

32 more replies
Relevance 59.45%

Hi - like others who have posted here I've picked up the unwanted iLivid toolbar and Searchqu in my Firefox browser. I think I was able to get rid of Searchqu through the uninstall process, but can't get rid of iLivid.

I ran Malware Bytes and Minitoolbox per a similar post and have the logs to post if desired. Hijackthis log below.

Thanks!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:29:20 PM, on 10/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe&... Read more

Answer:Infected with Searchqu and iLivid tool bar - how to remove?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please dow... Read more

20 more replies
Relevance 59.04%

Think I've been infected with the AntiVirus 360 Malware, I have various pop ups (AntiVirus 360, reg cleaners etc) when trying to browse, also in conjuntion with this my Windows Automatic updates have been disabled and I cant switch them back on ???HiJackThis Log :Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:17:54, on 11/02/2009Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Citrix\GoToMyPC\g2comm.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files... Read more

Answer:Infected with Malware Which Has Hijacked Browser & Disabled Automatic Updates (AntiVirus 360?)

<<blank>>

14 more replies
Relevance 58.22%

Hi,

My laptop was running smooth, but after returning home after 2 wks from out of town, my laptop takes around 8 minutes to completely load up. Whenever I click on any application, it takes 5 minutes to open up. All applications run really slow, videos on youtube skip even after they have completely loaded and when I play songs on my itunes they skip horribly and pause, and when I type on microsoft word theres a long delay in the words I type appearing on screen. I have over 20GB of memory available on both my C and D drive. I ran all scans on Norton 360 which I purchased after this started, but it didnt detect anything and my computer is still really slow.

I's greatly appreciate any help anyone on here could offer me. I ran a scan of Hijackthis, let me know if you want me to post it.

Thanks

Answer:All applications on computer run slow

Hi kenshinsword and welcome to TSF

Sorry for the delay in getting to you, the forum is really busy and all our helpers are volunteers.

Please post a log from a new HijackThis scan

5 more replies
Relevance 58.22%

Hello I have a windows 8.1 computer and I am trying to use it to the fullest and fastest it can be. One of the ways I use the computer is play using Steam. I have about 50 gigabytes worth of space used and have about 610 gb remaining. Will having my games and other stuff slow down my computer?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 3980 Mb
Graphics Card: Intel(R) HD Graphics 4000, -2041 Mb
Hard Drives: C: Total - 703461 MB, Free - 656306 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Windows Defender, Disabled

Thanks you can also contact me through < Moderator removed password. all help to be on the forum not by email >
 

Answer:Does My Applications Slow Down My Computer?

13 more replies
Relevance 58.22%

Hi there,
thanks a lot for being around in the first place, yet again I'd like to ask for some help.
 
This computer has started to act weirdly in the last 2-3 months and just now started to show the unmistakable symptoms of malware.
Unfortunately, apart from iLivid I don't know exactly what's wrong.
1. Web browsers' settings disappeared and every link opens in new window, eventhough it is set to open in a new bar or opens in the same bar. Nothing helps to get it right.
2. iLivid is constantly everywhere, on facebook, google etc.
3. There are Yontoo ads all around the place
4. fan is in the range of 60-70 degrees
 
What I have done so far:
 
1. Run spybot 3-4 times and there was always something constantly rebooting the computer, constant TeaTime dialogues, finally removed it when I thought I'd rather turn to professional help.
2. Run MBAM, removed 8 malwares and reboot, new scan was clear, but iLivid is still around the place.
3. Run MBAM rootkiller, clear scan.
4. Tried to run securitycheck, but the notepad dialogue showed that my system is not supported and aborted the processes.
 
And here we are now.
 
Could you please post what logs do you need and please check if I am at the right place.
 
Thanks a lot!
 

Answer:iLivid toolbar, its all contents&possibly stg else has infected(Yontoo, Delta)

Remove SPybot from your machine.
 
 
Then see below.
 
 
 
 
 
Run the Junkware removal tool.Post the log.http://thisisudax.org/downloads/JRT.exeReboot your machine.Download Adware Cleaner double click it to run it.Click the delete button allow it to runThe program will reboot your machine.This is normal.Post the log it creates.http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
 
 
 
Please download MINITOOLBOX and run it.Checkmark following boxes:Flush DNSReset FF proxy SettingsReset Ie Proxy SettingsReport IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeList Devices (problems only)Click Go and post the result.
 
 
 
Download tdss killerhttp://support.kaspersky.com/downloads/utils/tdsskiller.exe
Right Click it Run As Admin . Click on Change parameters Select TDLFS file system
Hit the Scan button Post the LOG In your next reply
Do not change the default options on scan results
Update and do a quick scan with Malwarebytes remove all that it finds and reboot.http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/
Post the log here,
 
 
Run a scan with Eset. You will need to disable your antivirus during this scan.http://www.eset.com/us/online-scanner/
Make sure ... Read more

15 more replies
Relevance 57.81%

Hey guys,
As of two weeks ago my computer's running speed decreased dramatically. It takes approx. 30 seconds to open up windows task manager. Also, a few gaming applications now crash on start up, such as Warcraft III and Dota 2 and with numerous applications freezing.

I've run virus scans on Malwarebytes and Spybot Search & Destroy with no hits. I'm very tempted to do a system restore but I'd really rather avoid this. Could you help me guys?

Thanks in advance.

--------------------------
HIJACK THIS:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:29 PM, on 6/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspe... Read more

Answer:Computer Extremely Slow - Applications Crashing Computer

You've got multiple antivirus programs installed and running in that computer.

That in itself will bog down a computer because they're fighting each other.

I suggest that you get rid of everything that's associated with Lavasoft Ad-Aware and AVG.

Also get rid of Spybot - Search & Destroy and replace it with SUPERAntiSpyware 5.0.0.1150.

SUPERAntiSpyware and Malwarebytes Anti-Malware(which you already have) work well together in combating malware, spyware, rogues, hijackers, etc..

-----------------------------------------------------------
 

1 more replies
Relevance 57.81%

Hi there, my broadband internet connection continually disconnects or often or spikes out without reason. I had my IPS check my connection and there is nothing wrong with the connection itself. Also, Windows XP system resource warning icon constantly flags. I think that the computer is being bogged down with useless applications and processes.Here is the Hijackthis Log:Logfile of HijackThis v1.99.1Scan saved at 5:05:01 PM, on 10/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Saitek\Software\SaiMfd.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Saitek\Software\ProfilerU.exeC:\HP\KBD\KBD.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Common ... Read more

Answer:Computer Bogged Down With Pointless Applications And Possibly Infected

Hello Azkieo and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.System messages regarding low resources usually point to insufficient ram or hard drive space. If the process attempting to run is tied to the internet access then that would make sense that the connection is failing.It also looks like both Symantec Anti-Virus and Panda Anti-Virus were once installed but are no longer and the uninstall did not clean up all of the files/registry entries. This could also cause issues with programs and internet access.For these non-malware related XP issues it is best to post in the XP forum here: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/They can assist with analyzing the system for resource issues and recommend changes or upgrades to boost system performance. They can also help with application removal. Let them know that you have been to this forum and no malware was found. Also let them know the system configuration (cpu speed, amount of ram, hard drive size and amount of free space). Cheers.OT

1 more replies
Relevance 57.4%

My computer seemingly got infected over night, I got an error message, and when I booted the computer up it was very slow and no applications would open in the regular mode. I have opened safe mode and installed malwarebytes but it keeps stopping at 30 seconds and saying it is not responding when I scan the hard drive in full and quick scan. Any help would be appreciated thanks!

Answer:Slow computer, applications will not open.

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)Run FRST. Don´t change one of the checkboxes and hit Scan. Logfiles are created on your desk... Read more

4 more replies
Relevance 57.4%

In the last couple of days, my system is almost completely unresponsive unless started in "safe" mode. Apps either take forever to open or don't open at all, it is impossible to shut the system down without a hard reboot. I ran a complete system scan with Avast! but it reported no infections. Don't believe I've intentionally downloaded anything that would have caused this unless I got a bad update from Windows update, as those are the only recent downloads my system is showing. "HiJack This" and other logs follow. Did not get any kind of rootkit warning form GMES, so there is no "ark.txt" log. At bottom of post is my system info. Thanks in advance for any assistance.

Regards,
Randy Grove

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:11 PM, on 8/25/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Users\Dee\Desktop\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Int... Read more

Answer:Applications won't open, computer very slow

16 more replies
Relevance 57.4%

Hey,

My Windows 7 SP1 computer has recently started being very slow. Startup from the password screen takes 2 1/2 to load the desktop. General file management tasks, like viewing, copying, moving, and deleting files operate at normal speed. However, when I do something that Windows has to "look up" i.e, not cached, the entire computer slows to a crawl. The application does open, but I get a lot of 'Not Responding" messages in the title bar as I use the application. There is one external drive connected via USB 2.0. Page file is set to system managed.

Could this be my HDD going? I haven't checked the disk for errors yet, going to do that next.

Let me know your thoughts on this.

Thank you,

wws

Answer:Slow computer when opening applications, Bad HDD?

Hello wws,

Post a screenshot of your Hard Drive(s) using Crystal Disk Info software:CrystalDiskInfo - Software - Crystal Dew World
Run a Hard Drive test:SeaTools for DOS and Windows - How to Use
Run Disk Check on your hard disk for file system errors and bad sectors on it:Disk Check
Scan with Kaspersky TDSSKiller:Anti-rootkit utility TDSSKiller
ESET online scanner: Free Online Virus Scanner | ESET

3 more replies
Relevance 57.4%

My computer's been infected with some sort of virus/malware.

I'm not sure exactly what virus I have now, but I can't open any programs, except for Internet Explorer. If I double-click on Word or Excel, it comes up with a this error: "Application not found". However, I can go into my documents and open up a word or excel file and have the program open up that way. But trying to open it through the start menu or desktop doesn't work.

I can open and use IE, but when I open IE, it comes up with a message box every time that says "Your last session ended unexpectedly -- Reopen old session or go to homepage?" And that message comes up every time, no matter if it's the first time I'm opening IE or the 10th. If I click go to home page, it brings me to my home page. But, my homepage is Google and anytime I search for something on Google, if I click the link directly, a spam ad-page will open up in a new window. But, if I right-click the link and click "open like in new tab", I can open the link successfully. This happens for all pages, ESPN, CNN, etc. I can access any web site if I click on it from my favorites tab. Those sites open up fine. The only problem occurs when I click a link from google, it re-directs me to another spam page.

I also can't open the control panel or anything else like that (date/time, calendar, security settings). Every time I try to do that, it says "C:\WINDOWS\system32\rundll32.e... Read more

Answer:Infected computer: can't open applications, internet explorer problems

Welcome to Major Geeks!

Questions:

Did you try running all scans?
Did you try running MGtools?
Did you try scanning in safe boot mode?
Can you boot your PC in safe boot mode with command prompt?
What versions of Windows are you running?
Do you have your Windows boot CD?
Since you say you can run Internet Explorer, please run the below.

Please try running the below online scan:

http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. It does not save a log.


Also run this and attach the log: Using ESET's Online Scanner
 

15 more replies
Relevance 56.99%

hi im prek,
i hope you guys here can solve my misery....i was surfing my on my
ie6 and it was hijacked by a pornographic site....ever since that everytime i start my IE..a pop up will appear and directing the browser to 540.scmg.net...
i dont deal with warez stuff and porn....im a newbie and not a computer expert...i hope you guys can help me 'step-by-step' thank you....

i have got the following prog:
hijackthis1.99
zonealarm
mcafeestinger
spywareblaster
ccleaner
adware-se
 

Answer:My computer browser IE6 has been HIJACKED!!

Hi Prek,

Generally, it is a good idea to start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder ? C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I?m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP
 

8 more replies
Relevance 56.99%

I have a Toshiba Satellite C55-A5204 and out of the box windows 8 64bit but upgraded to 8.1 64bit back in January 2014 and had AVG AV and PC Tuneup. My problem started the week before Memorial Day 2014. I was in Google Chrome when I had a message alert from AVG to close browser immediately and reboot so I did and that is how something was able to not only infect my laptop but everything that was on my wireless router as well. Company laptop (Windows 7) Iphone and Android. My companies IT was able to remove the hijack and adware in about an hour, me on the other hand 4 weeks later, $200 in software, $100 in Geeksquad and here I am. After a memorial day weekend of installing every AV and Malwarebytes software I could think of I decided it was time to just do a "reset". So I after I went through the reset I realized I didn't have any cd's from Toshiba for Toshiba or for windows 8 so I went and purchased windows 8.1 Install from the store and I purchased Kaspersky Av as well. I have also turned my laptop over to Geeksquad and all they did was install the discs I gave them and got home and all antivirus was turned off and windows updates installed without notice. I have read on this website with a lot of people having the same issues and you are having them do certain scans but I have not seen any results with the fixed word. PLEASE HELP. This is the last effort I will try to save my laptop (Or I maybe stubborn) or both. I bought it in Sept. 2013. I don't have the recove... Read more

Answer:8.1 Browser and computer hijacked and have tried it all!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/537463 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

46 more replies
Relevance 56.99%

Okay, I am throwing my hands in the air on this, I need help!

A few very long days ago I downloaded AMS Beauty Studio and my computer went haywire. I use Avast antispyware and it was popping up so many warnings that I couldn't do anything. Avast couldn't deal with the file at all so it just kept going in a circle. So I tried to run Malwarebytes and it had been disabled and whatever this smart virus/malware/spyware was it was able to disable it every time I tried to reinstall it. I finally got it to run by changing its name and it found the Trojans listed below:
Memory Processes Infected:
C:\Windows\msb.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\Angi\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mailblocker (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Angi\AppData\Local\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\msa.exe (Trojan.Agent) -> Q... Read more

Answer:Hijacked browser? Computer?

8 more replies
Relevance 56.99%

So it just started yesterday where I was getting a popup on my screen telling me that there was a suspected viruses on my computer and that I needed to update antivirus software. I knew immediately that this was a virus since it deviates from my normal antivirus/antimalware programs. I then ran my Malwarbytes program and it came up with a bunch of stuff. I had the program delete what it found. See the report below.Malwarebytes' Anti-Malware 1.44Database version: 3635Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/14/2010 9:28:01 PMmbam-log-2010-10-14 (21-28-01).txtScan type: Quick ScanObjects scanned: 121034Time elapsed: 4 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 52Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 1Files Infected: 33Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\TypeLib\{a043783e-4380-4270-b770-3b457c7d4cdf} (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{616ee024-f676-45e5-8933-5be48fa9a60e} (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\AppID\{99806add-c5ef-4632-a3d0-3e778b051f94} (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{99806add-c5ef-4632-a3d0-3e778b051f94} (Trojan.Agent) -> Quarantined and delet... Read more

Answer:Avt.exe took over my computer and now my browser is hijacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

27 more replies
Relevance 56.99%

I attached the HijackThis file.

Answer:My computer browser is hijacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 56.99%

I'm a new user here but I have my experience in computer troubleshooting, but I know there are wiser than me or more experienced....i believe I came to the right place.
basically my pc has been hijacked or i believe so....some sites I'm not able to log onto or it takes forever to connect to them.
I've ran HijackThis, ComboFix and Smitfraudfix (in the past they've never let me down till now), I also run Spybot Search and Destroy "tea timer" in the background for irregular activity.
I have log files but not sure if I should post it up, so I'll await further instructions/ advice etc.....thanks to all in advance for assistance.
If I need to provide any other info please let me know.

More replies
Relevance 56.99%

EDIT: After doing the Panda scan, it appears my IE home page is no longer hijacked, but my desktop still is and the other problems still persist, although I haven't seen a Norton alert since after I restarted my computer after the Panda online scan, which hasn't been too long now. However, before restarting my computer but after the Panda scan, I was getting the Norton alerts described below.

Hello,

Just today my PC has been under attack from a bombardment of virus popups, my desktop being hijacked, and slowdowns. My Norton Antivirus has automatically deleted some stuff, and I did a scan with that as well as Panda Online scanner, AVG Antivirus and Ad-Aware. I'm still getting some Norton alerts, and my desktop and IE home page are still hijacked. Most noticeably, my PC is running slow, and oddly some things aren't working properly, like I can't open notepad (used Word to view the logs below), and when I right-click on my desktop and hit properties, no window comes up. To combat this, I tried going to the Control Panel and double-clicking Display, but again no window came up. Then out of curiousity, I tried the other Control Panel functions, and none of them were popping up windows when I double clicked them. This is really annoying, and I hope some of you great people can help me out!

The main alerts I've been getting from Norton are W32.Virut.B!dam (http://securityresponse.symantec.com...030710-0506-99), which is scary, since the description s... Read more

Answer:My PC is infected, running slow, and my desktop and IE home page are hijacked

16 more replies
Relevance 56.99%

Ok, so here is what has gone down so far:

I had Windows Home Premium x64, and decided that I wanted to go back to factory settings. I used Dell Datasafe to revert to factory settings but it froze (I let it sit for 24 hours just to make sure) and I had to turn it off. It wouldn't boot up after that past the Windows animation, so I tried to install Windows Ultimate x64 over it. That worked as far as I can tell, but now it is extremely slow and all my applications say (not responding) whenever I try to use them.

If anyone knows what I can do to troubleshoot or fix this, that would just make my day.

A few things I tried already:
- Used a clean boot, still extremely slow, takes about 10 minutes just to get to the login screen
- Tried safe mode, still extremely slow, and applications still doing the same thing.
- Tried safe mode, ran slow until I deleted my system.old. It ran fast for the remaining time I was on it, but when I went back to normal startup it slowed back down. I will try safemode again to make sure that wasn't just a spurt of luck.

**I will troubleshoot and update as I go along**
Thanks in advance,
moneybagman

Answer:Computer running slow; All applications (not responding)

Perhaps someone else will jump in with a better suggestion, but I'd recommend doing another clean install of the Ultimate x64. I think this will be a faster approach (even if you have to reinstall updates, programs etc) than tying to troubleshoot the issue. This tutorial may provide a clue if (for example) a step was missed during the original install.

Clean Install Windows 7

If you used an Ultimate upgrade disk follow this tutorial:

Clean Install with a Upgrade Windows 7 Version

3 more replies
Relevance 56.99%

Hi! I really appreciate any help or insight you can give me. My computer has become (over some time) really slow. It is a few years old, so possibly the RAM and processor speed are partly to blame. However, something else seems to be bogging down the startup and in particulrm the opening of applications. It seems to take forever. Frequently it hangs up and I have to use task manager to shut down applications and processes until I can regain some control. I have Norton, so I don't think it is a virus, but I am not sure.

Thanks for any advice you can give me.

Stoney
Here is my DDS file:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Stoney at 21:32:52.53 on Wed 12/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.110 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Norton Interne... Read more

Answer:very slow computer (esp. booting and opening applications)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 56.99%

I have tried everything I know to do, and I am at a loss. My computer is suddenly SLOW in all browsers (Firefox, Chrome, IE), and all native applications (Photoshop, CorelDraw, etc). 
 

 
I uninstalled Real Player (seemed to start right after I installed Real Player)
 
I have a Windows 7 home premium computer, HP Pavilion p6120f Desktop PC, Motherboard Manufacturer: Asus, Motherboard Name: IPIBL-LB, HP/Compaq motherboard name: Benicia-GL8E, pc2-6400 ddr2 sdram 2gb • CL=6 • Unbuffered • NON-ECC • DDR2-800 • 1.8V • 256Meg x 64, 16g ram, etc.
 
It suddenly slowed down in the last week or so. My husband just got rid of RocketTab, and we are on the same network, but I don't have that same program. He's now running at speed. 
 
I have run: Internet speed test, Malwarebytes (found nothing), Spybot (found nothing), my native antivirus McAfee (found nothing), tdsskiller (found nothing). I ran a check of my hardware, which found no issues. My hard drive is only about 30% full. I have uninstalled and reinstalled McAfee, I tried removing all temp files, etc, etc.
 
I am a power user, but not an expert.
 
I am at a loss, other than reloading Windows from scratch, which is too painful, or taking it to BestBuy, which is too expensive. Can someone help?
 
I would appreciate it!
 
Thanks,
Lorey
 

Answer:Suddenly slow computer all browsers and all applications

Welcome to Bleeping Computer Do you see the problem in safemode in networking? Please post the speedtest result next time. Try downloading Speccy and then install the program.  To post and publish a snapshot of your PC.. In the Menu bar, click File -> Publish Snapshot. Click Yes > then Copy to Clipboard. On your next reply, right-click on a empty space and click Paste on reply box then click Post. Download MiniToolBox and open/run the program.When open, checkmark or select all options then click Go.A notepad will open then copy-paste the report on your next reply. Download SecurityCheck.exe from Here. Run SecurityCheck and follow the instruction from inside the code box.. When the scan is finished, a notepad will automatically open as check.txt   Please copy and paste the contents here on your next reply. 

2 more replies
Relevance 56.58%

Hello, my computer has been extremely slow on boot and my desktop has been hijacked with a message about changing it to a website. I also have a program called "error fix" showing up on my desktop and I have no idea where it came from. I've run Malware Bytes twice on the computer with numerous problems found. After running it the second time, I got a message saying I needed to run CHKDSK which I ran. Also, my internet is running very slowly and I just got a message that says "A program on your computer has corrupted your default setting for Internet Explorer. Internet Explorer has reset this sietting to your original search provider, Live.Search (search.live.com). Internet will now open Search Settings, where you can change this setting or install more search providors."

Here is my Hijackthis Log, if you need the MBAM logs, please let me know and I will post those as well.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:23 AM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WIND... Read more

Answer:slow computer, hijacked desktop, slow internet

bump
 

1 more replies
Relevance 56.58%

Hello everyone! I need help with my laptop. I am using a Compaq Presario CQ56-219WM Notebook PC in Windows 7. I noticed that when I browse the net it opens up a new tab with either ilivid and/or seth.avazutracking.ne but mostly ilivid. Sometimes my browser is slow sometimes its not. I am not really a computer expert or anything but I just read the introduction on how to post and so I already disabled the emulator using the defogger and have my DDS ready. The attach.txt is in the attachment. Any help is greatly appreciated.

Here is my DDS:

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
Run by Marjorie at 22:33:01 on 2012-10-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.656 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k ... Read more

Answer:Slow Mozilla Firefox and Redirection to ilivid and/or seth.avazutracking.ne

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

43 more replies
Relevance 56.58%

Hello folks!
i am having some problems with my system.
im using a acer extensa 2001lm_512 notebook with windows xp.
i know its my own fault having problems because i surfed the net unprotected for 2 days.
i had norton antivirus 2004 installed but it is not working anymore.
i spent some time reading here and have done the following:
installed ad-aware, spybot, zonealarm. used fix-agent and cwshredder.
had my system scanned online at RAV.
installed a 30day trial antivirus software and tuneup2004 trial.
ran virus scans and found a lot of them and got rid of what i found.

so, now i am having these problems with my computer being really slow---opening folders takes a long time, displaying icons takes time to load.
random programs having problems and being closed.
antiviruskit-guard telling me of prevented virus infections in folders i can not find searching for. and of course the problem with not being able to shut my system down.
so i finally downloaded hjt and hjt-analyzer and iw ould really appreciate it if you could help me out a bit because i do not know how to fix my problems.

i have been here before some time ago and i know you guys are experts and friendly ones as well
thanks for any help and please excuse my poor english

Log was analyzed using HijackThis Analyzer - Updated on 12/4/04
Get updates at http://www.greyknight17.com/download.htm#programs

Logfile of HijackThis v1.98.2
Scan saved at 15:28:03, on 05.12.2004
Platform: Windows XP SP1 (... Read more

Answer:hijacked, virus-infected, shut-down impossible, slow, and a newbie as a user :)

Hi
Just remove this file from your drive...

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

1 more replies
Relevance 56.17%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: AMD FX(tm)-9590 Eight-Core Processor, AMD64 Family 21 Model 2 Stepping 0
Processor Count: 8
RAM: 16296 Mb
Graphics Card: AMD Radeon (TM) R9 390 Series, -1 Mb
Hard Drives: C: Total - 953766 MB, Free - 313423 MB; E: Total - 99 MB, Free - 61 MB;
Motherboard: ASUSTeK COMPUTER INC., CROSSHAIR V FORMULA-Z
Antivirus: AVG AntiVirus Free Edition, Updated and Enabled

Computer/browser hijacked. every time i open a webpage i get a warning from malwarebytes that it has blocked m77.dnsql.me, the number at the front changes sometimes but same message with a different number ie. m59.dnsql.me, m73, etc ...

I ran avg, superantispyware, and malwarebytes. removed all found issues. still having the same message pop up. went online looked around for solutions came across spyhunter 4. installed it scanned with it, it said it found 9 instances. 1 I remember was Ukash but the program then wont let you uninstall viruses without purchasing. I was suspicious that maybe this program was infact causing this issue so i stopped there and came here to get some acurate and trustworthy assistance with fixing my computer.
 

More replies
Relevance 56.17%

My google search link will send me to an entirely unrelated website or it will display cannot find webpage you requested. I ran superantispyware and malwarebytes and removed several files but the problem still persists, although not as bad as before. My computer is also randomly freezing up when I try to log onto windows or when I open IE.
Please let me know if anyone can help.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Lee Nix at 11:35:09.93 on Thu 02/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.43 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifie... Read more

Answer:hijacked browser & computer freezing

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please rename combofix to cfix.exe before running it.

Please include the C:\ComboFix.txt in your next reply for further review.

13 more replies
Relevance 56.17%

My browser has been hijacked and my computer is slower than usual. My games that normally play perfectly smooth are stuttering with very low fps. I am looking for help on how to remove viruses  I have no idea how to

Answer:Browser HiJacked - Computer slowed down

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542681 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

12 more replies
Relevance 56.17%

Hi,
My computer is running slower and slower,
and uses 100% cpu usages from time to time. Especially when watching videos online (using Microsofts Silverlight applications. Also svchost.exe files are taking up all resources..

what to do?


Have done all the tests required (or at least tried to)..

SASlog.txt log from SuperAntiSpyware. ATTACHED
Malwarebytes Anti-Malware log ATTACHED
ComboFix.txt (normally C:\ComboFix.txt) Can't load from Desktop:
in other words it starts loading, with the green bar. but after that stops and does nothing.

RRlog.txt (from RootRepeal) when trying to open it: says ERROR: attempt to write to addresss 0x014ac000

MGlogs.zip - normally it is C:\MGlogs.zip
Have run this, but the program kept saying that it couldnt write to C:\MClog.

Im attaching from the MCtools folder the HiJackthis.log (Logfile of Trend Micro HijackThis v2.0.4-in lack of something better)..

What to do now???


Am runining a Sony Vaio Z-31 laptop
Win 7 home premium
SP 1
Intel core 2 Duo CPU 2,66ghz ..
4gb ram
32-bit

thank you for your help and assistance. highly appreciated.

Regards,
 

Answer:Computer is slow on start up, and uses 100% cpu usage on M.silverlight applications

Re: Computer is slow on start up, and uses 100% cpu usage on M.silverlight applicatio

Did you set the below proxy yourself?




R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.103.133.114:8080Click to expand...

Now go to this MGTools and download the new version of MGtools.exe. Overwrite your previous MGtools.exe file with this one.

Make sure that MGTools.exe is directly in the root folder of your Windows Boot drive, usually C:\ (Do not have it to your desktop)

Run the new C:\MGTools.exe and attach the C:\MGlogs.zip that it produces.
 

11 more replies
Relevance 56.17%

Slow computer, never idle, Firefox/explorer ending randomly
Hi there,

I have been having problems for about a week now. I think its got something to do with the recent vista updates i just installed. Either way I am having random problems:

- Firefox is getting popups which it never did before
- Firefox/Explorer keeps getting errors and terminating at random times
- Firefox/Explorer decides which websites it wants to display. Meaning that some work and some don't. Google comes up but searches do not.
- Windows Explorer keeps getting errors too and terminating
- Windows Defender (which is rubbish) scans and finds an error and can't remove it with error code: 0x80501001. The problem it did find was: Trojan:Win32/Vundo.gen!R. It has just recently been quarantined and removed after I found what the error code meant (rar file error).
- My hard drive is constantly working even when my computer is idle. Something it never used to do. I have put ad-aware on my laptop after thinking windows defender could deal with spyware. It found 460 issues. and couldn't remove a few. I load adwatch and it tells me that :

"The process 'explorer.exe' (4852) is trying to modify the (ValueChangeOrAdd) the registry

Path:
HKEY_CURRENT_USER
Software\Microsoft\Windows\CurrentVersion\Run

Do you want to block or allow it?

It comes up with a notification every second.. right now its on 193 notifications queued and will keep increasing unless I unload Ad-watch.

My Hijackthis l... Read more

More replies
Relevance 55.76%

Control panel/add /remove does not remove ilivid, What else can i try?The only other option is to do a complete recovery on my computer. However this is the last thing I want to do.

Answer:how do i get rid of ilivid off my computer

Google for/download/install Revo UninstallerPlease come back & tell us if your problem is resolved.

2 more replies
Relevance 55.76%

ilivid shows up as popups and keeps trying to get me to download their stuff!! I don't want ANY ILIVID stuff!! Can you help?

Answer:how do i get rid of ilivid off my computer

Run Junkware Removal Tool & post the log please.http://www.bleepingcomputer.com/dow...http://thisisudax.blogspot.com.au/2...

3 more replies
Relevance 55.76%

A couple of days ago I started have problems with my broadband connection (wouldn't connect sometimes, got an error message saying there is an ip address conflict with another machine on my network (mine is the only computer!).Now IE won't start up first time, takes several tries to get it working, keeps freezing, crashing and is being redirected to various sites. I went away from the pc, came back sometime later and started up IE. I was asked if I wanted to restore the previous session so I clicked yes and it opened up lots of tabs with different websites (youtube video etc.), which I didn't open. It's as if someone has used my IE remotely!Things I have done:Ran Spybot, which found and removed things.Ran Avira, which found and removed things. (Avira then refused to work at all so I have to remove it and reinstall.Ran CC Cleaner.Ran Malwarebytes, which found and removed things.I have logs from Hijackthis, Malwarebytes, Rootrepeal, SuperAntiSpyware, Combofix & MGTools if needed. My Hijackthis log is below, thanks in advance Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:43:50, on 21/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS ... Read more

Answer:Browser Hijacked, possibly someone using my computer remotely

Hello sarahabutair welcome to Bleeping Computer.Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in bold
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
/md5stop
CREATERESTOREPOINT
Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===============================Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to s... Read more

1 more replies
Relevance 55.76%

Hello! Not sure how but my browser and computer have been hijacked. I am operating IE7 and when performing a google search I get a normal list of results. But when I click on a link I'm often redirected to a site called luckysearch.com. If I hit the back button and click the link again, it will go to the page. Occasionally hitting the back button will lead me to a different page - though I'm sorry I can't remember the name.

I've tried downloading spybot search and destroy, but when I download it from cNet I get a notice saying that the spybot.exe is a read only file. The options are to retry (which does nothing), ignore or abort. I chose ignore and finished downloading the file. When I try to run Spybot I get an error message reading "Windows cannot read the specified device, path or file. You may not have appropriate permissions to access the item." The account I am using on this computer is the administrator.

I have included the DDS files and the Root Repeal report below, however I also got an error message from Root Repeal that reads: Could not read system registry! Please contact the author! In the details it repeats this message and also says, " DeviceIoControl Error! Error code = 0xc0000001

My husband is trying to do an econ paper and is understandably frustrated and so am I. Thanks for all your help.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Sara Linner at 15:34:04.95 on Sun 09/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Win... Read more

Answer:Computer Hijacked - Browser and Spybot Affected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 55.76%

Hi, Running Windows XP Pro, SP2. When I do a search in my browser (IE8) through google and get the results when I click on a result it typically takes me to a different url instead of the one I want. When I close my browser I often get a hexadecimal error or the browser has to shut down on its own because it gets an error. I'm also running zonealarm which detects that services.exe is trying to contact multiple websites for no reason. rev.opentransfer.com, host.amcwebhost.net, hostnoc.net, vnsc-bak.sys.gtei.net, mailbytes.inetfx.net, etc. Zonealarm is blocking them and rates the alert as high.I'm running AVG Free version and it doesn't detect anything new. I installed and am running superantispyware free edition, I've run Malewarebytes anti-Maleware. The last two detected a number of trojans and cleaned them but I still have the problems on my computer. I know two or more scanners shouldn't be installed at the same time so will uninstall one of them. My hijack log is included. Thanks for your help. AaronLogfile of Trend Micro HijackThis v2.0.4Scan saved at 9:54:39 AM, on 7/15/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\s... Read more

Answer:Please help. Browser & computer hijacked. Hijack log included

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 55.76%

The ProblemFor about 2 weeks, my computer has been randomly going somewhere else (videocop, google-analytics, gugle) when I type in an address. In the case of google-analytics, it cycles endlessly. There's another website that comes up that won't go away, it just says "Are you sure you want to leave?" and there's no way to close the tab without using the Task Manager to close the entire browser.As of yesterday, the computer has done something new: freezing randomly. Usually this happens when Firefox is open. The mouse goes to an hourglass and does nothing. The computer will not accept any commands. The only way to regain control is to completely shut down the computer. It has happened one time with no browser or any programs running.Malwarebytes, ad-aware, spybot, and trend micro have all failed to find anything. Please help.I followed the instructions in the "Preparation" guide. Here are the files.DDS (Ver_10-03-17.01) - NTFSx86 Run by Chris at 21:32:20.76 on Fri 08/13/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.983 [GMT -5:00]AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware... Read more

Answer:Browser hijacked, computer randomly freezes

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

11 more replies
Relevance 55.76%

Norton picked up a virus on my laptop and deleted it. Afterwards my computer started running slower and now won't work at all when I start up normally. I tried using Malwarebytes and it removed several worms butmy laptop still won't start normally. I also get random browser popups for antivirus software, even when visiting this website.

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by user at 20:49:08.37 on Tue 03/31/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.306 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Symantec Client Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbar... Read more

Answer:Browser Hijacked / Computer freezes after startup

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 55.76%

It began with popups from antivirus system pro. My google searches are being redirected to different websites. Thanking you all in advance. DDS (Ver_09-06-26.01) - NTFSx86 Run by Ramasamy at 14:12:27.75 on Thu 07/09/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.233 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exeC:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:&#... Read more

Answer:I think my computer is hijacked or infected.

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

2 more replies
Relevance 55.76%

So, my computer is acting really strange. I knew it was infected so i ran a ton of scans. it found some trojans. The weirdest part of it all was that my background on my desktop changed. it went to a picture that read some thing like your computer is infected! and it wouldnt let me change it. but i found out how to fix that.I removed, i think, most of the infections. but my computer is still messing up.Heres the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:23:35 PM, on 1/26/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\ctfmon.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\System32... Read more

Answer:My computer is infected. Hijacked log

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

8 more replies
Relevance 55.76%

Running XP Home EditionSon was downloading.Now cannot open anything. Tried apps, contol panel, task manager...all fail.Orange Blossom directed me to the preparation guide.I have attached the 2 files (attach.txt, ark.txt) and inserted the DDS log.Thank you for your help.ssolidDDS (Ver_10-03-17.01) - NTFSx86 Run by General at 22:57:06.67 on Wed 05/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2558.1979 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exeC:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exeC:\Program Files\Memeo\AutoBackup\MemeoService.exeC:\WINDOWS\system32\bmwebcfg.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svc... Read more

Answer:Infected - Computer Hijacked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 55.76%

Hello all,
 
First off thank you for your time and help. I just came across this forums and was immediatly impressed!
 
My computer was recently hijacked. I know for a fact because they changed the passwords to my email, online game and actually sent me an email gloating.
 
I ran a malwarebytes scan as soon as I found out and found three problems, I have attached the copy of the scan below. Since then, I have scanned with malwarebytes and norton and have not found any other issues, but my computer is acting strange. When ever I boot up my computer it is unusually slow, and freezes often now. Since the attack I have updated my Java and uninstalled quite a few old programs. 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/24/2014
Scan Time: 12:06:54 AM
Logfile:
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.04.23.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Kevin
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 291511
Time Elapsed: 9 hr, 55 min, 44 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-759139333-1084499711-2133285... Read more

Answer:Computer Infected/ Hijacked

ello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do NOT run, install or uninstall any programs, unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and cli... Read more

18 more replies
Relevance 55.76%

In August of 2009 I got Windows Security Suite virus....I was able to remove it within a day, and a few weeks after all of my search engines were screwed up and redirecting searches. That eventually stopped, and up until January of 2010. The Google Language changed to "elkland" and would not change back. However, I could still search.

Then, around May ALL search engines stopped working, the Google Homepage wouldn't load up, but websites still ran at a normal speed. I scanned with MBAM, and nothing was found.

Current Status as of August 21 2010: All websites run below par speed, Facebook is extremely slow, Youtube videos take a very long time to load. Computer Applications are slow, like iTunes. Everyting is just running below par and I need to fix this computer for the upcoming school year. Search engines still don't work. I guess Browsers in general just aren't working. I can still use the URL bar though.

Any help would be appreciated, I'm just very confused on what is going on and what I need to do.

Answer:Computer is acting up...Search Engines don't work, Applications are slow.

Any help is appreciated..... I have no idea what to scan with and how to get rid of this.

32 more replies
Relevance 55.35%

My browser started to lock and my pc became slow. Sometimes when clicking links to move to another page it would not respond. When searching on say google none of the sites would load but the address bar always showed the same silly name and just a white page background. Sorry but I did not take a note of it.
I did a scan with MBAM and it showed three infections which have been quarantined

1. Rogue.PCMightMax c:\windows\PCMightyMax2009_610.exe
2. Troja.Downloader c:\windows\Tasks\{35DC4373.A719-4d14.B7C1-

FD326CA84AOC}job
3. Trojan.fakeAlert HKEY_CURRENT_USER\SOFTWARE\XML

When I didn another scan AVG antivirus prog showed a message of threat infection and it was moved to the virus vault: Labeled as follows: Infection. Trojan HorseCrypt.YgJ c:\windows\Qkepoa.exe

I am not sure whether my pc is infected still

Here is the HJT LOG. Thanks for your help

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:57:49, on 07/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS... Read more

More replies
Relevance 55.35%

Thank God I found this site. I'm new here so please bear with me.I'm running XP PRO and IE 6.0. For the past week my browser has been running slow on some sites which the week prior were really fast. I ran numerous spyware/malware scans and found Virus Burst and all the mess that comes with that crap. I think I cleaned all of it up but my browser is still running slow.Here are the hijackthis log and startup log:Logfile of HijackThis v1.99.1Scan saved at 7:38:03 AM, on 9/29/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\jconfigdnt.exeC:\WINDOWS\System32\Hummingbird\Connectivity\7.10\Jconfig\hjavaw.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Java\jre1.5.0_06\bin\javaw.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\W... Read more

Answer:Browser Running Slow And I Think I'm Infected

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

1 more replies
Relevance 55.35%

Hello,

My computer has been infected with multiple items. My browser appears to be highjacked, but only some of the time. Some times I can do google searches and it directs me to where it says it is going to and other times it takes me to off the wall websites. I also had a a fake scanner called "MS Removal tool". That appears to be gone. I followed some steps from a guide on this forum from another poster who had the same problem and it doesn't pop up anymore, however I still have the high jack problem. I ran highjackthis and I am posting the log below. Thanks everyone in advance for all of your help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:00:37 PM, on 3/28/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17093)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WIND... Read more

Answer:My browser has been hijacked and I have a fake virus scanner on my computer

Hello and welcome to TSF.


Quote:




I followed some steps from a guide on this forum from another poster who had the same problem




Not a good idea to do that as issues and fixes are specific to each machine.

Also, HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 55.35%

Hey,I noticed yesterday that my computer, especially when I use the internet, has been running quite slowly. Today random new windows have been popping up while I check my email and such. I ran a HijackThis test, and this is what I got...what do you think? Any help would very much appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:06:00 AM, on 10/26/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16830)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\ltmoh\ltmoh.exeC:\Windows\System32\ThpSrv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\iTun... Read more

Answer:Computer running very slowly. Internet browser hijacked?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

2 more replies